Agreed. I have been using Bitwarden for over 3 years now, paid premium user as well. No big issues, the odd bug a few times but all fixed promptly and didn't impact my ability to access my data.
While the Bitwarden apps are not as "pretty" as 1Password's I find them a little simpler to use. Obviously UI design is highly subjective though so your thoughts may be very different :)
Anyway yes I highly recommend Bitwarden. Kyle and the team have built and continue to run a top class product that costs 1/3 the price of 1Password.
Edit: To clarify I use Bitwarden solely for personal use. I cannot fairly compare Bitwarden and 1Password for multiuser/shared vault use.
Bitwarden is great, but I'm getting frustrated at their ridiculous excuses for not implementing fixes.
For the longest time bitwarden has been broken in the firefox's private browsing after mozilla deprecated some apis due to security concerns. They've given alternatives but they are just refusing to fix it, to the point of basically saying mozilla needs to fix the issue. What's sad is a similar mechanism is used in their chrome extension. Someone even raised a working PR that the CTO wasn't fully happy with, and asked for changes (which is fair), but the PR hasn't moved since, so I'd have expected the Bitwarden employees to take it and fix it up.
It's absolutely ridiculous to still not have this fixed years later.
By contrast, I was a 1Password customer at the time this change got introduced, and they'd pushed out a fix not long after.
I will be trying to Linux client, and if it's good enough, I'm certainly switch away.
Not knocking the project, which sounds cool, but the absolute last thing I want to self host is a password database exposed to the internet. Hard pass on that element.
1password used to have a peer to peer sync mode that I loved. No need for a server anywhere. You would open it on your Mac and then open it on your phone and if they were on the same network they would self discover. Too inconvenient, perhaps, for most users, but for the paranoid like me, it was ideal -- no servers involved at all.
(Technically, wifi sync I believe still exists IF you use 1password on Mac with a old style local vault, but it's basically unsupported. Mine just stopped working and I switched to 1password.com.)
Seconded. I tried a lot of other ones before settling for Bitwarden about two years ago. It's easily the best and most hassle-free one that covers all of my use cases. (Tried LastPass, Keepass, 1password, and a couple others)
bitwarden looks cool. what parts are open-source and what parts are closed? (are all the premium features closed-source or are they just charging for that in the hosted-by-them version?)
And doesn’t force you into non-local sync. Passwords are one thing I’m not comfortable moving to cloud. After using 1Password for about 9 years I switched to BitWarden this year - just for this reason.
In my opinion, it should be a bare minimum for something as important as a password manager to be free software. Others have mentioned Bitwarden and Keepass in this thread, both of which meet that criteria, but personally I'll stick with pass since I don't need a GUI.
Huh, you are saying that something that is so important you want for free, and that the company building this product for you should forgo money and work simply for free? Wouldn't the opposite make far more sense that something that is so important you should pay 'more' for? They are free options that you are welcome to, but for people who want more they pay for it.
This is pretty cool. I am a long-time super-satisfied user of pass (https://www.passwordstore.org/) for all my personal needs, but my work uses shared vaults in 1password and this will make dealing with that a lot more smooth it looks like.
The reasonable person inside me wants to use a password manager, yet the paranoid in my brain is terrified. I read all those texts explaining why password managers are better, yet I am still afraid. I keep thinking in attack vectors such as someone compromising the Play Store and submitting a malicious app or other similar stuff.
I even have a Bitwarden account and have some passwords stored on it.
I also considered "offline" managers like KeepassXC, but synchronization gets way worse, and there's also the issue about trusting someone else with your mobile apps.
I will probably end up convincing myself and keep using Bitwarden more at some point, but I will also probably do some kind of password peppering/salting along with it.
> I also considered "offline" managers like KeepassXC, but synchronization gets way worse, and there's also the issue about trusting someone else with your mobile apps.
I'm using KeePassXC. Originally between three computers (Debian desktop, Debian laptop, and Microsoft laptop) where it was part of my git repo that I'd sync in between the machines as needed (git repo hosted within my own instance of gitolite, btw).
I've migrated more functionality into Syncthing - so now it's very rare that I ever need to do a manual merge within KeePassXC (which was always a robust operation anyway). KeePassXC has a setting to reload from disk if it sees that the password db file has changed, which makes this process seamless.
Part of my Syncthing setup is that I have a receive-only copy of my various repos on a Debian VM that runs a couple of archive tools (dirvish and borg) which provides for point-in-time restorations if needed.
So - I'm wondering what synchronisation problems you've had, and what you've tried. And what alternatives there are to trusting someone else's OS (replete with non-free components) on mobile, along with someone else's bundling of code into mobile packages?
There's a handful of keepass-compatible android apps, some of which are GPL, and Syncthing can keep a copy on Android easily enough, but ultimately there's a lot of trust in mobile land no matter how you slice it.
What's your baseline? While there are theoretically more secure alternatives to using a password managers, the vast majority of people don't have the discipline or skill to implement them effectively.
Password managers make security tradeoffs, providing a nice balance of convenience and defense against many of the most important attack vectors.
So while it of course possible to come up with basically endless possible attack vectors for password managers (and indeed all software), it is most likely not a productive exercise.
Also, a small tangent, but if someone compromises the play store and is able to install malicious software on your phone, there are plenty of ways for tmem to get your password that don't involve password managers.
I definitely have some password manager anxiety. I'm not too concerned about hacks or losing my password database. For me, it's more about the sense of independence, and being able to log in to my accounts using just my noggin. I might be able to remember one or two strong passwords, but not dozens, which is kind of the selling point of a password manager.
I use KeePassXC with a password and key file. I sync the database, but not the file, using Syncthing. On the whole a satisfied customer, although the browser integration isn't perfect.
Oh, I would not want to use any kind of password manager with built-in synchronization either; an integrated solution presents a much more attractive target for black hats. I've been using KeePassXC and its predecessors, and sync to other machines using Git+SSH (no third party hosting either) and to my phone using adb for a few years now. YMMV.
In addition to all other people have said, many accounts still have 2FA as secondary protection. The cost for them to 1) compromise the whole Play store; 2) Make you update both the password manager app AND authenticator app; 3) Make you login to a valuable account is way more expensive than just install a keylogger or try various scams.
As the joke tells, I don't have to beat the chasing bear behind me, I only need to be faster than the guy running alongside me.
You aren't the only one. Those "fancy" apps are too complex IMO to be trustworthy. Neither are other people's computers (aka clouds).
My secrets are stored in plain text files which are encrypted with GnuPG. Emacs (and vi too) can handle encrypted files easily, even on an Android device using the Termux (i.e. Debian) app. Syncing with rsync (even version control software is an option) works and with a bit discipline is not a major problem.
It is a bit like eating self-made food or eat what others cook. You have chances to get poisoned in both ways. I would choose to eat food prepared by others if I am not confident in my cooking skills.
Recently tried out every password manager as I was sick of LastPass being glitchy with some websites. I’m using OS X and iOS exclusively, with Safari, Chrome, and Firefox.
After trying out 1Password, Dashlane, etc. I returned to LastPass - contrary to most of the reviews I found online, LastPass works much more smoothly with most sites and apps. The integration with iOS is much nicer. I found the gap between LastPass and everything else was sufficiently large that it was a no brainer to switch back.
I’m still occasionally frustrated with LastPass, but having seen what the alternatives are I won’t be revisiting them for a good few years.
Personally I find the 1Password X browser extension is perfectly fine for my 1Password needs on my Linux desktop. That said the extension probably isn’t as good if you have a lot of server passwords or accounts you have to enter a lot in desktop apps. This isn’t a problem for me because I only use 1Password for web logins anyway, my various network passwords are easier to organize in pass.
I want to use KeePassX/KeePassXC but haven't really found any iPhone clients with Dropbox syncing + Face ID unlock. So still with 1Password even though I'm not a big fan of it anymore. It works, so there is that.
