1Password migrants thread

[pfandrade]

Hello,

Secrets author here. I was just referred to this thread by a Secrets user and thought I'd chime in on the security of small vs large company topic.

As with any complex question, the answer is also non-trivial. So I'll touch on the some of the points mentioned here:

1. Compromised Software

I don't see why smaller companies would be more at risk here than larger companies where many developers have access to the repo and commit from home etc.

To me, the risk grows with the number of devs. And larger companies will usually have policy precisely to combat that risk (think signing commits with a key stored in a YubiKey, for example).

I'm the only one who has access to Secrets source code (not counting GitHub and Apple). The attack surface is arguably much lower for Secrets.

2. Flawed Crypto

I don't think crypto is usually the weakest link in any of the popular password managers. Compromising developer machines, exploiting server vulnerabilities, exploiting design flaws, etc.

(I know all the links above are related to LastPass. I'm not trying to pick on them, they just have the best vulnerabilities.)

Personally, I know I'm not a cryptanalyst, but I know enough about crypto to be scared of it. It's actually pretty easy to design a flawed crypto algorithm simply by combining the wrong cipher, block chaining mode and nonce… That's why I stick to standard high-level protocols (Noise) and crypto libraries (libsodium).

3. Server Upkeep

Keeping an online service available, scalable and secure is not easy. I guess that's probably why many of the smaller devs rely on iCloud, Dropbox, etc.

I've ran an SaaS in the past and I'm well aware of the amount of work maintainig it was.

Secrets relies on iCloud, and although it's not perfect, and I had to design around some of iCloud's quirks, it works, it scales, and Apple is the one maintaining it!

4. Audits

Are they useful? They can be, yes. Are they expensive? Yes. Does it mean a software/service is secure? Not really. LastPass had audits…

I'll eventually get an audit for Secrets. If not only because it's another tick on a potential user's checklist.

Either way, I try to explain all the crypto behind Secrets (local and iCloud storage, shared vaults, etc) on its security page.

 

[MacBH928]

Thanks for contributing to this thread!

Personally, I know I'm not a cryptanalyst, but I know enough about crypto to be scared of it. It's actually pretty easy to design a flawed crypto algorithm simply by combining the wrong cipher, block chaining mode and nonce… That's why I stick to standard high-level protocols (Noise) and crypto libraries (libsodium).

can someone clarify this bit. I feel like there is something here I should be worried about

 

[svenmany]

Thanks for contributing to this thread!



can someone clarify this bit. I feel like there is something here I should be worried about

All different levels of expertise corresponding to different levels of risk. I suspect they are being a bit humble.

 

[pfandrade]

Thanks for contributing to this thread!



can someone clarify this bit. I feel like there is something here I should be worried about

It just means I’m not naive enough to think I should be rolling my own crypto. And I don’t mean a custom cipher.

Even if you decide you’re going to use a popular cipher like AES, there’s still the block cipher mode, initialization vector generation, message authentication, deriving keys, etc. There’s enough room here to make wrong decisions.

A popular example of the perils of this is using a stream cipher with ineffective initialization generation.

Libsodium, is a high level crypto library that has made all these decisions. You pick the API that serves your purpose (encrypt a file, sign some data, derive key, etc) and it will use a pre-decided and vetted set of primitives for the job.

This is very different than using OpenSSL directly.

Noise is a protocol, it defines how to securely establish an interactive connection between peers. Namely, how to generate a session key, how to authenticate one, none or both peers, how keys are rolled, etc.

It maybe tempting for a novice to simply use what they know about encryption a build a protocol on their own.

But a lot of thought goes into something like Noise, by people whose lives revolve around cryptography.

There’s a reason pretty much all popular messaging apps use the Signal protocol.

Cryptography is hard. And being scared of it is a good sign.

 

[svenmany]

In no way should you consider my reservations as criticism of anything you're doing with your product or related disciplines.

I don't see why smaller companies would be more at risk here than larger companies where many developers have access to the repo and commit from home etc.

To me, the risk grows with the number of devs. And larger companies will usually have policy precisely to combat that risk (think signing commits with a key stored in a YubiKey, for example).

I'm the only one who has access to Secrets source code (not counting GitHub and Apple). The attack surface is arguably much lower for Secrets.

That is a valid perspective. It will depend on the quality of the companies.

To even entertain the possibility that developers who work on such sensitive code and have access to such sensitive systems would be allowed to work on insecure desktops, whether they be remote or not, is worrying. I work remotely on far less critical systems and am given a secured remote virtual desktop. I'm not even allowed to copy and paste between my local machine and that virtual desktop. A large security company can afford the same level of discipline and more.

