They made the standalone license almost impossible to find and get, forced a subscription on users, and made the password vault storage online for the subscriptions. Now this self-hosting survey comes as a surprise, and it would be of some relief if/when it’s implemented.
I do wonder how the licensing and pricing will be handled though.
Bitwarden officially allows self-hosting for the personal use tiers, but it seems to have some license purchase requirements even for the self-hosted options (other than the free tier).
Is there any password management application out there that makes sharing passwords or password vaults easy but is also free? I’ve looked at KeePassXC and Bitwarden. The former isn’t easy to use for sharing and sharing permissions. The latter doesn’t offer sharing among more than two people in the free tier.
> Is there any password management application out there that makes sharing passwords or password vaults easy but is also free?
For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
// Pre-emptive “edit” before this comment has replies: Folks post a lot of arguments for “free” software any time there’s a comment such as mine — but justifications largely feel like post-hoc rationalizations conflating freedom of information and ideas with freedom from paying for value, ret-con’d stories we tell ourselves. I call BS — unless one is independently wealthy, to spend maker time on art or craft requires one to either earn money or enjoy patronage. Tools for work are more craft than art, and deserve to earn, especially as patronage or maker communes are in short supply. Not to mention the exercise of ethnocentric privilege implicit in demanding something of quality in exchange for nothing assured.
I agree to the payment. I disagree to the subscription model.
I absolutely would try to hook users on any SaaS. However, I go out of my way to avoid such products. If I can pay for them once, I much prefer it. (For something like jetbrains, I'm okay with a renewal fee because if I choose not to pay it, I can still use the older version.)
I make an exception for Bitwarden because I like the idea of my password manager having continual security updates. However, it's one of the most frustrating parts of the webification of services - I want to pay for things once, and choose if I want the expanded features at any given time.
You know, I bought 1Password version 3 licence. There’s the support. Fast forward some time and the software started recommending that I uograde to version 4. After installing it, the software told me that it requires subscription from here on. It was almost impossible to roll back to version 3. I ended up switching to Unix pass.
Similar story here. Slowly moved over to Bitwarden. UX almost as good and works well enough on all platforms. Chose Bitwarden for the company afterwards as well, only positive feedback.
I would have moved from 1Password to Bitwarden as well, but I stayed on the 1Password ship for its native app. May reconsider now, as they are moving to electron.
But in cyber security based software woulden't you need constant updates against new exploits? In something like Fusion 360 or Matlab or office I agree, if you dont need new features you shoulden't pay for updates.
> For something like jetbrains, I'm okay with a renewal fee because if I choose not to pay it, I can still use the older version.
110% agreement.
Further, the only thing I like less than subscriptions is IAP not of new feature sets but ‘pay-to-play’ where the mechanics of use are negatively distorted to gamify purchase impulse.
I’ve argued — here, since inception of IAP on Apple’s app store — that the worst thing Apple has done to consumers was normalize removing the ability to show only single purchase paid apps in the app store. An vast class of less fortunate consumers either resign to less utility or waste time on an artificial “grind”, to encourage another class of “whale” to drive corporate revenues.
I don’t mind extracting cash from whales who can afford it. I do have a problem inflicting artificial digital scarcity of utility or enjoyment on the masses to create the ‘hook’ for whales.
As for subscriptions, it’s not clear to me that the treadmill of software/hardware upgrades is benefiting core use cases.
I like paying for generational or disruptive change, “voting with my wallet” on what’s of worth to me, but after a couple decades of purchasing generations of Adobe software only when the features mattered to my work, I moved from Adobe to e.g. Affinity and feature sets I own instead of rent when these recurring subscriptions don’t appear to meaningfully benefit my productivity or output.
For instance, it’s remarkable to me how similar the principles are between today’s (re-)emergence of Markdown for document composition and the early WordStar / WordPerfect / AppleWriter tools of the 80’s. I also like the experimentation by these Makers in ability to purchase a ‘pinned’ feature set, or support ongoing refinement. (Editors whether text or code, like JetBrains mentioned, seem to have a jump on this clever — and rare positive — use of IAP.) It’s difficult to show what increased utility of word processing has come from the most recent 20 years of paying for word processing upgrades. Today’s dev efforts suggest the sweet spot may be 30 years back.
The flip side of this, economic models are still dissatisfying for affordability of basic bricks and mortar world rights such as housing. The least worst answer appears to be rent (with a dystopian jag into ad-supported!), and it may be the least worst for software is rent as well.
Except when the ongoing annual software rents have risen to the same cost as one-time purchase (again, Adobe!), contrary to bricks and mortar where the over under is often 7 years of possession and use.
Back to artificial digital scarcity — I’m concerned that advertiser funded access to quality writing is losing ground to monthly subscriptions for content. Are less fortunate kids going to be able to subscribe to NY Times, WaPo, Atlantic, Guardian, National Review, American Spectator, and so on, for $5 a month each? (News aggregations such as Next Issue could resolve this, but even as Apple’s “News+” this struggles.) Even more dissatisfying when a print publication goes down the same path as cable, first charging for something that was free, then eventually layering in the same ad content as when it was free.
Artificial scarcity based IAP, data-broker supported (ad supported is fine, individual data for content is not), and the descent into the ironic sounding “gacha” model for software or content happy meals (utilities, clickers, news, etc.) — something thoughtful has to shift before we’re living in a future less Roddenberry than Idiocracy.
With applications however you are using your resources only. If you use a web app you are using their resources which they have to pay for continuously in perpetuity. To expect a one time fee for that and forever updates just isn't feasible. There is software out there for free that does what bitwarden does. KeePassX for example, so it's not like there aren't options.
> I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
It's about freedom, not about price.
I will not shape my life and habits around software that can be discontinued, or suddenly changed so much that it breaks my workflows. I will not use software with proprietary formats or which has dependencies on external "cloud" services that can go away at any moment. I don't need that kind of aggravation.
