Thank you for such a thorough reply! After reading through your reply and those of others, I have decided to keep 1PW for now. It meets all of my needs. While I dislike “renting” it, it is one of the few utilities that justifies the cost—at least for now. Thanks again for taking the time to provide helpful insights, much appreciated.
4 Likes
No worries! And you bring up good points, for sure. Contingency, emergency, and end-of-life procedures are certainly things to consider (probably more seriously than most of us do).
How are you feeling about this? I have looked at it as a possible alternative suggestion for our customers.
I’ve been using Strongbox on my Mac and iPhone for two years now. It works for me and I like it but (1) I do not share passwords with anyone and (2) I don’t trust the concept of auto-filling passwords so I don’t use those two features and can’t speak to their implementation (but Strongbox does offer them). Didn’t use those two features when I was a 1Password customer either. 
2 Likes
That’s a feature of 1PW that I use all the time. I don’t click links in emails, etc. and either type in a URL or use a bookmark. But the auto-fill feature, which matches the URL of the site to the one recorded in 1PW, is an additional safety check, IMO.
It’s an option for us that know what to look for. But it’s a feature that could save a normal user from making a serious mistake. (IMO)
1 Like
The best way is not to eliminate all subscriptions (because it’s not possible) but carefully choose the apps.
After throughout evaluation I will keep Strava and Apple Music. Although I am using iCloud Keychain, I still have 1Password apps on all devices. Though Stolen Device Protection is on, Apple still sometimes asks me for passcode outside home. 1Password may be the following service to be subscribed.
You are contradicting yourself. 
I also pay for Strava, and I like it, but it is really overpriced for what it offers. After the last price increase, I almost went back to the free level since most of what I get out of it I can get from Garmin. Strava is just slightly better at it though. Plus, I am leaning against hardware makers controlling my data since they want to keep me locked in.
I tried Garmin too but Strava is good for planning routes and reviewing my heatmap.
I listened to the podcast segment and skimmed through the PDF. Caveat: I’m not a security guru.
The Security Now podcast read and commented on this blog post by security programmer William Brown. He has been involved in early efforts of password-less systems.
Among concerns raised with Passkeys are problems affecting some users. Also passkeys aren’t portable and one can be locked into a certain platform (Apple, Google, Microsoft). Brown isn’t happy with governance and transparency from the Passkeys related organizations. He questions whether the user experience is better than current passwords given problems some are having with Passkeys.
Both Brown and the podcast are cautious on Passkeys and prefer a platform agnostic tool like Bitwarden (and 1Password?) for those considering Passkeys.
Conflict note: Bitwarden has been a sponsor of the podcast. Podcast host Steve Gibson had a competing effort to Passkeys called SQRL. To me, his views seem genuine despite the conflicts.
2 Likes
You summed it up perfectly. That was the focus of the SN podcast episode. Regarding the unbiased view of Bitwarden, I really don’t trust any podcaster when they bring a sponsors product into any conversation. They don’t want to bite the hand that feeds them. Otherwise, Steve is pretty good. It’s the only show on twit I listen to anymore.
2 Likes
Strongbox is my default password manager and secret storage. It’s a solid app that supports an open source format (Keepass) so I feel it’s future proofed in that regard: it’s like a nice macOS frontend to Keepass with some nice quality of life extensions like MFA/OTP generation, Safari autompletion and so on. I also store there secure notes, like credit card info, national identity card, license keys and whatnot.
Regarding sync I store the database in iCloud Drive and have yet to find a sync issue either in desktop or mobile --can’t say the same for the alternative method of encrypted disk images.
Works on macOS and iOS. It has a one time payment option and though it’s not exactly cheap I think it’s worth it.
3 Likes
I have what might be a unique perspective on this, but thought I’d share my story if only to provide another use case for the potential dangers of trusting passwords and the like to one provider or service. I am totally blind and I use VoiceOver. For many years, I had been an extremely happy 1Password user. Not only did the product meet all my needs, but the company paid a great deal of attention to ensuring the product remained accessible, not just on the Mac, but on each of the platforms they support. 1Password met all my needs and provided me with one place to store all my important data: card numbers, bank info, Passport and ID info, and of course passwords. Since most of this info exists in print which I cannot read, having access to it digitally, on whichever device I happened to be using, was absolutely fantastic for me.
Then, 1Password 8 was released and it contained significant accessibility issues. For example, I could find a specific credit card entry, but VoiceOver could no longer read the numbers and other details contained within the entry. I suddenly found myself in a situation where I needed to not only find another solution quickly, but I needed to somehow find a way to migrate data. To make a long, painful story a little shorter, the worst time to need to find a solution is when you have absolutely no choice but to do so.
Ever since 1Password 8, I have been trying various solutions in an attempt to balance my accessibility requirements with security, family sharing, and other needs. Now that Apple Keychain has groups, sharing passwords has become easier which is fantastic as I need to share certain passwords with family members, however the problem, or maybe better said the inconvenience of Keychain is that I would need to go elsewhere for non-password data. In the case of credit cards, this means I’d have to write their information in one place, but also would need to add them to Safari if I wanted to use auto fill, add them to Chrome if I want to use them there … Also, I do use non-Apple devices and managing anything in Keychain from a non-Apple device is, well, let’s just say it’s not fun. Ultimately, I settled on Bitwarden for a few reasons, mainly though because it’s open source and if I don’t want them to host my data, I have the option to host it myself. That said, I do make frequent backups which I keep in secure folders, just in case something similar happens to Bitwarden like what happened initially with 1Password 8.
Whether using a password manager or any other solution, I think it’s absolutely critical to think about how you would gain access to that data if you absolutely could no longer use that program or application. In my case, the issue that made it impossible to use 1Password wound up being an accessibility issue, but a physically broken Mac might have been equally devistating if that Mac contained my information in an encrypted folder. Apple Notes is great, but if I was somehow locked out of my Apple ID, it might not matter how great Notes may be. I realize it may not be possible to prepare for every contingency, but I think it’s worth giving it quite a bit of thought.
One more quick thing, I want to say that since the release of 1Password 8, they have done a lot to fix and improve accessibility. Unfortunately, it took them a while (over a year in some cases) to get this work prioritized and done. Today, 1Password has many blind and visually impaired customers who love that the product has again become accessible and I really appreciate that … just not enough to ever consider putting all my eggs in one basket ever again.
10 Likes
Have you looked at ProtonPass there’s a free tier that may well suit your needs.
Thank you for the thorough and thoughtful reply. It is indeed a good reminder not to have one’s eggs in one basket!
1 Like
I have not, but I will upon your recommendation. Thanks!
1 Like
I’m using Strongbox exclusively now as well. I do share it between all my devices, (2 macs, iPhone and iPad) and the file can be read on my husband’s linux system as well. The master file is on our own in -house Synology server.
I also use the Strongbox autofill feature and it works very well.
Conversion from 1 Password was simple and painless with their instructions.
However I do not save Passkeys in Strongbox.
2 Likes