undefined | Better HN

0 pointsrollcat4y ago0 comments

1password. Not free but absolutely worth the money.

0 comments

5 comments · 1 top-level

rglullis4y ago· 4 in thread

You have better alternatives: bitwarden for those looking for a cloud solution, keepassXC who prefer to keep the data under their own control. Plus, they are both free/libre.

lnxg33k14y ago

I always had issues with KeepassXC. mostly as a concept, I'm not sure if it made sense, but since we're talking about it, how do you cope with the concept that if you lose your phone with the database on it, an attacker can just keep a perpetual copy of your passwords free to brute force and do whatever they wanted? I can revoke access to things with cloud services or self-hosted services, but with all the database in the hand of an attacker he can try to break it indefinitely and undisturbed.. I think KeepassXC for this reason is the worst among cloud hosted and self-hosted solutions

rglullis4y ago

AFAIK, the filesystem is encrypted on any modern device. An attacker would have to first break into the device and then break into the password database. And if they can break into the device it is game over already.

Also, the attacker would have to be really motivated to brute force into it, and if it happened that my phone got stolen and I was worried about your scenario, I'd be just rotating all the high-value passwords I have, which is something that I think can be done quickly.

rollcatOP4y ago

I've tried Bitwarden, pass, and KeepassXC in the past. 1password is by far the most polished. If you consider how big the problem space is (interoperating with every possible broken website out there), support for TouchID/Apple Watch unlock, etc I think I'll take it over having access to the source I will never read.

rglullis4y ago

It's not about what you reading it, it's about ensuring that someone else can do it.

Anyway, I hate to be Cassandra, I just lost count of how many stories I heard of people regretting taking "convenience over freedom" with critical software.

1 more reply

j / k navigate · click thread line to collapse

0 comments

5 comments · 1 top-level

rglullis4y ago· 4 in thread

You have better alternatives: bitwarden for those looking for a cloud solution, keepassXC who prefer to keep the data under their own control. Plus, they are both free/libre.

lnxg33k14y ago

rglullis4y ago

rollcatOP4y ago

rglullis4y ago

It's not about what you reading it, it's about ensuring that someone else can do it.

Anyway, I hate to be Cassandra, I just lost count of how many stories I heard of people regretting taking "convenience over freedom" with critical software.

1 more reply

j / k navigate · click thread line to collapse