This deal is again back with a slightly different 2020 coupon code. Not sure when it expires.
Just signed up and so far so good, no credit card or other payment details required for signup.
The Family Account includes protection for up to 5 people:
What's your strategy?
Locally hosted Bitwarden or keypass 2 sync with Dropbox.
I've come here to say that Eli is spot on, this is both convenient and secure.
BitWarden for the win
This
Bitwarden FTW.
It's open sores
See locally hosted makes sense if privacy and security is of utmost concern.
Then proceeding to sync it to Dropbox kind of…. defeats the purpose.
Simple solution: use any reputable password manager service, and enable 2FA on every single service you use that has it. If it doesn't have it, and its at all important to you, contact the developers of said service / product and request they introduce it.
That way even if god-forbid LastPass, 1Password, Dashlane etc. got hacked, you're passwords may be available, but no one can access your accounts due to needing a physical key, generated auth code, recovery codes and/or your fingerprint etc. Then just mass change all those passwords and either change service or continue business as usual.
Local password management is mostly overkill in the age of MFA.
@Valliance: I think you're forgetting that the file is encrypted before it gets uploaded to dropbox, or whatever cloud service you choose. So there is no "purpose defeated." I use Keepass and sync the file to google drive. Completely free, reliable and secure.
@cerealJay: @valliance You can take it to another level using rclone with crypt - so that you get two layers of encryption - the keepass db encrypted as per normal, plus an additional layer of encryption on top using crypt module for storage in cloud (if you are super paranoid). Rclone can use pretty much any storage provider there is - so you are not locked in to a vendor. You could use multiple vendors for rendundancy. https://www.youtube.com/watch?v=KBr_qf5G4CY
Granted you can't beat 1password / bitwarden etc for simplicity - but for power home users there is better options out there that don't cost anything other than your time for initial research.
Post-it notes. Simple.
Can I come quarantine at your house real quick?
Is your handwriting secure enough?
All my passwords are just 'password'. Super easy to remember.
Nah, could not log in to your ozb account
Make your password 'incorrect'. So when a website tells you your password is incorrect, it's a reminder ;)
You know you can use "Admin"as well.
Set password to 'incorrect'.
So that when I forget password the computer prompts, 'Your password is incorrect!'
put in Excel min Excel 2018 , alphabetically ordered.
Encrypt and password protect the sheet with minimum 12 Characters (Combination of alphabets / numbers / special characters)
It'll take probably too many years for any type of attack to work!! There was an article from MS about this , i can't find it now.
this is how I do it btw , no need to pay any 3rd party.
Also , you can put it in G-drive when online access required. Google can read the file when decryption required but you can't edit it due to MS proprietary encryption method.
You can write a simple script as well to synch it daily to your G-drive.
HTH
Could you please post or message me the MS article if you happen to find? I am inclined to setup this asap. Thanks
@MyLoginName: I couldn't find the original MS one but check the article below:
https://blog.elcomsoft.com/2019/10/microsoft-office-encrypti…
If you use Long combo passwords with Office 2106 and higher necryption , it makes virtually impossible for brute force tools.
HTH
This is just a password manager with more steps in a less secure program. Excel protected sheets are really not that protected.
@Valliance: mate,
Excel 2018 : AES-256 Encryption with SHA-1 hash , use a 12 character password combination of character/special character and number…..not sure you know what these 3 combos mean in matter of brute force possibilities in years…lol…
Use Keepass (https://keepass.info/) - It's free AND open source and hooks up to your browser and also has Android, PC and iOS versions (etc) to easily access your information. You can also sync the database file to dropbox, etc, but I wouldn't recommend this. For me, I just do a simple file copy to my phone.
I second the sentiment - why are people using an online service to store their passwords?? These online services are honeypots for hackers. Not only that, it raises questions like - why are you paying for a on-going service? What happens if the company ever disappears? What happens in the likely event the data is compromised? In theory, it would be a matter of time before your details could eventually be exposed (maybe years from now but having this hang over your shoulders is not a pleasant thought).
Store a local file on your PC and phone and in the (less likely) event they are stolen or compromised, it is still encrypted with a strong, unhackable passphrase.
Content is encrypted before it leaves your device. 1Password can't read your content. https://support.1password.com/1password-security/
I don't know how those without a password manager make do. Inevitably, most (maybe not you, seqwool) will use the same email/password combo with multiple services. When one service gets cracked, the credential pair will open up every other service. Most websites don't even have 2FA, so this access can happen silently for a while before the user realises it.
