1Password migrants thread

[MacBH928]

ByteHaven: "The Quiet Renovation at Bitwarden" https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden

"Watching your password manager get swallowed by a company you switched away from would kick them off properly."

This is something I did not put into consideration. Selling to different owners might change Bitwarden's direction. Heck if I was the average joe and build something like Bitwarden and a corporate comes by willing to pay me $2B , i'd sell. like @svenmany said in post #3388 , in this case, yes i will do what the people we are complaining about are doing.

I can't blame the founder, as he sold the company as is. Whatever the new owner does is not his problem. This happened to me before with TunnelBear where it was a very simple, humorous, easy, with free tier VPN service. Then they got bought out by McAfee. Needless to say many jumped ship. Thanks to mullvad and protonVPN.

 

[eltoslightfoot]

"Watching your password manager get swallowed by a company you switched away from would kick them off properly."

This is something I did not put into consideration. Selling to different owners might change Bitwarden's direction. Heck if I was the average joe and build something like Bitwarden and a corporate comes by willing to pay me $2B , i'd sell. like @svenmany said in post #3388 , in this case, yes i will do what the people we are complaining about are doing.

I can't blame the founder, as he sold the company as is. Whatever the new owner does is not his problem. This happened to me before with TunnelBear where it was a very simple, humorous, easy, with free tier VPN service. Then they got bought out by McAfee. Needless to say many jumped ship. Thanks to mullvad and protonVPN.

That. Is really not good. At all.

 

[seek3r]

I do not mind paying for foss. as a matter of fact i think every should pay something for it. The problem is that since is open source, you cant force people to pay for it. Its literally out there for you to compile, reproduce, and redistribute without control. So, it goes back to consumer behavior , and unfortunately, most people think "free software"is done by magic elfs. They do not consider dropping just 1 buck for it. Meanwhile the developer was enough to give it free to those who can't afford/unable to do an online payment but those who can should to fund the project and reward the developer.

in an ironic situation, I indeed wanted to donate to open source projects but they were not accepting donations! Ublock Origin and Handbrake comes to mind.

I think you maybe missed the philosophical underpinnings of Open Source Software. The whole point is to be free, open to collaboration, and publicly auditable. There is no moral conundrum to using OSS free, that’s explicitly why it exists. That’s why the GPL and its derivatives exist. It’s socialized software. It’s “information wants to be free”. It’s rooted in the academic origins of computing and software, think about how scientific data is shared. Think about the philosophical underpinnings of things like open access journals.

Now, I agree with you that if you find a project useful you should contribute back in some way, either in code or docs or toss a few bucks towards the devs (or purchase the product if you can, I pay for Crossover for example, I love the work they do with WINE. Same with many other things) if you can, but not only is there no obligation to but there is an explicit social contract that the code being open is to allow and encourage free use. It’s for the benefit of all, a societal good.

I think in particular a lot of folks who either arent academics or werent marinated in hacking culture and the early internet at least somewhat at some point between the ‘70s and at the latest early aughts miss a lot of that.

FOSS is more than a goodwill gesture, it represents an underlying philosophy in software as a field.

 

[svenmany]

That’s *literally* how opensource works, yes… the whole point is it’s open and free…

you can go download the code and run it, right now.

Looks like they’re using the AGPL for most of their code, which is literally a copyleft license that requires release of derivative code used in products/SaaS services as well. And while their license for some commercial modules is more restrictive it’s not most of what’s there

BW’s repos are on gh, here: https://github.com/bitwarden

I guess I wasn't referring to legal entitlement. I was thinking more along the lines of ethical entitlement. Pretty vague, I know.

A code base that is open source does not have to provide the tools necessary to create a runnable product. The only requirement is that the source code be freely available with no restrictions on its use. Oftentimes, a lot of technical competence is required to make use of the code to create the final product.

There is a growing awareness that people who benefit from open source should contribute in some way. Here's something long those lines at the enterprise level that's quite recent:

Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship – Open Source Security Foundation

openssf.org

with the great line:

Billion-dollar ecosystems cannot stand on foundations built of goodwill and unpaid weekends.

I'm not suggesting that you don't contribute. I know that I, for the most part, don't. Though I'm legally entitled to the free use of the software, I don't feel ethically entitled to it. I don't resent companies who charge for their software, whether they provide it open source or not.

 

[eltoslightfoot]

So what do people think of Proton Pass Plus? At $36 a year for 10 users and 50 vaults, it's a good deal. Does anyone use it in this thread?

Proton Pass: Free password manager with identity protection | Proton

Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.

proton.me

 

[MacBH928]

That. Is really not good. At all.

its how the tech industry works. all the popular software vendors ,Including not limited to, Google, Apple, Microsoft, Take2...

I think you maybe missed the philosophical underpinnings of Open Source Software. The whole point is to be free, open to collaboration, and publicly auditable. There is no moral conundrum to using OSS free, that’s explicitly why it exists. That’s why the GPL and its derivatives exist. It’s socialized software. It’s “information wants to be free”. It’s rooted in the academic origins of computing and software, think about how scientific data is shared. Think about the philosophical underpinnings of things like open access journals.

