- A few years back, their free/premium tiers were looking similar to what they announced today. Only they charged a mere $15/year for premium, which I gladly paid.
- Then, overnight, they offered syncing across all types of devices for their free tier. The premium tier was only adding some niche features. I would have continued to pay $15/year just to support them, but at the same time they bumped up premium to $36/year. That was a deal-breaker: not paying 2.5x for features I don't use.
- Now, they switch back to not syncing across all types of devices, but the premium price stays $36/year.
If LastPass was the only game in town, they might get away with it. But there are at least two competitors, against which LastPass doesn't compare favourably: 1Password costs about the same, but is more refined. Bitwarden is a bit less refined, but is cheaper.
I'm not dissatisfied with the LastPass product itself. But having to keep up with radical policy changes every few years largely negates any positive experience.
The UI looks nice, but I still don't get their company model. Data are stored on a third party cloud provider of your choice, so why is Enpass subscription-based? I surmise that paying removes some sort of ads from the apps, but I can't tell for sure. If that's the case, I'll have to pass.
Around the same time I started using Bitwarden, I started at a job with a corporate 1Password subscription for employees. 1Password's UX was so much better than Bitwarden that I switched my personal account over a few months into using 1Password for work.
1Password isn't perfect (e.g. auto-generated passwords can't be autofilled unless you manually convert it to be a 'Login'), but it's by far the best I've used.
Anyone used both 1password and Bitwarden? I'm using Bitwarden right now, but I dislike the fact that their desktop app is Electron based.
I could go into more depth but overall Bitwarden has been a great daily driver for the past few years and would recommend to anyone.
The MacOS app is wonderful, but I find the Windows app incredibly annoying to use.
Nontheless, it works, and it works well.
At work we share a Keepass file on a nextcloud instance and it's a giant PITA.
When it comes to security, smoothness is kinda low on my priority list. I'm fine swapping windows to copy/paste values, or pressing a hotkey.
(admittedly, if your system has something malicious monitoring clipboard use you already have big problems)
I love Keepass for personal use, but if you using it for sharing passwords at work then 1Password or Bitwarden are the way to go.
Bitwarden is great, haven't used 1Password.
I'm sure many people will cringe when reading this, but I also save credit cards in my password manager and use it to auto fill when I need it. This unfortunately isn't supported by Keepass et al.
It has templates, which are supported by some implementation but not others. Which also isn't great.
Why would anyone cringe to read that? They're no more valuable than passwords. In fact, I would think they're less valuable, since really the CC company is on the hook if a number gets stolen.
Last time I looked at it the very nature of the Keepass ecosystem basically meant that you had a ton of different people with commit privileges to different areas, and no real reason to trust any of them.
Been using kp for years, also the android version. I manually sync my .kdbx files, and all is good.
Works great for me!
A password manager is the one thing which I really need to work well everywhere, because I need access to my passwords everywhere.
Features for MacOS are being actively developed to bring it up to parity with the iOS apps.
KeepassDX for Android (or Keepass2Android)
I was a happy 1Password user, but prefer to use my own hosting for the files & the subscription model makes using your own files very hard (but it's still possible)
I tried BitWarden but the lack of a proper desktop app (where the browser plug-in connects to) is a deal breaker. I don't want to type my master password into my browser.
Since the release of 1PasswordX I hardly ever spend time in the native apps except for iOS.
Bitwarden is fine, especially for $10/yr.
Heh. I clearly got too excited to read it properly back when they announced it.
I stand corrected.
I refuse to even think of using 1Password X. It's a security nightmare waiting to happen.
Finally switched to 1Password and it has much better autofill + great OTP support even on iOS.
The only thing keeping me from switching is my past experience with these types of services where, once I make the switch, they remove the standalone license and then raise their prices and I have no alternatives besides dropping the ecosystem entirely or ponying up the ransom. I don't like being in that situation.
Despite its increasingly major flaws (no exact URL matching, slow UI, no way to trigger a sync), it seems like it is still the best option for someone who wants a native Mac/iOS interface. Though if it keeps getting worse at the same rate, hopefully other options will catch up.
That said, it does make it a little bit harder for me to onboard my friends and family when they ask. One of the selling points has always been "Yes, you can use it on your phone and laptop" and "no, it doesn't cost anything".
I happily paid for Lastpass at $12/y. Logmein raised price and I switched to free. Logmein limited free capabilities and I will switch to Bitwarden or 1Password and pay them. I'm not staying with Lastpass to get the rug pulled out under me the third time.
I switched from LastPass premium that costed 15$ per year a few years ago to Bitwarden because LastPass could recognize password fields on all web pages, while free Bitwarden just works everywhere.
Without a doubt the password manager with the best UX is 1Password. Last year ago I got my tech-averse partner to set it up on her phone, the entire process took about 10 minutes and then it was done. She's never asked for me help or support, once she got things working its simply continued to work.
I've since setup it up across my family and my pre-teen child is also using it without a hitch.
From a holistic perspective I love that I can manage multiple vaults. Everyone has a private personal vault that is only available to them and we have a bunch of shared vaults for things like xbox and netflix passwords.
I've never used BitWarden so I cant comment on the UX but $60 a year for 1password is well worth it. I can rest easy knowing that everyone in my family has good password hygiene.
I continue to harbor some concerns about the emergency workflows (what happens in case of death or disablement) but otherwise it's just been solid. LastPass felt, on the other hand, like it was increasingly neglected.
I doubt that. Navigating the sync options and finding one that works with Android phone, iPad and Windows PC was impossible.
Throw in two vault formats (with implications for which sync option can work), and it's a mess.
That was the paid standalone version, not the subscription model (that was when I finally jumped ship).
No, it didn't. I don't remember the details, but the local sync (starting a sync server on the phone) did not work for me with a normal home network, and Dropbox didn't work across all devices, either.
I would pay more for greater simplicity.
I would agree for the macOS and iOS versions but the Windows version could get some polish. The default title and menu bars still hang around, the font choice isn’t that great, and all in all it feels less nice to use.
My experience is about 1 year old, but I have to disagree, as a paid 1Password user, my browser plugins and mobile client would fail to fill in the forms I used at least 50% of the time. That's horrible UX, but I agree, their UI looks nice.
At most I want a prompt for my unlock password when the password manager sees I’m on a site or in an app it has a password for.
We still externalize way too much orthogonal effort on users.
One of the reasons I like 1pwd is their cli tool. I can put such a call to it in a script, authenticate and stop giving a crap about 1pwd
There is a [KB article](https://bitwarden.com/help/article/import-from-lastpass/) about exporting your LastPass vault and then importing it into Bitwarden.
It only took a minute or 2.
The most annoying thing for me is that Bitwarden doesn't have support for all of the extra "credential types" that LastPass has. They are still imported, but everything that isn't supported is imported as a secure note.
So far the only issues I have had logging in anywhere has been logging into my firefox account (in a new browser), and home assistant.
Shared passwords aren't included in the Lastpass export, at least at the time I last exported from Lastpass.
The only functionality I do miss from Lastpass is the option to generate the short pronounceable strings I use to create usernames, like the one I'm using now.
Value is decided by the market according to the utility of the service. I happily pay $22 per year for Pinboard to keep a few bookmarks with tags. That's also storing "tiny text files" but I could not care less. I could even implement something similar myself. And yet, I find the value it provides worth paying.
Another, more extreme example. I am part of a $5000 business program. Last week, I got a single piece of advice that I consider already paid for the entire program. The delivery was 20 minutes long. It was not even something original invented by the lecturer, but it can be found in some books. And again, I don't care. The value is in the impact, not in how the advice that was discovered or delivered.
Microsoft have launched a beta password manager
Lastpass (€3 per month)
- Password Manager
- 1GB of encrypted file storage
Office 365 (€6 per month)
- Beta Password Manager
- Office Suite
- 1 TB Storage
"I do not understand why the only companies that exist are Google, Apple and Microsoft? Where is the competition?"
If the only thing that a customer cares about is paying the minimum amount, the customer should not be surprised that their choices would be limited to conglomerates.
Independent restaurants are a lot more expensive than national chains and make a lot less money than the national chains. If one's only goal is to feed oneself in a restaurant, one is better off going to chain one.
If you choose a worse or more expensive product because it’s from a small business then you’re only making yourself worse off.
That's not correct: the part of the value that you get from buying from local small businesses rather than conglomerates is that you are not buying from a conglomerate, even if the local product could be considered inferior by some measure.
I find this line of reasoning offensive as it assumes that people who genuinely disagree with me don’t understand.
I think it’s more likely that people understand and genuinely disagree. It’s dismissive to just not respond to someone’s values and rationing and I think leads to less discussion and thus more disagreement.
It’s very likely that people place different values on things and I think to have conversation we have to get to common ground and then build from there. If different people miss the meat of an argument then I think it’s not as interesting or useful.
I would've been happy to continue paying 12 USD / year for that service, but at triple the cost? I'm now on BitWarden.
That said, you're not really paying for the storage, you're paying for the apps and plugins.
I can get the argument that it’s not worth $36 but not because of storage costs.
Also while free, arguably the UX is not very good especially on mobile, unless Keepass integrates the way Lastpass, 1Password, et al do. I cannot imagine convincing any of my non-tech friends to go this route.
I kinda feel like the price point for these things is set wrong, though. What you want is a higher price point which gets you /everything/. I pay $1200 per year for bandwidth. If I needed to pay a couple hundred bucks more for access to everything (online newspapers, LastPass, online office suites, etc.), I'd gladly do so.
LastPass should have 250 million customers, not 25 million, each paying $3.60 each, not $36. Most should be inactive, as part of some kind of subscription bundle.
Kinda like a more democratic, decentralized version of Prime.
From posts here, though, Bitwarden seems more reasonable. I trust open source more, and it's cheaper.
So many people recommend Bitwarden now. I am a paying customer from the first day and have been using it on all my devices. Bitwarden followed my Lastpass experience, similar to what OP has described.
Now, Bitwarden's popularity is troubling me. It has become already large enough to be an attractive target for attacks. The bigger it gets, the more lucrative it is for attackers. Similar to the Windows vs. OSX discussions 10 years ago: viruses spread on Windows, because it was big.
Hence, I am starting to worry about using it and asking myself what "the next" Bitwarden is.
What do you think? Is my reasoning going into the right direction? Do you see the point reached where Bitwarden has reached critical mass? What would you recommend as "the next" Bitwarden?
Your thinking about Bitwarden becoming a more valuable target is probably directionally correct, but at least anecdotally, I think the biggest target in this space is going to remain either the built-in Chrome/iOS password managers, or Dashlane, which is a product that advertises widely on Podcasts, etc.
The passwords and all data are encrypted on the client side and the server has no way to decode your passwords so even if Bitwarden's password was stolen, the passwords within the accounts are as secure as the Master password you chose.
Also the fact that the server side is fully open-source (and not just the client) means you could switch to using your own servers at any time.
virus' spread a lot more on windows because of MS's shit stance on security. It an even more popular OS now but the virus landscape is a hell of a lot more limited because they started to take security more seriously. They still have a way to go.
edit: One note about something that was bugging me for a while...items created on my computer sometimes wouldn't show up in the vault for immediate use. Painful when you sign up for a service using your computer and then try to immediately sign into it on your phone.
In the iOS app settings there is 'Swipe down to refresh' (or similar) - turn that ON. Not sure why it was off by default, but it totally fixes the issue. Just swipe down to refresh the vault and your new item appears.
Having a push feature only works if you can engineer your app or add-in to open up the necessary ports or tunnels in the OS itself. Polling on the client end will always be easier to implement.
Also: just checked BitWarden v2.8.0 (449) on iOS 14.4, no setting for “swipe to refresh” anywhere in its settings.
Settings -> Manage -> Sync -> Enable sync on refresh
My trouble was specifically related to the 'Pull down to refresh' behavior being disabled by default though. If that feature is disabled the new items will appear sometime, with no way of knowing when that will be. I honestly don't even know why that feature has an ON/OFF switch, it should just be permanently enabled.
1. Sharing is super-confusing. I was trying to organize things for my mom, as well for my wife and I. And you have to create these "organizations". And they makes things really confusing for a variety of reasons. They are a different pricing/SKU. And the UX around them is not good. It's not clear where things are being created a lot of the time, and who may or may not have access. It just was a really bad experience.
2. It was outrageously slow for me. I use Enpass otherwise, and it comes up right away, and searching is relatively fast. But Bitwarden always had this delay. And it was a huge pain point because it wasn't clear immediately if there were just no results, or if I just had to wait a few seconds. And sometimes things would pop up unexpectedly.
So I've continued using Enpass. It has _by far_ been my favorite password manager. It's no open source, but it uses Sqlite and SqlCipher under-the-hood, and I have full control over where it syncs my data to. Sharing is still a problem (mainly because of the architecture decisions - there is no "central server"), but everything else is so great that I'm fine making that tradeoff.
If you're trying to set it up for three users, you'd need to pay for a organization, which starts at $9/month. On the other hand, I believe you could set up two free organizations where you are a member in each, and you add your mom to one and your wife to the other.