I'm with Bitwarden as it's cheaper but as far as password managers go, my opinion is that 1Password is the best out there right now
1Password is great, but as much as I get that "it's business", I'm not a fan of how they moved to pushing their subscription service over the existing pay-once approach and synchronising the database using your own cloud. Whilst not their fault either, they only really support Dropbox (ie not OneDrive) and now that Dropbox really limits device counts, I find myself stuck and having to pay the in-app fee for Dropbox for a month each time I need to add a device.
I have a feeling a lot of companies are trying to get out of retail and capture the enterprise market. I was a loyal Dropbox fan for several years and finally got out when they raised their price to $180/yr for no extra benefit. Sadly, they're all doing it.
EDIT: Self-hosting Bitwarden might be an option for you as well, if you're technically inclined.
@soan papdi: I think I'm more invested in OneDrive and Office365 so hoping there's a way to use that one day.. but maybe I'll just give up and move to something else once 1P annoys me.
no extra benefit
Really? A lot of benefits actually… Read below
https://venturebeat.com/2019/05/29/dropbox-increases-plus-pl…
@D6C1: Well, none of those features were needed by me and the article itself says the price increase is quite steep. Also raising storage to 2TB is not something all plus users needed I feel. Hardly anyone uses even 1TB. To me, those features feel aimed at the Enterprise market. I got out
A lot of love for bitwarden in here. Putting price aside, seems like unless you self host, this and 1password would be pretty similar in terms of benefits they offer to the end user?
Correct. 1password is quite a bit better in terms of usability though. It's debatable if it's worth 6USD/mo versus Bitwarden for 10 USD/yr
Edit: typos
I looked at both before deciding to go with 1password. 1password seemed to be a more mature company having been around a lot longer than bitwarden and with multiple third party security audits. I think bitwardens open source as opposed to 1p's whose code is proprietary so bitwarden gets a plus there. You could argue that local hosting means you're less of a target from hacking and if the company goes under, your passwords are still accessible. But in the end, ease of use cross platform integration won in the end.
I used a formula or two for a 15 odd years. Every password was unique, unless you knew the formula of course.
Then more and more sht websites enforced oddball restrictions. Must be 6 characters, 2 of this, 3 of that blah blah.
Now I use complex long passwords generated with chrome, dashlane etc. And 2FA with high risk stuff.
Looking to go next level. And FINALLY get family/friends onto SOMETHING
Because the company can't access them. At all. Only you with a master password, it's easy to read up about how the encryption works
What if someone gets hold of your master password? can they access all your passwords?
I use 2FA with a master password and a Yubikey. Having a physical token plus a master password would make it extremely difficult to break in.
@blurn: Yes, if you store backup recovery codes. Print them off and store them somewhere safe in the house. Alternatively, you can use your phone as an alternative for the Yubikey if you lose it.
Yes (for accounts without 2FA) which I why you need to pick a good one but it's effectively the only password you need to remember.
You need your master password and secret key together to login to a new device or the website.
I don't know hoow people can trust all their passwords in the hand of some company :\
You mean like Google (or Apple)?
It's amazing how many passwords are autofilled from Google (or Apple).
Just the one company.
Only if you let them store it for you in the first place.
Yeah, but there's a lot of people that store it in just the one company.
So are you going to post the coupon code?
CANVA20
You should post it in the coupon code section where you submit the deal
It's already included in the link anyway.
I've been using Bitwarden which is free. But this seems like a good chance to test 1password. Thanks.
I moved from LastPass to Bitwarden. It's just a good for my use and if I want the paid options it's way cheaper.
Fully open source and independently audited
why the switch?
Mostly was curious and it was super easy to export and import and get setup.
Liked idea of them being open source.
Once started I was surprised how similar they worked
@hen dawg: Any benefit to switching though? I'm currently using Lastpass but seems quite a few people in this thread are using Bitwarden.
@Chickenleg: Much cheaper and it's open-source if that matters to you. I'm not sure if you'll be getting any extra features though. In fact, you'll be immediately losing the emergency access feature and the password re-prompt feature if you use those.
@jwilthethrill: beyond the "cheaper" aspect, as there is a free version for Lastpass, it seems like you basically will be losing features instead of gaining anything or have I missed something?
I'm assuming the key thing you can gain is self hosting, but for most lay people, that's probably a bad thing if they don't update their code over time.
@frankthetank: Well I'm not the one recommending it. The features are usually enough for most people so it's an option worth looking at if you'd like to save some money.
I personally don't use Bitwarden because they lack too many features.
@Chickenleg: No, I wouldn't say there is a benefit to switching in terms of use. But I'm still glad I switched
Why people pay for password managers when free ones are more secure is beyond me.
What do you suggest?
