> Is there any password management application out there that makes sharing passwords or password vaults easy but is also free?
For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
// Pre-emptive “edit” before this comment has replies: Folks post a lot of arguments for “free” software any time there’s a comment such as mine — but justifications largely feel like post-hoc rationalizations conflating freedom of information and ideas with freedom from paying for value, ret-con’d stories we tell ourselves. I call BS — unless one is independently wealthy, to spend maker time on art or craft requires one to either earn money or enjoy patronage. Tools for work are more craft than art, and deserve to earn, especially as patronage or maker communes are in short supply. Not to mention the exercise of ethnocentric privilege implicit in demanding something of quality in exchange for nothing assured.
I agree to the payment. I disagree to the subscription model.
I absolutely would try to hook users on any SaaS. However, I go out of my way to avoid such products. If I can pay for them once, I much prefer it. (For something like jetbrains, I'm okay with a renewal fee because if I choose not to pay it, I can still use the older version.)
I make an exception for Bitwarden because I like the idea of my password manager having continual security updates. However, it's one of the most frustrating parts of the webification of services - I want to pay for things once, and choose if I want the expanded features at any given time.
You know, I bought 1Password version 3 licence. There’s the support. Fast forward some time and the software started recommending that I uograde to version 4. After installing it, the software told me that it requires subscription from here on. It was almost impossible to roll back to version 3. I ended up switching to Unix pass.
Similar story here. Slowly moved over to Bitwarden. UX almost as good and works well enough on all platforms. Chose Bitwarden for the company afterwards as well, only positive feedback.
I would have moved from 1Password to Bitwarden as well, but I stayed on the 1Password ship for its native app. May reconsider now, as they are moving to electron.
But in cyber security based software woulden't you need constant updates against new exploits? In something like Fusion 360 or Matlab or office I agree, if you dont need new features you shoulden't pay for updates.
> For something like jetbrains, I'm okay with a renewal fee because if I choose not to pay it, I can still use the older version.
110% agreement.
Further, the only thing I like less than subscriptions is IAP not of new feature sets but ‘pay-to-play’ where the mechanics of use are negatively distorted to gamify purchase impulse.
I’ve argued — here, since inception of IAP on Apple’s app store — that the worst thing Apple has done to consumers was normalize removing the ability to show only single purchase paid apps in the app store. An vast class of less fortunate consumers either resign to less utility or waste time on an artificial “grind”, to encourage another class of “whale” to drive corporate revenues.
I don’t mind extracting cash from whales who can afford it. I do have a problem inflicting artificial digital scarcity of utility or enjoyment on the masses to create the ‘hook’ for whales.
As for subscriptions, it’s not clear to me that the treadmill of software/hardware upgrades is benefiting core use cases.
I like paying for generational or disruptive change, “voting with my wallet” on what’s of worth to me, but after a couple decades of purchasing generations of Adobe software only when the features mattered to my work, I moved from Adobe to e.g. Affinity and feature sets I own instead of rent when these recurring subscriptions don’t appear to meaningfully benefit my productivity or output.
For instance, it’s remarkable to me how similar the principles are between today’s (re-)emergence of Markdown for document composition and the early WordStar / WordPerfect / AppleWriter tools of the 80’s. I also like the experimentation by these Makers in ability to purchase a ‘pinned’ feature set, or support ongoing refinement. (Editors whether text or code, like JetBrains mentioned, seem to have a jump on this clever — and rare positive — use of IAP.) It’s difficult to show what increased utility of word processing has come from the most recent 20 years of paying for word processing upgrades. Today’s dev efforts suggest the sweet spot may be 30 years back.
The flip side of this, economic models are still dissatisfying for affordability of basic bricks and mortar world rights such as housing. The least worst answer appears to be rent (with a dystopian jag into ad-supported!), and it may be the least worst for software is rent as well.
