I’ve been meaning to take a look at BitWarden and see if it’s viable to migrate. That makes them a *huge* target, and I feel like the risk of their database leaking is far higher than the risk of someone figuring out how to mathematically defeat the encryption on my password vault. Yes, it may be super-duper-double-triple encrypted as they imply on their “security” page, but that *has* to be reversible in order for their service to work. Ultimately in order to login to bank websites, Mint must keep passwords in a form that is recoverable to plain text. I find that to be a far bigger risk than keeping my passwords encrypted in the cloud. Regarding bank passwords in particular, the one thing I’ll never do is sign up for a service like Mint. The convenience of sync across multiple devices was too great to ignore, especially when on the go. But ultimately, as long as you trust that there’s no fundamental flaw in their implementation of the vault encryption, you should be able to put your vault up on a public website as long as you use a strong enough key. I get the concern about keeping everything local, and was originally this way several years ago. It works well enough, although sometimes getting the phone to pull down recent changes is a little wonky, requiring me to actually open the Dropbox app first before 1Password sees changes. I’ve been using the standalone 1Password for years, still syncing via Dropbox. A year later I found out that they never really got into the habit of using 1Password, and were quite happy with their sheet of paper. I extolled the virtues of 1Password, particularly with its browser integration, set them up with a 1-year free trial, installed it on their computers and phones, and copied all their passwords in for them. I found out when visiting a couple years ago that my parents were using a single sheet of paper to list all of their online passwords. There’s definitely something to be said about a traditional paper interface for password storage for some people. (And many thanks to Adam for turning me onto this feature a year or so ago!) “Local” iPhone vaults can optionally be backed up to iCloud or across the LAN, should one so choose.)īeyond the above, as two-factor auth has taken off 1password has been a godsend in collocating those rotating 2fa codes alongside passwords and automagically pasting them to the clipboard as needed. (Then I emptied my 1password trash which, under normal circumstances, they conveniently retain for 12 months. ![]() I just don’t want them anywhere on the web. Once 1password merged my existing passwords into a new cloud vault, I blew away the local vault, recreated it, and moved over financial institution and other sensitive credentials from cloud to iPhone. So, this week I finally subscribed to 1password ($36/yr) and was able to kick LastPass to the curb (with a clean, comprehensive import). What I didn’t realize at that time, after they decided to support both cloud and local accounts, is that the two implementations can coexist. Which is why I railed against 1password’s 2017 cloud requirement (which they wisely, thankfully backed off of). Any random rogue browser extension can read everything (and I suspect how my Yahoo Mail address book was harvested, years ago) – including that 1password web view of your vault. But even if their cloud and our vaults remain secure, computer operating systems and browsers provide additional vectors of attack. While 1password has never been breached and their technical architecture is actually fortified to keep our data secure in that scenario, experience tells us never say never – nothing is foolproof. Whereas, I’d place my less critical credentials (think: Netflix) in LastPass for efficient cross platform access, including computer browser extension. However, I have led something of a double life in utilizing 1password without a subscription to store “important” passwords within a “local” iPhone vault. And have frequently recommended 1Password ( for years). Like most, I advocate a password manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |