Aside: I never really understood distributing just slides from a talk. Any good talk most of the information isn’t in the slides.
"If you ever wanted to dump someone's entire LastPass vault, this is where you start :D"
Edit: to clarify, I'm asking specifically about client-side security of these products - NOT feature or UI/UX comparisons.
1Password, for example, has written extensively about their security model and have done so proactively, including a lengthy whitepaper: https://1passwordstatic.com/files/security/1password-white-p...
LastPass is garbage because it's LastPass, not because it's a password manager. The only thing LastPass has ever done well is somehow remain relevant despite being terrible: that's an achievement.
i’m a long-time 1password user and absolutely love it. sure, it involves placing some degree of trust with AgileBits, but for the incredible level of practicality it offers, i view it as a decent trade-off. reading that paper now also makes me a great deal more confident in their security standards.
Although personally, I use OneDrive to sync it across devices
Browser integration, less than great iOS clients and other quality-of-life features eventually made me find an alternative.
I might look into it again.
My question is related to the OP though, I'm not looking for UX/UI or feature comparisons.
I now mostly use 1Password but I also host a VaultWarden instance. I haven't yet moved to it fully because even though 1P is also devolving and I don't like having my passwords db on a 3rd party server, I still find BW's clients clunky especially the browser integration.
My question was specifically about the kinds of issues in the OP though. I poked around my Firefox profiles and haven't found much but I don't really know what I'm looking for.
The one good thing about LastPass was basically how easy it was to set up. Everything else was a bit of a mess. 1Password was tricky to set up, and they took a bit longer to launch a cloud service.
One thing that bothers me about 1Password is that they only let you set up one security key, which is very impractical for people like me. OTOH, this is not unusual, and I assume part of it is to keep bad actors from adding more security keys to your account or something like that. Still not great when you can lose access to everything if you lose your key.
This is my impression as well. What I wonder is whether this is because they haven't tried to find these issues with the other products, or they just failed to find them so nothing ever got published, or if it did no one noticed it. I find the latter hard to believe as I suspect marketing departments would have been all over it.
That said, to me LastPass was always terrible. Back in the day I moved from KeePass to LP for the browser integration but everything was so buggy and unreliable that eventually I moved away.
1Password was better but the cloud service brings some of the same worries as LastPass.