Except when the ongoing annual software rents have risen to the same cost as one-time purchase (again, Adobe!), contrary to bricks and mortar where the over under is often 7 years of possession and use.
Back to artificial digital scarcity — I’m concerned that advertiser funded access to quality writing is losing ground to monthly subscriptions for content. Are less fortunate kids going to be able to subscribe to NY Times, WaPo, Atlantic, Guardian, National Review, American Spectator, and so on, for $5 a month each? (News aggregations such as Next Issue could resolve this, but even as Apple’s “News+” this struggles.) Even more dissatisfying when a print publication goes down the same path as cable, first charging for something that was free, then eventually layering in the same ad content as when it was free.
Artificial scarcity based IAP, data-broker supported (ad supported is fine, individual data for content is not), and the descent into the ironic sounding “gacha” model for software or content happy meals (utilities, clickers, news, etc.) — something thoughtful has to shift before we’re living in a future less Roddenberry than Idiocracy.
With applications however you are using your resources only. If you use a web app you are using their resources which they have to pay for continuously in perpetuity. To expect a one time fee for that and forever updates just isn't feasible. There is software out there for free that does what bitwarden does. KeePassX for example, so it's not like there aren't options.
> I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
It's about freedom, not about price.
I will not shape my life and habits around software that can be discontinued, or suddenly changed so much that it breaks my workflows. I will not use software with proprietary formats or which has dependencies on external "cloud" services that can go away at any moment. I don't need that kind of aggravation.
Happy to pay any reasonable (or even slightly unreasonable) money for software, not an issue. Sell me each version as a stand-alone application that I can run forever without any external dependencies and I'll pay for it.
Try to lock me into a subscription model and/or make the functionality dependent on an external server, that'll be a hard No. Even if free.
With 1Password, the subscription is really expensive, and I’m afraid that the bloat the company is stuffing into the product is weakening the security. Frankly, they make too much money.
I’ve found enough bugs in the Mac product that I assume there are security issues I’m not aware of.
A 1Password subscription costs $36 a year. Their previous standalone product cost $50 per desktop OS you wanted to use it on and had a major version upgrade you needed to buy again about every two years.
If you needed it on both Mac and Windows, the subscription was cheaper.
For me it’s the feature tiering and price discrimination that turns me off. I end up paying too much (total cost over 5 years) for too little. If you look at the business pricing it’s even dumber.
The $2 billion valuation of 1password tells the entire story. They’re overcharging for what they’re providing and I think tech people can “feel” that which is why tech communities hate the subscription BS.
I don’t really think $8/user/mo for Business is overcharging compared to Slack which quickly gets into $30+ per user per month in larger shops where Enterprise Grid is required for its features.
By your argument why can’t I buy that and self-host it too, decide if I want to upgrade for more features myself?
I also think $5/mo for 1Password for Families is incredible value. Zero regrets on paying for this because it meaningfully enhances my families personal security posture through elimination of reused credentials and enabling TOTP (sharing of code generation) on many sites we use, that it is cross-platform so no excuses for everyone to not use it, and the UX is so simple you don’t need to be “tech people” to succeed.
How much you charge and how you charge is definitely divisive, but 1Password feels very much on the cheaper end of the spectrum, not “overcharging”, heck Discord Nitro is $5 (Classic) or $10 and gets you very little by comparison IMO.
>enabling TOTP (sharing of code generation) on many sites we use
Are you generating TOTP codes via 1Password or something? That seems like a degradation of security. I did a cursorary search and didn't find mention of 1Password providing such a "service".
It isn’t a degradation of security, in my opinion, it’s an upgrade, when certain accounts are involved.
For these shared accounts, such as those used by my family, and on services which don’t support account-per-person in an “organization” or “household” sense, this still provides for TOTP in a way my spouse and I can both login. Ensuring just the loss of the password isn’t enough to compromise the account is an upgrade vs. not having TOTP enabled.
Where we can both have our own accounts and use U2F tokens that’s a better story, clearly, but 1Password having this functionality is great!