Developers in a small company might use their computers far more carelessly - likely mixing personal and work on the same machine. They likely will use less thoroughly vetted software. They might not be running intrusion detection on their network. There are many other considerations that a small shop won't consider or even have the competence to handle. Such a small company offers a far larger attack surface than the large company with good discipline. The saving grace is that small companies are small targets and might not be worth the effort to crack.

But, of course, there are the large, careless companies. They can easily be worse than a small company and offer a very large attack surface.

Personally, I know I'm not a cryptanalyst, but I know enough about crypto to be scared of it. It's actually pretty easy to design a flawed crypto algorithm simply by combining the wrong cipher, block chaining mode and nonce… That's why I stick to standard high-level protocols (Noise) and crypto libraries (libsodium).

Even 1Password uses standard libraries. It's not the libraries, it's how they are used. I seem to remember that was one of LastPass' mistakes, something about iterations being too low. There are all sorts of mistakes that can be made in the software the uses those libraries and provides surrounding functionality.

It certainly is a significant advantage to have employees dedicated to knowing a lot cryptography. I do know that 1Password has that. A small company might not be able to afford that.

many of the smaller devs rely on iCloud, Dropbox, etc.

It's a convenient and cheap alternative. Personally, I don't trust it. Certainly one's Dropbox data is available to employees of Dropbox (though I'm sure it's restricted). And Apple has proven to me time and again that they are mostly inadequate at software development. I've had problems with iCloud. Syncrhonizations are sometimes delayed and I've even had syncrhonization conflicts when there should never have been any. I wouldn't trust them with my vaults. A big company can afford much better.

Are they useful? They can be, yes. Are they expensive? Yes. Does it mean a software/service is secure? Not really. LastPass had audits…

Audits are a critical piece of a full solution. They don't stand by themselves. Considering that audits always seem to expose problems, the lack of regular audits suggests that problems are brewing.

 

[pfandrade]

In no way should you consider my reservations as criticism of anything you're doing with your product or related disciplines.

I won't So far this seems like a perfectly reasonable discussion.

That is a valid perspective. It will depend on the quality of the companies.

[...]

But, of course, there are the large, careless companies. They can easily be worse than a small company and offer a very large attack surface.

Agreed. It depends. I guess what I'm saying is that big doesn't mean secure, and vice versa.

Even 1Password uses standard libraries. It's not the libraries, it's how they are used. I seem to remember that was one of LastPass' mistakes, something about iterations being too low. There are all sorts of mistakes that can be made in the software the uses those libraries and provides surrounding functionality.

This is a another good example of what I was talking about. If you're deciding on the number of iterations you're porbably not using a high enough abstration. The key derivation API in libsodium does not require you to do that, you can still tweak some parameters depending on your scenario, but the lowest setting allowed is already considered secure.
In the cryptography world nowadays, it's generatlly accepted that less "knobs" equals better security.

It certainly is a significant advantage to have employees dedicated to knowing a lot cryptography. I do know that 1Password has that. A small company might not be able to afford that.

Oh, I do follow cryptography. But I'd have a hard time explaining the mathematics behing elliptic curve cryptography without re-reading about it first. It's just not something I have to deal with. Nor should I! (nor anyone developing a password manager…)
The best practice here is to leave the intricacies of the crypto to the select few that work on that, and use the highest level of abstraction you can.

It's a convenient and cheap alternative. Personally, I don't trust it. Certainly one's Dropbox data is available to employees of Dropbox (though I'm sure it's restricted). And Apple has proven to me time and again that they are mostly inadequate at software development. I've had problems with iCloud. Syncrhonizations are sometimes delayed and I've even had syncrhonization conflicts when there should never have been any. I wouldn't trust them with my vaults. A big company can afford much better.

Usually, sync will be an application domain problem. The storage service will usually provide you with eiter atomic writes or some sort of conflict detection. So the syncing issues you experienced are likely a flaw in the app itself, not the storage service.

The ability for employees to read your data is a valid concern. I've heard of cases that with little social engineering over the phone somebody was able to get a customer service rep to read some data on iCloud.

This is there's end-to-end encryption comes into play. Secrets is designed with the assumption the storage layer is insecure.

Audits are a critical piece of a full solution. They don't stand by themselves. Considering that audits always seem to expose problems, the lack of regular audits suggests that problems are brewing.

 

[svenmany]

This is a another good example of what I was talking about. If you're deciding on the number of iterations you're porbably not using a high enough abstration. The key derivation API in libsodium does not require you to do that, you can still tweak some parameters depending on your scenario, but the lowest setting allowed is already considered secure.
In the cryptography world nowadays, it's generatlly accepted that less "knobs" equals better security.

I wish I'd come up with a better example, something not handled by that library. Any application which uses a third-party library is punting some of the responsibility to other developers. The higher the level of abstraction, the more is being punted. But, my objection here is just theoretical and without any concrete details.

Certainly, an application developer must track the issues, bug fixes, and vulnerabilities in any library used to be sure there's not a problem that needs to be addressed quickly. The more libraries, the more to track. A uses B, uses C. Diligence requires tracking all three. If there's a delay in patching A when a critical vulnerability arises in C, then there's a problem. Direct use of C from a very competent team will result in more agility.

Usually, sync will be an application domain problem. The storage service will usually provide you with eiter atomic writes or some sort of conflict detection. So the syncing issues you experienced are likely a flaw in the app itself, not the storage service.

This was Finder and points to Apple's general inadequacy. Depending on a third-party storage is punting some responsibility. If there's a problem with iCloud, I don't believe Apple will be able to help.

The difference between 1Password support and Apple support is massive. When I post an issue on 1Password's website, support usually responds within a day and has constructive things to offer. That's definitely not the case with Apple.

I realize that much of what I'm saying is not objective truth but just opinion. There really are too many variables and many are just probabilities (e.g. there's 43% probability that such and such will happen).

 

[MacBH928]

It just means I’m not naive enough to think I should be rolling my own crypto. And I don’t mean a custom cipher.

Even if you decide you’re going to use a popular cipher like AES, there’s still the block cipher mode, initialization vector generation, message authentication, deriving keys, etc. There’s enough room here to make wrong decisions.

A popular example of the perils of this is using a stream cipher with ineffective initialization generation.

Libsodium, is a high level crypto library that has made all these decisions. You pick the API that serves your purpose (encrypt a file, sign some data, derive key, etc) and it will use a pre-decided and vetted set of primitives for the job.

This is very different than using OpenSSL directly.

Noise is a protocol, it defines how to securely establish an interactive connection between peers. Namely, how to generate a session key, how to authenticate one, none or both peers, how keys are rolled, etc.

It maybe tempting for a novice to simply use what they know about encryption a build a protocol on their own.

But a lot of thought goes into something like Noise, by people whose lives revolve around cryptography.

There’s a reason pretty much all popular messaging apps use the Signal protocol.

Cryptography is hard. And being scared of it is a good sign.

actually I feel better that you use a reliable and dependent cryptography than to build your own

The difference between 1Password support and Apple support is massive. When I post an issue on 1Password's website, support usually responds within a day and has constructive things to offer. That's definitely not the case with Apple.

actually I think its mesmerizing that mega companies can have support in the first place. How many employees do you need to answer the questions of like 500 million apple users or more?! When the app has small user base sure.

I was amazed when I sent feedback to MS Office about an issue and got a phone call almost immediately. Imagine how many people world wide use Office and call for help.

 

[Alvinc]

Customer support is something vital that I would consider when they need us to subscribe. App developers always say subscription model can sustain a service, but most of them fail to convince customers so that they have to give up paying while the app itself survives.

Evernote used to be a good one for me but since v10 they just provide "official" response. Craft and Bear said they would fix my issue but end up NOT (and I ask further Bear what they will do and they no longer respond).

I haven't tried 1Password but because their app is reliable so far so I don't have to contact them.

But there are some apps which are not subscription doing quite well in customer support. iA Writer is one of the examples, and they even allow me to test their app to see if the bug has been fixed.

For Apple, maybe it is not subscription based so they can't immediately respond to some issues. So there is a cost when using Apple services like Notes app: search is less reliable until I figure out myself there is a workaround (which can't be found on the Internet)!

But Apple services and apps overall are usable at least. They may at least address to major issues.

 

[eltoslightfoot]

For Apple, maybe it is not subscription based so they can't immediately respond to some issues. So there is a cost when using Apple services like Notes app: search is less reliable until I figure out myself there is a workaround (which can't be found on the Internet)!

So...what is the workaround in Notes? I mean, I am a DEVONThink guy at this point, but it might help someone?

 

[Alvinc]

So...what is the workaround in Notes? I mean, I am a DEVONThink guy at this point, but it might help someone?

My problem is, if I have 200 notes containing a certain keyword (say A), Apple Notes can show only around 20.

If you type " before the keyword ("A instead of A), the app can show all the related notes.

 

[eltoslightfoot]

My problem is, if I have 200 notes containing a certain keyword (say A), Apple Notes can show only around 20.

If you type " before the keyword ("A instead of A), the app can show all the related notes.

Very interesting! Thanks!

