undefined | Better HN

0 pointsjunon4y ago0 comments

1password has been audited a bazillion times. They're E2EE. They're cheap. Your master passwords aren't stored on their servers. Neither is your key information.

The only thing I pay for is the managed hosting, but in theory it's not much different than anything else properly designed (e.g. bitwarden) aside from the obvious things, such as OSS-ness.

The only relevant CVEs are relatively mild compared to LastPass.

Give them some credit.

0 comments

throw109204y ago

> Your master passwords aren't stored on their servers. Neither is your key information.

...and, those are the only things that really matter for an attacker. Encrypted data (assuming reasonably strong encryption) is useless without the key.

postalrat4y ago

Some encrypted data is worthless. Some isn't. Depends on what value it has when down the road the encryption is broken.

tatersolid4y ago

If AES being broken is in your personal threat model, you have far more to worry about than passwords.

1 more reply

junonOP4y ago

Properly encrypted data is worthless unless you intend to get the keys somehow. Breaking industry standard encryption schemes shouldn't be in your threat model.

_jal4y ago

Happy to give them credit. I just refuse to give them my passwords.

> The only thing I pay for is the managed hosting

Funny, I was happy to pay them until they removed my ability to store it myself.

edit:

> CVEs are relatively mild compared to LastPass

LP is not the relevant comparison. The relevant comparison is an encrypted store on my laptop.

dylan6044y ago

I still use an older version of 1Pass specifically so I can run things locally. Sometimes, I wish I was ignorant to all of this stuff and could just be a plebe out in the wild using all of the convenient software out there. Just take the blue pill and put me back in the matrix. The knowing of all of this stuff just makes life so much more difficult.

lathiat4y ago

Maybe look at BitWarden

1 more reply

j / k navigate · click thread line to collapse

0 pointsjunon4y ago0 comments

1password has been audited a bazillion times. They're E2EE. They're cheap. Your master passwords aren't stored on their servers. Neither is your key information.

The only thing I pay for is the managed hosting, but in theory it's not much different than anything else properly designed (e.g. bitwarden) aside from the obvious things, such as OSS-ness.

The only relevant CVEs are relatively mild compared to LastPass.

Give them some credit.

0 comments

throw109204y ago

> Your master passwords aren't stored on their servers. Neither is your key information.

...and, those are the only things that really matter for an attacker. Encrypted data (assuming reasonably strong encryption) is useless without the key.

postalrat4y ago

Some encrypted data is worthless. Some isn't. Depends on what value it has when down the road the encryption is broken.

tatersolid4y ago

If AES being broken is in your personal threat model, you have far more to worry about than passwords.

1 more reply

junonOP4y ago

Properly encrypted data is worthless unless you intend to get the keys somehow. Breaking industry standard encryption schemes shouldn't be in your threat model.

_jal4y ago

Happy to give them credit. I just refuse to give them my passwords.

> The only thing I pay for is the managed hosting

Funny, I was happy to pay them until they removed my ability to store it myself.

edit:

> CVEs are relatively mild compared to LastPass

LP is not the relevant comparison. The relevant comparison is an encrypted store on my laptop.

dylan6044y ago

lathiat4y ago

Maybe look at BitWarden

1 more reply

j / k navigate · click thread line to collapse