[HN Gopher] Changes to LastPass Free
___________________________________________________________________
Changes to LastPass Free
Author : seng
Score : 304 points
Date : 2021-02-16 13:52 UTC (9 hours ago)
(HTM) web link (blog.lastpass.com)
(TXT) w3m dump (blog.lastpass.com)
| KoftaBob wrote:
| For those already paying for Dropbox, Dropbox Passwords is
| included and is pretty solid.
| roussanoff wrote:
| Does the autofill work well? I was considering trying it out,
| but, unlike 1Password and Lastpass, there are really no reviews
| of Dropbox Passwords anywhere.
| KoftaBob wrote:
| Works great, very similar to LastPass in how it's
| implemented.
| frompdx wrote:
| I personally had no idea this existed and I pay for dropbox.
| sjaak wrote:
| Use this: https://www.passwordstore.org/
|
| A combination of a shell script, git, and pgp.
|
| It's not the pinnacle of convenience, but it works, and you don't
| have to deal with stuff like this :)
| skytreader wrote:
| Sorry if I'm asking an obvious question but how is this more
| convenient than pure-desktop Lastpass? If I'm inconvenienced by
| Lastpass' change of terms this is hardly a solution isn't it?
| frompdx wrote:
| Passwords are the most unfortunate part of the web. It is a bad
| user experience that leads to poor security. I've spent the last
| couple of years trying to convince friends and family to use a
| password manager (usually lastpass) and use a different password
| for every site. Many were using some variation of the first
| password they ever made for their dialup AOL account in the mid
| 90's.
|
| I can't blame lastpass for choosing to monetize their product.
| Securing the web is also not the job of lastpass. Unfortunately,
| making users pick either a desktop or mobile device for the free
| tier and requiring pay to have both I think many will pick the
| path of least resistance and go back to their old habits,
| foregoing password managers and unique passwords altogether.
| devwastaken wrote:
| Wow that is absolutely terrible. What happens when you don't have
| access to your computer or phone? This idea had to be thought up
| by marketing management it's so bad. Definitely lost me as a
| customer.
| m000 wrote:
| LastPass seem to be shooting themselves in the foot with their
| irrational and inconsistent pricing.
|
| - A few years back, their free/premium tiers were looking similar
| to what they announced today. Only they charged a mere $15/year
| for premium, which I gladly paid.
|
| - Then, overnight, they offered syncing across all types of
| devices for their free tier. The premium tier was only adding
| some niche features. I would have continued to pay $15/year just
| to support them, but at the same time they bumped up premium to
| $36/year. That was a deal-breaker: not paying 2.5x for features I
| don't use.
|
| - Now, they switch back to not syncing across all types of
| devices, but the premium price stays $36/year.
|
| If LastPass was the only game in town, they might get away with
| it. But there are at least two competitors, against which
| LastPass doesn't compare favourably: 1Password costs about the
| same, but is more refined. Bitwarden is a bit less refined, but
| is cheaper.
|
| I'm not dissatisfied with the LastPass product itself. But having
| to keep up with radical policy changes every few years largely
| negates any positive experience.
| mox1 wrote:
| Those of you looking for an alternative, consider moving your
| data to a Keepass database. Its a more or less open file format,
| which a lot of different tools can read.
|
| My goto tool currently is Keeweb - https://keeweb.info/. Its
| basically a SPA, can be used offline or online.
|
| Keeweb + a google drive hosted keepass database file keeps my
| passwords available and synced across 5-6 different devices.
| guardian5x wrote:
| Can you explain what "more or less open" file format means?
| mitchdoogle wrote:
| Second on this. I've been using it for almost six years now,
| never had any issues on my desktop or Android. Probably
| requires a bit more setup than LastPass, but it has been able
| to do anything I've ever wanted to do, including apps/plugins
| for Android, Chrome, Firefox, SmartFTP, and more.
| dangus wrote:
| Never again on Keepass. The dollar savings is not worth the
| hassle of it.
|
| You have to use a different client on every device because the
| official client is Windows only, and I've even experienced bugs
| a client I used that caused me to lose data entered into secure
| notes.
|
| And while a single page app client is nice, it's not good for
| password managers. 1Password integrates with the iOS password
| management API and browsers to fill in passwords and even
| credit card info, and I'm guessing most competitors like
| Bitwarden (open source just like Keepass!) do the same.
|
| Saving ~$10-50 a year on something as useful and vital as a
| password manager in order to "roll your own" is such a bad
| tradeoff.
|
| I switched off of Keepass when I almost accidentally lost data
| due to a client sync conflict. I had to go back to my Dropbox
| history and do a bunch of surgery to repair the damage. It's
| just not worth it.
| the_snooze wrote:
| >Saving ~$10-50 a year on something as useful and vital as a
| password manager in order to "roll your own" is such a bad
| tradeoff.
|
| This. I find it really strange that tech-savvy folks---who
| almost certainly have thousands of dollars worth of equipment
| ---would cheap out on a password manager. You want a password
| manager that's secure, reliable, well-maintained, and usable.
| And doubly so if you want your less tech-savvy family to get
| the benefits and conveniences of using a password manager.
| Those things cost money. And $60/year (on the high end of
| things) is a bargain for what you're getting.
| munchbunny wrote:
| _And doubly so if you want your less tech-savvy family to
| get the benefits and conveniences of using a password
| manager._
|
| Definitely agree with this. I might consider setting up
| Keepass for myself (though I actually just pay for
| 1Password), but my lay friends would bounce off the setup
| and maintenance work of rolling your own Keepass setup
| immediately, and then I'd be on the hook to help them
| troubleshoot. I'd rather just point them at Bitwarden or
| 1Password. It works well enough and has good enough support
| that they get an operational password manager with minimal
| hassle and I don't have to spend time supporting it. Sure,
| you don't control their clouds, and 1Password isn't open
| source, but even so it's a dramatic improvement on a lay
| user's account security.
| davchana wrote:
| I have kept my PC version of database as master. All of my
| tablets mobiles access it in read only basis. This is to
| avoid the sync conflicts.
| dangus wrote:
| So you voluntarily prevent yourself from updating passwords
| when you're on your phone or tablet just so that your
| password manager doesn't lose data?
|
| Isn't that a ridiculous design oversight? To completely
| handicap any situation involving more than one computer?
| That's exactly why I stopped using Keepass.
|
| All that hassle so that you can save $10 a year.
|
| https://bitwarden.com/pricing/
| davchana wrote:
| My use case is different. My all passwords are in Chrome.
| Simple. Keypass has some specific passwords like Chrome
| Sync Phrase, some zip file passwords, some other things.
| Plus initially I used to use keypass when i started using
| any password management instead of same password
| everywhere.
|
| At that time, & still now, I use Dropbox to sync PC KP db
| with Dropbox. Then FolderSync to sync one way (read only)
| from Dropbox to Phone. If i need to add password, I
| wanted to make sure I can add only on PC. PC had the
| official Keypass, phones had the Offline Keypass App.
|
| $10 now is nothing for me, but few years ago in India it
| is about 2 days salary of a manual laborour. About 5
| meals. Or about 10 litres of Petrol.
|
| I am always wary of anything online which has my
| passwords. The same reason Chrome does not have all my
| passwords, but still I trust Google more than any other
| relatively smaller software like Lastpass or bit warden
| or anything.
| lnl wrote:
| > All that hassle so that you can save $10 a year.
|
| You are talking as if KeePass's only advantage is being free
| and it is only preferred by people who cheapen out. That's
| not true, just as it's not true for similar arguments for
| Android vs iOS, or Linux vs Windows, or Windows vs MacOS.
| People have different preferences and priorities.
|
| Even if the pricing was reversed, I am sure many people would
| prefer KeePass, as I do, just as in general preferring paid
| desktop programs to free online services.
|
| > something as useful and vital as a password manager
|
| Indeed, even if one day I give in and start using those
| online services for everything, something as vital as a
| password manager would be one of the last places where I
| would cave in.
|
| I understand that KeePass wasn't for you, and it probably
| isn't for heavy mobile users as it is primarily a desktop
| program (official KeePass client works on macOS and Linux by
| the way, though it feels more at home in Windows). I am sure
| you could find excellent mobile clients too (I wouldn't know
| as I never had the need), but I understand that lack of
| official clients and having to choose among non-official
| clients, some of whom might be buggy, can be frustrating. But
| it is perfect for my use case, and for my non-technical
| parents that I introduced it to, regardless of price.
| cdubzzz wrote:
| Keeweb looks nice. On macOS I use KeePassXC[0] but I'm not a
| huge fan of it. Will give Keeweb a try.
|
| On iOS I switched to KeePassium[1] for my database a while back
| and its very nice. It integrates with biometric unlock and iOS
| password management so I can get at easily from anywhere and it
| stays in sync with the stored database (via a self-hosted
| Seafile[2] instance) nicely.
|
| The setup has served us (two users) well with few hiccups and
| good support for dealing with the rare conflicts that do arise.
|
| [0] https://keepassxc.org/ [1] https://keepassium.com/ [2]
| https://www.seafile.com/en/home/
| hedora wrote:
| There are a lot of recommendations for bitwarden here. It's open
| source, and popular, but their website suggests Linux support is
| middling at best. Their desktop app download page only has
| AppImage's for x86, and non-auto-updated debs and rpms.
|
| Does it run on ARM Linux? Is it packaged natively by most Linux
| distributions? Are the packages reasonably up to date?
| didibus wrote:
| I used to be a payed subscriber, and then they made all the
| features I used free. For some reason, it frustrated me that they
| made it free, because I felt they were now gunning for some
| monetization scheme, where I'd rather they just focused on an
| affordable sustainable offering.
| jzl wrote:
| Agreed, a lot of mixed messaging from them over the last few
| years. I also used to happily pay the $12/year for mobile
| access but they strangely got rid of that requirement and added
| no value to the paid version. I'm just gonna pay the $36/year
| at this point because I don't feel like disrupting my working
| password system. But it feels like dating a person who doesn't
| know what they want.
| havelhovel wrote:
| LastPass was great when it was free, but 1Password is the better
| value now. Even Bitwarden provides a better looking UI. Glad
| LogMeIn made this change public before I moved my startup over to
| their service out of loyalty (i.e. laziness).
| radus wrote:
| I've tried LastPass and 1password, but neither has a good
| implementation of auto-type on desktop, where my definition of
| good is KeePass.
|
| To those that dismiss KeePass as being too clunky I hear you, but
| I think the situation is better than it used to be thanks to the
| development of several high quality and open-source clients for
| non-Windows platforms: iOS (StrongBox, KeePassium), MacOS
| (StrongBox, MacPass), Android (Keepass2Android), and KeeWeb as
| well. I would pay special attention to whether or not these
| clients support KeePass' built in database sync/merge feature
| [1], especially if you don't use a cloud back-end. Most cloud
| providers will save two versions of a file when there's a sync
| conflict ensuring you don't lose data.
|
| As for storage back-ends I've used OneDrive, sFTP, and WebDAV
| [2], and I'm currently migrating everything to WebDAV. sFTP works
| well but some clients take too long to open and close the
| connection.
|
| [1] https://keepass.info/help/v2/sync.html
|
| [2] https://news.ycombinator.com/item?id=26157184
| dj_mc_merlin wrote:
| I do not see the sense in using a product for this. You can use a
| free local password manager (like keepas) and cron rsync the
| database file to some backup servers you control. Or regularly
| back it up to an air gapped medium if you're paranoid. The
| chances of someone being able to break the encryption if you have
| a strong password for the next 5-10 years is nil, and by then you
| should've changed your passwords.
| elfchief wrote:
| Everybody is mentioning Bitwarden as a replacement, but what
| about Dashlane? I've had my eye on Dashlane for a while, and it
| seems on-par with lastpass, so I'm confused why it isn't
| mentioned in this discussion more.
|
| (to be clear: this is a genuine question, not an attempt to
| stealth-shill for Dashlane)
| forty wrote:
| Let me know what you think of you ever try :) I sometimes wish
| we were more often mentioned here (thanks btw :) ). I guess
| that we are missing some features that the audience here
| requires (for example being open source?).
| majkinetor wrote:
| I ditched all commercial ones because they are bad and majority
| can't even recognize intranet sites correctly. I use now Next
| Cloud Passwords plugin (FOSS) and can't be happier. It is missing
| some mass-sharing features that it will get eventually but other
| then that, its a pleasure to work with.
|
| Seriously people, this is one awesome tool, it comes with web
| interface, browser extension that works great, is totally free
| and team ready. Developer is responsive and updates it regularly.
|
| I was using everything before it, from LastPass, over pass,
| psono, bitwarden, 1pass, keypass, just to name few, but after the
| NC Passwords I never looked back.
|
| The only hurdle is that you need to have NC installed, but NC is
| great too on the other hand :)
|
| https://github.com/marius-wieschollek/passwords
| ptmcc wrote:
| This is going to backfire for LastPass I think. It has stayed
| stagnant for years and performance has slowly degraded despite my
| devices getting much faster.
|
| When it was free it was easy to stick with it despite its flaws
| because of momentum.
|
| But now that I'm being forced to pay I'm going to do some cross-
| shopping and I really doubt LP is going to come out on top.
|
| I'm totally willing to pay, but my expectations are higher as a
| paying customer.
| kevinsky wrote:
| Just changed to BitWarden, seamless export from Lastpass and
| import into chrome. Syncs across devices and is free.
| [deleted]
| metalliqaz wrote:
| Just signed up for Bitwarden to see if that will be a better
| alternative, but I have to say the TOTP support isn't as good as
| LastPass. LastPass has a real authenticator app that I can use
| just like Google authenticator and also as a 2fa for lastpass,
| which it managed without requiring a copy of the code.
| peach45 wrote:
| Good thing I use pass
|
| https://wiki.archlinux.org/index.php/Pass
| qntty wrote:
| I used to use pass. I must be too dense to understand how to
| properly backup pgp encypted files, because I had to reset all
| my passwords when I couldn't decrypt my backup.
| throwawayboise wrote:
| They're just files. You back them up like any other. Do be
| sure you backup your private key though, if you lose that
| you've lost everything. Sounds like that is what happened to
| you.
| cardamomo wrote:
| I love pass but found that it was difficult to use the
| associated Android app and keep things in sync.
| cl3misch wrote:
| The UX of the pass iOS app [1] vs. the Android app [2]
| (especially the need for OpenKeychain on Android) is the main
| reason keeping me on iOS.
|
| [1] https://github.com/mssun/passforios
|
| [2] https://github.com/android-password-store/Android-
| Password-S...
| cardamomo wrote:
| Yep, it's pretty painful to have to use a separate app just
| to manage the PGP key. I've also found it very difficult to
| sync with git over SSH with a key instead of a password.
| m-chrzan wrote:
| pass is great. I use the dmenu script to get passwords into my
| clipboard without leaving the keyboard or being locked into
| browsers with a supported extension.
|
| As others have mentioned, the Android app has slight issues,
| but they're not dealbreakers for me.
|
| There's some interesting pass plugins, e.g. pass-otp. You can
| get 2FA passcodes from the commandline rather than being locked
| into Google's Authenticator.
| Causality1 wrote:
| The same thing will happen here as when Dropbox limited free
| accounts to three devices: all of us who've spent years
| evangelizing the service to our friends and family are going to
| get a bunch of pissed-off phone calls. They're not going to
| understand or care why, they're just going to be mad that it
| worked yesterday and doesn't work today.
| Crosseye_Jack wrote:
| The title is slightly off. The limit is to a single device type,
| not device.
|
| If you only use LastPass on 2 devices of the same type (on your
| desktop and your laptop or if you only use it on your Mobile and
| your Tablet) you will be fine to stay on Free, However if you use
| it on your Desktop and your Mobile (like me) you will need to
| swap password managers or pay up for the service.
|
| Before LogMeIn brought them the service was free on "Computers"
| but you had to pay up for Mobile (Although you were able to
| access your vault via their website, the mobile app just made it
| easier).
|
| Guess it's time for me to invest my time into actually settings
| up and exporting my passwords to something like KeePass (I've
| been meaning to do it ever since LogMeIn brought them, I was just
| far too lazy to do it until now).
|
| $30~ for a year (the offer they included in the notice) aint that
| bad, but I just don't like having the rug pulled from under me
| and would rather support something like KeePass than support
| LastPass.
|
| Maybe I will change my mind after I've had some time to digest
| the news and play with KeePass (and its alt's).
| SubiculumCode wrote:
| The whole distinction between mobile and computer is such a
| frustratingly artificial concept, a concept that has been
| imposed for monetization and control.
| bootlooped wrote:
| FYI Bitwarden is only $10 a year. Before Bitwarden I used a
| combination of Keepass and Google Drive to sync all my
| passwords between devices. That was a workable solution, but
| Bitwarden is certainly easier, and I think more polished too.
| Crosseye_Jack wrote:
| Cheers for the info, I'll look into it. I'm not against
| paying for the service (I've used the hell out of LastPass) I
| just not a fan them pulling my use case from under me.
| encom wrote:
| That will always be a risk, as long as you rely on cloud
| services.
|
| I started using Lastpass as well, but moved to Keepass as
| soon as they were eaten up by Logmein. I moved to Keepass
| and I keep the keyfile on OwnCloud. It works very well, and
| even better than Lastpass (at least as it was when I last
| used it). Keepass has actual desktop clients, so you don't
| have to use a janky web-app.
| Crosseye_Jack wrote:
| >That will always be a risk, as long as you rely on cloud
| services.
|
| True, but it seems that Bitwarden offers the option to
| self host which could help mitigate that. However as a
| paying customer you have more of a leg to stand on if the
| company does try and pull the rug from under you.
|
| As for LastPass, I rarely used the "WebApp Vault" (Only
| to copy my passwords for native apps on my desktop) and
| did it all via the context menu / LastPass button
| injected into the User/Password fields in the browser.
|
| Their iOS app was very handy (As my local supermarket
| self scan app keeps logging me out) as for most app's it
| would offer autocomplete. So I'm going to be looking more
| into the mobile intergration then the Desktop
| intergration (as its far easier for me to C+P between
| things on Desktop then it is for me on Mobile.)
|
| I am going to give KeePass a try but I've not settled on
| which system I will actually switch to yet.
| baal80spam wrote:
| To me, the unbeatable feature of Keepass is the fact that I'm
| not limited to user/password combination. I use it to store
| important notes and even files.
| q845712 wrote:
| last pass also has secure notes
| CDSlice wrote:
| Bitwarden has the ability to store secure notes as well. I
| don't think it has the ability to store arbitrary files
| though.
| c0wb0yc0d3r wrote:
| [You
| can](https://bitwarden.com/help/article/attachments/),
| but it's a premium feature.
| n4r9 wrote:
| Also the fact that you can avoid the cloud entirely by
| using a peer to peer sync tool.
| cmeacham98 wrote:
| I should also note that the free bitwarden does support
| syncing across unlimited devices (and device types), and can
| be self-hosted if you like that kind of thing. The premium
| version unlocks additional features like 1GB of encrypted
| file storage, a built-in TOTP authenticator, and priority
| support - but I was using the free version for multiple years
| prior to paying and it was great.
| ajosh wrote:
| I've been using KeePassXC for a few years now. Before this, I
| was using LastPass and then before that, the original KeePass.
| Feature-wise, KeePassXC does a really good job replacing and
| going beyond LastPass.
|
| It can have folders, it generates passwords, it can hold TOTP
| (2FA) tokens and it can even hold SSH keys acting as your SSH
| agent. Having your password safe be an SSH agent is a really
| nice feature which means less copying passwords around. The
| browser plug-ins have worked well for me as well.
|
| I like that it can use any file sync tool for storing the key
| database - similar to why I like Joplin for note taking. I also
| like that there are many different clients for it since it is
| an open standard. To keep things secure you can use a password
| plus a key file. As long as you keep the keyfile only on the
| devices or on separate sync services, it raises the bar of
| security quite a lot.
|
| There are KeePass clients on Andriod (Keepass2Android and
| KeePassDX) as well as iOS (Keepassium and another that I forgot
| the name of). All of the mobile clients support filling
| passwords. I have them all looking at the same file share and
| have not had any issues with corruption or file sync. I have it
| configured to immediately save all changes to disk and it
| writes and merges conflict files automatically as needed.
|
| There are a few areas that it isn't as strong. First is sharing
| passwords - it has a feature for it but I haven't actually
| tried it out yet. Since you need to have the shared file ahead
| of time, you're really relying on your file sync provider to
| share that part of things. Second, the integration between
| programs works well but it isn't as seamless as a cloud service
| would be. For example, prompts will pop up in KeePassXC when
| there is a request to access a new password by a website. I
| believe this is probably more secure but it is an extra thing
| to come up when auto-filling passwords.
|
| I have yet to try bitwarden but I would guess that sharing and
| lower-friction in web browsers would work better with it since
| those were the key benefits of LastPass when I'd used it.
| notatoad wrote:
| >would rather support something like KeePass than support
| LastPass.
|
| curious what "support" means in this context, as keepass is
| free. do you donate or otherwise contribute to the project, or
| does support just mean use?
| Crosseye_Jack wrote:
| At this moment in time, I'm not against paying for my
| password manager as it has been handy to me. However because
| I feel that LastPass has pulled their product from me with a
| demand to pay up to continue to use it, it feels different to
| me then it would be for me to opt into a paid account because
| I liked the service but the free account would probally work
| just fine for my use case (The current free tier of Bitwarden
| for example).
|
| So at this point in time I would rather switch providers and
| give them the 30 bucks LastPass are now demanding for my use
| case out of the sheer principle of the matter.
|
| So If I do Swap to KeePass or KeePassXC I will be donating
| that 30 bucks to them. If I swap to something like Bitwarden
| I'll pay them for what ever package is as close to that $30.
| glenneroo wrote:
| I don't know why the title was neutered, it even says in the
| 3rd sentence:
|
| > Starting March 16, 2021, LastPass Free will only include
| access on unlimited devices of one type.
| floatingatoll wrote:
| I read it as editorialized, not neutered, in order to be more
| inflammatory and improve the chances of people agreeing with
| the OP.
| wing-_-nuts wrote:
| If anyone is looking for how to export their passwords from
| lastpass, see here:
|
| https://support.logmeininc.com/lastpass/help/how-do-i-nbsp-e...
|
| Importing to bitwarden:
|
| https://bitwarden.com/help/article/import-data/
| chrisamiller wrote:
| LastPass costs $36 per year. Operating on the principle of being
| the customer and not the product, that seems very reasonable for
| a secure way to store and share the keys to my digital life.
|
| That said, it does make it a little bit harder for me to onboard
| my friends and family when they ask. One of the selling points
| has always been "Yes, you can use it on your phone and laptop"
| and "no, it doesn't cost anything".
| chousuke wrote:
| It's ridiculously overpriced for what essentially amounts to
| storing a tiny binary blob on a server somewhere and making
| sure it's backed up.
|
| I would've been happy to continue paying 12 USD / year for that
| service, but at triple the cost? I'm now on BitWarden.
| Spivak wrote:
| I mean the value prop is the software functionality, not the
| storage. You think lastpass/1password are funding their
| development with a markup on storage?
|
| I can get the argument that it's not worth $36 but not
| because of storage costs.
| dehrmann wrote:
| I used to use LastPass, but its UI was incredibly buggy on
| Firefox and there were no signs of improvement, so I switched
| Bitwarden.
|
| That said, you're not really paying for the storage, you're
| paying for the apps and plugins.
| [deleted]
| squaresmile wrote:
| I agree with other comments that in the current market,
| Lastpass is not worth it at $36/y. The way they increased the
| price is arguably more annoying than the price tag.
|
| I happily paid for Lastpass at $12/y. Logmein raised price and
| I switched to free. Logmein limited free capabilities and I
| will switch to Bitwarden or 1Password and pay them. I'm not
| staying with Lastpass to get the rug pulled out under me the
| third time.
| fencepost wrote:
| I'm pretty much in exactly the same boat, plus also looking
| at using separate systems to segregate my personal and
| personally-owned business accounts.
| MrDOS wrote:
| I switched to Bitwarden in early 2019. The migration was
| really easy, and I was surprised to find that it was
| accurate, too. Bitwarden has its flaws, but I'm happy with
| it.
| levosmetalo wrote:
| LastPass is a commodity. There are many free or open-source
| alternatives that are as reliable and as secure as LastPass
| that provide similar functionality. It's hard to justify even
| the small price for a commodity service unless you provide the
| best possible solution, and sometimes even that is not enough.
|
| I switched from LastPass premium that costed 15$ per year a few
| years ago to Bitwarden because LastPass could recognize
| password fields on all web pages, while free Bitwarden just
| works everywhere.
| OminousWeapons wrote:
| I've been debating making this switch myself. How time
| consuming was the transition? Did you have to do much manual
| data entry or does bitwarden have the ability to reliably
| import lastpass data?
| c0wb0yc0d3r wrote:
| I switched around the beginning of the year.
|
| There is a [KB
| article](https://bitwarden.com/help/article/import-from-
| lastpass/) about exporting your LastPass vault and then
| importing it into Bitwarden.
|
| It only took a minute or 2.
|
| The most annoying thing for me is that Bitwarden doesn't
| have support for all of the extra "credential types" that
| LastPass has. They are still imported, but everything that
| isn't supported is imported as a secure note.
|
| So far the only issues I have had logging in anywhere has
| been logging into my firefox account (in a new browser),
| and home assistant.
| nabilhat wrote:
| Bitwarden is more reliable at importing data exported from
| Lastpass than Lastpass is at exporting your data. Export
| bugs happen, but their forum and /r/lastpass are always
| quick to come up with workarounds for Lastpass bugs.
|
| Shared passwords aren't included in the Lastpass export, at
| least at the time I last exported from Lastpass.
|
| The only functionality I do miss from Lastpass is the
| option to generate the short pronounceable strings I use to
| create usernames, like the one I'm using now.
| notesinthefield wrote:
| Looks like it does :
|
| https://bitwarden.com/help/article/import-from-lastpass/
| bognition wrote:
| The functionality is a commodity but what about the UX? MP3
| players were fairly common when the iPod came out but the
| iPod crushed all the competition? Why because the UX was
| simply better.
|
| Without a doubt the password manager with the best UX is
| 1Password. Last year ago I got my tech-averse partner to set
| it up on her phone, the entire process took about 10 minutes
| and then it was done. She's never asked for me help or
| support, once she got things working its simply continued to
| work.
|
| I've since setup it up across my family and my pre-teen child
| is also using it without a hitch.
|
| From a holistic perspective I love that I can manage multiple
| vaults. Everyone has a private personal vault that is only
| available to them and we have a bunch of shared vaults for
| things like xbox and netflix passwords.
|
| I've never used BitWarden so I cant comment on the UX but $60
| a year for 1password is well worth it. I can rest easy
| knowing that everyone in my family has good password hygiene.
| mc10 wrote:
| > Without a doubt the password manager with the best UX is
| 1Password.
|
| I would agree for the macOS and iOS versions but the
| Windows version could get some polish. The default title
| and menu bars still hang around, the font choice isn't that
| great, and all in all it feels less nice to use.
| 4eor0 wrote:
| Point and click or keyboard UX for this stuff is awful no
| matter how you slice it.
|
| At most I want a prompt for my unlock password when the
| password manager sees I'm on a site or in an app it has a
| password for.
|
| We still externalize way too much orthogonal effort on
| users.
|
| One of the reasons I like 1pwd is their cli tool. I can put
| such a call to it in a script, authenticate and stop giving
| a crap about 1pwd
| frugalmail wrote:
| >Without a doubt the password manager with the best UX is
| 1Password
|
| My experience is about 1 year old, but I have to disagree,
| as a paid 1Password user, my browser plugins and mobile
| client would fail to fill in the forms I used at least 50%
| of the time. That's horrible UX, but I agree, their UI
| looks nice.
| syntheticnature wrote:
| I was a paid Lastpass user who switched to Bitwarden a few
| years back because of the UX/functionality issues Lastpass
| had been developing. I've heard 1password has better UX;
| I'd describe Bitwarden's UX as similar to the Lastpass of
| 5-7 years ago.
| joejoebob wrote:
| I really like the 1Password UX. Also, they're new
| integration with Safari 14 on macOS is also great.
| neltnerb wrote:
| Same, I was a paid LastPass user and the Firefox add-on
| was so bad that it was worth negative money. They clearly
| didn't care.
| erikerikson wrote:
| I transitioned to 1Password after many years of LastPass
| and have been quite pleased.
|
| I continue to harbor some concerns about the emergency
| workflows (what happens in case of death or disablement)
| but otherwise it's just been solid. LastPass felt, on the
| other hand, like it was increasingly neglected.
| Tomte wrote:
| > Without a doubt the password manager with the best UX is
| 1Password.
|
| I doubt that. Navigating the sync options and finding one
| that works with Android phone, iPad and Windows PC was
| impossible.
|
| Throw in two vault formats (with implications for which
| sync option can work), and it's a mess.
|
| That was the paid standalone version, not the subscription
| model (that was when I finally jumped ship).
| jes wrote:
| I've used 1Password for years.
|
| I would pay more for greater simplicity.
| reader_mode wrote:
| On the flip side they offered very little value in premium
| compared to free (for me) so there was no reason to upgrade
| even when I wanted to pay (I did pay for 2FA but TBH o could
| live without it)
| humps wrote:
| I used to subscribe, then the service was acquired and the
| price doubled so I stopped subscribing and relied on the free
| tier. With this announcement I think it's time to move on
| (probably to Bitwarden)
| SubiculumCode wrote:
| I just did.
| Tijdreiziger wrote:
| Same here.
| ufmace wrote:
| It was definitely starting to feel a little pricey for how
| terrible their UI is and how little interest they seemed to
| have in fixing it. What really got me to switch to Bitwarden
| though was how it started "recommending" that I change my
| master password with a modal popup every single time I unlocked
| my account.
| wegs wrote:
| I wouldn't pay $36/year.
|
| I kinda feel like the price point for these things is set
| wrong, though. What you want is a higher price point which gets
| you /everything/. I pay $1200 per year for bandwidth. If I
| needed to pay a couple hundred bucks more for access to
| everything (online newspapers, LastPass, online office suites,
| etc.), I'd gladly do so.
|
| LastPass should have 250 million customers, not 25 million,
| each paying $3.60 each, not $36. Most should be inactive, as
| part of some kind of subscription bundle.
|
| Kinda like a more democratic, decentralized version of Prime.
|
| From posts here, though, Bitwarden seems more reasonable. I
| trust open source more, and it's cheaper.
| Ecstatify wrote:
| It's ridiculously expensive. I get Office 365 with 1TB of
| storage for EUR6 per month. Office is just as secure as
| lastpass. I bought Enpass(wouldn't recommend as they moved to a
| subscription model) and store everything on OneDrive. Paying $3
| per month to store tiny text files is crazy.
| DeusExMachina wrote:
| I often see comments like this one that misunderstand value
| for how something is achieved.
|
| Value is decided by the market according to the utility of
| the service. I happily pay $22 per year for Pinboard to keep
| a few bookmarks with tags. That's also storing "tiny text
| files" but I could not care less. I could even implement
| something similar myself. And yet, I find the value it
| provides worth paying.
|
| Another, more extreme example. I am part of a $5000 business
| program. Last week, I got a single piece of advice that I
| consider already paid for the entire program. The delivery
| was 20 minutes long. It was not even something original
| invented by the lecturer, but it can be found in some books.
| And again, I don't care. The value is in the impact, not in
| how the advice that was discovered or delivered.
| prepend wrote:
| > misunderstand value for how something is achieved.
|
| I find this line of reasoning offensive as it assumes that
| people who genuinely disagree with me don't understand.
|
| I think it's more likely that people understand and
| genuinely disagree. It's dismissive to just not respond to
| someone's values and rationing and I think leads to less
| discussion and thus more disagreement.
|
| It's very likely that people place different values on
| things and I think to have conversation we have to get to
| common ground and then build from there. If different
| people miss the meat of an argument then I think it's not
| as interesting or useful.
| Ecstatify wrote:
| I didn't misunderstand "value for how something was
| achieved" I said it was expensive.
|
| https://www.theverge.com/2020/12/16/22178026/microsoft-
| authe...
|
| Microsoft have launched a beta password manager
|
| -------------------------------
|
| Lastpass (EUR3 per month)
|
| - Password Manager
|
| - 1GB of encrypted file storage
|
| -------------------------------
|
| Office 365 (EUR6 per month)
|
| - Beta Password Manager
|
| - Office Suite
|
| - 1 TB Storage
| notyourday wrote:
| A year from now:
|
| "I do not understand why the only companies that exist
| are Google, Apple and Microsoft? Where is the
| competition?"
| tehjoker wrote:
| A year from now: "Suddenly I understand why individual
| consumer choices are not the basis for maintaining a
| balanced economic system."
| notyourday wrote:
| Conglomerates that do B2C for money will always beat
| upstarts as their customer unit average cost will be
| lower and per unit attributable revenue will be higher.
|
| If the only thing that a customer cares about is paying
| the minimum amount, the customer should not be surprised
| that their choices would be limited to conglomerates.
|
| Independent restaurants are a lot more expensive than
| national chains and make a lot less money than the
| national chains. If one's only goal is to feed oneself in
| a restaurant, one is better off going to chain one.
| Spivak wrote:
| Fine but that's not the parent's point. You shouldn't buy
| from local stores, local restaurants, or small shops
| because of some notion that you're sticking it to large
| companies. You do when, for you, their products and
| services they offer have better value for you.
|
| If you choose a worse or more expensive product because
| it's from a small business then you're only making
| yourself worse off.
| notyourday wrote:
| > Fine but that's not the parent's point. You shouldn't
| buy from local stores, local restaurants, or small shops
| because of some notion that you're sticking it to large
| companies. You do when, for you, their products and
| services they offer have better value for you.
|
| That's not correct: the part of the value that you get
| from buying from local small businesses rather than
| conglomerates is that you are not buying from a
| conglomerate, even if the local product could be
| considered inferior by some measure.
| vultour wrote:
| KeePass database stored in Dropbox is free.
| fencepost wrote:
| Interestingly this is basically how 1Password did password
| sync for years - not a Keepass database, but a 1Password
| folder structure stored within Dropbox saving a bunch of
| little text files. They added other synced storage options
| over time before turning up their own cloud service, but
| third party sync was where they started.
| tobib wrote:
| I was a happy user of that workflow until I started working
| for an organization that blocked Dropbox but not any of the
| browser plugin based password managers.
|
| Also while free, arguably the UX is not very good especially
| on mobile, unless Keepass integrates the way Lastpass,
| 1Password, et al do. I cannot imagine convincing any of my
| non-tech friends to go this route.
| socksy wrote:
| keepass2android supports autofill across apps and is
| something of of a lifesaver for me, but I can't speak for
| iOS apps
| speedgoose wrote:
| Thanks for posting this, I just migrated from lastpass to
| bitwarden.
| gordon_freeman wrote:
| From their blog update it is not clear if I use Lastpass.com on a
| safari browser on my iPhone will it detect Mobile device type or
| Computer? Basically, if I don't want to pay Premium can I still
| access LP on my computer and my iPhone (using browser)? Does
| anyone know?
| juancampa wrote:
| I'm all in for paying for services that handle your personal
| data. If you don't pay them, how do they make money? So I'm okay
| with this.
|
| Something to consider, however, is the alternatives. Bitwarden
| seems cheaper[0]. Anyone has a preference for either?
|
| [0] https://bitwarden.com/pricing/
| gregoriol wrote:
| When a service has a free part and a paid part, the free part
| is more like "try before you buy" than the data being money.
|
| This move to limit to a device type is shitty marketing trying
| to convert more people to buy.
|
| It will fail by angering existing free users and pushing them
| to alternatives, while also reducing new users signup.
|
| This is a sad post-acquisition state for a product, trying to
| make the most possible money out of it instead of focusing on
| real value.
| KitDuncan wrote:
| Bitwarden is awesome and open source. I host it myself. Used
| Lastpass before.
| [deleted]
| PeterisP wrote:
| Don't use a service, use (Free) software and handle your
| personal data yourself. https://keepassxc.org/ is one option to
| do so.
| lifthrasiir wrote:
| Bitwarden _is_ a F /OSS software that you can install its
| server on premise [1]. I hope it to be lighter, though (its
| minimal memory requirement is quite large).
|
| [1] https://bitwarden.com/help/article/install-on-premise/
| hamaluik wrote:
| You could try bitwarden_rs [1], much lighter on resources.
|
| [1] https://github.com/dani-garcia/bitwarden_rs
| twic wrote:
| What are the options for using KeePass on Android? Is there a
| way to get auto-filling in apps? How about in Firefox for
| Android?
| vetinari wrote:
| I'm using Keepass2Android Offline; it supports the auto-
| fill service that was introduced in Android 8, so it shows
| up anywhere a password manager is supposed to show up and
| yes, works with Firefox for Android.
| gruez wrote:
| either Keepass2Android or KeepassDX. They both have virtual
| keyboard support[1] and at least one of them has android
| auto-fill support.
|
| [1] to use it you have to open/unlock the database, select
| the entry (although I think it's also possible to associate
| to android package ids so you don't have to do this),
| switch back to the app, change your keyboard to the keepass
| keyboard which will have buttons for entering user and
| password.
| ark__n wrote:
| The only problem I had with BitWarden was you cannot add/update
| entries on mobile when you're offline. This might not be a big
| issue for many, but it was a deal-breaker for me. I'm now
| rocking a local KeepassXC (PC) + Keepass2Android + Syncthing
| setup that syncs when I'm on my home network.
| martin_a wrote:
| I use Bitwarden (not self-hosted) and I'm happy with it.
|
| On my mobile device (One Plus 3T) it's rather slow, but that
| might be due to the device age.
| somehnguy wrote:
| I moved to Bitwarden about a year ago when I got fed up with the
| terrible UI in Lastpass. Bitwarden isn't the pinnacle of UI
| either, but at least it's way cheaper. Been very happy with it.
| aquir wrote:
| same story here! Happy with it since. Bitwarden is open source
| too!
| 88840-8855 wrote:
| My topics: - Bitwarden is becoming risky to use? - the next
| Bitwarden?
|
| So many people recommend Bitwarden now. I am a paying customer
| from the first day and have been using it on all my devices.
| Bitwarden followed my Lastpass experience, similar to what OP
| has described.
|
| Now, Bitwarden's popularity is troubling me. It has become
| already large enough to be an attractive target for attacks.
| The bigger it gets, the more lucrative it is for attackers.
| Similar to the Windows vs. OSX discussions 10 years ago:
| viruses spread on Windows, because it was big.
|
| Hence, I am starting to worry about using it and asking myself
| what "the next" Bitwarden is.
|
| What do you think? Is my reasoning going into the right
| direction? Do you see the point reached where Bitwarden has
| reached critical mass? What would you recommend as "the next"
| Bitwarden?
| senectus1 wrote:
| How big the target is has very little to do with how safe it
| is.
|
| virus' spread a lot more on windows because of MS's shit
| stance on security. It an even more popular OS now but the
| virus landscape is a hell of a lot more limited because they
| started to take security more seriously. They still have a
| way to go.
| jzymbaluk wrote:
| Bitwarden is open source and regularly audited, which is not
| something you can say about Lastpass.
|
| Your thinking about Bitwarden becoming a more valuable target
| is probably directionally correct, but at least anecdotally,
| I think the biggest target in this space is going to remain
| either the built-in Chrome/iOS password managers, or
| Dashlane, which is a product that advertises widely on
| Podcasts, etc.
| irrational wrote:
| How well does it work on iOS? I've been happy with how well
| LastPass integrates with iOS so far.
| majormjr wrote:
| It works well for me on iOS, not sure how it compares with
| LastPass's app but BitWarden does everything I need on the
| phone.
| nagyf wrote:
| Works well on iOS. I've switched from LastPass years ago, and
| never regretted it.
| somehnguy wrote:
| It works great on iOS. Full integration as you would expect,
| pops up at the top of the keyboard for app & website
| autofills. FaceID is also implemented to authenticate before
| opening your vault.
|
| edit: One note about something that was bugging me for a
| while...items created on my computer sometimes wouldn't show
| up in the vault for immediate use. Painful when you sign up
| for a service using your computer and then try to immediately
| sign into it on your phone.
|
| In the iOS app settings there is 'Swipe down to refresh' (or
| similar) - turn that ON. Not sure why it was off by default,
| but it totally fixes the issue. Just swipe down to refresh
| the vault and your new item appears.
| rekabis wrote:
| I think with any install of BitWarden, be it a browser add-
| in or separate app, the one you are adding a new credential
| into knows enough to sync to the cloud, but the others
| won't know that new data awaits in the cloud until they do
| a scheduled query/poll or you manually sync through those
| clients.
|
| Having a push feature only works if you can engineer your
| app or add-in to open up the necessary ports or tunnels in
| the OS itself. Polling on the client end will always be
| easier to implement.
|
| Also: just checked BitWarden v2.8.0 (449) on iOS 14.4, no
| setting for "swipe to refresh" anywhere in its settings.
| s0l1dsnak3123 wrote:
| > just checked BitWarden v2.8.0 (449) on iOS 14.4, no
| setting for "swipe to refresh" anywhere in its settings
|
| Settings -> Manage -> Sync -> Enable sync on refresh
| somehnguy wrote:
| Absolutely. I don't know what eventually triggers the
| vault on my iOS device to update. It definitely isn't a
| push notification when the vault is modified on other
| devices. Probably just a simple duration-since-last-
| update timer, like the Chrome extension.
|
| My trouble was specifically related to the 'Pull down to
| refresh' behavior being disabled by default though. If
| that feature is disabled the new items will appear
| _sometime_ , with no way of knowing when that will be. I
| honestly don't even know why that feature has an ON/OFF
| switch, it should just be permanently enabled.
