
1Password for Open Source Projects - stedaniels
https://github.com/1Password/1password-teams-open-source
======
mrunkel
Hacker news, never change. Company gives away product for free to opensource
teams... and almost all of the comments are complaints. :)

I get it. For some this will never be an acceptable solution. As a happy
subscriber of the family plan, I can only say that this has appreciably
improved the security of my family online. I'm happy to pay the subscription
fee because I think that's the most sustainable business model for a software
company.

In any case: "Hey 1Password, thanks for giving away free licenses to
opensource projects."

~~~
an_d_rew
Could not have said it better myself!

Thank you, AgileBits - much appreciated!

------
kcmastrpc
considering using and supporting the open source bitwarden project instead.

[https://bitwarden.com/](https://bitwarden.com/)

~~~
throwaway84742
Why does it need me to create an account? What's the technical reason? My ye
olde 1Password (pre-cloud) doesn't need an account, and stores its database in
iCloud or on Dropbox using the accounts I already have there.

~~~
1pfdthrow
It's a web service. You can host it yourself.

------
bdz
How I roll: KeePassXC + browser plugin + MiniKeePass + Dropbox

[https://keepassxc.org/](https://keepassxc.org/)

[https://itunes.apple.com/us/app/minikeepass/id451661808](https://itunes.apple.com/us/app/minikeepass/id451661808)

~~~
supreme_sublime
Instead of dropbox, I'd recommend using something decentralized like
Syncthing. I have a similar setup and recently changed to using Syncthing to
keep my password database synced on all my devices.

~~~
bdz
Thanks! Actually never heard about Syncthing, looks really good!

------
5_minutes
I do find $36/yearly for a single licence quite alot for this kind of tool.

This is the kind of product that's so feature rich already, I would not need
real new features built in. And storing a few passwords takes no diskspace
either.

I'm using the non-cloud version, that sync with Dropbox, but suspect 1password
of deliberately having it syncing poorly to push us to the cloud version.

~~~
caiob
I'm on the opposite end of the spectrum. I find $36/yearly a bargain for the
value their product provides. 1Password is one of those tools I couldn't
imagine my life without. And $36 is a small price to pay to have my online
identity a little safer and more manageable.

~~~
woolvalley
I want to pay the $36 a year and not use their cloud.

~~~
geostyx
1Password 7 Beta supports local vaults

~~~
woolvalley
Do you have to use the single license edition and buy one for each OS or are
you forced to use the cloud instance if you get the subscription?

~~~
bwoodruff
Licenses are still available. It is also possible to pay the subscription and
use local vaults, though this would not be recommended. - Ben, AgileBits

------
elorm
Last month i gave up my dinosaur status (using a ciphered pen and paper
notebook for managing my passwords) and started using Lastpass.

To be honest, i still feel a bit wary about keeping my password in the cloud,
but LastPass has been so amazingly convenient, it's well worth the risk. To be
extra certain incase of an undisclosed breach, I 2FA everything that has a 2FA
option. I know i'm very late to the ballpark, but i'd rather corporate
organizations add Password Managers to their policies instead of forcing
everyone to change ever so often and worsening the situation.

~~~
elliottcarlson
As long as PCI, or ISO 27001, continue to require password rotation policies,
it will be hard to implement for some companies, depending on the
infrastructure and who has access to what. Hopefully we will see more things
following the NIST guidelines, since it's a pretty ineffective way of ensuring
security.

------
Cub3
Free 1 year membership membership only? Am i reading that correctly

~~~
ReverseCold
"Memberships can be renewed each year if your project still meets the
requirements. Email us at ______ 30 days prior to renewal."

Presumably free.

------
ryanmccullagh
Can't trust passwords being stored in the cloud.

~~~
dbg31415
Which is a fine mentality for personal passwords -- at least I get where the
distrust comes from.

But for an enterprise team (or just a team), you need to be able to share
passwords with various team members.

Without a system, you're left with each of those people having to use their
own (often insecure) personal methodology. Without a password manager, people
resort to very simple passwords, or reusing passwords across multiple systems,
or writing passwords down on PostIt notes next to their monitors.

Without the convenience of a cloud-based system, you don't have an easy way to
back up your passwords -- what happens if someone gets hit by a bus? And you
can't easily have someone run compliance to verify when the last time was you
updated your password, or how complex your passwords are -- at least not
without showing them the raw passwords in all systems.

I get paranoia... but any team that runs a password manager service
consistently for all users will be much more secure than any team that
doesn't.

* Most Private And Secure Password Managers - Secured.fyi - Alpha || [https://secured.fyi/password.html](https://secured.fyi/password.html)

* Best Password Manager 2018 - Lastpass vs. Dashlane vs. 1Password || [https://www.tomsguide.com/us/best-password-managers,review-3...](https://www.tomsguide.com/us/best-password-managers,review-3785.html)

~~~
woolvalley
It's pretty much the old on-prem vs off-prem argument, and for some people &
organizations, on-prem is non-negotiable.

~~~
bwoodruff
I don’t anticipate on-prem being available for individuals; there is simply
too much infrastructure required. But for businesses this may be possible in
the future. Please reach out to our business team at `business@1password.com`
if you are interested. - Ben, AgileBits

------
gshakir
Looks like a good alternative to AWS Secret manager
[https://aws.amazon.com/secrets-manager/](https://aws.amazon.com/secrets-
manager/)

~~~
dmlittle
AWS Secret Manager is for application code to retrieve secrets for different
services (e.g. API Keys, DBs, etc). You can't use 1Password for that.

Similarly, you wouldn't store your Twitter, Facebook, NPM, Hex, etc. accounts
in AWS Secret Manager. You'd use 1Password for that use case.

