undefined | Better HN

0 pointsMrDrMcCoy1y ago0 comments

1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account, leaving you high and dry. Self-hosted, multi-device password managers are the only real solution. Thankfully, Vaultwarden and KeePassXC fill this role perfectly.

Now if we could just get the other providers that require insecure email/SMS 2FA to follow suit, that would be great...

0 comments

ceinewydd1y ago

I’m really not sure the “only real solution” is every human needs to selfhost a password manager. That’s ill-advised; an extreme take.

The vast majority of the population will do a worse job on the availability and security of a selfhost solution than 1Password, whose core business and value proposition is password management.

I’m a very happy user of 1Password for Families and consider it the likely the best ~$50 a year that I spend on hosted technologies.

recursive1y ago

I'm a happy user of 1password also. But I'm not touching passkeys until they let me export them. Last time I checked, it was a platform lock-in.

jackson14421y ago

You can export them- just did so by touching the context menu on the mobile app then “copy item JSON.” This includes the private key for the passkey. Here’s one I just exported: https://gist.github.com/jacksonwelsh/f5ad519770b1adde40a6ee9...

Whether or not you can import them into something else though…

scient1y ago

The whole original point of what underpins FIDO2 was device locked, unphishable credentials. Wanting to export and move passkeys between devices is kind of counter to that. And I would argue vendors completing the attestation process are much more trustworthy than storing your own keys god knows where.

1 more reply

MrDrMcCoyOP1y ago

I disagree. While Vaultwarden may be a bit much to ask of the unwashed masses, the storage model of KeePass* is very easy to understand and works with any existing file synchronisation solution, which almost everyone already has at this point. The effort is nearly as low as with a cloud hosted solution, and the value/safety proposition is quite high.

patrakov1y ago

I also think that the "self-hosted" requirement is an over-reach. It would be sufficient to require some standardized commodity that can, in principle, be self-hosted, but is available in an equivalent form from multiple unaffiliated third parties. E.g., a WebDAV folder.

sroussey1y ago

Agreed. I self hosted the key 100 bitcoin in like 2010. Machine crashed. Oops.

littlestymaar1y ago

That's a fundamental problem with cryptographic security: you cannot trust people to manage your keys for you (because due to lack of regulation preventing that companies have this bad habit of pulling the rug under their customers' feet) but you cannot trust yourself doing that either, because you can, and will, make mistakes.

4 more replies

psd11y ago

Feels. I had half a bitcoin on a disk that I left alone. Forgot about it. Reinstalled the OS. Three times. I was a sysadmin for years, but the cobblers' children go barefoot.

zarzavat1y ago

Do you still have the hard disk? Did you attempt to recover it ?

remram1y ago

Do you have machines with no backups? Why?

dijit1y ago

Sounds like you had control of your data.

arthur_sav1y ago

> 1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account

They used to offer their apps offline and you could "host" it anywhere. Venture Capital ruined them.

generalpf1y ago

Having the passwords in the cloud is useful though. Before, if you wanted to use your vault across multiple machines, you had to store your vault in someone else’s cloud. This simplifies the process.

alwaysbeconsing1y ago

Incorrect. 1P orginally offer direct LAN syncing among machines.

2 more replies

signal111y ago

And KeePass XC supports passkeys too[1]. Although I’ve not had a chance to try that out yet.

[1] https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys

freeAgent1y ago

Your vault is stored locally on each device, so if they decide to shut down you just export locally, import somewhere else and move on. It’s not as big of a deal as you seem to be implying.

skinkestek1y ago

I wonder if BitWarden doesn't support passkeys too.

BitWarden is open source to a large degree and even provides an (open source) server for self-hosting.

yaleman1y ago

It does, works great. Not sure about vaultwarden's support for it though.

MrDrMcCoyOP1y ago

It works fine on Vaultwarden for me.

gcr1y ago

For others reading this thread, looks like KeePassXC announced passkey support last October!

Does it work well?

Hnrobert421y ago

No they can’t. You have a local cache. Also, you can export and backup if you are really worried.

briffle1y ago

Bitwarden supports passkeys, is open sourced, and can be self hosted.

MrDrMcCoyOP1y ago

Vaultwarden is a much simpler self-hosted Bitwarden.

j / k navigate · click thread line to collapse

0 comments

ceinewydd1y ago

I’m really not sure the “only real solution” is every human needs to selfhost a password manager. That’s ill-advised; an extreme take.

The vast majority of the population will do a worse job on the availability and security of a selfhost solution than 1Password, whose core business and value proposition is password management.

I’m a very happy user of 1Password for Families and consider it the likely the best ~$50 a year that I spend on hosted technologies.

recursive1y ago

I'm a happy user of 1password also. But I'm not touching passkeys until they let me export them. Last time I checked, it was a platform lock-in.

jackson14421y ago

Whether or not you can import them into something else though…

scient1y ago

1 more reply

MrDrMcCoyOP1y ago

patrakov1y ago

sroussey1y ago

Agreed. I self hosted the key 100 bitcoin in like 2010. Machine crashed. Oops.

littlestymaar1y ago

4 more replies

psd11y ago

Feels. I had half a bitcoin on a disk that I left alone. Forgot about it. Reinstalled the OS. Three times. I was a sysadmin for years, but the cobblers' children go barefoot.

zarzavat1y ago

Do you still have the hard disk? Did you attempt to recover it ?

remram1y ago

Do you have machines with no backups? Why?

dijit1y ago

Sounds like you had control of your data.

arthur_sav1y ago

> 1Password is a closed-source, cloud-hosted service. At any time, for any reason, they can close and delete your account

They used to offer their apps offline and you could "host" it anywhere. Venture Capital ruined them.

generalpf1y ago

alwaysbeconsing1y ago

Incorrect. 1P orginally offer direct LAN syncing among machines.

2 more replies

signal111y ago

And KeePass XC supports passkeys too[1]. Although I’ve not had a chance to try that out yet.

[1] https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys

freeAgent1y ago

Your vault is stored locally on each device, so if they decide to shut down you just export locally, import somewhere else and move on. It’s not as big of a deal as you seem to be implying.

skinkestek1y ago

I wonder if BitWarden doesn't support passkeys too.

BitWarden is open source to a large degree and even provides an (open source) server for self-hosting.

yaleman1y ago

It does, works great. Not sure about vaultwarden's support for it though.

MrDrMcCoyOP1y ago

It works fine on Vaultwarden for me.

gcr1y ago

For others reading this thread, looks like KeePassXC announced passkey support last October!

Does it work well?

Hnrobert421y ago

No they can’t. You have a local cache. Also, you can export and backup if you are really worried.

briffle1y ago

Bitwarden supports passkeys, is open sourced, and can be self hosted.

MrDrMcCoyOP1y ago

Vaultwarden is a much simpler self-hosted Bitwarden.

j / k navigate · click thread line to collapse