I have been using LasPass since many years ago. There's an extension for Chrome and for Firefox. On Android I use the app and even though experience is not that "automatic" it works.
I am surprised nobody mentioned LastPass is there any reason I should know?
LastPass was bought by LogMeIn, which raised some eyebrows. More recently, LogMeIn was bought by private equity vultures. That raises alarm bells for more people.
It was that plus experiencing a lot of bugginess in their apps that got me to switch to 1Password. It's been a huge improvement.
I moved from LastPass due to various security concerns, but in Chrome/Linux 1Password is a worse experience. LastPass is just smarter about creating accounts and assigning new passwords, or updating if you change them.
I've been using it for years ago. There are a few annoyances I have with it, mostly on mobile integration, but not enough for me to try to migrate to another platform.
I'd be curious is someone could explain why it would be worth the effort to transition from LastPass to some other provider.
Nah you're fine. There are other good alternatives but Lastpass does the job and that's fine. They do have a lastpass-cli which is quite nice to have as well. It operates somewhat like pass.
I use keepassxc on Dropbox. It syncs everywhere and if I have doubt about its cryptography, I browse the code, see at least what libraries it’s using, check the forks, read reviews and commentary on the source code, etc.
Maybe 1password offers UI to organizations. But for individuals and small groups, it seems to offer fees and less provable security.
In the spirit of throwing things out there: keepass/keypassx and keypassdx database(s) synced via nextcloud or syncthing is a dream. My passwords on all my devices and under my own control. Cant beat it.
This isn't ready for beta: no ability to delete logins, no ability to generate a new password or create a new login, no context menu, and not even a Cancel button for the user who starts to edit an entry and then realizes that they can't regenerate a password.
I've been using gnupass for a few years after using LastPass. I couldn't be happier. I control the codebase and all changes made to my password store via my gpg key. It's easy to use, easy to store on multiple repositories.
I have been using lastpass for more than 10 years and honestly I do enjoy the ease of use. for example biometrics on the phone. Should I switch? is it worth the time investment.
Lots of people saying they will only use an open source password manager - fair enough, that's your prerogative. But I think it's unfair if everyone just complains that this isn't open source. First people complained that 1Password wasn't on Linux. Then they made a browser extension that works on Linux, and people complained it wasn't native. Then they make a native application, and people complain that it's not open source. That's not their business model, that was never on the table. But it's worth celebrating when Linux is gaining support, even from proprietary companies. It's good that Steam supports Linux even when FreeCiv exists. It's good that Unity supports Linux even when Godot exists. Let's give 1Password some credit for supporting Linux - thanks guys!
I mean, I agree with the principle of your argument, I'm not really one to care _too_ much about specialised programs like this being closed source, especially if they have well defined migration paths and so on.
However, this has been _years_, 8 or 9 by my quick check on the App Store.
First there was the "agilekeychain" and the python libraries (blimey) to read from it, so I could kinda do my thing on linux, but then it was deprecated and they spent 18months trying to create a CLI variant that on arrival basically never worked.
Then they pushed a subscription model which was rather expensive for the functionality too, and after paying for new versions a few times I felt a bit annoyed, and I still could not access my passwords from Linux anyway..
Then they pushed really hard for their own hosted sync (for new vaults at the very least); And without dropbox I couldn't even sync to linux. I'm not sure if they went back on that.
Eitherway, the problem is not that it isn't open source per-say.
The problem is that it's an incredibly closed ecosystem as it exists today, and an expensive one- maybe you're better off looking at equivalently featured, free, and more open options... of which there are many.
It's not a very direct alternative. 1password uses a server and keeps everything in sync for you automagically, while on KeepassXC you have to sync your devices yourself (with some help from them). The more open source alternative would be the aforementioned Bitwarden.
> exfiltration of all your passwords is only one of those being compromised away at any given point
No, that's absolutely not true.
Those dependencies will not automatically update in your local app. The 1password developers should be auditing all updates to those dependencies too, and if you trust the 1Password developers to be competent, then you don't have to trust 25 random developers.
