In this case I was referring to using a Yubikey security key as the passkey, and I have a backup of that hardware key in case something happens to the first one.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password migrants thread
- Thread starter MacBH928
- Start date
- Sort by reaction score
I like this idea. How did you do this? I’ll have to look it up, unless you have a link already.
Unlock 1Password with a passkey (beta)
Learn how to create a test 1Password account that unlocks using a passkey.
Maybe not apple specifically but Apple&Co keep pushing security updates all the time. apps get updated so much now its just on autoupdated on the background. This is unlike past days when a new version is released yearly or more. Every update i read is "securit fix" and "bug fix".
My reply to a guy who reported that a security flaw found in a FOSS software. My reply was even properietary software has security flaws found otherwise we will not be getting constant security fixes like this.
I agree, updates are good. But I wonder if there is any real threats. People keep using old software and nothing really seems to be happening to them. I hear people still run OS9 for fun. I wouldn't do any money related matters in an outdated browser though.
Apple security releases
This document lists security updates and Rapid Security Responses for Apple software.
Last edited:
I honestly don’t get your point at all.
Here are the security updates for Ubuntu, and there are a lot.
Security is a cat and mouse issue, a fix happens and then there is an other issue found.
There is no such thing as 100% secure software, and there never will be.
I subscribe to the Hacker News on Telegram and I did a search for Linux, look at the articles. FOSS has just as much issues as proprietary.
There is always a threat and people who use unsupported software are just playing with fired, and it will catch up to them… it’s just a matter of time. People who older software for fun, they usually don’t use that as their main device.I agree, updates are good. But I wonder if there is any real threats. People keep using old software and nothing really seems to be happening to them. I hear people still run OS9 for fun. I wouldn't do any money related matters in an outdated browser though.
Apple security releases
This document lists security updates and Rapid Security Responses for Apple software.support.apple.com
Last edited:
Proprietary software usually uses a ton of open source software. All those little libraries with very few developers, almost always unchecked by outside reviewers, are the main threat. Open source and closed source have similar exposure to it.
Enpass has lifetime option
Poster here mentions that a security flaw detected in FOSS software pointing that FOSS does not mean "more secure" my point is that both FOSS and proprietary suffer from security issues and you are not necessarily safe on any side. For both you get constant security fix and both get 0 day vulnerability stuff. Basically what Svenmany is saying down here 👇🏼
I believe proprietary software vendors, who use FOSS software, should pay and work on FOSS libraries they use. Some of them do already. Here is some of Linux Foundation donors.
I can't really work that way. The libraries use other libraries, which use other libraries, etc. It goes pretty deep. There are close to a thousand small open source projects that have contributed code to one of my applications. I really have no idea how they are being used and to what extent.
This is misleading. Some of the issues being reported on this are individual software packages, which is a software distribution issue, not a Linux issue. Linux - the underlying operating system - mainly entails the kernel, not the packages used after the OS is loaded. Some of what is reported up above would be the equivalent of saying "Windows has vulnerabilities because netstat or tracert has a vulnerability in it.
BL.
So no one checking those libraries? sounds like a recipe of security disaster.
I always imagined at least whatever "library" you will add you can at least look over it and check the code.
Adding foss library to your proprietary software and sending it off sounds extremely dangerous 💀
While you are technically right, I think its safe to assume Mr. Heckles meant Linux+GNU OS , which is what everyone else calls it "Linux".
That is the fundamental problem that exists across the entire software development industry. A company cannot be competitive if they have to write everything on their own. There are just too many problems that have already been solved by other people. There are so many small projects, by so many small groups of developers, providing small pieces of functionality needed by your app. And, again, you aren't the one choosing to use most of those projects; it's usually something else you chose to use that uses those projects.
I don't really see a solution to this. Most all of open source software would have to be discontinued if there were a requirement that the final developers of delivered applications had to check it all.
