New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
1Password's gone bad - recommendations?
raindog308
Administrator, Veteran
in General
I hadn't noticed that 1Password has moved to a subscription-only pricing. $180 for the next 5 years? GTFO. Was going to gift the app to my wife but I just burst out laughing when I saw the price and now it's time to move on.
LastPass was awful when I tried it, but it's been a while, but they've been bought. Might have to go back to pwsafe or KeePass. Anything else?
Comments
I don't mind LastPass. It keeps syncronizing between different browsers and platforms incredibly simple. KeePass requires too much care and feeding when I can have LP for $12/yr.
That's only for using their sync service isn't it? I use it every day with Dropbox sync, no extra cost.
Mac or Windows? I see 1Password Standalone as a $65 in-app purchase option for the Mac app. https://itunes.apple.com/us/app/1password-password-manager-and-secure-wallet/id443987910?mt=12
iOS and android apps are still usable without this subscription too. Looks like their site is misleading really. Implies you have to subscribe but I mean, I have the latest apps and no account with them.
LastPass is great, and it's completely free now for device syncing. Would recommend it... Their chrome app works great and I've had issues with other password manager browser apps.
Yeah, I think they're in a weird transition phase. I'm sure they'll only allow subscriptions at some point in the future, but right now you can still do standalone on Mac (and sync via Dropbox/iCloud) and there's a 'standalone version' download link for Windows (not sure if you can purchase a license in-app there).
Last time I downloaded it for Windows it just never even bugged me about a license. Was a bit ago though.
Your brain, free as long as it actives.
I don't see new non-subscription licenses for sale on their web site..? Forums seem to confirm they're only doing subs for new customers.
I could still gift the app for mac but safe to assume that's going away.
I don't think I ever bought from them direct but yeah, they make it sound like they'll be updating clients later to require accounts. Either that or just hoping to catch suckers who land there before the App Store.
Never mind, does look like they're just hyping the subscription by making it look like the only path:
https://support.1password.com/why-account/
Good, no worries then. I mean I'd pay for it anytime, but not shaking anything up right now.
When I signed up, you needed "Premium" for it to support different operating systems. A few months later, they made it free.
Im using Enpass and quite happy so far
I still use 1password right now (subscription).
I thought about building my own just using something like S3 for storage but after reading AgileBits blog I realized there were quite a few small security-related issues that probably should be addressed, like avoiding keyloggers...
I'm still considering though. If I build it just for myself nobody's going to attack it right?? :P
Really is the next best thing for someone who enjoys 1Pass.
That's if you use one password among many sites, if one of the sites you visit and are a member of gets hacked? Your done.
It's as simple as Googling your username and finding what other sites you visit, the internet is a very dangerous battlefield my friend.
Back on topic, I personally use LastPass and highly recommend it. KeePass is also one of the ones I recommend too, I know one of my friends who set it up so it works with AD Authentication and it's also external facing for when he goes onsite or someone in his company does, quite clever. That reminds me, I need to ask him how he got it to work!...
I use 1Pass, but also don't like the push to subscription model.
I bought it outright, because I like the fact the data is not on their servers.
I like the look of Enpass, but scared about using a closed source, Indian based, recent (~1yr) released app without any audit.
Also, you can still purchase standalone licenses here: https://agilebits.com/store
Have you tried Sticky Password Premium? Currently 50% discount is going on it which provide price $15 for it. You can compare it's features to other password manager at here http://www.pcmag.com/article2/0,2817,2407168,00.asp
Honestly i would stay with Keepass even if LastPass is 2 steps forward because i have control of my cute kdbx database all time. Ou dont have passwd sync (for me its a plus, less security problems) with Keepass out of the box and as you know its compatible:
You have a decent autocomplete (FF > Keefox) and if you want to update your password just connect one sec the peripheral you want to update to your last kdbx.
Lastpass is too much bloatware (last android version, my single opinion) but my thought is only because im so addicted to keepass that everything else with more functions is ... useless.
$180/5y is $3/mo - that's not unreasonable for software that
I'm flummoxed that the gracious leader of the LET commentariat class @WSS would even contemplate, let alone suggest, LastPass: https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
Bad regex parsing is an amateur coding mistake. It's unacceptable when CloudFlare does amateur coding - but it's not a problem when it's the company storing all your passwords?
(Edit: take a look at LastPass' bug bounty payout too. That's probably less than 1/10th of what the FSB would pay, even under heavy State budget cuts. Is it not worth paying for security?)
If FSB were interested in that he would already have it and without paying.
As for the OP question: passwords are so yestercentury. I always for everything use the same password because statistic have led me to the assumption that anyone finding out my always-the-same-password for one site will, assume that I use another one for another site, first try all other imaginable passwords there, hehe.
Moreover I do not trust lastpass and similar sites. That while I always use "1/O" as password. Having a letter, a number, and a special char in it is very secure; but - and that's where the story gets hot - my password can also be read as "one divided by zero" which is exactly what an OCR reader might give as result, if a mischievious site first takes a picture of my password in their database and then OCRs it ... and BANG division by zero exception! That'll be a lesson for them evildoers.
That's incredibly naive. This isn't the movies - the FSB doesn't magically make information appear to them because they are Russian villains. They are watching the West's agglomeration of data in awe and they are seeking to exploit that through very practical methods.
I only ever use Keepass.
a) what do you really know about FSBs capabilities?
b) what makes you assume that the security at e.g. lastpass isn't so lousy that one needs high-class hackers?
They advertise and actively recruit skilled computer specialists and lure them with better flats, more money and a dismissal from mandatory military service. I don't know if they are getting anyone good, though I assume they have Bogachev.
I think LastPass security is lousy, based on the exploit I provided above. Are you insinuating that the FSB isn't interested because it's not challenging enough to exploit?
KeePass for me too, hosted on my own VPS with webdav, sync's with Windows, Android and iOS. And no one else has my passwords
Ad a) every intelligence service tries to get good people. Plus: better flats, etc. must come from old sowjet times.
Ad b) No, I'm not trying to say (let alone insinuating) that FSB isn't interested. Look at what I wrote. I'm saying that they wouldn't pay lots of money to get at lastpass's database; it's simply neither needed nor effective.
That said I think you have a wrong and probably usa of a impregnated image. FSB, unlike some western services, is professional and they don't work hard (or pay high) to grab just whatever they can get ahold of.
I happen to know a little about Russia and IT and I can tell you that they are certainly not behind western services in capabilities, particularly when it comes to tao.
I hear what you're saying but it's the subscription that kills it for me. I paid $65 so obviously I'm willing to pay. But the idea that I could never stop paying and if I did, my data becomes no longer available (or becomes read-only which I think is the case here) is unacceptable.
They still very much sell the one time fee version and have said they intend to continue to support it. The subscription was for those who don't want to have to manage sync themselves.