Furthermore, this isn't unique to electron apps. If they wrote this in c++, you'd still have to trust 1password devs to audit a dozen libraries they'd vendor in.
The article says that it's written in rust, and also implies that it is a gtk app. That doesn't sound like an electron app to me. Did I miss something?
So after ignoring Linux users for 10 years they finally decided to grant us their support. I feel my money are better spent supporting vendors who support Linux early on and do not view it as an afterthought. I will stick with LastPass.
> It blows my mind how you can be smart enough to use Linux
Please don't overstate the intelligence required to use linux. It's not that high.
> ...and still use a proprietary closed source "password manager" on it.
People run plenty of proprietary closed source software on linux. This can include password managers, because perhaps they prefer it. Also a password manager of all things is something most people will need to use cross platform, not solely on linux.
> If it was something unimportant, like a game, ok. But a password manager? The key to all your digital life and secrets...
Games being another proprietary closed source application people run on linux. Games still present meaningful risks to your computing and privacy.
> And in addition from an American company that will upload your (encrypted) passwords to a cloud in US?
AgileBits is a Canadian company.
> And in addition, I find it deceptive that they try to confuse the potential users by pretending to be somehow involved or concerned by open source.
A company can be involved and concerned with regards to open source without releasing a product that is open source. Microsoft releases and contributes to a lot of open source software but Windows and Office are both closed source.
It is worth mentioning that even if you're using an open source manager like Bitwarden, unless you're compiling your own apps and servers you're not really guarenteed to be running the code they host on github.
Honestly, I think your opinion is unpopular because it demonstrates a serious lack of understanding or thought.
If you re-use the same password for all sites, it takes just one sketchy site being compromised for all of your other sites to become compromised. In the case of a password manager, the manager itself is the one that needs to be compromised, and you have more reason to trust them to avoid being compromised than some other random site. Some random sketchy website being hacked doesn't need to effect the rest of your network of logins if you use a manager.
Most password managers (such as 1password) won't let anyone from any machine access your stored passwords over the web by just supplying your single password. They require multiple extra steps that are quite limiting, so for the most part they first need access to a computer that you've already installed your password manager on.
Furthermore, if your password manager is compromised, you have a very clear path to your password on that manager, and then a list of all the websites, usernames and passwords that you need to change in order to regain secruity. By contrast, I'm still rediscovering old websites I used 10 years ago that used my old omni-password which was compromised.
You're totally right. As long as you have a different, secure password for every site and service, and you keep a careful list of all of them, and make sure to keep this list backed up, and encrypted, and sync this list across your devices so you have access to it when and where needed, then you totally don't need a password manager.
...oh wait, that's literally a password manager. Sometimes opinions are unpopular for good reasons.
Edit: I checked: neither the macOS nor Windows version uses it. So it's not even that they think Electron is acceptable for high-quality desktop apps. They just don't consider Linux important enough to make a high-quality app for it.
bilal4hmed|5 years ago
satysin|5 years ago
While the Bitwarden apps are not as "pretty" as 1Password's I find them a little simpler to use. Obviously UI design is highly subjective though so your thoughts may be very different :)
Anyway yes I highly recommend Bitwarden. Kyle and the team have built and continue to run a top class product that costs 1/3 the price of 1Password.
Edit: To clarify I use Bitwarden solely for personal use. I cannot fairly compare Bitwarden and 1Password for multiuser/shared vault use.
dastx|5 years ago
For the longest time bitwarden has been broken in the firefox's private browsing after mozilla deprecated some apis due to security concerns. They've given alternatives but they are just refusing to fix it, to the point of basically saying mozilla needs to fix the issue. What's sad is a similar mechanism is used in their chrome extension. Someone even raised a working PR that the CTO wasn't fully happy with, and asked for changes (which is fair), but the PR hasn't moved since, so I'd have expected the Bitwarden employees to take it and fix it up.
It's absolutely ridiculous to still not have this fixed years later.