I don't understand how it's not a security degredation. The point of TOTP is to make access of the service dependant on something you must have phsyically (and isolated from the internet) on you. An attacker that manages to exfiltrate 1Password data has everything they need to access the service if TOTP is part of their offering. Where as all users with TOTP on their phone would have an additional layer of protection.
Even by that blog post, they have to go out of their way and clarify that using this feature means you are not longer using two-factor authentication.
> For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
Yep! People see open source as a goal, rather than a sustainable product being a goal.
> For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
GP here. I agree that all software developers and maintainers need to earn an income for their work. It's just that you don't know my circumstances, my geographic location, and the constraints I have to deal with when posing such a question. Believe me when I say that I have some real constraints that cannot be surmounted on this particular front. I don't like my circumstances, but that's just how things are right now and there's nothing I can do about it.
My guess is it's over confidence, at least in my case. Often I feel like "I could do that!" Now having tried a few times I'm more willing to pay for tools, especially non-subscription ones.
There is a lot of merit to free software and open spurce spftware but in this or other cyber security cases, I would prefer a paid option that makes it clear where the devs are getting thrir money from. If it is free, than the user is the product.
Nope. "Password Storage" should not be a business that exists in the form of "if you don't pay for good password storage, you're not allowed to have it." Especially if it involves storing your password with a third party.
The technology to store passwords safely has a marginal cost of zero (it's software). People storing passwords in third party places increases the threat surface, always. Finally, it's "ecological" in that safety/security of this sort needs to be evenly distributed to work its best.
I'm not saying we shouldn't pay people to make things safer, we absolutely should. But this is a bad model for it.
It's not really different or separate from the whole "Free Software/Open source" thing; there's no easy answer.
Though there's enough potential public harm such that looking at "public health" models is not a bad idea. Most places you don't have to pull out your wallet to get a Covid vaccine, you shouldn't have to pull out your wallet to get good password safety, for roughly the same reasons -- the harm from one "infection" can spread quickly.
I'm surprised by these sweeping assumptions of what the HN audience is.
> relatively well-paid profession earning good wages from creating software
AFAIK 1password doesn't practice location-based pricing, so how can you assume that "relatively well paid" people from different geographies of the world can all find it affordable?
> Not to mention the exercise of ethnocentric privilege implicit in demanding something of quality in exchange for nothing assured.
Whoa! Knowing nothing about the OP you assume that he is the member of the oppressing class clamoring for the output of his slaves? And, since you're writing this in English, I think it's safe to guess you're assuming the person you're attacking is a white, so you're basically accusing this guy of being an entitled white who can't give up his slave labor
I was with you on the rest of the post but charges of "ethnocentric privilege" are a weird, racist escalation hiding in academic terminology there bud
Occam's Razor applies here: everybody likes free shit. This isn't a property unique to the evil whites
>In common usage, it can also simply mean any culturally biased judgment.
Also relating to the "Global North" (who it's very likely that any given poster here belongs to) and "Global South", which don't have anything to do with skin color.
Given you've created a throw-away to comment this, I suspect you know you're actually the one making a "weird escalation" and are aware that you're race-baiting in a non-genuine manner.
For members of a relatively well-paid profession earning good wages from creating software, I wonder if the reluctance to support others earning money for quality work isn’t some form of cognitive dissonance.
// Pre-emptive “edit” before this comment has replies: Folks post a lot of arguments for “free” software any time there’s a comment such as mine — but justifications largely feel like post-hoc rationalizations conflating freedom of information and ideas with freedom from paying for value, ret-con’d stories we tell ourselves. I call BS — unless one is independently wealthy, to spend maker time on art or craft requires one to either earn money or enjoy patronage. Tools for work are more craft than art, and deserve to earn, especially as patronage or maker communes are in short supply. Not to mention the exercise of ethnocentric privilege implicit in demanding something of quality in exchange for nothing assured.