I don't think it was a particularly difficult process, but I did it on my computer, and once it was all figured out, helped my spouse with the rest. I don't find the sharing process confusing. You click Share on a saved password, choose the organization, and then you choose the collection you put it in (which can simply be Default.)
I haven't found BitWarden to be slow, but my laptop is a Ryzen 7 4800H and my old phone was a Pixel 3, so neither are slouches. Not sure how many records I have but I'd estimate about 500.
I'd be a bit afraid of this. Secure key derivation takes time. Remember, you want to be able to defend against people with a few GPUs or the ability to configure a cheap FPGA at least and the ability to build custom ASICs or employ a GPU botnet at worst. Taking ~5 seconds to derive your key securely on your phone is a near inevitability.
I definitely don't trust LastPass with my information, definitely don't trust that it will actually work in my browser, and if you export your lastpass vault bitwarden imported it perfectly.
Take my advice at your own risk of course, I had both for a few months before I was confident it was safe to close my lastpass account.
Interesting thing: I just now remembered to delete my LastPass account, but the delete account flow breaks totally. Just end up in a modal without any content in it, both Firefox and Chrome.
I'm wondering if they are even deliberately blocking deleting accounts for damage mitigation?
I think the issue before was w/ multi-line nodes and special characters.
For reference, I imported the data by pasting in the lastpass export rather than using the .csv import.
- 1Password's TOTP support is much better. 1Password autofills the code and the password, Bitwarden only copies the code. 1Password will scan pages for QR codes.
- They finally implemented encrypted backups but they half-assed it. From https://bitwarden.com/help/article/encrypted-export/:
> Rotating your account’s encryption key will render an Encrypted Export impossible to decrypt. If you rotate your account encryption key, replace the old backup with one that uses the new encryption key.
That said, I'm a Bitwarden user because I don't it's that bad and I don't think 1Password is worth 3.6 times as much.
- Fails to fill out passwords around 2% of the time (Firefox account for example)
- Sometimes I mash the "CMD+/" shortcut and nothing happens. It's very unstable.
- Password generator is rigid. I have to edit the generated password about 90% of the time to add capital letters, numbers etc. I made a comment a while back on how we should be using HTML data attrs on the password field to hint how a password should look for password generators. Perfect password every time.
- Can't remove a single item from the trash. It's empty all or nothing.
- The shift to the web. Introduction of Keepass X extension whilst supporting the legacy. No feature parity between them. It's a bit of a mess to be honest.
Some systems are already using it -- e.g. I know that Apple's generate-password helper reads it, and I believe that 1Password also does.
For a while, I had the horrible practice of using the same username and very simple password everywhere. Eventually my "one true password" became slightly more complex, but I still had some bad habits. I eventually started letting Chrome save all my passwords except for, of course, my Google one.
I switched to LastPass (free) for a while. (My memory of this is a bit fuzzy.) At some point I wanted to switch to something less, eh... corporate? So I got BitWarden. I really like the password generator, and use it exclusively now. (There was a web site I used to use for this, but of course this is much more convenient.)
It was a bit rocky in the earlier days. Integration with the browser on Android could sometimes be a little shaky. It's still not perfect, but I don't have good comparisons there. I use Firefox on Android, Windows and Linux. It works really well on the desktop and mostly really well on Android, though with the browser it's unreliable if you rely on the Android app, so I install the Firefox Add-On for BitWarden, and that works reliably.
My spouse set up her own account, and we share some of our important passwords via a free organization. This is a great feature and gives us both some peace of mind if we were ever required to get into each other's accounts. We also paid the $10/year so she could see reports on her passwords, and get rid of breached, insecure and duplicate passwords. She has adapted readily to using the password manager though she mostly just uses it on the computer, not on the phone.
Overall we are very happy with it and I believe it's an excellent option. I cannot, however, compare it to 1Password.
About UX: between BitWarden and 1Password, I haven't seen any actually compelling discussion of the two password managers' UX that goes beyond just the typical way in which anonymous internet commenters enthusiastically assert preferences. They both do their jobs well enough the vast majority of the time. If you're genuinely in doubt about the UX, try Bitwarden for free and then try 1Password if you can't stand Bitwarden's UX.
If you only use LastPass on 2 devices of the same type (on your desktop and your laptop or if you only use it on your Mobile and your Tablet) you will be fine to stay on Free, However if you use it on your Desktop and your Mobile (like me) you will need to swap password managers or pay up for the service.
Before LogMeIn brought them the service was free on "Computers" but you had to pay up for Mobile (Although you were able to access your vault via their website, the mobile app just made it easier).
Guess it's time for me to invest my time into actually settings up and exporting my passwords to something like KeePass (I've been meaning to do it ever since LogMeIn brought them, I was just far too lazy to do it until now).
$30~ for a year (the offer they included in the notice) aint that bad, but I just don't like having the rug pulled from under me and would rather support something like KeePass than support LastPass.
Maybe I will change my mind after I've had some time to digest the news and play with KeePass (and its alt's).
It can have folders, it generates passwords, it can hold TOTP (2FA) tokens and it can even hold SSH keys acting as your SSH agent. Having your password safe be an SSH agent is a really nice feature which means less copying passwords around. The browser plug-ins have worked well for me as well.
I like that it can use any file sync tool for storing the key database - similar to why I like Joplin for note taking. I also like that there are many different clients for it since it is an open standard. To keep things secure you can use a password plus a key file. As long as you keep the keyfile only on the devices or on separate sync services, it raises the bar of security quite a lot.
There are KeePass clients on Andriod (Keepass2Android and KeePassDX) as well as iOS (Keepassium and another that I forgot the name of). All of the mobile clients support filling passwords. I have them all looking at the same file share and have not had any issues with corruption or file sync. I have it configured to immediately save all changes to disk and it writes and merges conflict files automatically as needed.
There are a few areas that it isn't as strong. First is sharing passwords - it has a feature for it but I haven't actually tried it out yet. Since you need to have the shared file ahead of time, you're really relying on your file sync provider to share that part of things. Second, the integration between programs works well but it isn't as seamless as a cloud service would be. For example, prompts will pop up in KeePassXC when there is a request to access a new password by a website. I believe this is probably more secure but it is an extra thing to come up when auto-filling passwords.
I have yet to try bitwarden but I would guess that sharing and lower-friction in web browsers would work better with it since those were the key benefits of LastPass when I'd used it.
I started using Lastpass as well, but moved to Keepass as soon as they were eaten up by Logmein. I moved to Keepass and I keep the keyfile on OwnCloud. It works very well, and even better than Lastpass (at least as it was when I last used it). Keepass has actual desktop clients, so you don't have to use a janky web-app.
True, but it seems that Bitwarden offers the option to self host which could help mitigate that. However as a paying customer you have more of a leg to stand on if the company does try and pull the rug from under you.
As for LastPass, I rarely used the "WebApp Vault" (Only to copy my passwords for native apps on my desktop) and did it all via the context menu / LastPass button injected into the User/Password fields in the browser.
Their iOS app was very handy (As my local supermarket self scan app keeps logging me out) as for most app's it would offer autocomplete. So I'm going to be looking more into the mobile intergration then the Desktop intergration (as its far easier for me to C+P between things on Desktop then it is for me on Mobile.)
I am going to give KeePass a try but I've not settled on which system I will actually switch to yet.
curious what "support" means in this context, as keepass is free. do you donate or otherwise contribute to the project, or does support just mean use?
So at this point in time I would rather switch providers and give them the 30 bucks LastPass are now demanding for my use case out of the sheer principle of the matter.
So If I do Swap to KeePass or KeePassXC I will be donating that 30 bucks to them. If I swap to something like Bitwarden I'll pay them for what ever package is as close to that $30.
> Starting March 16, 2021, LastPass Free will only include access on unlimited devices of one type.
Something to consider, however, is the alternatives. Bitwarden seems cheaper. Anyone has a preference for either?
This move to limit to a device type is shitty marketing trying to convert more people to buy.
It will fail by angering existing free users and pushing them to alternatives, while also reducing new users signup.
This is a sad post-acquisition state for a product, trying to make the most possible money out of it instead of focusing on real value.
On my mobile device (One Plus 3T) it's rather slow, but that might be due to the device age.
 to use it you have to open/unlock the database, select the entry (although I think it's also possible to associate to android package ids so you don't have to do this), switch back to the app, change your keyboard to the keepass keyboard which will have buttons for entering user and password.
- field detection is much poorer in Bitwarden (ie. it will fill both signup and login fields in some websites... including HN)
- Bitwarden timeout doesn't survive browser restarts (at least, this was the last time I've tried it), making it difficult to use for people with a complex password and frequent browser closing/opening
The feature I miss is that LastPass has a Mac MenuBar app which provided a global shortcut to search my wallet, for Bitwarden I always have to open the app.
Also, the iPhone app doesn't let you view attached images in the app, you have to first download them to the phone's storage.
