1Password Remigrant thread

[maflynn]

With 1Password migrants thread in mind, I figured I'd start a remigrant thread, i.e., returning users (and also new users).

I was a 1Password user for some time but sometime in 2021 or so I switch in part because I though Bit Warden offered a similar experience for a lot less money. In many respects it does, but in other respects it doesn't. I recently lost access to my twitter account due to the use of a compromised password.

1Password continues to be highly rated and probably the most popular. I don't believe the popularity is all due to marketing as some have said. Marketing helps to be sure but the service they provide seems to be superior.

One thing I liked very much is that the desktop and mobile app has the Watchtower feature and allows you to keep track of integrity and security of your passwords. Bitwarden has a reporting feature, but its only on the website and from a UX perspective not setup to use easily. I mean with 1Password you see it upfront. Given the issues with twitter I've taken a more serious approach to managing an reducing the risk of my passwords.

I know in the migrants thread a lot was made of losing local vaults, and the use of electron. I'm not worked up over the use of local or self hosted vaults because by and large most of the password managers are now cloud based. People may argue that they want to self manage and there are options - just not 1Password. As for Electron, I'll take a wait and see attitude, so far the apps (MacOS/Win/iOS) have a higher level of polish and features as compared to Bit Warden. I'm not down on Bit Warden, I may return back to BW after I finished up my month of 1PW.

Importing my Bit Warden vault was more work then I was expecting. 1PW does not have a process to import BW, it has others, just no process to use an exported json file. I can import a CSV, which I did, but that required some work. Removing columns that are in the CSV that 1PW won't use and in one case merging two columns into one.

UI/UX of 1PW seems superior, I've been using the app this morning and I'm liking how it works. The jury is still out on whether I'll keep using it, but I've been leaning on the Watchtower service to tighten up my passwords.

 

[SalisburySam]

I’m still on 1Password v7.x.x and have chosen to NOT upgrade to the subscription service. I guess that’s because I like what I have, don’t need the v8 “features,” and have a general aversion to subscriptions. It also works well across my iPhones, iPads, iMac, and Windows10 SurfaceBook3. In fairness, I also have an aversion to change which is probably holding me back more than anything else.

 

[mailbuoy]

With 1Password migrants thread in mind, I figured I'd start a remigrant thread, i.e., returning users (and also new users).

I was a 1Password user for some time but sometime in 2021 or so I switch in part because I though Bit Warden offered a similar experience for a lot less money. In many respects it does, but in other respects it doesn't. I recently lost access to my twitter account due to the use of a compromised password.

1Password continues to be highly rated and probably the most popular. I don't believe the popularity is all due to marketing as some have said. Marketing helps to be sure but the service they provide seems to be superior.

One thing I liked very much is that the desktop and mobile app has the Watchtower feature and allows you to keep track of integrity and security of your passwords. Bitwarden has a reporting feature, but its only on the website and from a UX perspective not setup to use easily. I mean with 1Password you see it upfront. Given the issues with twitter I've taken a more serious approach to managing an reducing the risk of my passwords.

I know in the migrants thread a lot was made of losing local vaults, and the use of electron. I'm not worked up over the use of local or self hosted vaults because by and large most of the password managers are now cloud based. People may argue that they want to self manage and there are options - just not 1Password. As for Electron, I'll take a wait and see attitude, so far the apps (MacOS/Win/iOS) have a higher level of polish and features as compared to Bit Warden. I'm not down on Bit Warden, I may return back to BW after I finished up my month of 1PW.

Importing my Bit Warden vault was more work then I was expecting. 1PW does not have a process to import BW, it has others, just no process to use an exported json file. I can import a CSV, which I did, but that required some work. Removing columns that are in the CSV that 1PW won't use and in one case merging two columns into one.

UI/UX of 1PW seems superior, I've been using the app this morning and I'm liking how it works. The jury is still out on whether I'll keep using it, but I've been leaning on the Watchtower service to tighten up my passwords.