Now, I agree with you that if you find a project useful you should contribute back in some way, either in code or docs or toss a few bucks towards the devs (or purchase the product if you can, I pay for Crossover for example, I love the work they do with WINE. Same with many other things) if you can, but not only is there no obligation to but there is an explicit social contract that the code being open is to allow and encourage free use. It’s for the benefit of all, a societal good.

I think in particular a lot of folks who either arent academics or werent marinated in hacking culture and the early internet at least somewhat at some point between the ‘70s and at the latest early aughts miss a lot of that.

FOSS is more than a goodwill gesture, it represents an underlying philosophy in software as a field.

You are speaking of pure FOSS. I am speaking about creating software for profit. Some nice guys found a middle ground for foss to be funded and profitable providing it as a service like Proton, Bitwarden, Odoo, NextCloud

 

[MacBH928]

So what do people think of Proton Pass Plus? At $36 a year for 10 users and 50 vaults, it's a good deal. Does anyone use it in this thread?

Proton Pass: Free password manager with identity protection | Proton

Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.

proton.me

I tested when it first launched and was limited with no custom fields. As with all other proton products, it starts small then hyper develop. I highly appreciate Proton is creating a Google Suite alternative, but i rather not keep all my eggs in one basket. At least the password part.

other people might have different opinion.

 

[bradl]

Right post, wrong thread.. sorry about that, all!

 

[MisterSavage]

After seeing them perform at Caesar's Palace a few months ago, I have been back on a Def Leppard kick.

I wish I could have gone to that.

 

[bradl]

I wish I could have gone to that.

well crap.. right post, wrong thread!

Let me move that over to the other thread! My bad, all!

BL.

 

[MacBH928]

So what do people think of Proton Pass Plus? At $36 a year for 10 users and 50 vaults, it's a good deal. Does anyone use it in this thread?

Proton Pass: Free password manager with identity protection | Proton

Store, share and sync passwords, passkeys, email aliases, and more, on any device, with our open-source, free password manager. No trials, just free forever.

proton.me

I tested. It has like everything now and I believe unlimited anonymous e-mails (if you are protonmail subscriber i think). Drop in replacement for others like Bitwarden and 1PW. In fact I like the way they do things more than Bitwarden since Bitwarden seem t be created with enterprise first mindset and ProtonPass is more of a consumer app.

 

[SalisburySam]

My 1Password 7 subscription expired and I’m now fully using Passwords for our iPhones, iPads, and Mac mini. Seems to work very, very well among these devices. After her recent retirement, Mrs. Sam no longer needs her Microsoft Surface Book so cross-platform passwording is no longer a household requirement.

I do miss the secure notes and other-than-password features of 1Password, but have created a protected ninox database with these items so no net loss.

 

[MacBH928]

My 1Password 7 subscription expired and I’m now fully using Passwords for our iPhones, iPads, and Mac mini. Seems to work very, very well among these devices. After her recent retirement, Mrs. Sam no longer needs her Microsoft Surface Book so cross-platform passwording is no longer a household requirement.

I do miss the secure notes and other-than-password features of 1Password, but have created a protected ninox database with these items so no net loss.

ninox database is wild solution. I guess you could have opted for free bitwarden or keypassXC

 

[SalisburySam]

ninox database is wild solution. I guess you could have opted for free bitwarden or keypassXC

Indeed, I could have chosen those or lots of other tools, even just the Notes app. But I’ve used the now free standalone version of ninox for a lot of personal stuff so am pretty familiar with the basics, I have it, it works, it’s not controlled by an outside entity, and I can modify to meet whatever oddity I need accommodated.

But yeah, a bit of an “out there” solution to be sure.

 

[maflynn]

Dashlane may want to change their website 😳

Dashlane explains how attackers managed to download encrypted password vaults
Password manager Dashlane says hackers stole some customers’ password vaults

 

[MacBH928]

Dashlane may want to change their website 😳
View attachment 2635230

Dashlane explains how attackers managed to download encrypted password vaults
Password manager Dashlane says hackers stole some customers’ password vaults

haha i never trust those "vague" corpo products. My gold standard is always the community choice (hence bitwarden). and although i do not know how it works, one could at least put effort that if anything had to work right in an online password storage, it must be cyber security. Then again, I heard that nothing is bullet proof so idk at what you blame the developer.

In other good news, Enpass seems alive as they have released an update recently. I thought they might go belly up.

-

this comment reminded me fo @bradl strategy not to trust other's servers.

 

[cubbie5150]

^^Yup, local storage of my vault continues to be **THE** deal-breaker for me when it comes to considering a password app. If I have to store my vault on someone else's server, I won't be using that app, no matter the features it offers.

I know Enpass is far from perfect, but I am glad to have bought the lifetime license more than 3 years ago now.

 

[svenmany]

^^Yup, local storage of my vault continues to be **THE** deal-breaker for me when it comes to considering a password app. If I have to store my vault on someone else's server, I won't be using that app, no matter the features it offers.

I know Enpass is far from perfect, but I am glad to have bought the lifetime license more than 3 years ago now.

Do you bother with off-site storage?

Some people physically transport a copy of their vault to an alternate location. That's not an option for me.

