undefined | Better HN

0 pointslxgr2y ago0 comments

> With UI/UX they are lightyears ahead of Bitwarden.

1Password is arguably moving backwards these days, UI-wise.

I don't know if it's caused by the Electron update or just coincided with it, but I've been finding the keyboard autofill shortcut as well as keyboard navigation for selecting a given login on a page very unreliable lately.

That said, 1Password's "auto-rotate password" feature is still ahead of the competition, though. Bitwarden doesn't even seem to try, but that's still better than LastPass, which reliably used to lock me out by irrevocably overwriting the old stored password before the website confirms the new one as having been accepted.

> their secret key system is more secure than Bitwarden’s password-only method.

I don't know, their security key mechanism seems to be getting weakened in the interest of convenience as well. I was recently very surprised to notice that the iOS client apparently synchronizes the security key for any logged-in vault to iCloud Keychain, with no way to opt out – even for enterprise vaults!

Bitwarden will also soon support the WebAuthN/CTAP2 "PRF" extension, which is even better than a static security key since it rotates with every vault unlock.

0 comments

TheNewsIsHere2y ago

> > their secret key system is more secure than Bitwarden’s password-only method.

> I don't know, their security key mechanism seems to be getting weakened in the interest of convenience as well. I was recently very surprised to notice that the iOS client apparently synchronizes the security key for any logged-in vault to iCloud Keychain, with no way to opt out – even for enterprise vaults!

In their defense, they document that the point of the Secret Key is that it remains secret from them/AgileBits/1Password, and that it is expected to be present on-device. It used to be called the Account Key, but the reason the name was changed was because far too many people were referencing it in emails to support, which undermined the design.

In your defense, while they started syncing the Secret Key in iCloud Keychain all the way back at v7.0, they had then and have had sense gotten plenty of feedback saying this should be optional. They have just refused to make it optional.

j / k navigate · click thread line to collapse