Hacker News new | past | comments | ask | show | jobs | submit login

I'm on the Catalina beta and the Safari Extension for 1Password 6 doesn't work (Apple only allows extensions from the App Store starting with Safari 13 - so it's not really AgileBits fault).

I chose to migrate to storing everything in iCloud Keychain instead. I understand why companies want to move to the subscription model, but I can't justify spending $36/year for an app to store my passwords.

The problem with iCloud keychain for me is that I don't only use Apple devices, otherwise it might do the trick (except for TOTP 2FA stuff).

I'm trying Bitwarden now and it seems to be ok. Maybe it's time for a change.

As a user that made the switch to bitwarden the last time 1Password tried their shift to the membership-only options some 1-2 years ago, it is an excellent replacement. I do miss some better search / sorting functionality, but otherwise this works great with a local server that I maintain for keeping my Mac, Ubuntu, Windows and Android devices in sync.

Bitwarden costs only what is it 10 or 12 USD a year. LastPass costs 24 USD, and 1Password 36 USD. If you need 2FA. If you don't need 2FA then it doesn't cost as much, but I think you still have a device limit.

Bitwarden's clients are FOSS. There's a 3rd party FOSS server for it available written in Ruby. So you could even self-host.

[EDIT: there's one written in Rust as well! [1] [2]]

[1] https://github.com/jcs/rubywarden

[2] https://github.com/dani-garcia/bitwarden_rs

You can also self-host the original server, it's under AGPL[0]. I'm using this atm, and yes, I pay for the organization feature, though I could easily adjust the code to unlock it. It just doesn't feel right (same goes for the 3rd party FOSS server). But that's just me.

[0]: https://github.com/bitwarden/server

IIRC, LastPass increased to $36/yr which made me switch to Bitwarden. $10/yr with better functionality and UX

That would be a good option if they supported all of their clients equally, but the developer has pretty much said that he's not going to update the extension to support Safari 13. As a Safari user, it's not a good option.

Does BitWarden support "family" use-cases, where you share passwords between multiple accounts?

Yes. Family plan is just $1/month for 5 users and self-hosting as an option.

The free tier supports 2 users sharing.

> The problem with iCloud keychain for me is that I don't only use Apple devices

If I ever need to sign into something on a non-Apple OS, I look up the desired iCloud KeyChain-stored password on my iPhone, then manually retype it on the other device.

I feel that gives me extra security.

>...that gives me extra security

Actually, manually typing or pasting your password (assuming you aren’t using WebAuthN) opens you up to phishing attacks because you could be fooled by the URL, whereas password managers and hardware tokens will activate only for the associated domain.

Bitwarden will also stop working with Catalina / Safari 13 so that doesn't help this particular use case

That is not entirely true. Update: https://git.io/fjXLJ

Seems to work fine, I installed Bitwarden yesterday

Ah, it works on Catalina. I don't use Safari.

+1 for Bitwarden.


+1 for Bitwarden

Correct me if I'm wrong, but you can't share passwords with iCloud Keychain, correct?

My workflow involves sharing certain accounts with family members and 1Password supports that. For now, that's the killer feature for me.

I share passwords with my coworkers (for resources that don’t support teams+sub-users) not by using any password manager, but rather by just keeping the descriptions+usernames+passwords in a Google Sheet.

We use GSuite, but that isn’t really relevant other than for controlling default ACLs to the document; you can just make a private Sheet and then share it by email to whoever you like.

Google Sheets works okay (for this use-case) pretty much everywhere you need it, including on mobile. Doesn’t auto-fill anything, of course, but since the point is sharing the password, not restricting the ACLs of the password in any enterprise sense (i.e. so people that could use a password before can then lose access to it), it’s fine to allow people to just cache the password into iCloud Keychain and/or Chrome Sync. So it’s not as much of a speed bump as you’d think.

> I chose to migrate to storing everything in iCloud Keychain instead.

I did the same when 1Password moved in this direction after version 6. It was clear then that the stand alone version was going away.

> can't justify spending $36/year for an app to store my passwords.


it’s not just storing your passwords. you could use a spreadsheet or plain text file for that.

$36/yr is NOTHING. this is great value for money.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact