The sorting for one thing. The feel of use, something was amiss. I couldn't tell you exactly what. It felt like something was missing or not right.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
Enpass needs a lot of polishing and the devs do not seem to care to fix it. Even worse, it doesn't seem to be picking up in popularity which means it will only slowly die. Its a little bit obscure.
I really wish for it to be the 1PW alternative but honestly its just not as good especially in the intuitive department.
So does this mean you are going back to 1PW?...Sorry, but I couldn't resist.
Yesterday, you should have posted you were going back to 1PW. It would have been a good April Fools' joke.
Everyone is entitled to their opinion, and folk get used to what they are using, so changing is a challenge sometimes.
For what its worth Strongbox works fine for me.
No extension is used for autofill so no extra security target vector caused by using a browser extension.
I can sort by custom, username, email, date created, date modified, alphabetically, reverse alphabetically. All the entries in the Database can be grouped (if desired) into custom grouping folders...I use this grouping to put different data into categories I made up like Finance, Notes, Streaming Services, IT providers etc. so plenty of sort options for what I need.
Try running it for just a half dozen logins, while you keep your existing PW manager, and you might find you get used to it and you discover the features it has. I found this a good way to initially transition to a new PW manager (before migrating everything) when I dumped 1P
There's more than one angle to 'autofill'. First of all: Apple's implementation has drawbacks, such as Apple's own app asking about every input if autofill is enabled. In all things autofill Apple is restrictive and it's slow-moving.
For browsers other than Safari, Strongbox does have extensions.
It's great as a passwords app and it's great as a KeePass client.
I wish it'd do less with autofill though.
So does this mean you are going back to 1PW?...Sorry, but I couldn't resist.
Yesterday, you should have posted you were going back to 1PW. It would have been a good April Fools' joke.
Actually 1PW is a very good password manager, might be the best, but I will never bend over for their unethical business tactics!
I'm toying with the idea of giving 1Password another shot. If you recall I wasn't terribly upset over the changes that were announce that produced this thread. I did eventually move over to Bit Warden.
Its documented in another thread, but my twitter account was hacked, and I lost access to it. Long story short, I was using a compromised password and while the tools that bitwarden provided helped. I think the increased reporting/oversight of ensuring I don't reuse passwords, or using compromised passwords may be a reason for me to return.
To be fair, bit warden provides some of his reporting, but its not really built in for easy access, I'm sure of its as comprehensive as 1PW. I want to compare/contrast and decide which tool works best.
I'm not down on Bit Warden, I take full responsibility for using a bad password, but I've come to realize password managers have a glaring weakness. If you don't audit and manage your passwords regularly, then you never know how weak they may be. Having tools to easily manage and audit your usage are just as important
Its documented in another thread, but my twitter account was hacked, and I lost access to it. Long story short, I was using a compromised password and while the tools that bitwarden provided helped. I think the increased reporting/oversight of ensuring I don't reuse passwords, or using compromised passwords may be a reason for me to return.
To be fair, bit warden provides some of his reporting, but its not really built in for easy access, I'm sure of its as comprehensive as 1PW. I want to compare/contrast and decide which tool works best.
I'm not down on Bit Warden, I take full responsibility for using a bad password, but I've come to realize password managers have a glaring weakness. If you don't audit and manage your passwords regularly, then you never know how weak they may be. Having tools to easily manage and audit your usage are just as important
I can’t comment on either 1Password or Bitwarden as I have never used either of them. However, I use Codebook that checks every password you enter for weaknesses. Additionally, for macOS and iOS it reviews passwords with HaveBeenPwned.
As I keep my password vault local, and it is nowhere to be found on the internet, I’d bet that Codebook is at least as secure as 1Password or Bitwarden. And Codebook is available to buy for $19.99 for macOS and $9.99 for iOS, versus $2.99/month for 1Password.
-Looks like Bitwarden indeed does not have a feature to check the strength of the password but the general rule is 4 random words
-This feature is not worth $2.99/m for me
-I think the $10/year pro subscription for Bitwarden has this feature
-I do not think you password was compromised. What I understand is "hashes" (whatever that mean) gets leaked and they can't match them with a specific account so they are near useless
-I think your password was too easy that it was brute forced into your account.
-Twitter provides multiple ways to regain access to your account.
-
If the continuous compromised password monitoring is important to you then I can definitely see why 1PW's monitoring functionality (was it called Watchtower?) would be appealing to you.
I don't follow what you're saying about password reuse. If you run an audit from the web vault and clean up any duplicate passwords then wouldn't the odds of generating a duplicate of one of your existing passwords from their random password generator be incredibly low (especially if you included numbers and symbols)? I never pick my own passwords. I let BW do it.