 

[eltoslightfoot]

^^Yup, local storage of my vault continues to be **THE** deal-breaker for me when it comes to considering a password app. If I have to store my vault on someone else's server, I won't be using that app, no matter the features it offers.

I know Enpass is far from perfect, but I am glad to have bought the lifetime license more than 3 years ago now.

I really am debating Enpass again. I had it at one time.

 

[MacBH928]

^^Yup, local storage of my vault continues to be **THE** deal-breaker for me when it comes to considering a password app. If I have to store my vault on someone else's server, I won't be using that app, no matter the features it offers.

I know Enpass is far from perfect, but I am glad to have bought the lifetime license more than 3 years ago now.

so far the ones that let you sync locally or your server:

• EnPass
• Codebook
• KeePassXC
• Roboform
• mSecure
• Keepassium
• Vaultwarden (setup your own private Bitwarden cloud)
• StickyPassword

Do you bother with off-site storage?

Some people physically transport a copy of their vault to an alternate location. That's not an option for me.

i think its part of the 3-2-1 backup procedure

I really am debating Enpass again. I had it at one time.

unfortunately, they took out their licenses option and with much respect, unlike 1PW, they honored it and i still get updates. Understandably, i can see how one time payment wont sustain a continuously updated app financially.

If you opt for the 3 year plan you can get it as cheap as $17/year , try to hunt for a promo code maybe you can get it for even cheaper.

 

[eltoslightfoot]

so far the ones that let you sync locally or your server:

• EnPass
• Codebook
• KeePassXC
• Roboform
• mSecure
• Keepassium
• Vaultwarden

i think its part of the 3-2-1 backup procedure



unfortunately, they took out their licenses option and with much respect, unlike 1PW, they honored it and i still get updates. Understandably, i can see how one time payment wont sustain a continuously updated app financially.

If you opt for the 3 year plan you can get it as cheap as $17/year , try to hunt for a promo code maybe you can get it for even cheaper.

I have a cloud server, so I am debating setting up a vaultwarden instance.

 

[berb]

In other good news, Enpass seems alive as they have released an update recently. I thought they might go belly up.

Thanks for the heads up. I have a legacy lifetime license, tried Enpass again, and like the new UI. But that's subjective.

 

[svenmany]

i think its part of the 3-2-1 backup procedure

Yes. Many people who discuss backups consider offsite storage to be an important part of that. I do. On the other hand, many people look for password storage that only uses local vaults. The natural question arises about how such a person manages offsite storage of their vault. If a person insists that the storage of the vault only be local, like @cubbie5150 seemed to do, then the vault must not be copied to an offsite backup server.

Years ago, before 1Password provided their own servers, I stored my local vault in my Dropbox folder. That synchronized it to what might be considered an relatively insecure offsite server.

Since you somewhat responded to my question about offsite storage (and most people don't when I ask this question), what do you think? Do you think it's OK to have your vault only in your home and portable device? I do get some comfort knowing that I'll probably have my phone with me in the event of a fire. But, a fire in the night with a quick evacuation without my phone could leave all my passwords lost if I didn't have some offsite redundancy.

Intuitively I consider 1Password's servers far safer than Dropbox. I think of their servers to be a par with other servers that off client-side only encryption (where the server owners have no access to your data). Services like Dropbox, OneDrive, and Google Drive don't provide that for home users.

 

[MacBH928]

Since you somewhat responded to my question about offsite storage (and most people don't when I ask this question), what do you think? Do you think it's OK to have your vault only in your home and portable device? I do get some comfort knowing that I'll probably have my phone with me in the event of a fire. But, a fire in the night with a quick evacuation without my phone could leave all my passwords lost if I didn't have some offsite redundancy.

Intuitively I consider 1Password's servers far safer than Dropbox. I think of their servers to be a par with other servers that off client-side only encryption (where the server owners have no access to your data). Services like Dropbox, OneDrive, and Google Drive don't provide that for home users.

the idea of offsite storage is to store in another physical place and i do not have that kind of place but others do. Also its inconvenient because you have to go back to that place, do the backups. As for online, there are zerio knowledge cloud services like ProtonDrive and Filen.io , if you upload you encrypted vault that double encryption at 16 characters per password/phrase its near impossible to crack not to mention , unlike 1pw servers, someone has to target your account personally for that vault.

another solution is to use cryptomator or veracrypt, now its behind 3 encryptions.

 

[svenmany]

the idea of offsite storage is to store in another physical place and i do not have that kind of place but others do. Also its inconvenient because you have to go back to that place, do the backups. As for online, there are zerio knowledge cloud services like ProtonDrive and Filen.io , if you upload you encrypted vault that double encryption at 16 characters per password/phrase its near impossible to crack not to mention , unlike 1pw servers, someone has to target your account personally for that vault.

another solution is to use cryptomator or veracrypt, now its behind 3 encryptions.

Probably there will be some large exfiltration of data. AI would make short work of it, finding the high-value stuff quickly. Servers which hold information that is mostly not password vaults would be a target I would choose, since there would be so much unprotected content. The vaults would be nice little extras, just part of the haul and quickly singled out.