Happy to pay any reasonable (or even slightly unreasonable) money for software, not an issue. Sell me each version as a stand-alone application that I can run forever without any external dependencies and I'll pay for it.
Try to lock me into a subscription model and/or make the functionality dependent on an external server, that'll be a hard No. Even if free.
With 1Password, the subscription is really expensive, and I’m afraid that the bloat the company is stuffing into the product is weakening the security. Frankly, they make too much money.
I’ve found enough bugs in the Mac product that I assume there are security issues I’m not aware of.
A 1Password subscription costs $36 a year. Their previous standalone product cost $50 per desktop OS you wanted to use it on and had a major version upgrade you needed to buy again about every two years.
If you needed it on both Mac and Windows, the subscription was cheaper.
For me it’s the feature tiering and price discrimination that turns me off. I end up paying too much (total cost over 5 years) for too little. If you look at the business pricing it’s even dumber.
The $2 billion valuation of 1password tells the entire story. They’re overcharging for what they’re providing and I think tech people can “feel” that which is why tech communities hate the subscription BS.
I don’t really think $8/user/mo for Business is overcharging compared to Slack which quickly gets into $30+ per user per month in larger shops where Enterprise Grid is required for its features.
By your argument why can’t I buy that and self-host it too, decide if I want to upgrade for more features myself?
I also think $5/mo for 1Password for Families is incredible value. Zero regrets on paying for this because it meaningfully enhances my families personal security posture through elimination of reused credentials and enabling TOTP (sharing of code generation) on many sites we use, that it is cross-platform so no excuses for everyone to not use it, and the UX is so simple you don’t need to be “tech people” to succeed.
How much you charge and how you charge is definitely divisive, but 1Password feels very much on the cheaper end of the spectrum, not “overcharging”, heck Discord Nitro is $5 (Classic) or $10 and gets you very little by comparison IMO.
>enabling TOTP (sharing of code generation) on many sites we use
Are you generating TOTP codes via 1Password or something? That seems like a degradation of security. I did a cursorary search and didn't find mention of 1Password providing such a "service".
It isn’t a degradation of security, in my opinion, it’s an upgrade, when certain accounts are involved.
For these shared accounts, such as those used by my family, and on services which don’t support account-per-person in an “organization” or “household” sense, this still provides for TOTP in a way my spouse and I can both login. Ensuring just the loss of the password isn’t enough to compromise the account is an upgrade vs. not having TOTP enabled.
Where we can both have our own accounts and use U2F tokens that’s a better story, clearly, but 1Password having this functionality is great!
I don't understand how it's not a security degredation. The point of TOTP is to make access of the service dependant on something you must have phsyically (and isolated from the internet) on you. An attacker that manages to exfiltrate 1Password data has everything they need to access the service if TOTP is part of their offering. Where as all users with TOTP on their phone would have an additional layer of protection.
Even by that blog post, they have to go out of their way and clarify that using this feature means you are not longer using two-factor authentication.
> For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
Yep! People see open source as a goal, rather than a sustainable product being a goal.
> For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
GP here. I agree that all software developers and maintainers need to earn an income for their work. It's just that you don't know my circumstances, my geographic location, and the constraints I have to deal with when posing such a question. Believe me when I say that I have some real constraints that cannot be surmounted on this particular front. I don't like my circumstances, but that's just how things are right now and there's nothing I can do about it.
My guess is it's over confidence, at least in my case. Often I feel like "I could do that!" Now having tried a few times I'm more willing to pay for tools, especially non-subscription ones.
There is a lot of merit to free software and open spurce spftware but in this or other cyber security cases, I would prefer a paid option that makes it clear where the devs are getting thrir money from. If it is free, than the user is the product.
Nope. "Password Storage" should not be a business that exists in the form of "if you don't pay for good password storage, you're not allowed to have it." Especially if it involves storing your password with a third party.
The technology to store passwords safely has a marginal cost of zero (it's software). People storing passwords in third party places increases the threat surface, always. Finally, it's "ecological" in that safety/security of this sort needs to be evenly distributed to work its best.
I'm not saying we shouldn't pay people to make things safer, we absolutely should. But this is a bad model for it.
It's not really different or separate from the whole "Free Software/Open source" thing; there's no easy answer.
Though there's enough potential public harm such that looking at "public health" models is not a bad idea. Most places you don't have to pull out your wallet to get a Covid vaccine, you shouldn't have to pull out your wallet to get good password safety, for roughly the same reasons -- the harm from one "infection" can spread quickly.
I'm surprised by these sweeping assumptions of what the HN audience is.
> relatively well-paid profession earning good wages from creating software
AFAIK 1password doesn't practice location-based pricing, so how can you assume that "relatively well paid" people from different geographies of the world can all find it affordable?
> Not to mention the exercise of ethnocentric privilege implicit in demanding something of quality in exchange for nothing assured.
Whoa! Knowing nothing about the OP you assume that he is the member of the oppressing class clamoring for the output of his slaves? And, since you're writing this in English, I think it's safe to guess you're assuming the person you're attacking is a white, so you're basically accusing this guy of being an entitled white who can't give up his slave labor
I was with you on the rest of the post but charges of "ethnocentric privilege" are a weird, racist escalation hiding in academic terminology there bud
Occam's Razor applies here: everybody likes free shit. This isn't a property unique to the evil whites
>In common usage, it can also simply mean any culturally biased judgment.
Also relating to the "Global North" (who it's very likely that any given poster here belongs to) and "Global South", which don't have anything to do with skin color.
Given you've created a throw-away to comment this, I suspect you know you're actually the one making a "weird escalation" and are aware that you're race-baiting in a non-genuine manner.
> They made the standalone license almost impossible to find and get, forced a subscription on users, and made the password vault storage online for the subscriptions.
1Password recently raised $100 million at a $2 billion valuation.
Looks like they're going down the Dropbox path. Shame as 1Password used to be one of my favorite apps.
You can indeed, but only if you accept what follows. You will be in charge of maintaining critical infrastructure, as well as keeping it safe from attackers.