That said, I did switch to Enpass from Bitwarden, and it seems to work fine. I use Wifi syncing only--so it doesn't even go out over the internet.
its no worse either, I see plenty of postulations over how FOSS is so much better then closed source products. I'll probably some open source is better, and some open source is worse.
Many people rely on the idea that FOSS is more secure simply because there's the opportunity to review the source code on github, yet we see vulnerabilities in foss that there for long periods of time.
I'd be lying if I didn't say the initial impetus was due to the sudden (incredibly naive on my part now looking back) realization that open source software really is at the mercy of the masses behaving well. I had just been using it for so long (I was a Redhat and FreeBSD system admin using Apache, MySQL, Sendmail, Horde, IMP, DNS BIND, etc., back in the early 2000s) that it had become kind of a FOSS = above reproach.
But once I got past that and looked objectively, a few facts remain: If I put my passwords out there in someone else's server, then they are in someone else's server. And I have an Enpass lifetime membership that I got so long ago, I forgot about it LOL.
So, I looked at the options which allow Wifi only syncing, and that is a very short list. So, Enpass it is. It is a little clunky around the edges in my browser, but it is nice knowing I am not putting my passwords out into the internet anymore.
I don't think its naive, there's a kernel (pun intended) of truth.
Linus Torvalds reiterates his tabs-versus-spaces stance with a kernel trap
Kind of silly, but someone submitted a change to the linux kernel replacing a single tab with a space and that pissed off Torvalds who seemingly interspersed a bunch of tab characters in the kernel- seems kind of petty and vindictive. Point is the FOSS is at the mercy of who chooses to update it, just as much as who over sees the project.
So basically you're looking to keep your passwords off of a third party server, regardless of who's server we're talking about. I can see that being an advantage.
Yes, exactly. The program overall isn't up to 1password or Bitwarden, but neither of those offers wifi only syncing.
Maybe strongbox ist the best way to go. You can use your database (Keepass format) local, via WiFi sync, somewhere hosted and so on…
Decent product, opensource and actively developed.
That is definitely a good alternative, but I have to buy it so for now sticking with Enpass...also, I would have to find a Keepass client for Windows (again not a big deal).
I think there is a confusion. People prefer FOSS for privacy reasons. Security wise you are right. I still feel safer with a popular FOSS with strong backing than a proprietary app simply because I do not know who is behind it. For example, how many people work on Enpass? could be just 2.
For some odd reason, Enpass for me always fail Wifi sync and I do not know the reason. I have to delete the vault on iOS and resync from desktop.
I would switch to strongbox if it had the mini-assistant. So for only 1password and Enpass has it.
I'm not sure that's why people prefer open source software. I don't think there is any greater privacy in open source versus closed source (unless you read the code and understand it fully).
I don't really know the people behind open source projects. They are usually just accounts on Github. I have a bit more confidence in, say, 1Password, where they show everyone's picture on their website with a short bio. https://1password.com/company
As someone who actually used to prefer open source software, that security and privacy was always seen as a big reason. You can look at the code at anytime, we were told. Well, yeah, but someone has to do so.
The people behind a project is always a potential issue, but that is why local only syncing is so great as either way, it isn't in the cloud.
But if that (privacy and lots of people behind a project) is important, then 1Password would probably be your best bet as that is kind of the best of both worlds--secure code that isn't just out there for anyone to contribute to, and a large support staff of programmers...
As far as why wifi sync fails with Enpass, I haven't had that issue. I use iOS, iPadOS, MacOS, and Win11 and it seems to work fine.
Yeah, I found the UI and UX of bitwarden to be a bit of a bummer. While cheaper (free) then 1PW, I find the intangibles of 1PW to tip the scales in its favor. Not just UI/UX but also the fact that it uses the secret key which increases the security and safety of my data.
Is the data encrypted as its transmitted? Seems like relying on wifi syncing is riskier then relying on storing data on a provider that has no direct way to unencrypt your data.