Moving from 1Password to KeePass

Originally published at: Moving from 1Password to KeePass - TidBITS

Josh Centers decided to regain control over his password database by moving from 1Password to the open-source KeePass. He explains the tradeoffs and how to overcome the hurdles of syncing passwords among all your devices.

1 Like

I longtime use Password Wallet (www.selznick.com), which has a local database also. It is non-subscription. The database works on Windows, IOS, and Android. It allows for sites that require login on one page, and password on another. It also allows a password plus a PIN. I presume KeePass does these, too. It can sync with Dropbox. Moving from 1Password might be difficult. The only potential downside for me is that it is a one-man operation, who so far is alive and well. He is very responsive. New Mac OS’s have not required any updates at all. I should note it is also great for entering Credit Card numbers and their 3-digit codes. All info gets pasted, not typed, which eludes key trackers, I suppose.

Is Apple’s Keychain so bad that it doesn’t deserve comment? I’m certain lots of Apple owners use Keychain and are completely satisfied.
I’ve been a 1Password user for a long time and Keychain just seems to get in the way but I either ignore it or make it a second password option. My wife prefers Keychain.
If iPassword is changing again, I’m gone. Maybe it’s time to look at KeePass.

Now that it supports two-factor authentication, it’s pretty good if you don’t stray outside the Apple ecosystem. I need something that isn’t so platform-specific.

Family plan keeps us on 1Password. My wife and I need to share passwords.

1 Like

That’s the next hurdle I need to figure out. KeePassXC has that function, but I haven’t tried it yet.

One more vote for Password Wallet. I too have used it a long time (since well before 2001) and have received help from the developer a few times.

I currently usw1Password but the apparent inability to store the database locally in v8 is a deal breaker for me. Have been scratching my head for some time about where to and how, when v7 stops working.

Thanks for the article Josh, am looking forward to the next instalment re family sharing

First, I’m always glad for alternatives/competition. I’m glad there are good choices for Mac/iPhone.

I’ve been using 1Password 8 for almost 3 months. I think it’s great. It’s still in beta and they keep on adding new things including making it feel more Mac-like. For example, Command / is back. They’ve recently added support for SSH keys that 1PW 7 did not have.

I do not care about local vaults. One can export the cloud vault to clear text for backup if they want. I do not care about Electron. The program looks pretty good on screen. It does not seem to be any more or less prone to performance issues than any other program. Especially as MacOS itself seems much more prone to slowdowns than it did a few years ago.

The kicker is the ability to share and manage accounts for the family including kids and senior parents. Of all the $50 subscriptions these days 1Password is probably the most valuable to me.

4 Likes

Thanks, Josh, for this timely article. I’m a retired US Government employ and just learned access to my retirement account is changing to require the use of Login.gov (one ring to rule them all…). Login.gov suggests using a TOTP app in preference to other 2FA methods, and offers 1Password and OTPManager (https://www.stickybit.nl) as examples for macOS, and while OTPManager is free, I’m grateful to find other alternatives are available - especially re ‘password sovereignty’.

To date, my password management has been a combo of (ahem) the ol’-stick-in-the-mud ‘little black book’ method (actually an obscurely named text file buried deep in the file system), browser-storage, and iCloud Keychain sync for my iPhone (which I rarely use these days… no cell service @ home). Of course, this method requires manually adding PW’s to each browser, a somewhat minor inconvenience and any TOTP requirements can only be achieved via email (for my situation)

I, too, am a little leery even using iCloud and really appreciate your local NAS / WebDAV server option. As in the locksmithing realm, its acknowledged locks only keep honest people from gaining access, all locks are pickable - so the added layer of local storage is a plus

I also have a Synology NAS and look forward to you future posts describing your exploits therewith as well

Josh,

You mention browser extensions in the article. I’m still using, at least for some of my passwords, Password Wallet from (Selznick Scientific Software. It has an “auto-type” feature which doesn’t rely on a browser extension but uses Accessibility features on the Mac to accomplish a similar purpose.

I see both Strongbox and KeePassXC have listed auto-type/fill for passwords can you elaborate on how they accomplish this? I can’t tell from reading the apps sites how it’s done.

Thanks.

Cheers,
Jon

It looks like OTPManager is implementing the industry-standard TOTP algorithm (RFC 6238), so there are dozens of different apps you can choose to use, whether or not officially supported by login.gov.

Thanks for the info @David C.

Authentication options | Login.gov requires “at least one secondary authentication method” and then describes various options, Authentication applications being just one. OTP Manager is listed as one of the “popular options”, although they also mention using “supported applications”. Since they “adhere to the latest security standards…”, one would imagine there are other options ‘supported’

I’m liking Josh’s recommendations, so we’ll see what works… hopefully with minimal ‘rinse and repeat’ cycles…

Thanks again for chiming in

1 Like

My wife still uses it…and it is a fine app…and the dev is pretty responsive to email…but there are too many drawbacks IMO to use it. He is a one man shop and updates to add features are non existent…and if you google his name he has new interests. That’s not to call it abandonware but it’s getting to that end of the spectrum. Vault sync is still horribly cumbersome between devices, there aren’t browser plugins, and auto entry of user I’d and password from the app is still cumbersome. The biggest is sis the one man shop…users are only a heart attack or an ‘I wanna do x now’ from abandonware.

That said…the forced subscription, no local vaults, no DropBox support, Electron app, and (so far) no ability for a user to backup their data to the location of their choosing and restore that data if needed…are going to be deal breakers for a lot of users. As I said in the other thread about stores…businesses exist to make a profit and it has become clearer and clearer over the past couple years…and amplified by them selling part of the company to VCs which is what happened regardless of their attempts to put lipstick on it…that they really don’t care about individual users now, they’re business is oriented to business and large corporate users because they’ll make more profit that way in their view. Nothing wrong with that…but it kills the product (at least with v8) for individual or family users who value the above features. Unless v8 fixes those issues…many will use v7 until it breaks and then move on. The company has embraced Windows users over Mac and iOS users…again, their choice and they get to do that…but users get to vote with their dollars.

1 Like

I did a pretty thorough look at alternatives a few months back. My needs are DropBox sync, backup and restore locally, and I need attachments to records and Secure Notes capability. Enpass seems to be the most viable alternative.

I have, in the past, used Dashlane - dropped because of the large price increase - and 1Password. I didn’t care for the subscription model so, recently, I changed to Buttercup. (buttercup.pw) It’s easy to use and free. Based on responses to a post I put up a couple of months ago, the developer and I are the only ones using it. But take a look - it seems to meet most of the requirements I see people listing.

Yes, I realize that sooner or later one has to move on, though Password Wallet still fills my needs – even the sync between Mac and phone is done in a second or two. Thanks for the suggestion to look up the developer’s name. I knew that he was involved in the space industry, but not that he had an asteroid named after him!

Yeah…I think he has mentally moved on from PW…but since he still makes some sales hasn’t officially abandoned it. The biggest issue from my standpoint is the one man shop…password keepers are the most vital utility we have and there is Zero support outside of Sanford.

So Strongbox uses the built-in autofill functionality. I haven’t really tried that on the Mac, because I don’t use Safari, but on the iPhone, you get that little bar above the keyboard that gives you password options.

As far as the KeePassXC extension, it works similarly to 1Password except for the extra security prompts. It shows a little KeePass icon in a login field that you click to either autofill the password or show multiple options if you have more than one login for that site.

A post was split to a new topic: DuckDuckGo Web browser for the Mac