| ska wrote:
| Integration is the same as LastPass, in my experience.
| praveenperera wrote:
| Recently switched to 1Password from LastPass and I love it.
|
| The autofill is much better.
| robbyking wrote:
| 5 or 6 years ago I was talking to coworker about password
| managers, and they told me how much they liked 1Password. I
| decided to give it a shot, and after a week or so decided to
| switch permanently and delete my LastPass account.
|
| When I told them that I had made the switch, they laughed told
| me they had done the same: they tried LastPass and decided to
| delete their 1Password account!
|
| Personal preference is funny like that.
| ghego1 wrote:
| As a LastPass user I must say that this change makes total sense,
| and tbh I was expecting it.
|
| However, after many years using their services, this change is
| the motivation I needed to switch to Dropbox passwords.
|
| I'm a (happy) paying customer of Dropbox. When they announced the
| passwords service I was interested, but I had no true motivation
| to make the switch, since LastPass was free and working fine for
| me.
|
| After reading this I finally made the switch. I must say it took
| me 10 minutes tops. The devs at Dropbox did make a very nice
| onboarding experience. And also kudos to LastPass for making it
| very simple to export everything in csv, which is easily
| importable to Dropbox passwords.
| Vvector wrote:
| I have used BitWarden for 2+ years. Super solid, free, and open-
| source.
| berkes wrote:
| Using it for about the same time. On mobile (Android), deskop
| Linux in GUI, on some servers to hold the ansible-vault- and
| superuser passwords and in my browser.
|
| Migrated from keepass and seahorse. Migrating did require some
| time and effort, mostly because seahorse had no proper export
| function.
|
| I still need to dive into what features premium offers over
| free, I'll gladly pay, just never had the need for that.
| pdimitar wrote:
| Surprised that nobody here mentions Enpass. Its mobile app is
| paid, sure, but it's a one-time cost and it's using an AES-256
| encrypted local sqlite3 DB that can be synchronized with several
| popular cloud storage options: Dropbox, OneDrive and any WebDAV
| server. So you have your credentials vault with you everywhere.
|
| Very happy user for years. No subscriptions, desktop app is free,
| you just pay for your iOS / Android app once. That's it. Never
| had a problem with it and you can also tie it to your TouchID /
| FaceID, too.
| mixedCase wrote:
| Well, there are high quality FOSS KeePass clients for all
| platforms, like KeePassXC, Keepass2Android and Strongbox.
|
| So paying for a password manager that requires syncing doesn't
| seem like an attractive option.
| pdimitar wrote:
| At the time when I was evaluating my options only CLI clients
| for KeePass have been available so I had to make a call. Plus
| the mobile app is like $15.
|
| Whether $15 is worth your good night's sleep (and less time
| burned to evaluate all options) is something we can debate
| endlessly but my stance is "yes".
| bbkane wrote:
| I use a similar solution- KeePassXC on desktop syncing the
| encrypted passwords to Keepass2Android via Dropbox.
| Cthulhu_ wrote:
| I used KeePass years ago, but I stopped using it because at
| the time, the Linux and Android apps were really bad.
| Cthulhu_ wrote:
| How is its recovery feature? Does it keep a backup database
| file in case of data corruption?
| camel_Snake wrote:
| not OP but I use Enpass as well. Afaik backups are manually
| created with a button click in the desktop and mobile apps.
|
| The normal database file (or 'Vault' in Enpass's parlance)
| are synced between your devices via your own storage. I keep
| it in google drive.
| mikaelsouza wrote:
| People seem to be very positive about Bitwarden. I've been using
| Lockwise from Mozilla. Any thoughts about it?
|
| I've been using it for a few months to sync between Win, Mac and
| iOS and it has been working pretty nicely.
| jimmar wrote:
| LastPass has failed to launch on my mobile phone too many times
| recently for me to trust it. This change to their service is the
| impetus I needed to finally switch.
| trey-jones wrote:
| Right now I'm contemplating rolling/hosting my own password
| manager. Some comments have mentioned FOSS alternatives. Can
| anyone provide feedback on those examples? Sharing is not
| important to me, and I could live without autofilling probably.
| Features I do like:
|
| 1. Easily generate a new password on whatever device I'm using.
|
| 2. Save it, and sync it seamlessly to other devices.
| riffic wrote:
| lastpass has been circling the drain.
|
| use bitwarden, use 1password, use any of the built in
| alternatives provided by your OS or browser. anything is better
| than Lastpass.
| lxgr wrote:
| And that's it for me, I'll switch. The only remaining advantage
| of LastPass over the competition until now has been pricing.
| jdauriemma wrote:
| LastPass is making a huge change to their Free product and giving
| users only a month to adjust. This is irresponsible at best. I
| completely empathize with the notion that good software is worth
| paying for, but a widely-used password manager needs to provide
| more time for users to transition into another product if they
| choose not to convert to paid.
| mittaus wrote:
| Caveat Emptor.
| jdauriemma wrote:
| The _emptor_ 's counterpart, the _venditor_ , also has a
| responsibility. I wouldn't dream of offering a free product
| that handles one of the most important aspects of consumer
| data security and then drastically altering it with only four
| weeks' notice. Many were introduced to LastPass, probably
| reluctantly, by more security-literate friends and family.
| These are the folks most likely to be squeezed in this very
| short transition period because they won't necessarily know
| how to navigate to a different product and would probably be
| more likely to do something risky in response.
| edoceo wrote:
| That's Buyer Beware. In this case it's a free version.
|
| Caveat Liberum?
| therobot24 wrote:
| > This is irresponsible at best.
|
| Not sure i agree, they make it very easy to export your
| info/passwords and are just returning to a previous business
| model. As another user here commented, it only took 15 min to
| switch to another option.
|
| > but a widely-used password manager needs to provide more time
| for users to transition into another product if they choose not
| to convert to paid
|
| curious how much time that would be
| jdauriemma wrote:
| I'm sure some users will find an alternative solution and
| switch easily. I'm also sure that some users will not. My
| assumption - take it or leave it - is that the folks who
| would find this more inconvenient are those who were
| introduced to LastPass by more security-minded friend or
| family member. They aren't necessarily inclined or well-
| equipped to transition their devices over from one password
| manager to another. This may cause them to abandon password
| management altogether or do something dangerous like
| temporarily store their passwords in plain text while they
| find someone to help them transition to another product.
| CJefferson wrote:
| I think 3 months is much more reasonable, at least. Doing
| this in the middle of a pandemic is actively hostile. My
| parents are using lastpass. I'm going to pay for a license
| for them until the pandemic is over for simplicity.
|
| As soon as I can physically visit them again I'm switching
| them over to something else in principle, and I'm changing to
| something else today (which includes cancelling my personal
| paid-for lastpass account).
| AdmiralAsshat wrote:
| It's par for the course for them.
|
| During one of their previous price-hikes when the yearly
| membership cost doubled, I reached out to their support and
| asked if I could renew my membership _before_ the price-hike
| took effect. They refused.
| kpierce wrote:
| This thread just seems to be a promotion for BitWarden.
| un-devmox wrote:
| The last bit of motivation I needed to finally make a switch! I
| know there are a lot of threads about this, but what do people
| recommend? Ease of use/transition is key or I won't be able to
| convince my partner to switch!
| ChrisRR wrote:
| I think the issue with lastpass is its popularity, which would
| make it a target for hackers. If someone brute forces your
| password, then they've got access to everything
|
| Are there any less popular but well featured password managers,
| or any roll your own solutions that wouldn't be so easily
| targeted
| Cicero22 wrote:
| I haven't personally done this, but you can host your own
| bitwarden server: https://bitwarden.com/help/article/install-
| on-premise/
| harg wrote:
| LastPass is trash software. We use it at my company and it's
| universally hated. Full of bugs, terrible ui and bloated
| extensions that slow web pages. I wouldn't voluntarily use it
| even if it were totally free.
|
| Nowadays there are so many better options for less money. I say
| this as a satisfied 1Password user but I've heard good things
| about many other products.
| jonpurdy wrote:
| I've been on 1Password since 2007. Unfortunately, software
| quality seems to have taken a nosedive since version 7 came out
| (disregarding the subscription issue). Random beachballs and
| slowdowns, annoying 2FA and duplicate password warnings, and
| decoupling of stored files from login entries.
|
| I have been considering a replacement but haven't found anything
| up to the ease of use and Mac/iOS integration of 1Password yet.
| erichurkman wrote:
| Same boat here. 1Password is now the slowest piece of software
| I use on a daily basis. 15-30 seconds to get a password out of
| 1Password mini, laggy and unresponsive keyboard navigation,
| TouchID prompts that stack under other modals or windows so
| they don't work, random beachballs, ... the list goes on.
|
| At least sync still works flawlessly?
| okprod wrote:
| 1Password browser and Mac app work for me without the issues
| you mention, paying user since version 5. I'm on a late 2013
| MacBook with Catalina. I had the beachball issue in Safari
| but it went way after I restarted once.
|
| I tried LastPass but on the first day it didn't save a
| password I generated like 5 seconds earlier, and I stopped
| trying it immediately.
| AlexandrB wrote:
| Yup. Since 7.7 my 1Password looks like this
| (https://imgur.com/a/Zz4WSdx) on my external screen, with the
| scaling of the background inexplicably broken. I also see other
| graphical glitches here and there. Meanwhile 1Password 7 for
| Windows every few months forgets that I registered it and I
| have to go find the license file (within 1Password!) again.
|
| The paternalistic Watchtower "feature" is a whole other set of
| annoyances I wish I could disable.
| willyt wrote:
| I dont like the new safari web extension that adds little in
| page pop-ups everywhere. When I enter my master password, how
| can I be sure that the pop-ups are coming from the 1-password
| web extension and not from the website or another extension? Is
| it sharing the DOM with the website? If not, how are they
| separated? I realise I don't understand how web extensions work
| but even so I don't see why these pop-ups couldn't easily be
| imitated by the site I'm on and I feel that it's just asking
| for trouble doing stuff like that. After a bit of googling I
| realised that its possible to turn off, so I have.
|
| 1password has been feature complete for years now, I think they
| are changing things for no reason at this point. Just charge me
| for an update when operating system upgrades break the
| software. Sounds harsh I know, but TBH I wouldn't mind if apple
| added family sharing to passwords and finally finished
| sherlocking them.
| pdimitar wrote:
| Try Enpass? Only the mobile app is paid once, everything else
| is free. No subscriptions, too.
| throw14082020 wrote:
| I tried 1Password, but there was a basic missing feature, you
| can't toggle reading the password.
|
| This was a deal breaker for me when I have a ~90 character
| password (I often mistype one specific key everytime).
|
| Bitwarden doesn't have this problem.
| Cthulhu_ wrote:
| Why would you type a 90 character password instead of copy /
| paste or have the manager fill it in?
|
| Also why 90 characters when 2FA would be the safer option? Or
| half that is already infeasibly long to brute force?
|
| Also what do you mean 'reading the password', like via a
| screen reader? I mean that would be pretty bad for
| accessibility, but if you mean displaying the password, my
| version has buttons for it (regular inline, and a popup with
| the password pasted large on the screen).
|
| I have so many questions.
| throw14082020 wrote:
| I was not clear.
|
| This is the password for the password manager (e.g.
| 1Password/ lastpass master password). The password to rule
| them all. It should be extra secure. I also have 2FA, but
| you must have heard of defense in depth.
|
| Anyway, I want to be able to see the password and check for
| typos before entering it to unlock the vault. I don't want
| to retype the whole password in when I only mistyped 1
| character.
|
| When I say read, I don't mean screen reader. I mean read
| with my _eyes_ , I didn't think this would be a sticking
| point.
| asutekku wrote:
| Honestly, 90 digit password is only harder to type for
| you. It's not more secure than only in theory when
| compared to, say, 20 digit password.
| throw14082020 wrote:
| I choose to have the highest level of security I can
| afford, of course there are diminishing returns with each
| layer of security. Im happy to see evidence that a long
| password is only secure "in theory", until then I will
| keep my strategy. I can type 100WPM and this password is
| based off ~uncommon words, so I'm not uncomfortable: I
| didn't complain about entering, I claimed the issue is 1
| wrong character requiring typing the whole thing
| password. It only takes a few seconds, but it is
| frustrating to type the whole thing again (regardless of
| length).
|
| https://xkcd.com/936/
| Izikiel43 wrote:
| Ok, so basically I have to look for a new password manager.
| SubiculumCode wrote:
| I was worried when LastPass was bought up by LogMeIn, but stuck
| with it. Then LastPass tripled the price. I went from a premium
| to a free tier user. Now LastPass pulls this, and now I'm not
| even a user. Hello premium BitWarden.
| utf_8x wrote:
| Even cancelling the free plan completely would still be less
| insulting than this.
| dangus wrote:
| Price aside, last I checked LastPass was terrible software
| compared to 1Password.
|
| I had all kinds of syncing problems with the browser extension.
| And LastPass had a huge breach in the past, which its competitors
| didn't. I don't trust that it's quality software - especially
| because it doesn't "look and feel" like quality software.
|
| Plus, they're owned by LogMeIn, which is basically a crappy
| software conglomerate that includes GoToMeeting, and is owned by
| a private equity firm.
|
| My experience was was ~2017 as an admin for their enterprise
| offering, so take that with a grain of salt. But my point is:
| compare all the options. Competitors like 1Password, Dashlane,
| and Bitwarden, and probably many others are worth looking into,
| and are almost certainly better than LastPass.
| glenneroo wrote:
| Those issues were ironed out years ago, at least in my case,
| and they were very very short-lived issues, though perhaps I
| was lucky. 2FA/Yubico support is nice as well. My main gripes
| are the lack of subdomain support e.g. if you have multiple
| subdomains, LP will offer ALL passwords for that domain and you
| have to scroll through the list to find the right one. #2: when
| you want to copy a password from one of the drop-down menus,
| sometimes "Copy Password" is above "Copy Username" and other
| times it's reversed, adding some extra cognitive load and just
| annoying due to lack of consistency.
| kmfrk wrote:
| Not sure why people are downvoting you - sunk cost fallacy
| maybe.