My biggest complaint about the 1Password8 situation is that i've been "self hosting" version 7 for years using iCloud sync, and it has worked perfectly. I have my 1Password vault on every device for "free". With family sharing in iTunes, i had it for every family member for "free" as well.
With version 8 they're taking that away, and instead trying to push me to a $5/month subscription that essentially does the same thing.
I have faithfully purchased every version up until now, and had they kept local vaults/iCloud sync i would have purchased the next one as well. As it is now, self-hosted or not, i will be looking for something else. Afterall, all i really need is an encrypted file on a cloud share.
Unix Pass would be great if it didn't leak information about which sites you have logins for. "Easily" fixable by using Pass Tomb, but sadly that's not available on iOS.
Totally agree, and I notice a lot of people just blindly go down the hosting Vaultwarden route. There's a trade-off that everyone needs to consider, and much of it depends entirely on their skill level.
Having said, I'm all for self-hosting and I hope it continues to become prevalent.
I'm also all for self-hosting, but there's a difference between hosting things for your LAN, and hosting things available on the internet.
Most people have no clue about the amount of work required to runs things in a secure, redundant and resilient way. And no, a RaspberryPi in the corner, running on your LAN probably won't cut it. At least not for me.
I do this, works perfectly for sharing common passwords among my family (streaming services and utilities mainly).
I moved from 1Password, and my main gripe with Bitwarden are the apps aren't as polished. If it's not too expensive I'd consider switching back (1Password family is $60 per year, so I assume this will be less).
I'm paying for a Bitwarden subscription because I want to support their product and their vision. But I don't know, time passes and some much needed improvements don't seem to arrive.
The most glaring issue (for me, anyway; I fully understand I'm just a sample size of 1!) they have is relying on the pop-up UI of the browser, which I guess is stateless (state is lost when the popup closes, it seems?). The decision of using this UI was already wrong from its inception, IMHO, not sure why they thought it would be a good idea. But more surprising is that they haven't yet moved to the much more reliable and user friendly method of opening their UI on a new tab, which was a no brainer when using LastPass. Oh well. They said to have this in the backlog, so hopefully it gets some attention sooner than later... but in the meantime the end users are faced with silly issues like this, software that loses user data should not be a concern in the first place, and for sure they won't care about some technical explanation about how the browser handles pop-up windows.
Tavis Ormandy (of Google Project Zero) has a pretty convincing post arguing that relying on browser extensions that modify the DOM (which includes [almost?] all password managers) is a bad idea: https://lock.cmpxchg8b.com/passmgrs.html
(he recommends using your browser's built-in password manager, which isn't as convenient but is much more secure)
It'd be ideal if browsers offered standard hooks into their password-filling mechanisms. Let the password managers volunteer "I know a password for this site!" and fill it through the browser's standard UI.
Basically, I want the browsers to implement something close to what Apple has for password management on iOS. Ideally go a bit further and expose hooks for creating/saving a new login, too.
Unless they already do this, and nobody has actually taken them up on using it?
That's an amazing idea! Do you know if any browser vendor has this concept even in the radar? It would be very cool that password managers were able to do that: manage passwords, and not have to deal with each browser's idiosyncrasies which if you think about it, is just a distraction from their actual mission of being a password storage.
iPhone does this already. You can choose from different password managers (I use built inn and and old version of 1P). So works on safari, but also other apps that I assume use some standard password field.
Now that you mention it, that would a fantastic idea; create an extension that exposes some sort of API that the browser can tap into to load suggested credentials for the current domain.
I guess it makes sense, but it's a very very unhelpful suggestion... we're painfully and slowly moving in the direction of teaching users how passwords are less and less useful as long as they are not random, so the ideal alternative is having all random passwords and using a vault that remembers them for us.
But this whole proposition totally breaks if I store my Amazon password in Chrome at work, and then later I cannot access it in Firefox at home, or the native app in my Android phone.
The clipboard is not exactly a secure channel. Browsers need to catch up to mobile and provide dedicated APIs for password managers to hook into so they don’t have to interact with the DOM.
It gets worse. Their browser extension doesn't work when using a private window in Firefox. The GitHub issue[0] around it was raised in 2017. They've been blaming Mozilla for deprecating and subsequently removing an API. It's pretty ridiculous.
Good idea! I'm however limited here by the fact that (Firefox at least) only one sidebar can be open at the same time. And for me that's occupied full-time by the fantastic Tree Style Tab extension. I would definitely find it useful if more sidebars could be open at the same time.
I had the exact same experience. I don’t want to care about the app UI etc but when you use a password manager as often as you do it really matters. Not to mention selling the idea to less tech-savvy family members, it really does have to be as simple as can be.
I self-host Bitwarden_rs and use the client apps on Windows, Linux, and MacOS. To me, the UI seems very usable, polished and attractive. It doesn’t seem that different from 1Password, which I switched from a few years ago. What exactly about the UI needs improvement?
I'm a 1Password user right now, but I've tried self-hosting Bitwarden_rs and like it very much.
The one killer feature which is preventing me from switching is the ability to use multiple self-hosted servers at once (so I can separate family vaults from business) [1], but "client profiles" are likely to be implemented some time soon [2].
Now that I've learnt that local vaults are going away in 1Password 8 [3], I'll probably make a move to Bitwarden sooner rather than later.
I thought there were some features missing from vaultwarden compared to bitwarden. I think the one that stuck out to me was lack of AD integration. Any chance you’ve seen a list of what is and isn’t in vaultwarden? My search hasn’t turned anything up. Maybe they’re at feature parity now?
Good to know, extensions always feel like the weak link in password manager security (again, not a developer so happy to be proven wrong here) so I don't use them. I always just copy out of the desktop app (Ctrl + P), still a really fast keyboard-only workflow once you get used to it.
The mobile apps were the primary problem for me. Regrettably it was long enough ago that I can’t remember all the details but I’m pretty sure at the time it didn’t support TouchID for one.