I have used 1Password for several years, currently on version 8, and I can't remember a single issue I have had. I consider the risk low that I could lose my passwords due to an attack on the 1Password server(s) - the files that I store are encrypted and the info necessary to access them is not on the servers - I don't buy into the argument that because 1Password may be a target that somehow makes my encrypted files at risk. (I know from the migrant thread that there is a different point of view; I just don't see it.). I am also aware that there are complaints about it being an Electron app. Again, I don't see the issue. 1Password looks and works great and I never see it hogging resources on Activity Monitor. The feature that really sells 1Password to me is the ability to share a vault with family. Since my wife is not a computer enthusiast, the only way she would use complex, unique passwords is if I do all the management and she just enjoys the auto-fill! As far as cost goes - I am happy to pay the annual subscription for the peace of mind I get knowing I am using a superior (?? the best??) password manager.

 

[maflynn]

I’m still on 1Password v7.x.x and have chosen to NOT upgrade to the subscription service.

I totally get and respect that. I avoid subscriptions like the plague, but in 2023, its an uphill climb. I already have some subscriptions.

As far as cost goes - I am happy to pay the annual subscription for the peace of mind I get knowing I am using a superior (?? the best??) password manager.

I'm not a fan of subscriptions, and with Bit Warden you either can do the free tier and have nearly all the functionality or pay something like 10 dollars a year for a bit more. I've been using Bit Warden now for so long that I'm so used to how it does things. I'm still in the adjustment period in how 1PW does stuff.

As I slowly start using the 1PW app on my iPhone, I really like the UI and how it presents itself with the Watchtower information. I have cleaned up a lot of my passwords thanks in large part to the information provided by watchtower.

The number rating, shows a 1017, I'm not done cleaning things up, but I'm happy with how its progressing

 

[dmccloud]

I switched from LastPass to 1Password after LastPass got breached last year and the company was slow to release any information or actually make any changes on their side to address future attempts. It took a fair amount of time to learn its functionality compared to LP and get it set up the way I wanted it on both my Mac and Windows machines, but it's just as seamless as LP when it comes to browser integration.

 

[kpluck]

Just an FYI, it is my understanding that Bitwarden also uses Electron.

-kp

 

[maflynn]

I think I convinced my wife to use 1Password instead of her reliance on notes. To make matters more confusing (for her) is she used different notes apps, like from google, iPhone and what not. A confusing mess. I think the family plan for her and I makes a lot of sense.

 

[Mr. Heckles]

I think I convinced my wife to use 1Password instead of her reliance on notes. To make matters more confusing (for her) is she used different notes apps, like from google, iPhone and what not. A confusing mess. I think the family plan for her and I makes a lot of sense.

I love the family plan, it makes life so much easier.

 

[maflynn]

Its been almost a week, and I will say that 1Password's software definitely has more polish then Bit Warden, but I do prefer Bit Warden's UI when it comes to filling in passwords.

The Save in 1Password is a bit overly aggressive, and there doesn't appear to be a way to exclude domains. I've googled it, and some hits seem to suggest you can, but when I follow the directions, I don't see the same thing in the app that is being displayed - either it was there and it was removed, or its not there yet. Further digging and this request is on their feature request list. Not sure what that means for me in the short term.

I'm showing an actual form that has userid/password and that Save in 1Password is ok here, but there are other webpages where it thinks its a userid/passwords and its not and that's a bit more annoying.

 

[Cromulent]

The fact that Bitwarden is free and open-source is why I won't switch from it. Unlike commercial-only password managers, you can verify the code yourself (if you want). Other third-party security researchers have looked over Bitwarden and declared it safe, and for only £10 a year, I can put up with a wonky GUI.

 

[MisterSavage]

Interested to see how it ends up for you. Keeping an open mind and exploring options is never a bad thing.

I'm still quite happy after switching to Bitwarden.

