Originally published at: Moving from 1Password to KeePass - TidBITS
Josh Centers decided to regain control over his password database by moving from 1Password to the open-source KeePass. He explains the tradeoffs and how to overcome the hurdles of syncing passwords among all your devices.
1 Like
I longtime use Password Wallet (www.selznick.com), which has a local database also. It is non-subscription. The database works on Windows, IOS, and Android. It allows for sites that require login on one page, and password on another. It also allows a password plus a PIN. I presume KeePass does these, too. It can sync with Dropbox. Moving from 1Password might be difficult. The only potential downside for me is that it is a one-man operation, who so far is alive and well. He is very responsive. New Mac OSās have not required any updates at all. I should note it is also great for entering Credit Card numbers and their 3-digit codes. All info gets pasted, not typed, which eludes key trackers, I suppose.
Is Appleās Keychain so bad that it doesnāt deserve comment? Iām certain lots of Apple owners use Keychain and are completely satisfied.
Iāve been a 1Password user for a long time and Keychain just seems to get in the way but I either ignore it or make it a second password option. My wife prefers Keychain.
If iPassword is changing again, Iām gone. Maybe itās time to look at KeePass.
Now that it supports two-factor authentication, itās pretty good if you donāt stray outside the Apple ecosystem. I need something that isnāt so platform-specific.
Family plan keeps us on 1Password. My wife and I need to share passwords.
1 Like
Thatās the next hurdle I need to figure out. KeePassXC has that function, but I havenāt tried it yet.
One more vote for Password Wallet. I too have used it a long time (since well before 2001) and have received help from the developer a few times.
I currently usw1Password but the apparent inability to store the database locally in v8 is a deal breaker for me. Have been scratching my head for some time about where to and how, when v7 stops working.
Thanks for the article Josh, am looking forward to the next instalment re family sharing
First, Iām always glad for alternatives/competition. Iām glad there are good choices for Mac/iPhone.
Iāve been using 1Password 8 for almost 3 months. I think itās great. Itās still in beta and they keep on adding new things including making it feel more Mac-like. For example, Command / is back. Theyāve recently added support for SSH keys that 1PW 7 did not have.
I do not care about local vaults. One can export the cloud vault to clear text for backup if they want. I do not care about Electron. The program looks pretty good on screen. It does not seem to be any more or less prone to performance issues than any other program. Especially as MacOS itself seems much more prone to slowdowns than it did a few years ago.
The kicker is the ability to share and manage accounts for the family including kids and senior parents. Of all the $50 subscriptions these days 1Password is probably the most valuable to me.
4 Likes
Thanks, Josh, for this timely article. Iām a retired US Government employ and just learned access to my retirement account is changing to require the use of Login.gov (one ring to rule them allā¦). Login.gov suggests using a TOTP app in preference to other 2FA methods, and offers 1Password and OTPManager (https://www.stickybit.nl) as examples for macOS, and while OTPManager is free, Iām grateful to find other alternatives are available - especially re āpassword sovereigntyā.
To date, my password management has been a combo of (ahem) the olā-stick-in-the-mud ālittle black bookā method (actually an obscurely named text file buried deep in the file system), browser-storage, and iCloud Keychain sync for my iPhone (which I rarely use these daysā¦ no cell service @ home). Of course, this method requires manually adding PWās to each browser, a somewhat minor inconvenience and any TOTP requirements can only be achieved via email (for my situation)
I, too, am a little leery even using iCloud and really appreciate your local NAS / WebDAV server option. As in the locksmithing realm, its acknowledged locks only keep honest people from gaining access, all locks are pickable - so the added layer of local storage is a plus
I also have a Synology NAS and look forward to you future posts describing your exploits therewith as well
Josh,
You mention browser extensions in the article. Iām still using, at least for some of my passwords, Password Wallet from (Selznick Scientific Software. It has an āauto-typeā feature which doesnāt rely on a browser extension but uses Accessibility features on the Mac to accomplish a similar purpose.
I see both Strongbox and KeePassXC have listed auto-type/fill for passwords can you elaborate on how they accomplish this? I canāt tell from reading the apps sites how itās done.
Thanks.
Cheers,
Jon
It looks like OTPManager is implementing the industry-standard TOTP algorithm (RFC 6238), so there are dozens of different apps you can choose to use, whether or not officially supported by login.gov.
Thanks for the info @David C.
Authentication options | Login.gov requires āat least one secondary authentication methodā and then describes various options, Authentication applications being just one. OTP Manager is listed as one of the āpopular optionsā, although they also mention using āsupported applicationsā. Since they āadhere to the latest security standardsā¦ā, one would imagine there are other options āsupportedā
Iām liking Joshās recommendations, so weāll see what worksā¦ hopefully with minimal ārinse and repeatā cyclesā¦
Thanks again for chiming in
1 Like
My wife still uses itā¦and it is a fine appā¦and the dev is pretty responsive to emailā¦but there are too many drawbacks IMO to use it. He is a one man shop and updates to add features are non existentā¦and if you google his name he has new interests. Thatās not to call it abandonware but itās getting to that end of the spectrum. Vault sync is still horribly cumbersome between devices, there arenāt browser plugins, and auto entry of user Iād and password from the app is still cumbersome. The biggest is sis the one man shopā¦users are only a heart attack or an āI wanna do x nowā from abandonware.
That saidā¦the forced subscription, no local vaults, no DropBox support, Electron app, and (so far) no ability for a user to backup their data to the location of their choosing and restore that data if neededā¦are going to be deal breakers for a lot of users. As I said in the other thread about storesā¦businesses exist to make a profit and it has become clearer and clearer over the past couple yearsā¦and amplified by them selling part of the company to VCs which is what happened regardless of their attempts to put lipstick on itā¦that they really donāt care about individual users now, theyāre business is oriented to business and large corporate users because theyāll make more profit that way in their view. Nothing wrong with thatā¦but it kills the product (at least with v8) for individual or family users who value the above features. Unless v8 fixes those issuesā¦many will use v7 until it breaks and then move on. The company has embraced Windows users over Mac and iOS usersā¦again, their choice and they get to do thatā¦but users get to vote with their dollars.
1 Like
I did a pretty thorough look at alternatives a few months back. My needs are DropBox sync, backup and restore locally, and I need attachments to records and Secure Notes capability. Enpass seems to be the most viable alternative.
I have, in the past, used Dashlane - dropped because of the large price increase - and 1Password. I didnāt care for the subscription model so, recently, I changed to Buttercup. (buttercup.pw) Itās easy to use and free. Based on responses to a post I put up a couple of months ago, the developer and I are the only ones using it. But take a look - it seems to meet most of the requirements I see people listing.
Yes, I realize that sooner or later one has to move on, though Password Wallet still fills my needs ā even the sync between Mac and phone is done in a second or two. Thanks for the suggestion to look up the developerās name. I knew that he was involved in the space industry, but not that he had an asteroid named after him!
Yeahā¦I think he has mentally moved on from PWā¦but since he still makes some sales hasnāt officially abandoned it. The biggest issue from my standpoint is the one man shopā¦password keepers are the most vital utility we have and there is Zero support outside of Sanford.
So Strongbox uses the built-in autofill functionality. I havenāt really tried that on the Mac, because I donāt use Safari, but on the iPhone, you get that little bar above the keyboard that gives you password options.
As far as the KeePassXC extension, it works similarly to 1Password except for the extra security prompts. It shows a little KeePass icon in a login field that you click to either autofill the password or show multiple options if you have more than one login for that site.
