
Don't use 1Password (2017) - kaptain
https://blog.goodstuff.im/dont_use_1password
======
chillaxtian
One bad support rep interaction doesn't sink the security model of the
company.

If they were lying in their documentation, or the software itself, that would
be a different story.

~~~
cheeze
Agreed. This just reads like a bad rant.

~~~
danek
Yeah I couldn’t finish it. Was there anything of substance other than he got
bad info from a rep on Twitter?

~~~
Springtime
The blog author additonally emailed support with a lengthy overview of the
changes and reponse from the rep and received the reply that v6 of their
product has always been a cloud subscription only offering, which according to
the author's experience was not the case.

The primary contention of the blog post and the tl;dr is v6 of the product
allowed for a 'local' vault until a particular build and AgileBits isn't being
open about this change, which the author feels is some slippery slope to
other, hypothetical compromises.

------
facetube
> as of LAST NIGHT, there was a mention on 1password.com of using DropBox and
> other mechanisms for syncing vaults

Below is exactly what the cited page said on February 1st – as far as I can
tell, this post offers absolutely no support for this claim.

> Dropbox requires:

> 1Password 4 on Windows [1]

[1]
[https://web.archive.org/web/20180201210656/https://support.1...](https://web.archive.org/web/20180201210656/https://support.1password.com/sync-
with-dropbox/)

------
craftyguy
My biggest reason for not using 1Password, Lastpass, etc, is that they are all
walled gardens. If any go under, you lose the service and everything locked
away in it. Since they're based on proprietary shit, it is lost for good.

That's way bigger (and simpler to understand), to me, than the corporate drama
that the author drums up to justify ditching it.

~~~
nathan_f77
I love using LastPass, and it's very easy to export all of your passwords and
notes as CSV. If they go under, it would be easy to migrate to a different
service. A quick Google search brings up many API clients for KeePass, so it
should be simple to read the CSV and import all my passwords into KeePass.

I used to use KeePass, but I think LastPass is much nicer and more convenient.
I also like using the LastPass Authenticator app for 2FA.

------
nemo1618
This guy's priorities are backward. He blows a gasket over 1Password not being
100% clear about their feature set (and somehow this offense is great enough
to warrant dropping the product entirely), but seems unconcerned that he's
entrusting his passwords to closed-source software. Why would any security-
conscious person give 1Password a second thought when there are open-source
alternatives?

~~~
symlinkk
> Why would any security-conscious person give 1Password a second thought when
> there are open-source alternatives?

I trust the security team behind 1Password more than a community of volunteers
around open source password managers.

~~~
skyzyx
Fully agreed. When it comes to security, most people don’t know half as much
as they think they do.

------
fnordsensei
I completely get the business model.

What I don't understand is why they are coupling the business model to
enforced storage in the cloud. Could someone explain why the one necessitates
the other, from their point of view?

I saddened that they're going to force me to stop using 1Password after all
this time. I really like the software, but I don't like handing over a
lifetime of secrets to a third party—any third party.

------
thedz
(2017)

------
kensai
I appreciated the article, but I was expecting in the end a suggestion for an
open source alternative. Finding it and proving that it is better than
1Password is the hard part.