 

[maflynn]

I'm still quite happy after switching to Bitwarden.

Tbh, I'm pretty happy with BW as well. I do think 1PW offers a polish, and UX that is somewhat better then BW, but free vs. 36 dollars a year.

Interested to see how it ends up for you.

I'm leaning on keeping 1PW, for a handful of reasons.

• Family plan. I think I convinced my wife to start using a password manager - as I previously mentioned, she uses a mixture of ios and google notes.
• WatchTower - this seems to be a superior tool then what I can get off of BW. The value of course may be of diminishing returns as I rely more and more on generated passwords.
• Two layer authentication means a lot to me. You need a password and your secret key to access your vault. Given how quickly someone stole my twitter account, its quite possible for a bad actor to guess/brute force/use a compromised password to gain access to your vault. I'm probably being a bit paranoid but needing both the password and the key is something that puts me more at ease.

 

[maflynn]

The fact that Bitwarden is free and open-source is why I won't switch from it. Unlike commercial-only password managers, you can verify the code yourself

I agree, and that's one of the major reasons why I opted for BW. That reason has not diminished nor have I changed my tune.

 

[MacGizmo]

I switched to Minimalist when 1P went subscription. I tried BitWarden for a spell, but found it even more cumbersome than 1P.

Since Minimalist has switched to a subscription model ($30 per year), it muddies the water a bit, but I purchased it when it was a standard perpetual license that includes the macOS and iOS versions that can be unlocked with TouchID, FaceID or Apple Watch.

It's built on top of Apple's Auto-Fill functionality (via the Keychain), so there is no extension/plugin to install and maintain (or troubleshoot). On iOS, that means it supports all browsers, but on Mac it only works with Safari - which is fine for me.

It offers almost all the same features as 1P, but with a decidedly "minimalist" interface. I don't feel like I'm using it at all because it's mostly transparent.

With 1P and Minimalist costing about the same for the yearly subscription, I may look at 1P again... but I don't relish the thought of dealing with maintaining the app AND the browser plugin again.

 

[svenmany]

The fact that Bitwarden is free and open-source is why I won't switch from it. Unlike commercial-only password managers, you can verify the code yourself (if you want). Other third-party security researchers have looked over Bitwarden and declared it safe, and for only £10 a year, I can put up with a wonky GUI.

Last I checked they haven't had an audit in a few years. I read the most audit and many problems surfaced, which had to be fixed during the audit.

I don't believe anyone is verifying the security portions of the code, other than Bitwarden employees. I've taken a long look at the pull requests and all that I saw are fixes that are not security related. I suspect 1Password, being so well funded, has code that is far more thoroughly reviewed. They also have more recent security audits. Far fewer problems were raised in the one I looked at.

Bitwarden is a great product and well-respected. But the open source aspect of it is only a hypothetical advantage. By the way, 1Password does discuss the open source security packages they use.

 

[svenmany]

Its been almost a week, and I will say that 1Password's software definitely has more polish then Bit Warden, but I do prefer Bit Warden's UI when it comes to filling in passwords.

The Save in 1Password is a bit overly aggressive, and there doesn't appear to be a way to exclude domains. I've googled it, and some hits seem to suggest you can, but when I follow the directions, I don't see the same thing in the app that is being displayed - either it was there and it was removed, or its not there yet. Further digging and this request is on their feature request list. Not sure what that means for me in the short term.

I'm showing an actual form that has userid/password and that Save in 1Password is ok here, but there are other webpages where it thinks its a userid/passwords and its not and that's a bit more annoying.

View attachment 2191150

1Password's browser plugin is their weak link. I sometimes have problems with it. For example, the Safari version sometimes loses connectivity with the desktop app. I also find the UI to be awkward; it can't be resized or scaled in any way. But the main applications, desktop and mobile, are phenomenal.