Bitwarden
does this work for the Teams plan anyone know?
On Windows pc…
RoboForm is free!
And very good.
Likewise, I stand by roboform. Have been using them for years!
Just use Keepass.
I don't want software that keeps my ass!
Has anyone of you who is already using this app been able to import the keychain passwords?
I’ve hit a dead end and unable to get it as something changed within iCloud with the current OS,
Upgrading to the latest one on Mac didn’t help either.
Thanks
I recall mention that with the business or teams you automatically get family for any employee.
So, I am already signed up for annual family subscription. Can I apply this and get an extra year?
BitWarden is the go, friends
What option do you suggest for bitwarden? What is the benefit of hosting yourself vs bitwarden?
I'm very interested in bitwarden, and really like the idea of 2FA (txt, authenticator, etc). Just don't know if there is a non-foilhat reason to not have bitwarden host?
Does BitWarden support fingerprint or Yubikey?
How is this better than saving passwords using the built in password manager in iOS?
Cross platform, keychain works well, but in its own eco system.
It's not really. I suppose it is a hassle to bring up keychain and manually copy over a password if you're using another computer.
What if you’re using another computer that doesn’t have 1password installed.
then you have to put in your 1password password manually anyway
The best feature of 1Password for me is the auto copy of the 6 digit 2FA.
That's the type of good app design that really helps the customer.
Bitwarden does this too.
I've always had big reservations about the intersection of shortcutting & security. Giving one company/service God rights to watch over your every move.
Google already gives me the heebie-jeebies, and they only get a (large) piece of the picture.
Research the app you choose. Encryption plays a large role. They don't just see all your passwords. And they're locked behind a decryption key that is your master password (and hopefully 2FA).
This. In most cases, 1Password/LastPass/Dashland CANNOT recover your details if you lose your master password to the account.
I also like how many apps integrate the 1Password login button into their login screens. But still doesn’t mean I like the subscription direction they’re heading in.
I have Apple ecosystem and use KeyChain, any reason to switch over?
Does Keychain work for Chrome browsers?
Yes it works at system level, so for every app.
Isn't Lastpass already done this for free?
I'm thinking the same thing, Lastpass has most if not all of these features for free, main draw back is that Lastpass you can't self host and you can only have a single user, though I don't think many people here actually host their entire families password accounts in one go anyways.
Would love to move to Bitwarden, but from what it looks like, you will be losing more key features such as emergency access and password re-prompt but only gaining self hosting which may or may not be a good thing for less technically minded people
Bitwarden should be good for most people but I really wish Bitwarden had more features. They are missing some crucial stuff that has made me unable to switch, not to mention that those feature requests also just sit there collecting dust for years with no indication of it getting added.
what features are you after?
one thing I do notice with bitwarden which is a bit annoying - when I enter user/pass for a new site sometimes it prompts me to save the password, other times it doesn't. So then I have to add it manually.
Yeah I've had the same inconsistency with the save password prompts, but I've had the same issues with other password managers at times so it hasn't been exclusive to Bitwarden.
The main things I'm missing are:
* inability to edit anything when you're not connected to the Bitwarden server (so basically no offline editing in any way)
* No Touch ID on Mac or Windows Hello support
* No trash folder, deleting an entry means its an irrecoverable delete
* It supports Yubikeys but will only let you use them on the website vault (I believe this is an electron issue)
* No dedicated desktop apps, uses electron
* Can't un-share things in shared vaults
There's also some minor features like the large-view option that 1Password mobile apps have or the ability to drag and drop items into folders that would be nice to have.
I've been holding my breath that I'd at least get the ability to edit things in offline mode but at this point I've just given up on Bitwarden. Maybe in 3 years I'll see one of those features get implemented and attempt to switch to them, but until then I'll just have to overpay for some of the alternatives.
Happens with Chrome, and you end up chasing your tail every visit. When the main site immediately redirects to another site/setup, when in the account area. Like visiting ozb.com.au, enter details & redirected to ozdealnetwork.com.au… Then prompted to save details for the second site only.
I’ve been using keepassium and it has serve me well.
Only for new users, dang. I signed up using last year's 1 year-trial and so far it's been great. Very useful and more versatile than Keychain as I use a PC for work.
Create a new account and copy all the passwords across in the app. Took me like 2 minutes to do last time.
I just used the same email and it let me create a separate family and states that it has 366 days left. Just try doing that.
Kaspersky Total Security gives you premium password manager for free and you can get a multi-device subscription for around 10 usd on ebay. Been using that on Windows and Android and pretty happy with it.
I don't know hoow people can trust all their passwords in the hand of some company :\