Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
LastPass hacked Again
- Thread starter maflynn
- Start date
- Sort by reaction score
I'm continuing on with 1Password for now
I really like to have something that important siloed on its own (vs part of my Apple ID)
Same way I feel about email actually -- just too important to not have a company dedicated to doing just that, and really well, as their business.
I think I'd go crazy with my password/logins being at the whims of Apple and design direction changes and features coming/going/missing, etc
I really like to have something that important siloed on its own (vs part of my Apple ID)
Same way I feel about email actually -- just too important to not have a company dedicated to doing just that, and really well, as their business.
I think I'd go crazy with my password/logins being at the whims of Apple and design direction changes and features coming/going/missing, etc
You do realize that just because coders are contributing doesn’t mean they are reading the entire code base, looking for security holes, or know everything they are seeing. Just because you know how how to code doesn’t mean you understand all facets of security. To find holes you use people that specialize in that. It’s not the same discipline. Also I’m not putting my faith in a group of internet coders, the so called community, to fix critical issues. This product aside, open source projects can be filled with poorly documented and poorly organized code. The “community” might equal the right combination of folks or it might be a bunch of idiots that have no idea there is even a problem or how to fix it. Out of all the programmers I know personally (about 50 or so), there is 1 that could actually solve a security hole or even recognize it. The vast majority of people in any field are mid line or sub par. Generally there is only a small group that can actually perform their jobs properly. So unless you know everyone in the community personally and understand their strengths and weaknesses…..you have no idea what’s going on.
Or use a PW generator and 256plus encrypted .dmg file that you keep locally that also has a password that would take a very long time for someone to hack and if you lose the password which is kept on a napkin in you could be in trouble lol.
I think everyone has to look at the trade offs between convenience and safety.
I use Bitwarden for the reasons that have already been mentioned.
I have a feeling these other platforms, unless something happens sooner than later, their reputation might be irreversible.
I used to use 1Password, but I didn't like the direction they were going. They sold licenses years ago but switched to a subscription-only model a few years ago. The problem with subscriptions is that the prices always go up over time, so I try to limit them.
Anyway, I decided to vote with my wallet and get out of there. Been using Bitwarden for a year or so. It isn't as polished as 1Password, but it's totally fine for my purposes.
Anyway, I decided to vote with my wallet and get out of there. Been using Bitwarden for a year or so. It isn't as polished as 1Password, but it's totally fine for my purposes.
1Password is really losing out on this, let me buy a license and let me control the destiny of my data.
I really don't understand why they don't offer users the option to user their server or keep local on device etc.
I can understand your diappointment, to be sure but they're not losing out. If anything they're going to be gaining more customers as more consumers and probably businesses drop LastPass.
I get that many people want the ability to self host their password vaults, and I'm not taking anything away from that option, but this isn't about 1Password losing, its about LastPass' horrible track record with keeping data safe. At this point, 1Password's track record is stellar.
I generally agree with the anti subscription mindset, 100%
That said, this particular space, where consistent development and vigilance is required to keep software and security updated for new devices and OS releases, I think warrants an ongoing subscription.
Passwords and private secure data are very important, and I don’t personally want that data in any way exposed or at risk just to save a few dollars here and there.
The Google Chrome password manager has been hacked countless times. Never use that trash.
I use Bitwarden with Yubikey, personally. Hard to beat 10 dollars a year.
That's my opinion in a nutshell.
Another piece of that, for me with respect to 1Password, is that the cloud hosting is one of the significant advantages of their product since I manage my whole family with it. That allows me to consider their subscription to be a subscription to their online service, in the same vain as my Dropbox subscription, rather than a subscription to their software. It's hard for me to stomach a software subscription, but a service subscription is not.
The only real problem I see is that 1Password left the market that many of their loyal customers were in. That feeling of being abandoned is tough. I remember feeling it when I had the sense that Apple had abandoned developers and other professionals.
I do wonder how I will feel if 1Password is hacked like LastPass was. It's easy for me to say now that I trust the quality of the vault even if it were exposed to a hacker, but I'm sure I'll feel some anxiety if it happens.
If they keep their employees well paid and keep up with security, I have no issue with the subscription price. I would rather keep paying than to have them go out if business or severely downscale because everyone already bought from them.
I can guarantee you they will get hacked or targeted at some point. Everyone will. It’s how they handle it that’s the key. Last Pass isn’t handling it well.