 

[svenmany]

actually I think its mesmerizing that mega companies can have support in the first place. How many employees do you need to answer the questions of like 500 million apple users or more?! When the app has small user base sure.

It is amazing that I can always talk to someone at Apple within 5 minutes; they really are well staffed. I wish they were more skilled.

 

[svenmany]

I do think the option of local storage of vaults is a good thing. However, casual synchronization tools like Dropbox or iCloud are inappropriate to handle such critical data. The problem is they work at too coarse a grain. (OmniFocus, for example, talks about this issue when explaining why they provide their own free synchronization service.) And in the case of iCloud, the synchronization is unreliable.

Yesterday Finder was stuck for many hours synchronizing a 90MB file to iCloud. I figured after my morning reboot it would be resolved. This morning, it seems to have made some progress, but is still stuck.



I've been unable to figure out which file is stuck. No icon on folders or files I've looked at show anything in progress. I'd feel very uncomfortable if there were a chance that the stuck thing was my password vault.

I don't mean to imply that iCloud's own Keychain/password synchronization has this issue. I know nothing about how they do that.

The only way I can imaging working comfortably with synchronization of local vaults is if the password program itself handled it. Some do with LAN-based synchronization and some with dedicated servers. Offsite backup is a separate concern and should be handled by dedicated backup tools; I use Arq Backup for this.

 

[toasted ICT]

So as you know 1Password is forcing you to the subscription model which is something I refuse to pay for a simple piece of software that is basically a glorified password protected spreadsheet file browser. I am fed up of subscription model and greedy companies that abuses it. I have already paid license which I believe was $60 twice for an upgrade making the total $120.

Please share your experiences with trustworthy password managers. I have already tried Bitwarden, its an option but the GUI is ugly that could use real work and the browser plugin is just too much imo. I also didn't had an issue where if you have multiple accounts it will only auto fill the top one meanwhile 1password gives you the option to choose which one to use. Another thing is I want to store my password locally and not in the cloud, not sure why everyone is forcing a cloud account.

I could be wrong but LastPass seems untrust worthy, I heard a lot of shady issues with them.


---TL;DR---

After much research, these are the better options out there.
AgileBits is officially evil for me with dark pattern business behaviour.

The following are suggestions but not recommendations

--Multiplatform--

EnPass: near 1:1 replica of 1password, has license but I am scared they abandon it and turn evil in the future. But they just reintroduced it. ($40 on StackSocial over the regular $80)

Codebook: Autofills only in the Safari browser (LINK)

StickyPassword: looks promising but never tried it and don't know much about it.

SafeInCloud : Developed by 1 guy but seems popular

--FOSS--

ّ-Bitwarden : best FOSS imo but uses their cloud storage. You can use your own storage but complicated to setup.
( Bitwarden Mini Review )

---

All apps based on KeePass use same database file format (KDBX) and can sync with each other. Extensions, desktop, and smartphone apps:

-KeePass: Windows only (KDBX)

-KeePassXC Uglist and most unintuitive password manager I saw but works, desktop only (KDBX)

-Keeweb.info desktop only (KDBX)

-MacPass: mac desktop only (KDBX)

-Keepassium: Apple only (KDBX)

-KeePassDX : Android only (KDBX)


--If you don't mind subscription but don't want to deal with 1PW/Agilebits any more---

Roboform:- $23/year

Dashlane:- $60/year

PasswordBoss: $30/year

EnPass:- has subscription option for $24/year

Keeper:- $35/year

--If you are on Apple only devices---

-Strongbox (KDBX)
-Minimalist
-Secrets

all made by smaller teams nearly only 1 developer
---------------------------------------------------------------------------------------------------------

Just for interest Strongbox 1.59.5 of Feb 26, 2024 has some useful improvements according to their latest version history update:
- Import from Bit Warden
- Import from Enpass
- Improved 1Password import (Password history and archived items)
- Various Tech Debt, improvements, tweaks and fixes
- Localization Updates

I am still using Strongbox and it has not missed a beat. I remain very happy with it. (and it saved us, so far, $229 AUD in since August 2021 based on their 1password published subscription fees)

 

[MisterSavage]

Bitwarden apparently made some changes for how autofill is handled. I remember there was some discussion about that.

Bitwarden’s new auto-fill option adds phishing resistance

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields.

www.bleepingcomputer.com

 

[MacBH928]

Bitwarden apparently made some changes for how autofill is handled. I remember there was some discussion about that.

Bitwarden’s new auto-fill option adds phishing resistance

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields.

www.bleepingcomputer.com

i am not sure what iframes are, but I thought its secure because they check the domain (amazon.com) and hence its safe?!

surely the trusted domains won't insert "iframes" linking to unsecure websites!?
even if its from 3rd party website, can't Bitwarden check that the domains on the stored credentials and the iframe content do not match?