|
| LastPass was a mess, and I was a very happy new 1Password
| customer. LastPass customer service is some of the worst I ever
| experienced.
|
| The mobile 1Password experience is excellent as well.
| macNchz wrote:
| I completely agree-LastPass is absolute garbage compared to
| alternatives. Genuinely one of my least favorite pieces of
| software I've ever had to use with any regularity, and my
| threshold for frustration is higher than most.
| [deleted]
| robinhood wrote:
| Personally, and it's just me, but I don't trust cheap, or even
| free, password services like Lastpass, with an ugly user
| experience on top.
|
| I'm more than happy with my 1password subscription. User
| experience is incredible. Support in the iOS ecosystem is
| extraordinary.
| baumandm wrote:
| This seems like such a weird pricing model. My single highest-
| priority requirement for a password manager is access from both
| computers and my phone.
| rezonant wrote:
| I know right? They probably would have been better off just
| making it one computer and one phone, and for more devices go
| Premium. I think that would be fair. But a password manager
| that can only be used on one of my two critical devices
| (computer and phone) doesn't seem very useful.
| stmw wrote:
| Lastpass is very popular but has had a very unfortunate security
| track record, with several security incidents that make one worry
| about their whole approach to security. Information on these is
| widely available and IMHO, the details would've sunk a less
| successful product. May be worth reviewing those if you're
| considering it, or if this change in the free service is making
| you reconsider using it. At the same time, it's probably true
| that for many users, Lastpass is better than no password manager
| at all, with one reused password on a postit.
| jhwhite wrote:
| If I'm going to pay for a password manager I'm going to pay for
| 1Password.
| TillE wrote:
| That's where I'm at right now, as a long time free user of
| LastPass. I've never been particularly happy with it, but it
| basically works and it didn't cost anything.
|
| Now I get to evaluate the whole range of options available, and
| I doubt LastPass will come out on top.
| throw982739182 wrote:
| Well, time to switch it is. I can't justify more than a couple of
| dollars a _year_ for a password manager. Also artificial limits,
| especially when companies limit existing features like this piss
| me off ( _cough_ google photos _cough_ ). Why not add new
| features and make them premium only?
|
| Plus I recently changed my Lastpass password and they had added
| symbol/number requirements since the last time I had changed the
| password and it would not let me use just a word based password.
| Bitwarden let me without issues.
|
| Checking out the extension now, it's also much easier to use than
| Lastpass. For me I don't care, but for my parents the Lastpass
| chrome extension interface is really confusing.
| jedimastert wrote:
| > Also artificial limits, especially when companies limit
| existing features like this piss me off (cough google photos
| cough).
|
| On the one hand, I tend to agree that changning existing
| features to paid is not-great (disclaimer, I was paying for
| Google Photos/One/Whatever even before they announced the
| changes), I wouldn't call space limits "artificial"
| throw982739182 wrote:
| Yes, perhaps that wasn't the best example, the issues get
| lumped together in my head.
|
| But for google, I believe the issue was people were abusing
| it. The proper solution would have been to stop the abuse,
| not what they did. Or for example, they might have removed
| unlimited video uploads which would make more sense, or had
| soft limits. Also you can't tell me google did not foresee
| this happening, which just tells me they used the free
| storage as a lure.
| gregoriol wrote:
| Why isn't it artificial? If they already had sync between
| devices, making it unavailable is purely artificial.
| throw982739182 wrote:
| The reply to me correctly pointed out that I compared it to
| the new google photos storage restrictions which could be
| interpreted as not being artificial, not that the lastpass
| restriction aren't.
| gatestore wrote:
| Before raising its prices (or changing its free features)
| LastPass should get an independent security audit of its
| infrastructure, applications and extensions. There is a lot of
| competition in password managers, and they have almost the same
| functionality. So if LastPass wants to charge more, it has to
| differentiate from the other password managers, and given the
| security aspect of its business an audit would be the way to go.
| timvisee wrote:
| Terminal gurus might like what I've been working on lately:
|
| https://github.com/timvisee/prs
|
| Free and open-source, keep control in your own hands, forever.
| Encryption with gpg, sync with git. Compatible with pass, which
| means better support and easy migration.
| hkt wrote:
| How does this differ from pass? At first look it appears to be
| pretty much the same?
| timvisee wrote:
| The basics are similar but it has many annoyances fixed, has
| a nice and quick interactive interface that doesn't get in
| your way and it is quite fast.
|
| It also provides features like syncing with multiple
| machines, multiple (gpg) recipients, aliases, property
| selection, Windows support and more. And I might add gpg
| alternatives such as age soon. See the README for a better
| overview.
|
| You might like to give it a try. It automatically uses your
| pass store.
| pyed wrote:
| I'm a happy `pass` user and I'm glad I found your work!, My
| only complaint with `pass` was how slow it is, and `prs` is
| pretty fast and completely compatible with `pass` plus some
| extra useful additions which is great!, I hope that the `otp`
| subcommand support is on your road-map. Cheers!
| prepend wrote:
| This is a feature not a productTM.
|
| I switched to using safari's password sync across mobile and
| desktop. It only works on iPhones and macOS desktop safari, but I
| adjusted my workflow.
|
| It's both free, and reliable as long as Apple supports it. But I
| trust Apple to exist or migrate better than a dedicated product
| company like lastpass. Both for a decent user workflow and for
| not being breached (much scarier to me).
|
| I know that companies learn from security incidents and that we
| should reward, not punish companies for being transparent in
| their responses. But lastpass [0] has had issues with breaches
| and potential breaches and I'm nervous about storing bank
| passwords and whatnot with third parties.
|
| I used to recommend lastpass because it was easier to use and
| better than others. But now, for people who don't know how
| computers work, I just recommend to buy an iPad or iPhone and use
| their password managers.
|
| I think it's going to be tough, even if free, to compete with
| this.
|
| Doing stuff like making users choose between desktop and mobile,
| completely arbitrary with no real engineering driver, will just
| move more users away, I think.
|
| [0] https://en.wikipedia.org/wiki/LastPass
| benhurmarcel wrote:
| It only handles login and passwords though. No other fields.
| crazygringo wrote:
| > _This is a feature not a productTM._
|
| Hard disagree -- this is a product, not a feature.
|
| If it's a feature then it's tied to a single product. The whole
| reason I don't use Apple's or Chrome's built-in password
| syncing is because I need my passwords to also work on Android
| and on Firefox.
| greggturkington wrote:
| Terretta wrote:
| They're accessible outside of a browser, via a "keychain",
| and the entire OS is built to use this keychain, which also
| syncs appropriately among your devices.
|
| On iOS, it's Settings > Passwords. On MacOS, it's Keychain
| Access, which looks like this:
|
| https://support.apple.com/guide/keychain-access/welcome/mac
|
| There is also a UI in Safari itself, which on MacOS has added
| some advisory features, including easily guessed, seen in a
| data leak, or used on multiple sites:
|
| https://support.apple.com/en-sg/guide/safari/sfri40599/mac
|
| On MacOS, you can also use the keychain with ssh on the
| command line:
|
| https://rderik.com/blog/understanding-ssh-keys-and-using-
| key...
| harikb wrote:
| What you need to worry about being tightly integrated with
| Apple is not a hacker getting your data - it is being stuck
| with _you or your surviving_ family not having access to your
| own data. This is my primary worry about walled gardens such as
| Apple or Google where you could be locked out of your own data
| because, you know, you looked at your phone the wrong way.
|
| In this instance, you are better of relying on someone whose
| _primary_ business is to save passwords. They are more likely
| to have thought about this.
|
| For example, 1Password, explicitly offer an emergency kit[1]
| for your surviving family should something bad happen to you.
| They also used to have a zero-install reader called 1Password
| Anywhere, but that seems to have been discontinued.
|
| [1] https://support.1password.com/emergency-kit/
| prepend wrote:
| This is a good concern, and one I mitigate by keeping a file
| with trusted people that is to be used in case of my death.
|
| I think I'm better off relying on Apple's business of
| protecting my identity (and selling me more apps, music,
| phones). And the effort spent on this by Apple is likely
| better than the primary purpose of a much smaller company. I
| also don't think the incentives for a password as a service
| company that makes money off a monthly fee are lined up with
| mine. In time, I think they will only get worse as they layer
| on "features" to grow revenue from a fixed, and shrinking,
| market.
| Terretta wrote:
| If you're worried less about hackers and more about big
| brother, such as crossing borders, they also have a Travel
| mode that drops from your devices any password vaults not
| marked safe for Travel. Then toggle them back on after you
| don't consider yourself or your data subject to inspection.
| jwr wrote:
| > But I trust Apple to exist or migrate better than a dedicated
| product company
|
| I'm staring at my huge Aperture photo library (with tags,
| edits, versions and albums). Apple left me hanging. I would not
| assume anything of a huge company.
| Terretta wrote:
| For all kinds of reasons, I hate what they did there,
| abandoning Aperture functionality -- there remains zero other
| software that fills what Aperture did for me. Even though
| Capture One and Adobe Lightroom Classic can both import from
| it to a degree:
|
| https://learn.captureone.com/blog-posts/migrating-apple-
| aper...
|
| That said, Aperture could still open an Aperture library
| using the final versions of Aperture up until Mojave. So from
| the time Aperture was discontinued, Aperture itself worked
| through six versions of MacOS, until Catalina.
|
| As of Catalina, Aperture no longer ran native[1], but Photos
| itself could still open and migrate those libraries ( _note:
| I have not tried in Big Sur_ ). While Photos didn't recognize
| everything initially, before Aperture became unsupported,
| Photos did eventually handle tags, non-destructive edits,
| JPEG+RAW pairs, referenced files, and albums.
|
| Apple eventually got the parity enough I was able to move a
| quarter million photos over into Photos, and haven't needed
| to re-open Aperture in a couple years. While I haven't needed
| it, I did test the software linked in [1] below, and it
| worked great.
|
| What to do if you're on Catalina or newer, and need to
| migrate Aperture to Photos: https://support.apple.com/en-
| us/HT209594
|
| ---
|
| 1. NOTE: Open Aperture on Big Sur or Catalina using
| 'Retroactive':
| https://github.com/cormiertyshawn895/Retroactive
|
| From README: _"All Aperture features should be available
| except for playing videos, exporting slideshows, Photo
| Stream, and iCloud Photo Sharing. If RAW photos can 't be
| opened, you need to reprocess them."_
|
| Read more: https://petapixel.com/2019/10/29/this-app-lets-
| you-use-apple...
| stingraycharles wrote:
| LastPass is one of the only ones that supports MFA on Linux and
| iPhone with my Yubikeys. Their security track record is a bit
| meh, but generally speaking, I'm very happy with how they
| integrate everywhere.
| michaelcampbell wrote:
| I mean to each their own, but for a _password manager_
| security trumps integration for me.
| ballenf wrote:
| Are some of the options discussed more or less secure than
| the others?
| michaelcampbell wrote:
| Well, pedantically yes unless every option is exactly as
| secure as all the rest.
|
| Less pedantically there's stuff like:
| https://hackaday.com/2016/08/01/lastpass-happily-
| forfeits-pa...
| StavrosK wrote:
| BitWarden supports that too, I don't know about others.
| kemonocode wrote:
| I migrated from LastPass to KeePass + Syncthing when they got
| bought out by LogMeIn. Sounds complicated but only the initial
| setup is a little awkward, then it's smooth sailing from that
| point on, and no centralized server to ever worry about or your
| platform of choice going rogue. Keeping your devices secure is
| still on you, but that's true of any password manager.
|
| It was absolutely the best choice to make and I encourage anyone
| to do so and never have to worry about your service going down or
| suddenly asking a "nominal" fee to the keys of your kingdom. Of
| course, should the need ever arise, it's not that hard to migrate
| to something like Bitwarden.
| dString wrote:
| The link to upgrade on their article is broken. Good start.
|
| http://www.lastpass.com/buy-premium?cp=LPP2021-DT-25CS
|
| 500
| pastelsky wrote:
| I moved away from using the LastPass Chrome extension after
| realising that it makes page loads upto 50% slower.
|
| https://twitter.com/_pastelsky/status/1180864405648502784
|
| On the whole, every part of LastPass feels dated and
| unmaintained.
| 0xfacfac wrote:
| I happily pay for Bitwarden, once tried Lastpass and it was
| horrible.
| account-5 wrote:
| Never used lastpass and never would.
|
| Wife does and now I have to go about setting her up a keepass db
| and a way of syncing between her phone and chromebook.
|
| This is a prime example of why I never use these sorts of
| companies. Always comes down to money eventually.
| wing-_-nuts wrote:
| I'd be fine if they limited free to one account, but not being
| able to sync across desktop AND mobile defeats the entire point.
|
| Guess it's time to switch to bitwarden?
| SV_BubbleTime wrote:
| I agree. I think it's a bad move for them.
|
| When I read the title, I just assumed that they were limiting
| to one mobile device which seems more reasonable.
|
| ... My mom will be effected by this on Lastpass, she is hardly
| a power user.
|
| This is a mistake Lastpass.
| 411111111111111 wrote:
| Eh, the mobile apps were only available for the paid version
| originally, so I guess they just went back to how it was
| before.
| SV_BubbleTime wrote:
| Interesting business model to revoke a feature that has
| become standard among your competition.
|
| I can't get off Lastpass because I have 100 paid users on
| Enterprise, but why on earth would I recommend my family use
| LP now?
| [deleted]
| theshrike79 wrote:
| I switched from Lastpass to 1Password after the first security
| oops Lastpass had.
|
| Haven't looked back.
| swagonomixxx wrote:
| Same here. 1Password is a joy to use.
| Tepix wrote:
| What's a good solution for a WebDAV storage backend?
| radus wrote:
| I use this docker image:
| https://github.com/BytemarkHosting/docker-webdav, but with a PR
| that has yet to be merged that makes it easy to use a different
| UID/GUID [1]. I've tried to do it with nginx, as described in
| [2], but it just did not work reliably - it would often
| disconnect and instead of going down a debugging rabbit hole I
| just used the Apache based image. There is also a Go server [3]
| that I have not tried.
|
| Lastly, I put an nginx reverse-proxy in front of it for SSL -
| probably not necessary since nothing is on the public internet.
|
| [1] https://github.com/BytemarkHosting/docker-webdav/pull/28
|
| [2] https://www.robpeck.com/2020/06/making-webdav-actually-
| work-...
|
| [3] https://github.com/hacdias/webdav
| jackdaw12 wrote:
| I still think LastPass is a good product and good value.
| jzl wrote:
| I agree. 1Password has done tons of shady stuff too, far worse
| than this, IMO.
| scrooched_moose wrote:
| On one hand I'm completely ok paying for a service like this,
| because it is worth it. On the other, I'm pretty angry about this
| change.
|
| I am so sick of services luring you in with a free tier, then
| changing the terms once they have you locked in.
|
| I've been considering a movie to 1Password for a while, and this
| is the final push I needed to jump to their paid tier instead.
| mod wrote:
| Even though I know the answer, I think it's interesting to note
| that none of the "questions" posed ask "Why?"
|
| I guess they felt the obvious cash grab was obvious enough to
| have no need for explanation.
|
| I'll be moving off to somewhere else, despite being pretty deeply
| entrenched in lastpass. Hopefully there are some migration tools
| available. I have hundreds, maybe thousands of passwords stored--
| generated passwords which I do not know at all.
|
| Based on comments here, I'm likely to end up with a self-hosted
| bitwarden. I'll feel better about that, anyway. I'm trying to
| eliminate my cloud dependencies, besides my VPS.
| Sohcahtoa82 wrote:
| > Hopefully there are some migration tools available
|
| LastPass will export your saved passwords into a CSV file.
| Dunno about importing into another program, though.
| freedomben wrote:
| I've been procrastinating the switch to BitWarden for some time
| now. I guess the priority list just changed. Glad I check HN ;-)
| DyslexicAtheist wrote:
| switched to KeepassXC around 2 years ago when LastPass got
| bought. works great! there is no company that tries to brainwash
| me into thinking moving secrets[1] over a network is a a good
| strategy for managing them.
|
| [1] it doesn't matter scerets are technically encrypted. the
| threat-model for managing and storing secrets is different. I
| also don't want people to guess how they were created, when they
| were last modified, where they will be used, what other devices
| use them etc.
| metalliqaz wrote:
| so you don't sync your keypass data?
| DyslexicAtheist wrote:
| I prefer a different dedicated database for each device. none
| of my accounts are used across devices. E.g. hw based
| compartmentalization is for me much better to reduce the
| cognitive overhead and avoid making mistakes.
| sofixa wrote:
| What happens when one of the devices fails?
| DyslexicAtheist wrote:
| restore from offline backup?
| metalliqaz wrote:
| and you don't use the network for backups either?
| DyslexicAtheist wrote:
| no. just sync with external locally connected disk
| taurath wrote:
| I hate this model of software business which is a classic bait
| and switch. Get enough users to monetize and then put the screws
| to them.
| JustSomeNobody wrote:
| Bait and Switch is illegal. I'm sure they can do this on some
| technicality.
| jve wrote:
| So many "I've migrated to bitwarden lately" comments. I'm in the
| same boat. Was a paying customer to LastPass.
|
| Price increase played part of why I switched.
| 2Gkashmiri wrote:
| i see nothing better in these "cloud" password providers which
| isnt in my keepass file which i have managed to keep updated for
| the past 5 years now. This is like one of those times when you
| break a feature and then charge people to fix it.
| fukmbas wrote:
| Quit using lastpass garbage. I don't know why anyone is using
| anything other than KeePass. Open source or bust
| avipars wrote:
| time to switch to bitwarden
| carlivar wrote:
| Note that you get a free Family account if you are already in an
| Enterprise plan (so if your work uses it, which mine does).
| hoseja wrote:
| What's wrong with KeePass, besides low marketing budget?
| Macha wrote:
| 1. No inbuilt syncs. Dealing with sync conflicts manually
| eventually gets frustrating.
|
| 2. No multiple URL support. I had to have three entries for
| roll20 to support their app.roll20.net, roll20.net and forum
| domains. These duplicated entries also make rotation a pain and
| reduces the value of duplicate password tests when migrating to
| a password manager approach initially.
|
| 3. Poor Android apps. Apps don't support auto fill, have a UI
| from the gingerbread era, don't sync well even given the above
| caveats, and the android file system permission tightening has
| made using a seperate unrelated app to do the sync more
| painful.
|
| 4. Lack of a standard for identifying apps. Do they use the URL
| field and put the store ID in there? Do they use a custom field
| to allow having app + website login use the same entry? Does
| your next mobile app use the same field or even support that
| field?
| SV_BubbleTime wrote:
| Tell you what, I'll give you my moms phone number and you have
| her set up keypass remotely with only quick basic instructions.
| No? Because she was able to set up and run Lastpass fine.
| dingaling wrote:
| And now she'll have to export and migrate away from Lastpass.
| So the complexity was basically tail-loaded.
|
| One of the major advantages of an app like Keepass{whatever}
| is that once it's set up it keeps working without
| subscription or keeping an eye on your inbox for changes to
| the Terms of Use.
| abhinav22 wrote:
| MacOS / IOS users have all this for free seamlessly :)
| woeirua wrote:
| Except for those times you have to use a Windows computer. Or
| have to share those passwords across multiple devices that
| don't belong to the same person.
|
| I used Keychain for a long time. A dedicated password manager
| is a vast improvement.
| abhinav22 wrote:
| My Windows solution at work is Google chrome password manager
| + an excel spreadsheet
|
| Very insecure, buts that's my fault and a password manager
| would be a big step up.
| saddestcatever wrote:
| Well, not really "free", you've just already paid for it.
| abhinav22 wrote:
| True
| BozeWolf wrote:
| Can you export the data from keychain? I am a macos/ios user,
| but at one point i will probably move to something new or
| better. That's why im using lastpass (considering 1password or
| bitwarden now).
| PascLeRasc wrote:
| Yes, 1Password will help you export Keychain.
| abhinav22 wrote:
| Not sure to be honest
| edoceo wrote:
| My team has been using Passbolt for a few years. Not amazing, not
| terrible, does all the things you'd expect. Hard cost $60/yr.
| Soft cost maybe $1000/yr
| foolinaround wrote:
| keepass - synced via nextcloud -- is one alternative -- that i
| use, across both mobile and desktops
| quyleanh wrote:
| How about Keepass? I use on all devices.
| blunte wrote:
| I very happily pay $10/year for Bitwarden. It is in my opinion
| superior to Lastpass, and I don't have the doubts of the
| corporate governance.
| JumpCrisscross wrote:
| How does it compare with 1Password?
| syntheticnature wrote:
| I'm sure it's not a perfect comparison, but the Wirecutter
| does have a comparison on their password manager page:
|
| https://www.nytimes.com/wirecutter/reviews/best-password-
| man...
| digianarchist wrote:
| All password managers have issues but as a user of 1Password
| I have a lot of gripes with the product:
|
| - Fails to fill out passwords around 2% of the time (Firefox
| account for example)
|
| - Sometimes I mash the "CMD+/" shortcut and nothing happens.
| It's very unstable.
|
| - Password generator is rigid. I have to edit the generated
| password about 90% of the time to add capital letters,
| numbers etc. I made a comment a while back on how we should
| be using HTML data attrs on the password field to hint how a
| password should look for password generators. Perfect
| password every time.
|
| - Can't remove a single item from the trash. It's empty all
| or nothing.
|
| - The shift to the web. Introduction of Keepass X extension
| whilst supporting the legacy. No feature parity between them.
| It's a bit of a mess to be honest.
| tschwimmer wrote:
| Man, that password attributes idea is very good. How does
| one go about proposing that to a standards committee or
| something?
| kemayo wrote:
| Re the generator, there's the passwordrules proposal:
| https://github.com/whatwg/html/issues/3518
|
| Some systems are already using it -- e.g. I know that
| Apple's generate-password helper reads it, and I believe
| that 1Password also does.
| digianarchist wrote:
| This is exactly what I was thinking. I knew the idea was
| too good to be mine.
| munchbunny wrote:
| Unless you have strong opinions about either one's UX, the
| most significant difference that matters to most users
| between Bitwarden and 1Password is that Bitwarden has a free
| plan and 1Password doesn't. Sometimes the "free" price tag is
| the difference between being able to convince someone (or
| yourself) to use a password manager and not being able to
| convince them.
|
| About UX: between BitWarden and 1Password, I haven't seen any
| actually compelling discussion of the two password managers'
| UX that goes beyond just the typical way in which anonymous
| internet commenters enthusiastically assert preferences. They
| both do their jobs well enough the vast majority of the time.
| If you're genuinely in doubt about the UX, try Bitwarden for
| free and then try 1Password if you can't stand Bitwarden's
| UX.
| tunesmith wrote:
| Bitwarden doesn't have a Safari extension anymore since
| Safari's extensions are their own format... Safari since said
| they'd allow Chrome's extension api but I haven't heard if
| Bitwarden will start developing the Safari extension again.
| neogodless wrote:
| It's probably tough to find a thorough review where someone
| put basically all their passwords in different password
| management tools and lived with them for long enough to
| compare them. Then again, people have undertaken more arduous
| tasks before.
|
| For a while, I had the horrible practice of using the same
| username and very simple password everywhere. Eventually my
| "one true password" became slightly more complex, but I still
| had some bad habits. I eventually started letting Chrome save
| all my passwords except for, of course, my Google one.
|
| I switched to LastPass (free) for a while. (My memory of this
| is a bit fuzzy.) At some point I wanted to switch to
| something less, eh... corporate? So I got BitWarden. I really
| like the password generator, and use it exclusively now.
| (There was a web site I used to use for this, but of course
| this is much more convenient.)
|
| It _was_ a bit rocky in the earlier days. Integration with
| the browser on Android could sometimes be a little shaky. It
| 's still not perfect, but I don't have good comparisons
| there. I use Firefox on Android, Windows and Linux. It works
| really well on the desktop and mostly really well on Android,
| though with the browser it's unreliable if you rely on the
| Android app, so I install the Firefox Add-On for BitWarden,
| and that works reliably.
|
| My spouse set up her own account, and we share some of our
| important passwords via a free organization. This is a great
| feature and gives us both some peace of mind if we were ever
| required to get into each other's accounts. We also paid the
| $10/year so she could see reports on her passwords, and get
| rid of breached, insecure and duplicate passwords. She has
| adapted readily to using the password manager though she
| mostly just uses it on the computer, not on the phone.
|
| Overall we are very happy with it and I believe it's an
| excellent option. I cannot, however, compare it to 1Password.
| dsissitka wrote:
| I think Bitwarden's UX is pretty poor. A few examples off the
| top of my head:
|
| - 1Password's TOTP support is much better. 1Password
| autofills the code and the password, Bitwarden only copies
| the code. 1Password will scan pages for QR codes.
|
| - They finally implemented encrypted backups but they half-
| assed it. From https://bitwarden.com/help/article/encrypted-
| export/:
|
| > Warning
|
| > Rotating your account's encryption key will render an
| Encrypted Export impossible to decrypt. If you rotate your
| account encryption key, replace the old backup with one that
| uses the new encryption key.
|
| - https://news.ycombinator.com/item?id=25868856
|
| That said, I'm a Bitwarden user because I don't it's that bad
| and I don't think 1Password is worth 3.6 times as much.
| neltnerb wrote:
| Same here, I'm happy to pay Bitwarden because they have a
| highly functional firefox addon. LastPass was garbage for like
| two years before I dropped them and that was itself years ago.
| It's been bad for a while.
|
| I definitely don't trust LastPass with my information,
| definitely don't trust that it will actually work in my
| browser, and if you export your lastpass vault bitwarden
| imported it perfectly.
|
| Take my advice at your own risk of course, I had both for a few
| months before I was confident it was safe to close my lastpass
| account.
| [deleted]
| ttiurani wrote:
| I did the same switch too a while back, Bitwarden has been
| really solid.
|
| Interesting thing: I just now remembered to delete my LastPass
| account, but the delete account flow breaks totally. Just end
| up in a modal without any content in it, both Firefox and
| Chrome.
|
| I'm wondering if they are even deliberately blocking deleting
| accounts for damage mitigation?
| jrowley wrote:
| Honesty, I've been using LastPass for years and lately the
| chrome and Firefox extensions have been really buggy for me.
| Especially the chrome one. So I'm not sure it's nefarious.
| neogodless wrote:
| Huh, you reminded me that I used LastPass for a while and
| still had that account. I went and deleted any passwords
| still in there, and then had to do a web search and found
| https://lastpass.com/delete_account.php which worked for me.
| I just had to confirm 2 or 3 times and then it claims it
| deleted my account. This is in Firefox on Windows.
| ttiurani wrote:
| Good to know, thanks. I'm on OSX. Maybe there's something
| funky with my account data then. I emailed their support,
| let's see what happens.
| tonymet wrote:
| Anyone have a thorough guide to migrating to bitwarden. I've
| tried and failed . I have notes , multiple logins per site ,
| about 1000 credentials .
| djfdat wrote:
| Hey! I had this issue too twice before when trying to switch.
| I tried again today, and it seems to have gone off flawlessly
| this time....
|
| I think the issue before was w/ multi-line nodes and special
| characters.
|
| For reference, I imported the data by pasting in the lastpass
| export rather than using the .csv import.
|
| Good Luck!
| metalliqaz wrote:
| I just did it. Exported to CSV in lastpass and simply
| imported it in bitwarden. No problems. search bitwarden's
| help for a guide.
| mminer237 wrote:
| https://bitwarden.com/help/article/import-from-lastpass/
| mesid wrote:
| I'm a bit concerned that Bitwarden might also follow a similar
| path later on, if we keep using the free version. Any thoughts
| on that?
| input_sh wrote:
| Honestly I pay for the premium even though I use absolutely
| none of their premium features. At EUR10/year, it's the
| cheapest subscription I've ever encountered, and I don't want
| to store OTP at the same place as my passwords to avoid
| single point of failure for my most important stuff.