I'd say give it another try sometime! The mobile app (I've only used the iOS version) is very usable and has FaceID support for those that want it. Also, safari can work with the app to pull passwords quickly.
I'm just really grateful this project exists. I've tried most of the major password managers out there and I feel like BW/VW is the clear winner, especially if you're willing to host your own server. If not, their pricing for an annual personal account is incredibly reasonable.
I find this surprising. I’ve been using Bitwarden for a few years now… the mobile app is easy to use. They even make MFA painless by automatically copying the code after the password is entered. The browser extensions seem to work fine too. Perhaps the web app is not as clean, but I rarely use it.
That lack of polish and lack of improvement over the couple years I used Bitwarden are why I switched back to 1Password. Being open-source is not a free pass to ignore issues like that.
When looking into KeePassXC, did you specifically look into the KeeShare[1] feature? As long as you have some common place to read/write a file, you can share a subset of your credentials. I agree this is not as easy as hosted solution like Bitwarden, but KeePass was always designed to be a non-hosted solution, so I think this is about as good as they can do.
GP here. Yes, I did look at the KeeShare feature, and that's what I had in mind when I said seemed not as easy to use. I'll have to read more and try it out practically.
I don't want to selfhost anything. I've spend enough years doing that. All i really need is an encrypted file that can be synchronized using a cloud of my choice.
For me its the opposite: Having Bitwarden separate (selfhosted or even their hosting) let's me even more iCloud services to become less reliant on Apple.
I've used pwsafe[1] for years, maybe over a decade. Multiple platforms supported, although macOS and iOS versions are paid (one time payment, no subscription). Store your vault anywhere you want.
> I’ve looked at KeePassXC and Bitwarden. The former isn’t easy to use for sharing and sharing permissions.
For a while, I used KeePassXC work my encrypted database file checked into my Dropbox storage. That allowed me to sync my passwords between devices but not give the cloud provider any way of knowing the passwords (since my KeePassXC master password was not stored anywhere besides in my brain). Unfortunately, Dropbox eventually changed their Android app so that synced files no longer were stored on the local filesystem, so adding a new password from Android or getting the new passwords from other devices would require manually uploading/downloading the file through the Dropbox app. I somewhat suspect this change was due to Dropbox eventually adding their own password management functionality to the app, but I didn't consider that until later, so I'm not sure how the timings lined up. In age case, after weighing my options I ended up deciding to just switch over to Bitwarden. (The migration was extremely easy; I was able to export the KeePassXC database file locally to XML file and then import that into my newly-creates Bitwarden account without any issues).
Personally I don't recommend Enpass. They switched to a subscription model like every other password manager.
They don't host your data so have no recurring expense, I don't understand how they can justify the subscription model. They have no real innovation, they added an "Audit Feature" for an additional €26.49 per year.
Sorry; I didn't know. I got the "pro" version long ago for iOS and they have basically retained that (kinda upgraded for free as now I can use on all devices). I think it cost me $10 or something. So amazing for me.
Now the same deal is $80 which I think is still ok but on the high side.
I like their hands off approach. Password autofill/save etc are also far better than most other password managers (esp bitwarden).
I use it with a vault synced via Dropbox. I'd never given their subscription service a second thought. Didn't realize it was so hard to buy that option.
GP here. Yes, there is a standalone version, but you'd have to know specific incantations and rituals to find out how and where to get it. It's purposely hidden away from the homepage and other pages about the product and pricing.
Bitwarden is OSS and if you want to really not pay for such a feature, you can strip out the license check code fairly trivially. I think its a good balance.
Semi-related: this survey was announced alongside 1Password 8 for Windows early access. Apparently 1Password 8 for Windows uses Electron and there was some discussion about AgileBits wanting to move to the same architecture on all platforms.
Does anyone know if 1Password 8 on macOS will also be an Electron app? Their Linux Electron app is pretty good and definitely much better than having no 1Password at all. However, this would be a sad ending for what started out as a great, efficient, native Mac-only application.
I can understand why AgileBits would make this choice. For most users, Electron is probably not a big issue, if they'd notice at all. But as someone who loves native macOS apps, it just makes me sad.
Thanks for the warning about this. I was already disappointed in the direction 1Password has been taking, and moving to Electron would certainly be the last straw. It’s totally reasonable that they want to cheap out on the actual software and expand their business into more lucrative services, but it’s not what I personally want in a password manager. So hopefully someone else, maybe a lone develop that doesn’t need perpetual growth, will make a good, standalone, native Mac password manager.
Keychain itself is getting better and more fleshed out UX, but it’s still not flexible enough to trust for everything unfortunately.
I find I have to kinda budget how many electron apps I keep around, to keep things running smoothly. And that's assuming they're all halfway, sorta, well-written. That goes double for anything I might want to leave open, or open frequently. It also applies to "web app" tabs in my browser (even Gmail eats shitloads of memory and spikes CPU usage all the time for mysterious reasons, let alone things like Google Docs, and a bunch of SaaS dashboards are as bad or worse).
If an app is Electron, it gets an extra and fairly rigorous level of "do I need it? What are the alternatives?" treatment, for this reason. Native, or even QT, doesn't get that kind of in-advance scrutiny, since only rarely do they cause any problems, even if I forget about them and leave them on in the background for months.
Thank you so much for this recommendation! This looks like exactly what I hoped existed, basically 1Password without all of the striving to be more than an app. Also, I already have a SetApp subscription so the desktop version is effectively free.
Looks like you’re looking for a reason but none of that was announced or even hinted as happening on macOS. They have one of the best Mac native app, I doubt it’s part of their plan.
Before this thread, I never considered they might deprecate the native app, but there seemed to be a lot of premonition here that it’s on the horizon.
I wasn’t actively looking to find a replacement, but I was certainly not happy to see them taking venture funding. That’s great in some contexts, but explicit pressure to grow revenue enough to support 500 people and pay back a bunch of venture capitalists isn’t very conducive to writing quality software.
> maybe a lone develop that doesn’t need perpetual growth, will make a good, standalone, native Mac password manager.
How do you trust this lone developer? Password manager is all about security and having a motivation to chase money has more trust than someone seemingly doing it voluntarily.
And electron app, not sure why people still complain in 2021... unless you're machine is still running with 2GB memory...
Usability is so much more important than using extra 300MB of memory being electron.
I moved away from LastPass to 1Password as LastPass changed their app to Electron and it was immediately slower and less usable. On a 32GB RAM machine. But just things like resizing the window were worse. Not always true for Electron, but it made me change in this case.
> Usability is so much more important than using extra 300MB of memory being electron.
I don't know if it's more important, but certainly, Electron apps' poor usability is another reason to avoid them.
While there are exceptions, they tend to lack usable right-click menus, use odd font sizes (everything's too big), have UI elements that behave differently from the platform standard, and, of course, lag, all of which make usability suffer.
One reason I use 1Password is because it’s a native app. Electron apps never have the affordances of the platform, so are frustrating to use whenever you leave the “happy path”. Because it’s so heavily used this would be a reason to leave it.
Separately, Electron is itself a large piece of code and integrating it would increase the attack surface — of a piece of security code! Another good reason to switch if this comes to pass.
This would be a real shame. My only complaint about 1Password is occasional performance blips and slowdowns. Which seem to have been getting worse over time (along with unreliable browser integration). I can’t see how moving to electron on Mac would help that…
But the linux 1Password program is "electron" in name only; it's actually some kind of Rust program; I'm not 100% sure how it works but it's definitely compiled with cargo.
What does Electron in name only mean? Either electron is included or it isn't. Whether you are using Rust through native bindings or through WebAssembly does not really matter does it?
There's a chance it's using Tauri (rust) https://tauri.studio/en/ if it's truly not using Electron but a similar concept. However WASM builds in Electron would make more sense if they use the term Electron.
yeah I'm aware it contains chrome, I mentioned that much of the functionality has been moved out and is actually implemented in rust, this is verifiable simply by running `1password --log trace`
EDIT:
168MiB resident memory on my system (just checked).
Though it malloc'd (but never used) 32G, that's worrying.
Link below to the behind-the-scenes article. I have no experience using the Linux app so I'm not sure of the performance but a lot of the core seems to be written in Rust compiled to WASM which is the way it's now being done for their browser extension. Personally everyone keeps cribbing about electron but I hope 1Password has found a way to make good on performance
I understand that 1Password is a business and it’s their prerogative to make money.
In 2014 I switched to self-hosted password management with 1P and it changed my life. Today, my 1P vaults are a daily, indispensable part of computing. There are thousands of records and my overall security is dramatically higher.
Fast forward a few years and I heard that they had introduced a subscription.
Why?
It’s not their fault: everyone does it. But is this really a subscription service? The applications on my computer and phone have worked smashingly well for years. Is there enough of an ongoing need for development as to require a subscription? I’d rather pay a periodic upgrade fee as maintenance is required.
At the same time, independent and decentralized password management makes sense. I don’t want AmaGooSoft
holding my passwords to everything.
In any event, I will continue to use older versions of password management to save on the subscription.
Also, why should you lose access to features because you stopped subscribing? You paid for them and now you don't want to support future features. Why should you lose access to past ones?
Bitwarden_rs and keypassxc are what dominate in this space at the moment, with bitwarden_rs being the self hosted option directly where keypass is local but usually combined with file synchronisation software like NextCloud. Both are pretty good and get the job done without having to put passwords into another companies care.
> To clarify, in 1Password 7 we had two types of vaults: vaults used with the 1Password.com service and what we called "local vaults" or "standalone vaults" which were synced however you decided to, typically Dropbox or iCloud.
> Assuming we're talking about the same feature, then the answer is no, they are not implemented as the new releases do not have support for local/standalone vaults and 1Password 7 will be the last version to support them. The new apps rely on the server to perform a lot of the heavy lifting so we will not be adding support for local vaults as they existed in earlier versions. ...
"We took away a feature that let people not pay us a subscription for no reason and are now maybe gonna think about re-adding it but making it more complex to setup so nobody uses it and we'll get more money."
I used 1password for about ten years. Every interaction I had with the developers was pretty hostile. Even if they encouraged self-hosting and version-based upgrading instead of a SaaS, I'd still stick with a competitor. At this point I'm irrationally bothered by the fact that it's a 100+ staff company just to make a product that's no better than it was when they had 10 staff and is now more expensive.
> At this point I'm irrationally bothered by the fact that it's a 100+ staff company just to make a product that's no better than it was when they had 10 staff and is now more expensive.
Supporting more customers and larger scale is inherently more expensive, but I still don’t understand how the product feels like it peaked about 5 years ago and has been treading water ever since.
I don’t mind paying $50 or even $100 for a good password manager that I could rely on for several years. However, it feels like these moves toward subscription software are aimed at extracting $300 or more from me for the same time period, all while failing to provide a decently updated experience.
I do routinely pay $150/year or more for other software packages like JetBrains IDEs, but those are constantly updated. With 1Password it feels like the move to subscription was a step backwards in features with a huge step up in long term price. No thanks.
> I used 1password for about ten years. Every interaction I had with the developers was pretty hostile. Even if they encouraged self-hosting and version-based upgrading instead of a SaaS, I'd still stick with a competitor. At this point I'm irrationally bothered by the fact that it's a 100+ staff company just to make a product that's no better than it was when they had 10 staff and is now more expensive.
I have no idea why you're being downvoted for expressing your experience and opinions. So I will just add another data point to corroborate your experience and (probably) be downvoted together.
I've also been a long time user who paid for every upgrade, and every issue I had with them I received a hostile response or a completely dismissive one. Not sure which is worse.
This made me jump ship last year and now I'm a happy bitwarden user.
No, it's not perfect as you can see in others comments around here but at least I don't have the constant nag that their values are misaligned with mine: forcing a subscription model down my throat at almost 4x the amount of money that bitwarden asks with fading support for standalone licenses and local vaults.
Just to add another data point, I’ve been with them since almost day one and every interaction I’ve had has been very nice. They even got my data out of a backup when something weird happened when switching from a business to family plan. (I might be a weird edge case since my account shows as both family and business a custom domain).
I didn't want to respond while the thread was active because I didn't want to seem like I was advertising anything. I switched to BitWarden, personally. I am not saying it's better than 1Password (in fact, it's a little less slick in my opinion) but I was able to switch for free upfront, it works on all my devices, and overall the community of users seems much happier with the developers. This is not me saying "you should use it", just me saying "I ended up choosing it".
My wife's boss uses Dashlane, and I got the impression that was a pretty good choice if you were looking for ease of use for non-technical personnel.
I've never understood why anyone who takes security seriously would even consider a non-self-hosted (and non-open-source) password manager, especially after the recent Apple shenanigans. If it's not open-source and self-hosted then your security is entirely dependent on the good will of your provider. If they decide to screw you, they can. And it's not just the good will of the people running your provider today that you have to bet on, it is the continued good will of whoever ends up running your provider tomorrow or after they get acquired. It seems like a bad bet to me in the long run.
A self-hosted password manager really shouldn't be exposed to the internet. If you are making it accessible over the internet, it's a far greater security threat imo. You're just not going to be able to keep it up to the same security standards as a large production install, like what the Bitwarden folks have going.
Needing to VPN or SSH tunnel into my home network each time I need a password is far too inconvenient.
Not to mention the spared effort in not needing to regularly back up your vault or worrying about keeping the service available.
That is why the local vault option was the best in my mind, and then using DropBox/Resilio/etc to sync. It is very unfortunate that they are no longer supporting local vaults in the next version.
Publishing your vault of passwords on a public GitHub repository seems like a pretty bad idea, no matter how well you trust the client-side encryption code.
I'm no expert on the subject, but I suspect these password managers use a sophisticated mechanism of authentication (for accessing the vault) as well as encrypting of the actual contents of the vault.
The effect of this means that Bob's encrypted vault cannot be downloaded by an attacker without the attacker first authenticating to the server.
>Publishing your vault of passwords on a public GitHub repository seems like a pretty bad idea, no matter how well you trust the client-side encryption code.
If it's properly encrypted you can display your encrypted vault on a Times Square billboard and it doesn't matter, it's like that physics experiment[1], looks scary but there's nothing unsafe about it.
And why do you think that authentication + encryption is going to be more secure than encryption alone? Either way, there's a secret. If you know the secret you can access the data and if you don't you can't. The UI/UX trappings of the mechanism don't change this fundamental dynamic.
What does change the dynamic is if you allow a third party to control the code that you run.
You can use 2FA to encrypt. OK, it would be 2FE, not 2FA, but it's the same idea. Just encrypt using a Diffie-Helman key derived from a secret contained on a device. (Of course, if you're going to do this, you could just as well keep the vault itself on the device.)
> Further, allowing anyone to download my encrypted vault just feels really uncomfortable and unnecessary.
It is unnecessary. I said you could publish your vault on github and still be more secure than a third-party provider. I didn't say you should do this. Of course you should try to keep your vault away from prying eyes. But you should not rely on this for your security. You should only ever rely on one thing for data security, and that is the integrity of your secrets, which should be small enough to be stored in your brain or in a device that allows them to be used without being read (2FA/E). That's the whole point of encryption.
if it's not open-source and self-hosted then your security is entirely dependent on the good will of your provider.
It's because neither of these conditions are really true - you'd have to assume that source code is only way to assess the security of software and that end-to-end encryption doesn't actually work.
That depends on what you mean by "end-to-end encryption doesn't actually work". Of course E2EE works in principle. The problem is: how can I know that the code I am running is in fact a properly implemented E2EE system if I don't trust the vendor and I can't audit the code?
If you don't trust the vendor, don't let them handle your passwords, obviously. But the security properties non-open-source code are routinely analyzed and vulnerabilities found, etc. Plus the track records of the various solutions, a cartesian product of open/closed source, 'hosted' or not, etc speak for themselves.
> If you don't trust the vendor, don't let them handle your passwords, obviously.
The problem is you not only have to trust your vendor today, but you also have to trust them tomorrow. Every vendor is one acquisition or compromised senior executive or engineer [1] away from becoming untrustworthy even if they started out being perfectly trustworthy. Assessing present trustworthiness is hard enough. Assessing future trustworthiness is obviously impossible.
[1] They don't even have to be compromised. All they have to do is make a bad decision. Apple, the company that built an entire marketing campaign on trust, is now installing spyware on its devices.
Right, but this applies to big piles of security-critical software in general - a near tautology. It's really an argument in favour of my position that neither open-sourcedness nor hostedness are useful criteria in evaluating the security and fitness-for-purpose of a password manager.
No. If I trust the vendor today, and my code is open source, then I can control if, when, and how it changes. With closed source, the vendor can introduce a backdoor with every update. They can also force me to update by making the current code stop working by changing their servers. The potential for compromise due to an untrustworthy vendor is not zero, but it's vastly lower with open source.
If that doesn’t show how well they’ve hidden the IP7 self-hosted version behind dark patterns! A loyal user had no idea it existed and stayed on 1P6 because of it.
You have to upgrade from within the IP7 app but only if you downloaded from their site, not appstore.
I've been using the Bitwarden_RS, now Vaultwarden for a long time and love it. It's just the backend API implementation so you still use the official Bitwarden clients and extensions.
I've been self hosting 1Password for about a decade without any issues. There's always been a way around the subscription stuff. I honestly don't mind paying the subscription pricing, just didn't like the idea of storing my passwords on their service with everyone else's.
For a whole class of potential (if unlikely) situations, it shifts from me potentially being caught up in a mass hack, response to an overly broad warrant, etc to needing be targeted specifically.
Passphrase compromised? If they're hosting, you know exactly where to go to access my passwords. If I'm hosting, I can tell you that I use 1Password and my master password and I'm still _relatively_ safe in that you don't even know where to find a copy of my password database.
Encryption broken (whether algorithm or implementation)? If they're hosting, they've now become an _extremely_ valuable target as they're holding a bunch of paid-for accounts, credit cards, banking details, personal identity documents, etc. Not necessarily super-valuable in a one-off situation, but if you could grab a million password databases at once... Which wouldn't include mine, because it's off on my own server.
Legal abuse? An overly broad warrant could vacuum up every database in their possession. Presumably the government can't open the vaults, but if they _really_ cared how sure are you? Would you be comfortable not changing all of your passwords (but can't change your identity documents...) if the NSA asked for a copy of your database? If my data's never in their possession, then I'd need to be targeted specifically with a warrant.
For something I'm using to store all of my accounts, banking details (both logins as well as account and routing numbers), personal identity documents, MFA backups, key backups, software licenses, and more... my question for you would be more "Why would I take any additional risk when I don't have to?" I'd rather not be within the same blast radius as all the other 1Password users.
Edited to add: Also, outside of the "why don't I want my data sitting beside everyone else's", more generally with regards to a hosted option is where my data goes if I have any payment problems, and availability of my data being within my control (if my server goes down, I can fix it--if they have a massive week long outage I just need to twiddle my thumbs potentially without access to... anything).
> Passphrase compromised? If they're hosting, you know exactly where to go to access my passwords. If I'm hosting, I can tell you that I use 1Password and my master password and I'm still _relatively_ safe in that you don't even know where to find a copy of my password database.
The above argument seems to turn out the same even for cloud-synced vaults.
If Dropbox suffered a massive hack, the malicious actor could take all the *.agilekeychain and *.opvault files stored there, brute force the master passwords locally, and have potentially complete control over some people's finances and online lives.
Absolutely. We can kinda diffuse that risk out though if we have these files across a bunch of different services (some use OneDrive, some use AgileBits, some use Dropbox, etc).
Would we be better off if instead of one company like Equifax having _everyone_'s information, we had a company per state?
That all said, I actually self-host my (now KeepassXC because 1Password's push to cloud) databases on my own hardware, so for me it's truly a solution.
This is exactly and precisely why I don't host with 1Password, I don't want to have the same profile as the big valuable target of everyone's else's setup. Having something custom is far better if only for the fact that you have to be targeted individually vs. as a big mass prize.
Defense in depth is a legitimate aspect of security. Would you rather keep your money in an unbreakable box on the sidewalk, in an unbreakable box in a stranger's shed three towns over, or in an unbreakable box bolted to the floor of your cellar with your dog sleeping by the stairs?
Or, you know, in an unbreakable box of a business whose reputation depends on keeping it safe. Like a security deposit box in a bank? That doesn't sound unreasonable to me.
In contrast, comparing 1password to "a stranger three towns over" or "the sidewalk" seems a bit unfair to me.
1password needs to admit they screwed up by trying to force their customers into migrating to their cloud product. 1password needs to provide a first class service option to customers that want nothing to do with the 1password cloud.
Vaults, self-hosting, all these needless complications imo for what should be simple. Just give me a secure deterministic password from a website address + master pass combo.
Even though I have a super redundant NAS setup, I'd really hate to depend on a vault and have it all disappear due to some disaster. With SrsPass, I just remember one password, have a recovery/backup phrase written somewhere that it gives me which adds 128-bit of entropy to each generated password and boom, that's my password manager. Stateless, deterministic, and by using argon2id, PHC winner, on the client side it is doing what most password backends should be, but often aren't doing, which is strong memory-hard password hashing.
I'm sorry, maybe I'm just dense, but how can the output of your generator be deterministic if you add entropy?
Further, if it's deterministic, how is this different from just running your password through a hashing algorithm and then using the hash as your password? The only extra information an attacker has to figure out is what hashing algorithm you used and he can generate all of your passwords from your memorized one.
Right? That or I don't understand what you are describing.
I think there should be (and probably already is) an FAQ page explaining why a "stateless password manager" is not a great idea for a common user. I guess the answers to this SE question might be a good start: https://security.stackexchange.com/q/214301/2530
I'm absolutely loving 1Password. The Kubernetes Operator is slick and painless. Syncs with 1Password and stuffs the passwords in standard Kubernetes Secrets, meaning anyone can understand what's going on versus something like say Vault.
> Syncs with 1Password and stuffs the passwords in standard Kubernetes Secrets, meaning anyone can understand what's going on versus something like say Vault.
Vault is much more ( and better ) than just password storage, but isn't that hard to use either.
Kubernetes Secrets aren't great or very secret, so just dumping stuff there from 1Password seems like... Of very limited utility. Having static secrets across multiple clusters and visible from a web UI, that's it?
Is this using the m2m API they recently introduced? Where you host a kind of API shim in your infrastructure? To me the pricing of it seems pretty steep if you want to give each service it’s own key?
While I didn’t love 1Password moving to the cloud because I liked the personal license, it did allow my company to switch from lastpass to 1Password, which was a sizable improvement for password management and allows us to use 1pass’ “2fa” that would at least protect against leaked passwords. HIBP support is cool. Secrets automation seems like an interesting vault alternative. So long as 1Password doesn’t get acquired and can keep hiring and paying strong cryptography experts, I’m happy with their direction.
I’d ultimately prefer to host my own 1Password server at home if there was an option though, data ownership is an increasingly difficult thing to achieve.
When I was evaluating which password manager to use I instantly favoroud 1password, but not having the possibility to self host my data was non-negotiable for me.
I will definitely stay up to date whether this really comes or not.
If you stop paying them, you stop being able to update your passwords. Also if you can't connect to their servers, you can't synchronise your passwords between devices. Also non-US companies will have a concern about storing sensitive material on US-based services given the powers the US is giving itself regarding intercepting communications or seizing data centres.