By contrast, I was a 1Password customer at the time this change got introduced, and they'd pushed out a fix not long after.
I will be trying to Linux client, and if it's good enough, I'm certainly switch away.
mapgrep|5 years ago
1password used to have a peer to peer sync mode that I loved. No need for a server anywhere. You would open it on your Mac and then open it on your phone and if they were on the same network they would self discover. Too inconvenient, perhaps, for most users, but for the paranoid like me, it was ideal -- no servers involved at all.
(Technically, wifi sync I believe still exists IF you use 1password on Mac with a old style local vault, but it's basically unsupported. Mine just stopped working and I switched to 1password.com.)
tw04|5 years ago
Use bitwarden-rs if you're planning on self-hosting.
https://github.com/dani-garcia/bitwarden_rs
eyeundersand|5 years ago
xiaomai|5 years ago
chiefalchemist|5 years ago
I mention this because my work uses 1PW and I don't like it at all. Not the browser extension. Not the desktop app.
Bitwarden is well worth checking out.
ceocoder|5 years ago
s_dev|5 years ago
is a very worthwhile password manager. I like the UI.
eepp|5 years ago
mehrdadn|5 years ago
unknown|5 years ago
[deleted]
_zaqs|5 years ago
heavymark|5 years ago
waynesonfire|5 years ago
Also a 1password user. Can't deny it's a wonderful product.
lomex123|5 years ago
GrantZvolsky|5 years ago
[1]: https://git.zx2c4.com/password-store/tree/README
dundercoder|5 years ago
eigenspace|5 years ago
xiaomai|5 years ago
dyingkneepad|5 years ago
I even have a Bitwarden account and have some passwords stored on it.
I also considered "offline" managers like KeepassXC, but synchronization gets way worse, and there's also the issue about trusting someone else with your mobile apps.
I will probably end up convincing myself and keep using Bitwarden more at some point, but I will also probably do some kind of password peppering/salting along with it.
Am I really the only one here?
Jedd|5 years ago
I'm using KeePassXC. Originally between three computers (Debian desktop, Debian laptop, and Microsoft laptop) where it was part of my git repo that I'd sync in between the machines as needed (git repo hosted within my own instance of gitolite, btw).
I've migrated more functionality into Syncthing - so now it's very rare that I ever need to do a manual merge within KeePassXC (which was always a robust operation anyway). KeePassXC has a setting to reload from disk if it sees that the password db file has changed, which makes this process seamless.
Part of my Syncthing setup is that I have a receive-only copy of my various repos on a Debian VM that runs a couple of archive tools (dirvish and borg) which provides for point-in-time restorations if needed.
So - I'm wondering what synchronisation problems you've had, and what you've tried. And what alternatives there are to trusting someone else's OS (replete with non-free components) on mobile, along with someone else's bundling of code into mobile packages?
There's a handful of keepass-compatible android apps, some of which are GPL, and Syncthing can keep a copy on Android easily enough, but ultimately there's a lot of trust in mobile land no matter how you slice it.
jaredklewis|5 years ago
Password managers make security tradeoffs, providing a nice balance of convenience and defense against many of the most important attack vectors.
So while it of course possible to come up with basically endless possible attack vectors for password managers (and indeed all software), it is most likely not a productive exercise.
Also, a small tangent, but if someone compromises the play store and is able to install malicious software on your phone, there are plenty of ways for tmem to get your password that don't involve password managers.
SloopJon|5 years ago
I use KeePassXC with a password and key file. I sync the database, but not the file, using Syncthing. On the whole a satisfied customer, although the browser integration isn't perfect.
crossroadsguy|5 years ago
- Email provider's (it's not Google)
- Domain registrar's
- 3 of my main bank account passwords
- Password of my password manager and KeePass db
- Cryptomator volume's password (I keep that Volume in Dropbox)
- Password of my laptop and phone (both 12-20 char long alphanumeric ones)
- PIN of my 2FA app
(I keep practising entering these passwords on my phone/laptop regularly)
Everything else are randomly generated strings by BitWarden and saved there.