Does this concern the auto-fill using the shortcut, or the auto-fill "on load" of the website because Bitwarden disables this by default and does not recommend to turn it on.

 

[MisterSavage]

i am not sure what iframes are, but I thought its secure because they check the domain (amazon.com) and hence its safe?!

surely the trusted domains won't insert "iframes" linking to unsecure websites!?
even if its from 3rd party website, can't Bitwarden check that the domains on the stored credentials and the iframe content do not match?

Does this concern the auto-fill using the shortcut, or the auto-fill "on load" of the website because Bitwarden disables this by default and does not recommend to turn it on.

It sounds like one issue is that it would also autofill from subdomains, which is apparently normal in some cases.

"Bitwarden accepts iframe auto filling because many popular websites use this model, for example icloud.com uses an iframe from apple.com," Bitwarden told BleepingComputer in a statement.

It looks like they decided the risk wasn't worth it and now disable that also by default.

 

[toasted ICT]

Another thought worth considering when deciding to keep your password managers encrypted authentication data, your data, and secret notes, your notes, on the Developers Server.

Apple has announced in 17.4 "PQ3 protects against "Harvest Now, Decrypt Later" attacks where a malicious actor collects encrypted data with the hope of decrypting it with a quantum computer at some point in the future. Quantum computers are expected to eventually be able to make large-scale calculations that would allow them to decrypt content secured with traditional encryption methods, but that won't be possible with PQ3"

I wonder what protection password managers offer when you give the developer your data... LastPass, 1password etc. I suspect its nothing.

Remember its your data, your risk.

 

[svenmany]

Another thought worth considering when deciding to keep your password managers encrypted authentication data, your data, and secret notes, your notes, on the Developers Server.

Apple has announced in 17.4 "PQ3 protects against "Harvest Now, Decrypt Later" attacks where a malicious actor collects encrypted data with the hope of decrypting it with a quantum computer at some point in the future. Quantum computers are expected to eventually be able to make large-scale calculations that would allow them to decrypt content secured with traditional encryption methods, but that won't be possible with PQ3"

I wonder what protection password managers offer when you give the developer your data... LastPass, 1password etc. I suspect its nothing.

Remember its your data, your risk.

I strongly believe that Apple, as a good citizen, will share the algorithm and it will be implemented by others. The security community is well-known for collaboration. Apple would be at a significant disadvantage if they weren't part of that community.

All cloud storage will share the risk that you mention - which is a valid point. The only remedy to your concern is no offsite storage (e.g. 1Password, Dropbox, etc). That's risky. Pick your poison.

 

[toasted ICT]

I think one can mitigate the risk some by not storing on a password managers site. These are really honeypot targets when compared to random Dropbox, Google Drive or iCloud accounts.

 

[maflynn]

These are really honeypot targets when compared to random Dropbox, Google Drive or iCloud accounts.

Perhaps, but on the other hand, you're still storing passwords in the cloud and you're still trusting that provider to have enough protections to ensure your data. I would think (other then lastpass) that password managers are sufficiently hardened that most hackers won't even try.

In a not so similar comparison, consider banks, do you want to try to rob fort knox with the gold, or a relatively small bank that doesn't have the same amount of protections?

 

[svenmany]

I think one can mitigate the risk some by not storing on a password managers site. These are really honeypot targets when compared to random Dropbox, Google Drive or iCloud accounts.

I suspect it's the opposite, but we can only know by asking the people who try to get such data.

Dropbox and the like are major targets. There is a ton of data there that's incredibly valuable and much less secure than 1Password's data. In that Dropbox data are a ton of less secure password vaults that scanning software would easily identify. If you asked a hacker whether they'd want all of that data or 1Password's vaults that are virtually uncrackable, I think they'd pick the Dropbox data.

 

[MisterSavage]

Looks like Bitwarden is going to have native apps soon. Can't come soon enough. Even though I'm really happy with BW their iOS app is so ugly and clunky.


demo:

story i spotted:

Bitwarden's app is about to get a lot prettier

Bitwarden’s next update will focus on eye candy and a native codebase

www.androidpolice.com

 

[Jay-Jacob]

Looks like Bitwarden is going to have native apps soon. Can't come soon enough. Even though I'm really happy with BW their iOS app is so ugly and clunky.


demo:

story i spotted:

Bitwarden's app is about to get a lot prettier

Bitwarden’s next update will focus on eye candy and a native codebase

www.androidpolice.com

Brilliant! I use them and they do work well but not best looking app, kinda basic and out of date really.