Hacker News new | comments | show | ask | jobs | submit login
1Password on Linux (lucianofiandesio.com)
97 points by koevet on Feb 23, 2015 | hide | past | web | favorite | 56 comments

I use keepassx (https://www.keepassx.org/). Works well and I am able to sync it with ownCloud I have on a VPS.

Also, I only use my machines to log on to services, can't bring myself to trust anyone else's machine.

For android use, I have Keepass2Droid (https://keepass2android.codeplex.com/)

The issue with keepassx is sync conflicts.

If you modify a password on machine A and a different on on machine B, resolving the conflict requires manually exporting both to XML, manual merging, etc. It's a real pain.

Keepass 2.x handles merges for you just fine. The mono version of Keepass 2.x is ugly and a little clunky compared to KeepassX or the windows version of 2.x, but it's good enough.

     I only use my machines to log on to services, can't bring myself to trust anyone else's machine.
Unless that VPS you run Owncloud on is hosted on hardware you have under your own control, it is not on your own machine. The acronym VPS ('virtual private server') is a bit of a misnomer as it is not as private as it may seem since anyone with access to the supervisor will have access to your virtual-not-so-private-server.

If anyone wants to test out this setup, you can boot owncloud 8 onto a running box in about 30 seconds using this snapshot: https://www.terminal.com/snapshot/728c65da91ab44fd8616212385...

Lastpass (http://lastpass.com/) has been my holy grail of vital cross-platform apps for many years now, as I've switched from Linux to Mac and back and forth and always with the Windows. Sure, it's a browser plugin, but it works just as well with Chrome and Safari (and probably Firefox and, <gulp>, IE). Their touch-unlockable iOS app is just icing on the cake. I'm not getting a dime for this endorsement. It's just been a real lifesaver, for such an important application category (at one time, as a sysadmin, I had 650 passwords in the vault), and I never have to worry about what platform I'm running at the moment.

It's too bad that LastPass feels like a highschool project by a dude and a couple of friends.

Zero consistency between the browser plugin, the vault, the app, and the mobile app. Even within the vault there's little consistency between different panes.

I'd like to believe that they know what they're doing crypto-wise, but damn that UX feels mickey-mousey. Even something as simple as using up/down over the autocomplete list misbehaves.... ;(

... and don't get me started on Basic Auth support on Chrome OSX

Basic auth is a browser limitation. If you visit a site through the LastPass menu, it'll do the basic auth dance.

I found LastPass terrible from a UX perspective. Sure it must claim a lot of checkboxes on a feature sheet, but the applications/plugins/website are buggy and inconsistent with each other. It only works well when you use it for the narrow purpose of automatic website logins. Throw any other password at it, or dare to try a different workflow, and the whole thing just crumbles.

I only use it because I have to at work. 1Password is much more convenient.

That is also my experience. LastPass is pretty good if you use it with website logins, with everything else not.

However I think that is something that could easily be improved once the guys over at LastPass realize they must invest more in the UX. I for myself did already open a support ticket for that. If everybody would do this, this might raise the attention.

On the other side it's not so bad from a functional only perspective and the pricing is fair - I'll give it a chance and stay another few months with them.

There is a certain amount of trust you put into lastpass due to it's closed nature that you wouldn't by using something like KeePass, isn't there?

I've read multiple independent audits of the LastPass client (such as http://www.martinvigo.com/a-look-into-lastpass/) that haven't found any major issues, and for the issues they do find the LastPass team has always responded promptly. On the server side, LastPass's service is basically just encrypted blob synchronization, so the software doesn't particularly matter.

I note this above but want to emphasize the fact that lastpass-cli supports the lastpass two factor options. For anyone looking for a tool like this for use both in browser and in scripts, it's great to have two factor natively supported in both places.

I use Lastpass, but it seems a tad janky. It's saving grace is that it's ubiquitous and works on every platform I can think of.

I use Revelation (http://revelation.olasagasti.info/). It is available on Ubuntu.

Nothing too fancy but works very well. Have been using it for many years now.

I'm using pass on OS X and Linux (synced via Dropbox). It's an open source terminal based password manager and uses GPG under the hood. I don't have a mobile client, but the amount of times I've needed a password on mobile when I don't have my laptop around are far and few between.

The documentation was a bit lacking when I started, so I wrote an article with instructions:


I use the same and store the gpg private key in a yubikey neo.

The neat thing with yubikey neo is that I can use it with android phone using openkeychain and nfc. This pairs neatly with an app named password store that syncs my pass-database using git + ssh leaving my private key secure.

Most password managers on Android are bad news bears anyhow: http://arstechnica.com/security/2014/11/using-a-password-man...

I think that argument would affect many desktop password managers as well. Also, LastPass in particular supports a Firefox extension that works with Firefox mobile.

OpenPassword's Blimey library supports read and write for the Agile Keychain format, written in Python. The GUI is still an early prototype.


I'm surprised nobody mentioned https://www.passwordmaker.org/. It takes a different approach, but works surprisingly well.

This also exists for lastpass https://github.com/lastpass/lastpass-cli . Very solid cli application.

This. The ability to use lastpass and pull passwords out for use in scripts, offlineimap, is really lovely.

The lastpass cli utility also supports their two factor options. So you get scriptability, ubiquity, and two factor. Killer.

You could run 1Password for Windows under WINE on Linux.

Does that actually work well with 1Password? In my (years-ago) experience with WINE it was hit or miss whether a given app would reliably work in it.