Sometimes I have some hints that only I can make sense of and save it in KeepPass database.
l0b0|5 years ago
CrendKing|5 years ago
As the joke tells, I don't have to beat the chasing bear behind me, I only need to be faster than the guy running alongside me.
jcynix|5 years ago
My secrets are stored in plain text files which are encrypted with GnuPG. Emacs (and vi too) can handle encrypted files easily, even on an Android device using the Termux (i.e. Debian) app. Syncing with rsync (even version control software is an option) works and with a bit discipline is not a major problem.
unknown|5 years ago
[deleted]
domano|5 years ago
mekster|5 years ago
SirensOfTitan|5 years ago
izgzhen|5 years ago
pavanky|5 years ago
three_legs|5 years ago
[deleted]
randomsearch|5 years ago
After trying out 1Password, Dashlane, etc. I returned to LastPass - contrary to most of the reviews I found online, LastPass works much more smoothly with most sites and apps. The integration with iOS is much nicer. I found the gap between LastPass and everything else was sufficiently large that it was a no brainer to switch back.
I’m still occasionally frustrated with LastPass, but having seen what the alternatives are I won’t be revisiting them for a good few years.
murermader|5 years ago
pjmlp|5 years ago
Electron apps are not true Linux apps, maybe for ChromeOS they can be considered as such.
switch007|5 years ago
Disappointing, 1Password!
mbillie1|5 years ago
resfirestar|5 years ago
dotancohen|5 years ago
haunter|5 years ago
tw04|5 years ago
https://apps.apple.com/us/app/strongbox-password-safe/id8972...
tass|5 years ago
techsupporter|5 years ago
nitrohorse|5 years ago
mjlee|5 years ago
aaronfc|5 years ago
gilrain|5 years ago
It was that plus experiencing a lot of bugginess in their apps that got me to switch to 1Password. It's been a huge improvement.
Erwin|5 years ago
Osiris|5 years ago
I'd be curious is someone could explain why it would be worth the effort to transition from LastPass to some other provider.
Zizizizz|5 years ago
beckler|5 years ago
SparkyMcUnicorn|5 years ago
https://support.1password.com/cs/migrate-standalone/
(note the text near the end regarding licensing)
flobosg|5 years ago
EDIT: I was wrong about 1Password 7 for Windows and macOS, see further replies.
jegp|5 years ago
dewey|5 years ago
aborsy|5 years ago
The GPG keys are externally held.
aborsy|5 years ago
Maybe 1password offers UI to organizations. But for individuals and small groups, it seems to offer fees and less provable security.
afarviral|5 years ago
Fnoord|5 years ago
Bitwarden_rs can achieve the same.
unknown|5 years ago
[deleted]
chb|5 years ago
qudat|5 years ago
wishysgb|5 years ago
MaxGabriel|5 years ago
m12k|5 years ago
dijit|5 years ago
However, this has been _years_, 8 or 9 by my quick check on the App Store.
First there was the "agilekeychain" and the python libraries (blimey) to read from it, so I could kinda do my thing on linux, but then it was deprecated and they spent 18months trying to create a CLI variant that on arrival basically never worked.
Then they pushed a subscription model which was rather expensive for the functionality too, and after paying for new versions a few times I felt a bit annoyed, and I still could not access my passwords from Linux anyway..
Then they pushed really hard for their own hosted sync (for new vaults at the very least); And without dropbox I couldn't even sync to linux. I'm not sure if they went back on that.
Eitherway, the problem is not that it isn't open source per-say.
The problem is that it's an incredibly closed ecosystem as it exists today, and an expensive one- maybe you're better off looking at equivalently featured, free, and more open options... of which there are many.
dingaling|5 years ago
shmerl|5 years ago
dyingkneepad|5 years ago
xmunoz|5 years ago
overcast|5 years ago
ButWhatFor|5 years ago
loeg|5 years ago
unknown|5 years ago
[deleted]
setheron|5 years ago
unknown|5 years ago
[deleted]
laksdjfkasljdf|5 years ago
Hearing about people using 1password, etc, I get an uncomfortable smug feeling, similar to when i hear that someone is coding on notepad.exe :(
stefan_|5 years ago
[deleted]
TheDong|5 years ago
No, that's absolutely not true.
Those dependencies will not automatically update in your local app. The 1password developers should be auditing all updates to those dependencies too, and if you trust the 1Password developers to be competent, then you don't have to trust 25 random developers.
Furthermore, this isn't unique to electron apps. If they wrote this in c++, you'd still have to trust 1password devs to audit a dozen libraries they'd vendor in.
pekim|5 years ago
sigzero|5 years ago
dlojudice|5 years ago
[1] https://www.keepersecurity.com
vzaliva|5 years ago
jamesgeck0|5 years ago
ed25519FUUU|5 years ago
None of these saas companies ever price single user licenses below $5, even though $1 or $2 would be much more reasonable.
gilrain|5 years ago
loginatnine|5 years ago
cowmix|5 years ago
gilrain|5 years ago
greatgib|5 years ago
If it was something unimportant, like a game, ok. But a password manager? The key to all your digital life and secrets...
And in addition from an American company that will upload your (encrypted) passwords to a cloud in US?
And in addition, I find it deceptive that they try to confuse the potential users by pretending to be somehow involved or concerned by open source.
See this exchange for example:
https://www.reddit.com/r/privacy/comments/7l75d5/comment/drm...
<<We're not open-source, but we do act like it!>> Wtf?
least|5 years ago
Please don't overstate the intelligence required to use linux. It's not that high.
> ...and still use a proprietary closed source "password manager" on it.
People run plenty of proprietary closed source software on linux. This can include password managers, because perhaps they prefer it. Also a password manager of all things is something most people will need to use cross platform, not solely on linux.
> If it was something unimportant, like a game, ok. But a password manager? The key to all your digital life and secrets...
Games being another proprietary closed source application people run on linux. Games still present meaningful risks to your computing and privacy.
> And in addition from an American company that will upload your (encrypted) passwords to a cloud in US?
AgileBits is a Canadian company.
> And in addition, I find it deceptive that they try to confuse the potential users by pretending to be somehow involved or concerned by open source.
A company can be involved and concerned with regards to open source without releasing a product that is open source. Microsoft releases and contributes to a lot of open source software but Windows and Office are both closed source.
dyingkneepad|5 years ago
29athrowaway|5 years ago
eigenspace|5 years ago
If you re-use the same password for all sites, it takes just one sketchy site being compromised for all of your other sites to become compromised. In the case of a password manager, the manager itself is the one that needs to be compromised, and you have more reason to trust them to avoid being compromised than some other random site. Some random sketchy website being hacked doesn't need to effect the rest of your network of logins if you use a manager.
Most password managers (such as 1password) won't let anyone from any machine access your stored passwords over the web by just supplying your single password. They require multiple extra steps that are quite limiting, so for the most part they first need access to a computer that you've already installed your password manager on.
Furthermore, if your password manager is compromised, you have a very clear path to your password on that manager, and then a list of all the websites, usernames and passwords that you need to change in order to regain secruity. By contrast, I'm still rediscovering old websites I used 10 years ago that used my old omni-password which was compromised.
murermader|5 years ago
The secret key can be kept save, because it is only required once for each device, when you log in the first time.
Lazare|5 years ago
...oh wait, that's literally a password manager. Sometimes opinions are unpopular for good reasons.
corytheboyd|5 years ago
iamdbtoo|5 years ago
mekster|5 years ago
Master password alone won't unlock the rest of passwords.
NikolaeVarius|5 years ago
comex|5 years ago
Edit: I checked: neither the macOS nor Windows version uses it. So it's not even that they think Electron is acceptable for high-quality desktop apps. They just don't consider Linux important enough to make a high-quality app for it.
terabytest|5 years ago
unknown|5 years ago
[deleted]
pseudalopex|5 years ago