It’s in my opinion a bad system. The issue revolves around that you always have a personal account, that has work access. Well.... for enterprise, I want to be able to help user reset their password, override there to MFA, revoke access to a share, audit what shares they have access to.
I REALLY wanted to use Bitwarden company wide, but the enterprise product is just not there.
If you want, you can choose to disable the "personal ownership" option, so that employees lose their personal vault and can only use the organisation's vault. You can also select the "single organisation" option to prevent an employee from joining a second organisation.
Once you have done that, you can audit all of the shared "collections" in an organisation and revoke access to specific "collections" for specific employees.
And if you want enterprise-y control, then you can manage employee credentials using LDAP, etc.
It is a bit confusing to be fair, but I think you can do the things you mention?
How does it do with sites that insist on using a 'password' type field for both username and password? This is my biggest pet peeve on the internet today!
Firefox on the other hand used to want to save my username as ****ABC
Amazingly painless import of literally hundreds of accounts including my "Secure notes" and credit cards and such that I also had in Lastpass.
Works great on iOS, Firefox and native that I've tried so far.
Does anyone have any recommendations from this perspective? 1password seems more Apple-oriented, but my devices are all Windows (chrome), and Android.
There's lots of discussion here about "terrible UI," but I imagine none of these password managers are consistently great across all platforms. E.g. Someone using an app solely on a linux desktop in Firefox will obviously have a vastly different experience than someone using the app primarily on an iPhone with safari.
Free and open source (client and the server too if you want to self-host).
They have apps for all (mobile) OSes and even a native Linux app, what I really appreciate. I just saw they also have a CLI, I have to test this, too.
I'm just a happy customer with ~60 users and not affiliated.
I'm very happy with it.
I switched to using safari’s password sync across mobile and desktop. It only works on iPhones and macOS desktop safari, but I adjusted my workflow.
It’s both free, and reliable as long as Apple supports it. But I trust Apple to exist or migrate better than a dedicated product company like lastpass. Both for a decent user workflow and for not being breached (much scarier to me).
I know that companies learn from security incidents and that we should reward, not punish companies for being transparent in their responses. But lastpass  has had issues with breaches and potential breaches and I’m nervous about storing bank passwords and whatnot with third parties.
I used to recommend lastpass because it was easier to use and better than others. But now, for people who don’t know how computers work, I just recommend to buy an iPad or iPhone and use their password managers.
I think it’s going to be tough, even if free, to compete with this.
Doing stuff like making users choose between desktop and mobile, completely arbitrary with no real engineering driver, will just move more users away, I think.
In this instance, you are better of relying on someone whose primary business is to save passwords. They are more likely to have thought about this.
For example, 1Password, explicitly offer an emergency kit for your surviving family should something bad happen to you.
They also used to have a zero-install reader called 1Password Anywhere, but that seems to have been discontinued.
I think I’m better off relying on Apple’s business of protecting my identity (and selling me more apps, music, phones). And the effort spent on this by Apple is likely better than the primary purpose of a much smaller company. I also don’t think the incentives for a password as a service company that makes money off a monthly fee are lined up with mine. In time, I think they will only get worse as they layer on “features” to grow revenue from a fixed, and shrinking, market.
I'm staring at my huge Aperture photo library (with tags, edits, versions and albums). Apple left me hanging. I would not assume anything of a huge company.
That said, Aperture could still open an Aperture library using the final versions of Aperture up until Mojave. So from the time Aperture was discontinued, Aperture itself worked through six versions of MacOS, until Catalina.
As of Catalina, Aperture no longer ran native, but Photos itself could still open and migrate those libraries (note: I have not tried in Big Sur). While Photos didn’t recognize everything initially, before Aperture became unsupported, Photos did eventually handle tags, non-destructive edits, JPEG+RAW pairs, referenced files, and albums.
Apple eventually got the parity enough I was able to move a quarter million photos over into Photos, and haven’t needed to re-open Aperture in a couple years. While I haven’t needed it, I did test the software linked in  below, and it worked great.
What to do if you’re on Catalina or newer, and need to migrate Aperture to Photos: https://support.apple.com/en-us/HT209594
1. NOTE: Open Aperture on Big Sur or Catalina using ‘Retroactive’: https://github.com/cormiertyshawn895/Retroactive
From README: ”All Aperture features should be available except for playing videos, exporting slideshows, Photo Stream, and iCloud Photo Sharing. If RAW photos can't be opened, you need to reprocess them.”
Read more: https://petapixel.com/2019/10/29/this-app-lets-you-use-apple...
Hard disagree -- this is a product, not a feature.
If it's a feature then it's tied to a single product. The whole reason I don't use Apple's or Chrome's built-in password syncing is because I need my passwords to also work on Android and on Firefox.
Less pedantically there's stuff like: https://hackaday.com/2016/08/01/lastpass-happily-forfeits-pa...
On iOS, it’s Settings > Passwords. On MacOS, it’s Keychain Access, which looks like this:
There is also a UI in Safari itself, which on MacOS has added some advisory features, including easily guessed, seen in a data leak, or used on multiple sites:
On MacOS, you can also use the keychain with ssh on the command line:
Plus I recently changed my Lastpass password and they had added symbol/number requirements since the last time I had changed the password and it would not let me use just a word based password. Bitwarden let me without issues.
Checking out the extension now, it's also much easier to use than Lastpass. For me I don't care, but for my parents the Lastpass chrome extension interface is really confusing.
On the one hand, I tend to agree that changning existing features to paid is not-great (disclaimer, I was paying for Google Photos/One/Whatever even before they announced the changes), I wouldn't call space limits "artificial"
But for google, I believe the issue was people were abusing it. The proper solution would have been to stop the abuse, not what they did. Or for example, they might have removed unlimited video uploads which would make more sense, or had soft limits. Also you can't tell me google did not foresee this happening, which just tells me they used the free storage as a lure.
I guess they felt the obvious cash grab was obvious enough to have no need for explanation.
I'll be moving off to somewhere else, despite being pretty deeply entrenched in lastpass. Hopefully there are some migration tools available. I have hundreds, maybe thousands of passwords stored--generated passwords which I do not know at all.
Based on comments here, I'm likely to end up with a self-hosted bitwarden. I'll feel better about that, anyway. I'm trying to eliminate my cloud dependencies, besides my VPS.
LastPass will export your saved passwords into a CSV file. Dunno about importing into another program, though.
My goto tool currently is Keeweb - https://keeweb.info/. Its basically a SPA, can be used offline or online.
Keeweb + a google drive hosted keepass database file keeps my passwords available and synced across 5-6 different devices.
You have to use a different client on every device because the official client is Windows only, and I’ve even experienced bugs a client I used that caused me to lose data entered into secure notes.
And while a single page app client is nice, it’s not good for password managers. 1Password integrates with the iOS password management API and browsers to fill in passwords and even credit card info, and I’m guessing most competitors like Bitwarden (open source just like Keepass!) do the same.
Saving ~$10-50 a year on something as useful and vital as a password manager in order to “roll your own” is such a bad tradeoff.
I switched off of Keepass when I almost accidentally lost data due to a client sync conflict. I had to go back to my Dropbox history and do a bunch of surgery to repair the damage. It’s just not worth it.
This. I find it really strange that tech-savvy folks---who almost certainly have thousands of dollars worth of equipment---would cheap out on a password manager. You want a password manager that's secure, reliable, well-maintained, and usable. And doubly so if you want your less tech-savvy family to get the benefits and conveniences of using a password manager. Those things cost money. And $60/year (on the high end of things) is a bargain for what you're getting.
Definitely agree with this. I might consider setting up Keepass for myself (though I actually just pay for 1Password), but my lay friends would bounce off the setup and maintenance work of rolling your own Keepass setup immediately, and then I'd be on the hook to help them troubleshoot. I'd rather just point them at Bitwarden or 1Password. It works well enough and has good enough support that they get an operational password manager with minimal hassle and I don't have to spend time supporting it. Sure, you don't control their clouds, and 1Password isn't open source, but even so it's a dramatic improvement on a lay user's account security.
You are talking as if KeePass's only advantage is being free and it is only preferred by people who cheapen out. That's not true, just as it's not true for similar arguments for Android vs iOS, or Linux vs Windows, or Windows vs MacOS. People have different preferences and priorities.
Even if the pricing was reversed, I am sure many people would prefer KeePass, as I do, just as in general preferring paid desktop programs to free online services.
> something as useful and vital as a password manager
Indeed, even if one day I give in and start using those online services for everything, something as vital as a password manager would be one of the last places where I would cave in.
I understand that KeePass wasn't for you, and it probably isn't for heavy mobile users as it is primarily a desktop program (official KeePass client works on macOS and Linux by the way, though it feels more at home in Windows). I am sure you could find excellent mobile clients too (I wouldn't know as I never had the need), but I understand that lack of official clients and having to choose among non-official clients, some of whom might be buggy, can be frustrating. But it is perfect for my use case, and for my non-technical parents that I introduced it to, regardless of price.
Keepass is simply not the best solution anymore, even if you want to stay in the FOSS realm. It’s just clunky old software that makes it far too easy to accidentally lose data.
Isn’t that a ridiculous design oversight? To completely handicap any situation involving more than one computer? That’s exactly why I stopped using Keepass.
All that hassle so that you can save $10 a year.
At that time, & still now, I use Dropbox to sync PC KP db with Dropbox. Then FolderSync to sync one way (read only) from Dropbox to Phone. If i need to add password, I wanted to make sure I can add only on PC. PC had the official Keypass, phones had the Offline Keypass App.
$10 now is nothing for me, but few years ago in India it is about 2 days salary of a manual laborour. About 5 meals. Or about 10 litres of Petrol.
I am always wary of anything online which has my passwords. The same reason Chrome does not have all my passwords, but still I trust Google more than any other relatively smaller software like Lastpass or bit warden or anything.
On iOS I switched to KeePassium for my database a while back and its very nice. It integrates with biometric unlock and iOS password management so I can get at easily from anywhere and it stays in sync with the stored database (via a self-hosted Seafile instance) nicely.
The setup has served us (two users) well with few hiccups and good support for dealing with the rare conflicts that do arise.
To those that dismiss KeePass as being too clunky I hear you, but I think the situation is better than it used to be thanks to the development of several high quality and open-source clients for non-Windows platforms: iOS (StrongBox, KeePassium), MacOS (StrongBox, MacPass), Android (Keepass2Android), and KeeWeb as well. I would pay special attention to whether or not these clients support KeePass' built in database sync/merge feature , especially if you don't use a cloud back-end. Most cloud providers will save two versions of a file when there's a sync conflict ensuring you don't lose data.
As for storage back-ends I've used OneDrive, sFTP, and WebDAV , and I'm currently migrating everything to WebDAV. sFTP works well but some clients take too long to open and close the connection.
"We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type. "
Lastpass reasons for doing this are perfectly clear. They want people to use and trust their platform, and there's no better way for doing that than allowing users to use the full version of their product. At the same time, they want revenue, and targeting the people that use Lastpass as an integral part of their workflow (e.g. myself) is a valid strategy.
I've used Lastpass for years. I was a premium user, but at some point the free tier started covering my use case, so I stopped paying. Now I'm probably back at the point where I'll start paying again. I could definitely live without mobile access, but it's a convenient thing to have and I can easily afford it. Maybe I'll look for an alternative too, but it has to be just as convenient.
It would also be easier for me to recommend to less technical users like my family if I knew they could sync 1 mobile device and 1 computer. Its already hard enough to get any of them to use password managers to begin with.
I have been considering a replacement but haven't found anything up to the ease of use and Mac/iOS integration of 1Password yet.
1password has been feature complete for years now, I think they are changing things for no reason at this point. Just charge me for an update when operating system upgrades break the software. Sounds harsh I know, but TBH I wouldn’t mind if apple added family sharing to passwords and finally finished sherlocking them.
The paternalistic Watchtower "feature" is a whole other set of annoyances I wish I could disable.
At least sync still works flawlessly?
I tried LastPass but on the first day it didn't save a password I generated like 5 seconds earlier, and I stopped trying it immediately.
This was a deal breaker for me when I have a ~90 character password (I often mistype one specific key everytime).
Bitwarden doesn't have this problem.
Also why 90 characters when 2FA would be the safer option? Or half that is already infeasibly long to brute force?
Also what do you mean 'reading the password', like via a screen reader? I mean that would be pretty bad for accessibility, but if you mean displaying the password, my version has buttons for it (regular inline, and a popup with the password pasted large on the screen).
I have so many questions.
This is the password for the password manager (e.g. 1Password/ lastpass master password). The password to rule them all. It should be extra secure. I also have 2FA, but you must have heard of defense in depth.
Anyway, I want to be able to see the password and check for typos before entering it to unlock the vault. I don't want to retype the whole password in when I only mistyped 1 character.
When I say read, I don't mean screen reader. I mean read with my eyes, I didn't think this would be a sticking point.
LastPass stores our master password hashes as a SHA-256 bit key.
All I was quipping at, was the fact that the password you enter in length is a whopping 720 bits!
I find it funny that this bit length gets reduced to a hash which is only 256 bits in length.
Your password has more entropy than the hash that gets produced from it.