You are not storing passwords in plaintext on their servers. They are very open and document on how it works. Basically you give them fully encrypted information they can‘t use for anything
"Fully encrypted" doesn't matter if an attacker finds a vulnerability in 1Passwords encryption, or simply gets hold of the cipher text and has time and money on their side.
This is pretty fundamental security practise: don't give people stuff they don't need to have, and that means you face less risk of that stuff being lost or misused.
FWIW, though it's hard to find nowadays AFAIK the standalone license is still offered and I still use mine with the latest version. You can use unlimited local vaults and network sync them via Dropbox (or a janky WiFi thing). The local sync hasn't gotten any TLC in a while but it works same as always without any limits.
And this whole discussion is because they’ve announced that will be dropped with version 8. No more standalone licenses, local vaults or syncing via Dropbox/iCloud. Even this (potential) “self-hosted” option sounds ridiculous; users are going to have to run a version of their cloud server locally and use that for syncing instead of just having a vault they can sync locally or through the service of their choice.
Yeah, I just noticed that though too late to edit my post to note it :(. Sounds like they plan to nuke the native Mac application, the core original value proposition, in favor of some cross platform Electron thing as well. Oh well, it had a good run, but the business incentives are pretty inexorable forces I guess when they're aiming for a multi-billion valuation cash out.
Although devil's advocate:
>users are going to have to run a version of their cloud server locally and use that for syncing instead of just having a vault they can sync locally or through the service of their choice.
I don't see that as inherently ridiculous if it genuinely was a full standalone version with no internet dependencies. Lots of local software going back ages and ages in Unix splits up "server" and "client" sides of things and it can be a sensible architecture in some instances and does not by itself mean anything bad. Like, I don't see what your issue would be vs "sync locally", if it's all under your control, potentially on the same system even, how would that not be merely another way to sync locally just a different implementation? And I don't see the value of "a service of my choice" vs literally just being able to run it as my own service. "Service of my choice" should mean who provides the VPS or colo or whatever, or what VPN I use to access my own local server. A true self-host eliminates the need for Dropbox or iCloud which is fine by me.
Of course this being modern AgileBits I kind of expect a fairly large number of asterisks here that neuter it in practice. But then again that they are even asking at all is something I wouldn't have predicted, I guessed they'd eventually attempt to full force everyone into their subscription model and that would be the end of my 1P upgrades/usage. Maybe it will be anyway if the application starts sucking even harder moving forward, but local host on a normal pay model could change my mind.
I always assumed that they didn’t have the keys to unlock my vault, so even if something was compromised it is all encrypted with no way for them to access it. What is the advantage of self hosting?
The key word here is assumed. I am not saying they have access, but considering the implications if someone else could access all of my passwords, I would rather not take the risk.
TLDR; Big reason is policing is going to get a lot more invasive; however, I have found the very positive reflection that my in-house services are far more reliable.
I have the advantage that I am a programmer, so I can deal with a bit of reading install guides and arcane configuration. I was surprised to learn just how reliable things can be. Open Source tends to move forwards, so I don't have features taken from me. In recent memory, both 1Password and Fantastical have taken my features in the name of subscriptions. I installed ZigBee home automation with a Hubitat. It has never failed me. Internet and Wi-Fi can be down and things still work. The unreliable part is Google Nest (invalidates tokens every now and then) and Apple Siri (randomly can't do things at times). In short, I can automatically scan and OCR documents, have file services, movie and music, and more, and it all just works.
/rant mode enabled
It has become obvious to me that the law is quickly becoming snitch based. With so much information being hosted online, it's just too tempting a target to not use it for other purposes. Google and Facebook are just the leaders in where this is going. There is just no reason for law enforcement to not scan for dissonant behavior at some point, just as they roam the roads looking for violators. As more jobs become remote, the argument will be "the roads of the 21st century are on the Internet." Difference before is if you get pulled over on the road, you can log it. You know when and where it happened. You have evidence of the encounter. You can see what was used against you and who.
The new system you requires you to try to prove your innocence. You won't know when or where you were targeted. You are not allowed to inspect the software or see the matching hash information. You must open your phone to prove the file is innocent, at which is is legal for the police to capture data. Finally, it is NOT against the law for law enforcement to lie to you [1]. This utterly stacks the deck against you.
All of this could be avoided if at the time of the event you could record what happened and challenge it, because ultimately law enforcement is a money making scheme. Cops are the largest thieving group in America, so treat them like it[2]: a car alarm doesn't stop them, it's just means most thieves will choose an easier target. So, private services doesn't stop a cop, but following cloud events is a lot easier than trying to get into my house.
My sincere hope is that the cloud keeps them busy enough to stay far away from me.
Frankly, given all the major data leaks of recent years and months, and not to mention ransomware incidents against even large, supposedly well-secured organizations, I fail to see how anyone with a modicum of security awareness could recommend or use a centralized password manager platform of any kind for their own security. People mention "convenience" but i'd say fuck that. Convenience is also how many seem to justify the total sell-off of their digital and financial privacy.
This would make me consider upgrading to 7/Pro. I’ve resisted to do so because I am fundamentally opposed to the way they are centralizing the product and selling it in a subscription model, but a private vault server I could share inside a small business (or family) would be something I would buy.
There are so many good open source alternatives that already offer this they probably no longer have a choice. Which password software would you want to choose, the open source one offering superior privacy or the paid one that only adopts better security when they start losing a lot of customers.
I do wonder how the licensing and pricing will be handled though.
Bitwarden officially allows self-hosting for the personal use tiers, but it seems to have some license purchase requirements even for the self-hosted options (other than the free tier).
Is there any password management application out there that makes sharing passwords or password vaults easy but is also free? I’ve looked at KeePassXC and Bitwarden. The former isn’t easy to use for sharing and sharing permissions. The latter doesn’t offer sharing among more than two people in the free tier.