 

[MisterSavage]

• Two layer authentication means a lot to me. You need a password and your secret key to access your vault. Given how quickly someone stole my twitter account, its quite possible for a bad actor to guess/brute force/use a compromised password to gain access to your vault. I'm probably being a bit paranoid but needing both the password and the key is something that puts me more at ease.

I'm paranoid myself about these things so I get it. But what about two factor auth with Bitwarden? If that's on then just having your vault password isn't enough.

 

[maflynn]

But what about two factor auth with Bitwarden?

That's an interesting question, I've actually not considered 2FA with BW (or 1PW for that matter). My knee jerk reaction is that I want a seamless interaction and 2FA can be a bit jarring. In all honesty, I've not tried it with BW, so I may take a look at that.

As for 1PW, I notice that it struggles at times on some forms. If the login form is presented like it is from alamo rental car, it doesn't fill in. I click the email address text box, nothing. I click on the little 1PW icon, the sign-in window disappears. Alamo isn't the only website I see 1PW do this, but I was logging in this morning and well 1PW was giving me issues

Its not a huge problem, but its an oddity.

 

[maflynn]

it doesn't fill in.

Here's the work around I just discovered. So with login window being presented, click the 1PW extension and from there you can click auto-fill. The interaction is very much like BW, as that's the typical way you interact with Bitwarden.

 

[mikes63737]

That's an interesting question, I've actually not considered 2FA with BW (or 1PW for that matter). My knee jerk reaction is that I want a seamless interaction and 2FA can be a bit jarring. In all honesty, I've not tried it with BW, so I may take a look at that.

If you're putting all the passwords for your life into a cloud-hosted password manager, you really should use 2FA.

It's pretty unintrusive with 1Password, you only need to complete 2FA when adding a new device for the first time.

 

[Mr. Heckles]

It's pretty unintrusive with 1Password, you only need to complete 2FA when adding a new device for the first time.

I just added an iPad last week and I needed my email address, secret key, master password, and my 2FA (I don’t have my secret key synced in iCloud)

My one kid has her 1Password secret key synced, and she still has to add her master password and 2FA when adding a new device. She just got a new iPad last week and I helped her set it up.

 

[maflynn]

So I wanted to export 1PW vault and put it into BitWarden, as I continue to use both and compare/contrast. That said, my changes/improvements/strengthening of my passwords are all done in 1PW, hence the need to "sync" up BW.

Firstly, 1Password makes it very hard to export, you can do the 1PUX or CSV, if the latter its only passwords and not secure notes.

Secondly, if you have items in archive they are also exported - this confused the heck out of me as so many of my entries were duplicated since I seem to have a ton of stuff in archive - I guess 1PW puts stuff in there automatically.

Back to 1Password vs. Bitwarden.
I'm using the watchtower set of reports and they are night and day in how the information is reported. I don't mean just polish, but functionally better. I find its easier to manage my passwords with the Watchtower reports then BW

 

[hajime]

Hi, I am still using 1Password 4 on my MacBook Pro 2010, PC and iOS devices. Is there a security risk to use such out of dated programs?

I read that Norton 360 includes a password manager. Has anybody used it? Is it a good idea to migrate the old 1Password programs to it?

 

[Mr. Heckles]

Hi, I am still using 1Password 4 on my MacBook Pro 2010, PC and iOS devices. Is there a security risk to use such out of dated programs?

I read that Norton 360 includes a password manager. Has anybody used it? Is it a good idea to migrate the old 1Password programs to it?

It’s extremely unsafe to use outdated programs, huge security risk.

 

[SalisburySam]

It’s extremely unsafe to use outdated programs, huge security risk.

You may be right, though in this case I’m not sure. I don’t know if 1Password v4 ever looked out to the Internet as more recent versions do so I think the threat is almost like keeping an old version of solitaire…pretty minimal. But more facts here would be useful certainly, and the safer position is to keep things current. Still not sure 1P v4 is a “…huge security risk” until proven so.