| driverdan wrote:
| Hopefully they do. Services as important as a password
| manager should be paid unless you host it yourself. Bitwarden
| is only $10 a year.
| noja wrote:
| I pay for it without using the premium features.
| Macha wrote:
| It's open source (both client and server) and there's a third
| party reimplementation of the server
| joekrill wrote:
| I've tried really, _really_ hard to like Bitwarden. But I ran
| into 2 huge issues, that ended up being blockers for me:
|
| 1. Sharing is super-confusing. I was trying to organize things
| for my mom, as well for my wife and I. And you have to create
| these "organizations". And they makes things really confusing
| for a variety of reasons. They are a different pricing/SKU. And
| the UX around them is not good. It's not clear where things are
| being created a lot of the time, and who may or may not have
| access. It just was a really bad experience.
|
| 2. It was outrageously slow for me. I use Enpass otherwise, and
| it comes up right away, and searching is relatively fast. But
| Bitwarden always had this delay. And it was a huge pain point
| because it wasn't clear immediately if there were just no
| results, or if I just had to wait a few seconds. And sometimes
| things would pop up unexpectedly.
|
| So I've continued using Enpass. It has _by far_ been my
| favorite password manager. It's no open source, but it uses
| Sqlite and SqlCipher under-the-hood, and I have full control
| over where it syncs my data to. Sharing is still a problem
| (mainly because of the architecture decisions - there is no
| "central server"), but everything else is so great that I'm
| fine making that tradeoff.
| neogodless wrote:
| Having just set up a free organization the other day, I agree
| it was slightly confusing. Mostly because I was kind of
| hoping to combine costs for an organization with the per user
| $10/year plan. In the end, I set up a FREE organization for
| two people, and paid for the per-user upgrade for one of us,
| for now, to get the reports on bad passwords.
|
| If you're trying to set it up for three users, you'd need to
| pay for a organization, which starts at $9/month. On the
| other hand, I believe you could set up two free organizations
| where you are a member in each, and you add your mom to one
| and your wife to the other.
|
| https://bitwarden.com/help/article/getting-started-
| organizat...
|
| https://bitwarden.com/pricing/business/
|
| I don't think it was a particularly difficult process, but I
| did it on my computer, and once it was all figured out,
| helped my spouse with the rest. I don't find the sharing
| process confusing. You click Share on a saved password,
| choose the organization, and then you choose the collection
| you put it in (which can simply be Default.)
|
| I haven't found BitWarden to be slow, but my laptop is a
| Ryzen 7 4800H and my old phone was a Pixel 3, so neither are
| slouches. Not sure how many records I have but I'd estimate
| about 500.
| arsome wrote:
| > and it comes up right away
|
| I'd be a bit afraid of this. Secure key derivation takes
| time. Remember, you want to be able to defend against people
| with a few GPUs or the ability to configure a cheap FPGA at
| least and the ability to build custom ASICs or employ a GPU
| botnet at worst. Taking ~5 seconds to derive your key
| securely on your phone is a near inevitability.
| BrightOne wrote:
| That's about searching, not unlocking the vault.
| Macha wrote:
| Searching happens after the vault is already unlocked.
| ska wrote:
| re:2 - interesting. I've used bitwarden regularly over the
| last year or so across windows and mac laptops and iOS
| devices. I can't recall ever having a notable delay. I wonder
| what this implies about configuration.
| ianmcgowan wrote:
| Agreed on the sharing - I was trying to arrange a family plan
| for 5 people, and happy to pay $10*5 a year (coming from a
| shared lastpass instance), but have given up trying to figure
| out how sharing works. Ideally every person would have their
| own personal vault and there would be a shared vault for
| "family" accounts, that you don't explicitly have to switch
| to in order to use. We just share master passwords and
| manually sync things, but it seems like a missed opportunity
| to upsell individuals into family or small team plans with
| just a few new sharing features..
| Maxburn wrote:
| Good to hear, I want to make the jump myself some day. At the
| moment I have a personal (paid) LastPass merged with my
| companies enterprise Lastpass and for sanity sake I get both in
| one UI with Youbikey support.
| snowoutside wrote:
| Just switched to Bitwarden. Took me ~15 minutes to get the
| browser extension + app installed and to complete the migration
| using the export/import features.
| sodality2 wrote:
| Don't forget to delete your account!
| pizza234 wrote:
| I've performed the switch as well, however, a couple of things
| to consider about Bitwarden:
|
| - field detection is much poorer in Bitwarden (ie. it will fill
| both signup and login fields in some websites... including HN)
|
| - Bitwarden timeout doesn't survive browser restarts (at least,
| this was the last time I've tried it), making it difficult to
| use for people with a complex password and frequent browser
| closing/opening
| wing-_-nuts wrote:
| re: field detection
|
| How does it do with sites that _insist_ on using a
| 'password' type field for both username and password? This is
| my biggest pet peeve on the internet today!
| Macha wrote:
| It handles fidelity fine, and they do a sort of masked
| password field for the username where you only see the last
| 3 characters.
|
| Firefox on the other hand used to want to save my username
| as ****ABC
| ricardojoaoreis wrote:
| I don't like using browser extensions for password managers
| (I read in the past these are usually the easier attacks,
| might not be true nowadays) and switched from LastPass to
| Bitwarden.
|
| The feature I miss is that LastPass has a Mac MenuBar app
| which provided a global shortcut to search my wallet, for
| Bitwarden I always have to open the app.
|
| Also, the iPhone app doesn't let you view attached images in
| the app, you have to first download them to the phone's
| storage.
| SV_BubbleTime wrote:
| Also bit wardens enterprise feature is very different than
| anyone else's enterprise feature.
|
| It's in my opinion a bad system. The issue revolves around
| that you always have a personal account, that has work
| access. Well.... for enterprise, I want to be able to help
| user reset their password, override there to MFA, revoke
| access to a share, audit what shares they have access to.
|
| I REALLY wanted to use Bitwarden company wide, but the
| enterprise product is just not there.
| tweetle_beetle wrote:
| The concept is that you have your personal vault, and then
| you can also be a member of multiple organisations, each
| with a vault.
|
| If you want, you can choose to disable the "personal
| ownership" option, so that employees lose their personal
| vault and can only use the organisation's vault. You can
| also select the "single organisation" option to prevent an
| employee from joining a second organisation.
|
| Once you have done that, you can audit all of the shared
| "collections" in an organisation and revoke access to
| specific "collections" for specific employees.
|
| And if you want enterprise-y control, then you can manage
| employee credentials using LDAP, etc.
|
| It is a bit confusing to be fair, but I think you can do
| the things you mention?
| xxpor wrote:
| I'd always assumed point 2 was intentional
| ragebol wrote:
| It is. Go to Settings > Vault Timeout. I've set it to 'On
| Browser restart' but you can set it to Never
| time0ut wrote:
| So I have until March 16th to move to a competitor. Got it.
| adur1990 wrote:
| Anyone considering pass (https://www.passwordstore.org/)? It is
| written in bash and uses gpg to store credetials on disk. And it
| is developed by the same guy behind wireguard. Also completely
| FOSS. On iOS I use passforios
| (https://github.com/mssun/passforios) and on macOS I am the
| developer of Pass for macOS (https://github.com/adur1990/Pass-
| for-macOS) which is a wrapoer for pass containing a Safari
| extension. Sync across devices is done using git (or cloud drives
| if you prefer). I use this setup for multiple years now and it
| works really well.
| kelvie wrote:
| I also use this, and with the android app on f-droid (requires
| that you install a GPG app though).
|
| I sync it with a private gitlab repo and it's been working
| great for years.
| zwog wrote:
| My problem with passwordstore is that it's just not convenient
| to add passwords (via browser).
|
| With Bitwarden or KeepassXC the extension offers to store the
| login data when I sign up or use one login for a first time.
|
| With pass i have to do it manually which isn't hard or does
| take long, but it's still additional work.
|
| I ended up using KeepassXc with keepmenu[0] as a script for
| roffi/demnu
|
| 0: https://github.com/firecat53/keepmenu
| drwu wrote:
| I was(am) a happy user until once I need to grep..
| boromi wrote:
| I've been using KeePass for ages. Yes the UI needs help,but it's
| predictable and hasn't had any issues or bugs.
| bschne wrote:
| This is such an odd choice of pricing model. The usual approach
| is to say you get multi-device sync as part of a paid plan and
| single-device usage for free, or to place an upper limit on the
| device count, not count of types of devices.
|
| My guess is that they want to limit functionality enough to make
| paid plans attractive, while still giving you the chance to try
| out how the sync works, but I can't help asking myself if this
| isn't unnecessarily confusing and going to put potential
| customers off as opposed to e.g. offering a 30-day trial on their
| paid plans.
| path411 wrote:
| It's them trying to go backwards. Originally free only worked
| on desktop. When they allowed mobile on free, a lot of people
| cancelled their premium. The other really crappy part, premium
| was only $12 then. I don't really see modern lastpass as 3x
| more valuable then it was then.
|
| I think they are just betting on enough people staying because
| people are too scared to swap
| hyperpl wrote:
| I would suggest users on UNIX-like OS's to try passwordstore.
| frombody wrote:
| I wonder if this was forced by the moves that Microsoft is
| making.
|
| If you have a Microsoft authenticator app on your phone, you'll
| likely have noticed that they started offering regular password
| management through the same app to all users for free.
| Vvector wrote:
| Hmm, doesn't that defeat the purpose of MFA?
| rrrrrrrrrrrryan wrote:
| I've been wanting to move away from LastPass for a while now for
| different reasons - it feels very heavy and clunky. It's slow and
| the autofill can be glitchy.
|
| Does anyone have any recommendations from this perspective?
| 1password seems more Apple-oriented, but my devices are all
| Windows (chrome), and Android.
|
| There's lots of discussion here about "terrible UI," but I
| imagine none of these password managers are consistently great
| across all platforms. E.g. Someone using an app solely on a linux
| desktop in Firefox will obviously have a vastly different
| experience than someone using the app primarily on an iPhone with
| safari.
| joebasirico wrote:
| I recently migrated from LastPass to 1Password. Honestly it's
| been great. The UI is better, sharing vaults is easier, they
| have integrations with haveibeenpwned.com, and integrations are
| seamless. There's no free tier, but the cost feels worth it to
| me. I was able to get my whole family on 1Password without too
| much hassle.
| Lunatic666 wrote:
| We moved away from LastPass for the reasons you mentioned and
| for the problem that I couldn't recover the password of a
| business account. The account was just not usable and they
| couldn't even delete it, so once someone made a mistake while
| opening it, their email address was blocked. I think they fixed
| this since we moved, but 1Password is not standing in my way
| and does everything reliably and quietly.
|
| They have apps for all (mobile) OSes and even a native Linux
| app, what I really appreciate. I just saw they also have a CLI,
| I have to test this, too.
|
| I'm just a happy customer with ~60 users and not affiliated.
| jbombadil wrote:
| I use 1-password and I don't agree with it being Apple-
| oriented. Their integration with Apple OSs is awesome, but
| their Windows solutions work really well as well.
|
| I'm very happy with it.
| kennymeyers wrote:
| I found 1password on windows to work just great. It's not as
| great as the Apple version but it's way better than the
| alternatives.
| davemtl wrote:
| LogMeIn had (and probably still has) a reputation of putting
| existing features behind a paywall. I have no problem paying for
| a service if I like it, I was a paid subscriber before LogMeIn
| and for a year or two after the purchase. Slowly, prices started
| to rise, features for free users were being put behind a paywall.
| After many years of recommending LastPass to family and friends,
| I just couldn't anymore.
|
| A few years ago I switched to Bitwarden after evaluating
| everything from 1Password, Dashlane, Keeper as well as free/open
| source applications like Keypass and Password Safe.
|
| Why Bitwarden? It satisfied my need to be able to sync between a
| handful of devices (Windows desktop/laptop & Android) and
| replicated features that were previously available in LastPass.
| In the last three years that I have been a paid subscriber of
| Bitwarden, the price has not gone up (yet).
| khnov wrote:
| They change the free plan after gaining users, I am not fan of
| this behavior, I am migrating to bitwarden.
| chrisan wrote:
| Headline should be single "device type". Pick computers, you get
| all computers. Pick mobile, you get all mobile devices (and
| watches)
|
| Still sad and I'll have to look at options again, it's been 5+
| years since I looked.
|
| Anyone enjoying bitwarden https://bitwarden.com/ ?
| ccmcarey wrote:
| Bitwarden premium sub for years, never had a single issue.
| phoe-krk wrote:
| I am using `pass` (https://www.passwordstore.org/) with an
| encrypted git repository and this works well enough for my use
| cases. I do not have a complex threat model though, nor I need
| to share my passwords with other people or organizations.
| Vaslo wrote:
| Yes after using Roboform and Lastpass I switched to Bitwarden.
| I pay the 10 bucks a year for convenience but folks I know self
| host it and are really pleased with it.
| qurashee wrote:
| Been using bitwarden using a self hosted db for quite some time
| now, brilliant product!
| croutonwagon wrote:
| I moved to bitwarden a few years ago from Lastpass..Primarily
| because of persistent sync issues with lastpass. It seemed they
| kept trying to see "features" and the core product took a dive
| with the logmein aquisition. They were pushing things like
| credit monitoring, but the password syncing would get wonky
| from time to time with a specific browser or on my phone or
| vice versa.
|
| You can self host your bitwarden (though i dont). And you can,
| even with a free account, create a single "org" to share
| passwords with. In this case that org was my wife so now all
| our shared accounts reside in bitwarden and the password doesnt
| matter.
|
| Ive even gotten to the point of using their passphrase
| generator for manual sign-ins like my work computers.
| ketzo wrote:
| I can't tell you how bizarre it is to me that despite there being
| four different (quite popular!) offerings in the password manager
| space, there's not _one_ that really offers, to me, what I would
| call even a competent UI /UX.
|
| From personal experience, this is my ranking of the Big Four in
| terms of "does it _just fucking work_ every time I press the
| button ":
|
| 1. LastPass
|
| 2. 1Password
|
| 3. Bitwarden
|
| ..
|
| ..
|
| ..