I can guarantee you they will get hacked or targeted at some point. Everyone will. It’s how they handle it that’s the key. Last Pass isn’t handling it well.
this was a fail on many levels, using a home pc to access a vault/work. is not a good idea especially for a high security workflow. and after the other breach why did they not really lock **** down and issue yubikeys? etc? fail....
apple key vault is ok, chrome is a fail the passwords are very easily stolen with many public tools. prevailing wisdom is basically. bitwarden, 1password or keepassXC.
if your moving from lastpass you prob should change all passwords.
apple key vault is ok, chrome is a fail the passwords are very easily stolen with many public tools. prevailing wisdom is basically. bitwarden, 1password or keepassXC.
if your moving from lastpass you prob should change all passwords.
Of course not and neither am I. I expect Bitwarden to fix the critical issues. I'd much rather have a scenario where everyone can see the code (including community members who have knowledge of concepts) and the code is audited as opposed to "trust us, it's good code" from closed-source solutions.
Tried LastPass for a bit and, luckily, didn't stay with it. The UI was not great.
Hopefully, what was deleted a couple of years ago, was actually deleted.
Now with 1Password. Mostly happy with it, except for some recent UI changes.
Any thoughts on what's more secure - 1Password versus Bitwarden.
So Bitwarden is open source - that's a + for Bitwarden.
Any other things to weigh?
Hopefully, what was deleted a couple of years ago, was actually deleted.
Now with 1Password. Mostly happy with it, except for some recent UI changes.
Any thoughts on what's more secure - 1Password versus Bitwarden.
So Bitwarden is open source - that's a + for Bitwarden.
Any other things to weigh?
Another open source-based password manager is the Mac version of Password Safe. The underlying application was developed by Bruce Schneier, a well-respected cryptographer and security researcher. I've followed Schneier's work for years but just discovered the Mac version...so I have some research to do before buying it, especially since it has an iCloud syncing function (I would want to turn that off).
(home page)
(home page)
pwSafe - Password Safe
Feature-complete password management. Syncs with iPhone and iPad app using iCloud. Autofills in Safari. One-time purchase. ** Featured by Mac|Life as one the 20 Great Apps under $20 - http://j.mp/pwSafeMacLife Simple & secure password management across devices and computers. pwSafe uses...
apps.apple.com
I am not sure why you think that is "prevailing wisdom", but IMHO three password managers that allow you to self-host your vault would all be better choices that what you named: Enpass, Strongbox, and Codebook.
Would you mind me asking - why aren't you all-in on Keychain OR Bitwarden? @ajf.350d
iCloud for Windows lets you access Keychain passwords while in a Windows web browser.
How do you segregate the use of Keychain and Bitwarden?
maybe.. maybe not. and not every wants to deal with self hosting. or can deal with it. bitwarden allows selfhosting and is opensource and you can with keepassxc also. its prevailing wisdom as its the most recomended, and most reviewed by security typex of folks. almost everyone i know, is using keepasxc and or bitwarden.
i only know one person use 1pass.
1Password is pure trash now. Used to be good. Used it for quite a while. Then they threw all that was good about it out the window and also kept increasing the price. They switched from a feature-rich, native Mac app to Electron nonsense with half the features and a terrible UI. You can tell by the atrocious reviews it has on the App Store that most people aren’t pleased with the direction they’ve chosen to go. It feels like abandonware at this point as they leave blatant, basic-functionality-bugs unfixed for months on end (things like Face ID not working at all half the time). After switching to Bitwarden, everything is awesome. Safari’s keychain password manager is also pretty good with their built-in 2FA, but I’m on Brave and I use Bitwarden across multiple operating systems and devices so Bitwarden just makes my life easier. And it’s extra secure with my NFC Yubikey (so I can use it on my phone). It’s open source and 100% free unless you want to use 2FA or Yubikey or other forms of secondary security. For the extra stuff, it’s only 10 bucks a year.
Another knock on 1Password is they don’t allow things like Yubikey, but Bitwarden lets you use darn near everything. Importing from a browser to Bitwarden is also a breeze. All you need to do is rename the websites and that’s it (it even imports your 2FA login data). When you import to 1Password, it’s like your data was dragged through a mine field first. It’s absolutely atrocious. I hate it.
Last edited:
I'm guessing that's a brand new feature as I never had that option. That article was posted just a month ago. Good for them, but based on how the rest of the app works, it's probably very dodgy.
Last December, after being a LastPass customer for the last 8 years, I switched to 1Password owing to LP's security breakdowns. In the short time using 1P, I have missed the LastPass ease-of-use aspect. But that is a familiarity thing which will dissipate over time. Platform security is more important for me and thus the ease-of-use factor remains on the sideline. I also rely on iOS keychain for convenience sake.
Same. I consider 1Password to be a service so I don't really sweat it. Besides, the family subscription makes it SO much easier to deal with this stuff. I'm also much more confident in their encryption setup, given that setting up vault access requires two passwords.