Strongbox does an automatic audit of my vault every time I open. It also prompts for me to do a backup every 2 weeks.
I haven’t had a problem with reused passwords for Strongbox or Bitwarden.
edited to add: Bitwarden keeps track of compromised passwords, reused passwords, or weak passwords in the report section on their web login.
I haven’t had a problem with reused passwords for Strongbox or Bitwarden.
edited to add: Bitwarden keeps track of compromised passwords, reused passwords, or weak passwords in the report section on their web login.
Attachments
Last edited:
I hadn't run an audit, and since filling in the passwords is now handled by the software, I was unaware (in a neglectful sort of way). It wasn't a huge issue, but one that I assumed that I had already cleaned up, but had not
Yes, but the app doesn't seem to have that reporting feature, and I rarely log into the website. I think you need to have those reporting tools at your tools at your fingertips.
Actually you're wrong. The password is being reported as exposed via databreach.
I think monitoring should be part my overall workflow of managing passwords. Auto generated passwords of course mitigate this aspect, but we all know there are passwords that are a poor fit for that.
That drives me nuts.
Me: Here's a password of many random words with symbols and numbers sprinkled in.
Them: Please limit passwords to 10 characters with only these characters.
How did your password get exposed? I am on twitter I didn't get any emails. Also every time data gets leaked they say its just the hashes, no passwords were exposed.
I got a warning on my plex account (Enpass) that it has been exposed. Never changed my password. Everything is still fine.
idk why the limit the characters. The other thing that bothers me is when they ask 1 capital letter, 1 symbol, 1 what ever... when the truth is a longer password is more secure. As someone who built the security system he already should know this.
I guess from a data breach ¯\_(ツ)_/¯
Doesn't really matter - someone was able to use that password and steal my twitter account. Do I really care if its a hash or the actual password? No not really.
I think if anything, this has been a good lesson, but not a painful one, since I didn't really use twitter, and I've tightened up how I do things.
If the hash was leaked a longer password might have prevented the breach. If the password itself was leaked no password audit in the manager, maybe except "Have I been pwned" could have protected you.
I care. I want to know how it works so I can protect myself. So far I have been comfortable about breaches since every time a breach happens they say its just hashes and they can't do anything with it.
If you want to protect yourself completely and not worry about hashes and the like, use double blind passwords. Problem solved.
It really is immaterial that its the hash or the PW - the point is that my password is compromised. I'm not sure why you are hung up on that. I think its great that you want to learn more about these things and improve your knowledge, don't get me wrong, but at the end of the day, it doesn't matter how people have the password - its compromised.
I would read this post before going back:
1Password has/ had a nice UI and better marketing. I can't see a reason to use it over any other password software.
It is inconsistent in its UI, in proposing passwords sometimes, sometimes not, sometimes saves passwords you generate, sometimes not.
The new UI is an Electron mess. Regarding Electron, it uses way too much resources for sitting in the background. It is causing lags, sometimes it needs 20 seconds to show anything if you press the browser icon.
And the main reason, using Electron because yay cross platform isn't true because the Windows experience is also very bad.
You don't have control over your passwords anymore because they are on their servers, so it is just a matter of time till something happens to them. They are the big player now so they will be also the biggest target for hackers. Just look at Lastpass.
Thanks, I'm reading through that thread right - seems like a new thread.
I bought 1 month's worth of subscription and I'm going to see how I feel about it as I use it in my day to day. I'll probably start or use a different thread as this topic is about moving on from 1password
So far I've only used the windows version of 1password, and for the moment I'm not experiencing any lags.
I've got to say I have not had any issues with resources being hogged any of my computers, Mac Studio, MacBook 14" M1, 2 Mac Mini's Intel and a PowerMac 2012. Shows minimum resources being used when I am not using the program. I have never had issues with either generating passwords or saving them. New passwords pop up in a blink of an eye and every password that is new gets saved, never had one not save.
UI is in the eye of the beholder, I like iPassword's interface, maybe because I have been using it since version 2. But I have never had an issue. Can't speak to the windows interface, I only use a windows machine when I am at work and I can't install any software on that machine and they don't use iPassword for password management.
It seems to me that Lastpass has been hit, I think at least two times, because they don't take security as seriously as they should. There is no reason that iPasswords servers will be easy or easier to hack just because they are a bigger player. Also the information on their servers is encrypted end to end so unless the hackers have my password they can't decrypt the information. Nothing is perfect but I feel pretty good about how they are storing my information.
They also have the exact same thread for Bitwarden. I bet if I look at the other Reddits for password managers, I’ll find more.