It worked fine for me for when I had to use Ubuntu heavily (2013-2015). Sure I didn't get the browser auto-fill, but at least I could access my database.

1Password, by far, is my favorite password manager.

Just discovered a new password manager yesterday that I didn't have time to review (try, trust ...) : http://enpass.io/ It seems to be available for every platform possible. Even if I'm perfectly happy with keepassx, I'll problably give it a try for its prettier interface.

Has someone already used this one ?

I tried it on Linux and I was not impressed at all.

I use pwgen/grep/echo to manipulate a plaintext file on a ... encrypted filesystem. Good enough?

Sounds good enough to me, there is also Pass [1] if you want something that is just slightly more heavy weight.

[1]: http://www.passwordstore.org/

Very good tool. I will take a look. (I have used my script for years, it's worth switching to a better thing.)

I also made a Chrome extension for 1Password on Linux a while back: https://github.com/robbiev/multipass-chrome

The native component is written in Go.

Something I like with 1Password is the UX, browsers plugins works really good and with the same UI as the application. After a try, It's painful to migrate from 1Password to lastpass...

I moved from 1Password to LastPass for a few reasons not related to UX:

1. Platform support: 1Password only supports Windows and OS X. I use more than those, and want to maintain the ability to jump between platforms at will. 2. Pay twice for OS X and Windows. Seems extortionate. 3. Browser support: I want to be able to try out browsers. At the time I made this decision, 1Password actually reduced the number of browsers they support.

No Dashlane love? https://www.dashlane.com/

Been using their premium service for about 2 years now, couldn't live without it.

I actually run the windows latest version of 1Password under Wine on Ubuntu 14.10 and it works perfectly. I just use the app GUI, not the browser addon so I cannot comment on that.

KDE Wallet seems fine. It has integration with everything including Chrome.

would be nice if there were a bookmark synching service (paid even) which works across browsers/machines etc.

http://xmarks.com/ is owned by LastPass

folks used to use https://github.com/hmason/gitmarks for something like this - didn't quite catch on with me.

pass is a very good password manager.

This article is the perfect example of why not to use Linux on the desktop. A lot of fiddling around that eventually leads to a result that is far inferior to what you'd get just using OS X or Windows.

... for a product that the developers don't support on that platform.

It's strange that you say "this is why you shouldn't use linux", when the article leads off by saying that the author doesn't like OSX anymore (for unspecified reasons). It seems that the author doesn't consider it 'far inferior', and considers OSX inferior enough to look for a replacement.

And the more people who take up linux, the greater the demand for proper linux support. Scaring users away with your FUD doesn't help things. 'Unsupported software' was a similar argument against OSX until a few years ago, if you recall.

It can be if you want to use tools not designed for linux. I use keepass (http://keepass.info/) on linux and android and find it to be equivalent to 1 Password on Mac. It is in the Fedora repos (and I assume most others) and so easy to install.

I like Keepass. It is NOT equivalent to 1Password on the Mac.

The problem I have with KeePass is that it doesn't integrate with my browser well. LastPass does marginally better (it has an extension but I'm not loving it). There's a Firefox extension for KeePass called KeeFox, but it needs KeePass to be open and running all the time, which is annoying to me because it needs an extra window.

KeePass works better is you set it up to use Auto-Type, which sends keystrokes to the window manager to type the passwords into the fields.

I've used keepass ona a daily basis. Auto type failed with my usage patterns - essentially I have multiple entry points per site (enterprise app) and each has a different titlebar text.

I've switched from OS X a few months ago and I'm actually happier with KeePassX than with 1Password. I hated AgileBits for the 4.0 bloat redesign which made everything slower (this is a constant on OS X it seems). I have a pretty simple use case with KeePassX (no sync) and here are the solutions I've found to problems mentioned in this thread. Hope they're helpful!

Hide KeePassX's window:

Just open the settings, click the first two checkboxes ("system tray icon", "minimize to tray instead of taskbar") and add `keepassx -min` to your login script. It'll ask for your password and disappear.

Title bar:

KeePassX does use the browser title bar and it's sometimes not reliable. It's easily fixable, though. Install a Greasemonkey plugin to your browser and add scripts such as this one:

// ==UserScript==<br>// @name Google<br>// @namespace google<br>// @include https://accounts.google.com/*<br>// @grant none<br>// ==/UserScript==<br>document.title += " | Google";

Browser plugin:

I like how I could type "gmail" in Alfred and have 1Password do everything for me. I was able to reproduce that with a bash script that I call from my own launcher and it works just as well, if not faster.

#!/bin/bash<br>nohup xdg-open "https://example.com/" >&/dev/null &<br>wmctrl -a Opera<br>sleep 1<br>xte 'keydown Hyper_R' 'key dollar' 'keyup Hyper_R'

Last line simply simulates my KeePassX Auto-Type shortcut (which I got from OS X, yes).

Update: <br> are newlines, can't believe it's this hard to post code snippets here.

I do use that, but I like having the fields pre-filled, like Firefox does, so I can just press login.

I'd be interested to see the kind of hoops one would have to go through to run Linux-only software on Windows with a reverse-engineered frontend made by a single guy on his free time.

There are plenty of valid arguments about Linux on desktop, but this is not one of them.

If you use firefox on the desktop and on android you can easily sync your passwords for anything browser related without any third party extensions and without trusting unencrypted data to a 3rd party.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact