I'm on the Catalina beta and the Safari Extension for 1Password 6 doesn't work (Apple only allows extensions from the App Store starting with Safari 13 - so it's not really AgileBits fault).
I chose to migrate to storing everything in iCloud Keychain instead. I understand why companies want to move to the subscription model, but I can't justify spending $36/year for an app to store my passwords.
As a user that made the switch to bitwarden the last time 1Password tried their shift to the membership-only options some 1-2 years ago, it is an excellent replacement. I do miss some better search / sorting functionality, but otherwise this works great with a local server that I maintain for keeping my Mac, Ubuntu, Windows and Android devices in sync.
Bitwarden costs only what is it 10 or 12 USD a year. LastPass costs 24 USD, and 1Password 36 USD. If you need 2FA. If you don't need 2FA then it doesn't cost as much, but I think you still have a device limit.
Bitwarden's clients are FOSS. There's a 3rd party FOSS server for it available written in Ruby. So you could even self-host.
[EDIT: there's one written in Rust as well! [1] [2]]
You can also self-host the original server, it's under AGPL[0]. I'm using this atm, and yes, I pay for the organization feature, though I could easily adjust the code to unlock it. It just doesn't feel right (same goes for the 3rd party FOSS server). But that's just me.
That would be a good option if they supported all of their clients equally, but the developer has pretty much said that he's not going to update the extension to support Safari 13. As a Safari user, it's not a good option.
> The problem with iCloud keychain for me is that I don't only use Apple devices
If I ever need to sign into something on a non-Apple OS, I look up the desired iCloud KeyChain-stored password on my iPhone, then manually retype it on the other device.
Actually, manually typing or pasting your password (assuming you aren’t using WebAuthN) opens you up to phishing attacks because you could be fooled by the URL, whereas password managers and hardware tokens will activate only for the associated domain.
I meant, I don't have to trust Windows or Android's security to not leak access into third-party password sharing apps, or the in-house security hygiene of those third-parties.
I share passwords with my coworkers (for resources that don’t support teams+sub-users) not by using any password manager, but rather by just keeping the descriptions+usernames+passwords in a Google Sheet.
We use GSuite, but that isn’t really relevant other than for controlling default ACLs to the document; you can just make a private Sheet and then share it by email to whoever you like.
Google Sheets works okay (for this use-case) pretty much everywhere you need it, including on mobile. Doesn’t auto-fill anything, of course, but since the point is sharing the password, not restricting the ACLs of the password in any enterprise sense (i.e. so people that could use a password before can then lose access to it), it’s fine to allow people to just cache the password into iCloud Keychain and/or Chrome Sync. So it’s not as much of a speed bump as you’d think.
I can appreciate that it works, but that solution is objectively worse for me. There's no convenience, it's more work, more error prone, and still a "cloud" storage solution with all its inherent issues.
I can punt on the cloud problems, but I'll pay for the convenience of a password manager in this case.
I chose to migrate to storing everything in iCloud Keychain instead. I understand why companies want to move to the subscription model, but I can't justify spending $36/year for an app to store my passwords.