|
| ..
|
| 15. KeePass
|
| As a result, I use LastPass. It's fine. It works perfectly about
| 80% of the time. I'll probably end up upgrading to Premium with
| this change. I'm fine with their current offer of $2.25/mo billed
| annually -- I definitely get more value than that out of the
| software given the amount of passwords I generate/save/retrieve
| on a daily basis.
|
| But even LastPass has what I personally consider a _deeply_
| unreliable UI! About 1 in 3 times I open the Chrome extension, it
| just.... doesn 't work?
|
| It's absolutely wild to me. It's nuts, man! Maybe I'm just a
| frontend developer, so I get extra crotchety about shitty
| frontends. But c'mon! It's a consumer grade product that you
| interact with almost entirely through a 200x400px window. And
| that window _doesn 't respond to mouse hover half the goddamn
| time_.
|
| Anyway. </rant>
| nickthegreek wrote:
| Oof, this is a rough one! Id rather have a device number limit
| than a device type limit.
|
| Main Takeaway:
|
| "We're making changes to how Free users access LastPass across
| device types. LastPass offers access across two device types -
| computers (including all browsers running on desktops and
| laptops) or mobile devices (including mobile phones, smart
| watches, and tablets). Starting March 16th, 2021, LastPass Free
| will only include access on unlimited devices of one type. "
| vvillena wrote:
| "I'd rather have" == "this is what I need to stay within the
| limits of the free tier"
|
| Lastpass reasons for doing this are perfectly clear. They want
| people to use and trust their platform, and there's no better
| way for doing that than allowing users to use the full version
| of their product. At the same time, they want revenue, and
| targeting the people that use Lastpass as an integral part of
| their workflow (e.g. myself) is a valid strategy.
|
| I've used Lastpass for years. I was a premium user, but at some
| point the free tier started covering my use case, so I stopped
| paying. Now I'm probably back at the point where I'll start
| paying again. I could definitely live without mobile access,
| but it's a convenient thing to have and I can easily afford it.
| Maybe I'll look for an alternative too, but it has to be just
| as convenient.
| nickthegreek wrote:
| I was previously a paying member but when they doubled their
| price, I realized the free tier worked for me and I move to
| it. Id gladly pay $15 a year for the service and not hassle
| with moving. But I might as well try out bitwarden for $10
| now.
|
| It would also be easier for me to recommend to less technical
| users like my family if I knew they could sync 1 mobile
| device and 1 computer. Its already hard enough to get any of
| them to use password managers to begin with.
| fiws wrote:
| LogMeIn ... more like LogMeOut ...
| kevindong wrote:
| LastPass was my first ever password manager and I used for it ~5
| years. A few years ago, I got fed up with how sluggish it was (at
| least, at the time). So I switched over the Bitwarden.
| Unfortunately, the Bitwarden Safari extension for macOS had a bug
| where I had unlock my vault every time I wanted to use a
| credential and that got annoying.
|
| Around the same time I started using Bitwarden, I started at a
| job with a corporate 1Password subscription for employees.
| 1Password's UX was so much better than Bitwarden that I switched
| my personal account over a few months into using 1Password for
| work.
|
| 1Password isn't perfect (e.g. auto-generated passwords can't be
| autofilled unless you manually convert it to be a 'Login'), but
| it's by far the best I've used.
| TheRealSteel wrote:
| I also changed from LastPass to Bitwarden to to LastPass being
| noticeably slow. I don't mean to diminish the probably very
| hard work put into a product with a decent free tier, but it
| was sluggish enough it only made sense to try an alternative.
| jonpurdy wrote:
| I had just posted in the duplicate thread complaining about
| 1Password (https://news.ycombinator.com/item?id=26154324). I've
| been a user since 2007 and it seemed to get significantly worse
| with version 7.
|
| Despite its increasingly major flaws (no exact URL matching,
| slow UI, no way to trigger a sync), it seems like it is still
| the best option for someone who wants a native Mac/iOS
| interface. Though if it keeps getting worse at the same rate,
| hopefully other options will catch up.
| soferio wrote:
| We've been using LastPass without real issues of any variety
| (inc speed) on: Mac, iOS, windows 10. Sharing feature working
| well.
| Wowfunhappy wrote:
| I was going to reply "the problem with 1password is they have
| no Linux support," but it looks like Linux support actually got
| added late last year! (Or at least there's an open beta.)
| https://blog.1password.com/1password-for-linux-beta-is-now-o...
|
| Anyone used both 1password and Bitwarden? I'm using Bitwarden
| right now, but I dislike the fact that their desktop app is
| Electron based.
| selykg wrote:
| Pretty sure the 1Password linux app is also Electron.
|
| Bitwarden is fine, especially for $10/yr.
| striking wrote:
| There's a CLI. I honestly just end up using the browser
| extension...
| selykg wrote:
| The link they provided was to the announcement about the
| app. The app is electron. the CLI is written in Go, so it
| should feel pretty CLI-like.
|
| I refuse to even think of using 1Password X. It's a
| security nightmare waiting to happen.
| dastx wrote:
| Last year 1Password announced official support for Linux,
| and released a beta. Surprisingly it wasn't an electron app
| but proper desktop app.
| [deleted]
| falcolas wrote:
| Keepass is another cross-platform option (open source),
| though the UI on non-windows environments is a bit... crap.
|
| Nontheless, it works, and it works well.
| fencepost wrote:
| My biggest problem with Keepass is that the integrations
| aren't part of the core project. Want browser integration?
| Great, pick one (or more depending on browser choices) of
| multiple projects from pseudonymous/anonymous people,
| install it and give it access to your password store. Want
| mobile? Do the same.
|
| Last time I looked at it the very nature of the Keepass
| ecosystem basically meant that you had a ton of different
| people with commit privileges to different areas, and no
| real reason to trust any of them.
| radus wrote:
| This is a valid criticism for sure. I suppose the only
| truly cross platform options is KeeWeb but you give up
| some features, mostly on mobile, eg. fingerprint unlock:
| https://github.com/keeweb/keeweb/issues/1132.
| cmroanirgo wrote:
| KeepassXC is another option for multi platform. I use it on
| mac
|
| KeepassDX for Android (or Keepass2Android)
|
| I was a happy 1Password user, but prefer to use my own
| hosting for the files & the subscription model makes using
| your own files very hard (but it's still possible)
|
| I tried BitWarden but the lack of a proper desktop app
| (where the browser plug-in connects to) is a deal breaker.
| I don't want to type my master password into my browser.
| johnchristopher wrote:
| Keepass is not a Web first app. There are extensions and
| workarounds but considering the nature of its file based
| database it can never be as smooth as solutions like
| bitwarden and others.
|
| At work we share a Keepass file on a nextcloud instance and
| it's a giant PITA.
| spurgu wrote:
| We used Dropbox and it was also a PITA.
|
| Bitwarden is great, haven't used 1Password.
| krets wrote:
| I'm using KeePass + Syncthing to get it around all my
| devices. Works like a charm! Except for iOS devices...
| falcolas wrote:
| ::Personal Opinion Warning::
|
| When it comes to security, smoothness is kinda low on my
| priority list. I'm fine swapping windows to copy/paste
| values, or pressing a hotkey.
| ssully wrote:
| I have also used multiple shared Keepass files at work
| and the issue isn't a lack of smoothness. There have been
| multiple instances of sync/dataloss issues where you have
| to refer to an old version or find someone who has the
| latest "OK" version of the file.
|
| I love Keepass for personal use, but if you using it for
| sharing passwords at work then 1Password or Bitwarden are
| the way to go.
| dkersten wrote:
| Lack of smoothness is what causes many people to ignore
| these things. So, while you or I may know better, its
| still a very important aspect if we want more than just
| the few in the know people to use security tools.
| fencepost wrote:
| There are notable advantages to browser integration - in
| particular not filling on spoofed "lookalike" domains
| made with visually similar Unicode characters, and not
| putting passwords into the clipboard where they might be
| snagged by anything watching the clipboard.
|
| (admittedly, if your system has something malicious
| monitoring clipboard use you already have big problems)
| kstrauser wrote:
| It's very high on my priority list. I want my employees
| to _want_ to use a password manager because it 's so
| convenient. A less perfect system that actually gets used
| adds more security than a more perfect system that no one
| likes.
| Wowfunhappy wrote:
| Yeah, the lack of a good Mac client made Keepass untenable
| for me. I tried several and they all sucked.
|
| A password manager is the one thing which I really need to
| work well _everywhere_ , because I need access to my
| passwords everywhere.
| secfirstmd wrote:
| For what it's worth KeePassXC these days is very good
| useability wise and has some awesome features in it
| m-p-3 wrote:
| Have you tried KeeWeb and AuthPass?
|
| https://keeweb.info/
|
| https://authpass.app/
| ergl wrote:
| I've been using macpass for a while on osx, and it works
| pretty well (and looks better than keepassxc):
| https://macpassapp.org/
| [deleted]
| radus wrote:
| I'm evaluating StrongBox right now.
| https://strongboxsafe.com/
|
| Features for MacOS are being actively developed to bring
| it up to parity with the iOS apps.
| dastx wrote:
| Keepass and all is great. But it doesn't have first class
| support for anything but passwords.
|
| I'm sure many people will cringe when reading this, but I
| also save credit cards in my password manager and use it to
| auto fill when I need it. This unfortunately isn't
| supported by Keepass et al.
|
| It has templates, which are supported by some
| implementation but not others. Which also isn't great.
| krrrh wrote:
| Another reason this is helpful is if you lose your wallet
| and have all the phone numbers and details for your cards
| stored in a sun cable database. It makes it easy to
| cancel your cards and order new ones.
| Wowfunhappy wrote:
| > I'm sure many people will cringe when reading this, but
| I also save credit cards in my password manager
|
| Why would anyone cringe to read that? They're no more
| valuable than passwords. In fact, I would think they're
| less valuable, since really the CC company is on the hook
| if a number gets stolen.
| C19is20 wrote:
| Please don't anyone take this as a plea to 'improve' the UI
| of keepass :-) Sometimes "... crap", just works.
|
| Been using kp for years, also the android version. I
| manually sync my .kdbx files, and all is good.
| falcolas wrote:
| I won't disagree with you on this. It does work, and WRT
| security, fewer integrations is sometimes better.
| budafish wrote:
| Keeweb is what I use on all platforms. Yeah it's an
| electron app but it supports natively storing the keepass
| file in the cloud. Works online or offline and has global
| autotype.
|
| Works great for me!
|
| https://keeweb.info/
| Macha wrote:
| Use KeePassXC rather than the official client. Even on
| Windows, I found it preferable.
| Kwpolska wrote:
| KeePassXC is a modern fork that uses Qt for its UI, and it
| looks great on all platforms.
| genericuser256 wrote:
| Personally, I've used 1Password, Bitwarden, and LastPass. I
| switched from LastPass to Bitwarden a few years ago (use it
| on android and browsers for the most part), and use 1Password
| for work. Overall I'd say 1Password has the worst UX of all
| of them, though it looks "clean". It routinely messes with my
| settings on update, it's password generator is annoying to
| work with, and it doesn't pick up new logins I've entered
| well (eg. if I tell 1password to create a login from this
| page, it populates nothing while bitwarden sets the name and
| URL + any username or pwd it thinks it sees).
|
| I could go into more depth but overall Bitwarden has been a
| great daily driver for the past few years and would recommend
| to anyone.
| drudoo wrote:
| 1Password have had a cli interface for some time. I used to
| use that on Linux like two years ago.
|
| Since the release of 1PasswordX I hardly ever spend time in
| the native apps except for iOS.
| gmenih wrote:
| 1Password's support is not that great on Linux. I couldn't
| get it working anywhere but on Ubuntu. On all other distros,
| the extension failed to find the running app.
| sa46 wrote:
| I also switched from Lastpass to 1Password. I did a mildly deep
| technical investigation into why Lastpass is slow on the
| browser. I found LastPass delays all page rendering by about
| 70ms. https://joe.schafer.dev/passing-lastpass/
| clumsysmurf wrote:
| Two main bugs I experience with Lastpass are (1) duplicate
| entries when things sync up and (2) quick search doesn't enable
| the copy user / password buttons many times. Annoying
| workaround is clear the search, and re-search again, that
| usually brings back the buttons.
| thinkharderdev wrote:
| Yes! 2 drives me nuts. I switched from BitWarden to LastPass
| mainly because of the quick search. And having to clear the
| field and retype is one of those minor bugs that is slowly
| driving me insane because I hit it 15 times day.
| upbeat_general wrote:
| I had almost the exact same experience. Lastpass was too
| sluggish for too long and then they jacked up the prices (while
| also making the free plan actually usable with syncing). I
| tried Bitwarden but I hated the chrome extension because it
| didn't have good autofill which is critical.
|
| Finally switched to 1Password and it has much better autofill +
| great OTP support even on iOS.
| davidg109 wrote:
| Recommend taking a look at MYKI. This is my go to password
| manager, and no information is stored in the cloud.
| Macha wrote:
| Glad I went with self hosted bitwarden when migrating from
| KeePassXC + syncing with seperate apps (Dropbox originally,
| Syncthing these days).
| therobot24 wrote:
| glad you switched to syncthing, don't know how anyone can
| recommend dropbox when syncthing exists
| LeSaucy wrote:
| Agreed, Syncthing has been rock solid no matter what I throw
| at it. 500gb of music files? source code directory with 100's
| of 1000's of files from npm_modules accidentally included?
| Photos? It just works. It also plays well with other sync
| providers (I sync a subset of dirs into iCloud files so
| phone/iPad can access things)
| rightisleft wrote:
| Goodbye Private Equity raiders, we're out!
|
| I've also been waiting for an excuse to migrate off LastPass.
| Their 'shared' functionality on both personal and corporate
| accounts is a joke. Passwords consistently do not update when
| shared with other paid plan members.
|
| We also pay for corporate support. I would say the average
| response time is about 48-72 hours. We've been talking about
| replacing them.
|
| LastPass has been at the top of our axe list for SaaS tools.
___________________________________________________________________
(page generated 2021-02-16 23:02 UTC)