I don't have a problem with the subscriptions. I've tried out a number of options over the years, including KeePass, LastPass, 1Password, and most recently Bitwarden.
KeePass was a great bit of software but managing the vault syncing myself and having to wait for (and trust) the third-party Firefox extension to update was tiresome. For about a buck a month, LP was a pretty good deal and handled all of that overhead for me.
I eventually moved to 1Password and it's still what I recommend to most people. $45CAD a year is a pittance for how often I use it. The app and extensions are always up to date, they "just work" even for my 70 year old father. At $12CAD a year, Bitwarden is pretty damn reasonable too.
I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money. Yes, a power user can manage everything entirely with free software and a portable sqlite db but that isn't sensible approach for the vast majority of people.
Development costs money and that's fine, but I don't like it when companies act like their pricing is based on the cost of providing a service, and the service is "syncs a single sub-megabyte file between a few devices". You can get that service a thousandfold for free. (And even if they give you more space, that's a worthless addon to almost all customers.)
In particular, the reason it's annoying to sync keepass is because of how the program is designed. There are other managers in that ecosystem that let you log in to google/microsoft/dropbox/anything and then you're done. It all syncs perfectly from then on. It's a development problem, not a need for a dedicated service tied to a specific password manager.
And when I'm considering development cost I'm going to look at things on a 5 or 10 year timeline. I think that's a reasonable length to expect a software purchase to last. On that timescale, Bitwarden is okay but 1Password is not at all a good price.
Shouldn't conflict resolution be in the program itself? It should ask me what to do and be able to keep both versions of the conflicting entry. And if I answer "keep both" or defer to later then it should pack both into the vault and upload that.
(Also I didn't mean thousands of free services, I meant that each one will give you thousands of megabytes for free. Honestly just google and microsoft accounts, and icloud with a device, cover just about everyone. But there are a lot of free storage services if you want them.)
The program itself might not get information efficiently to do conflict resolution (or not at all): for example, you edit a file offline and sync, Dropbox and friends wouldn't be smart enough to just append both of a few bytes worth of data that a password-manager controlled service could since it would be aware of the data structure but would just dump both files, and then both on another conflict etc
So I guess it's just not the same type of sync service that you get for free in those many services
(also I think it's more than a sub-Mb, you have icons there, but also images of docs and what not)
Though maybe this is not an issue as you mention some of the keepass-based apps that go the "app-sync" route instead of manually placed file?
> Though maybe this is not an issue as you mention some of the keepass-based apps that go the "app-sync" route instead of manually placed file?
Right, my main concern here is programs that talk directly to the service's API, because that's the easiest to implement in a correct way. Dumb file storage, but without the worry of stale versions appearing.
Though most people don't need their vault to be robust against simultaneous offline edits from multiple devices.
> (also I think it's more than a sub-Mb, you have icons there, but also images of docs and what not)
I have usernames/urls/passwords, some notes, some icons, and some ssh and bitlocker key files. In total it's 159KB, including a bunch of version history and the recycle bin.
What kind of documents would I put in a password file?
Though some extra megabytes don't really affect my argument much.
> Though most people don't need their vault to be robust against simultaneous offline edits from multiple devices.
This is one of those very rare cases with potentially huge negative effect to make it into a mandatory feature.
> Dumb file storage
Which still suffers from inefficient incremental updates. Curious whether those other managers deal with that (do they split your vault into parts)?
> What kind of documents would I put in a password file?
Whatever documents you want to securely share with others, various scanned docs, so it's not just a few megs, (e.g., Bitwarden offers up to 1G encrypted file attachments)
(though don't use this either, mine is just a few megs)
I use BitWarden and I prefer having the open source and self hosted options for using BitWarden. 1Password does not have those. Despite that, I've been strongly advocating for it at work because it easily has the most polished and refined UI/UX of all the managers I've tried.
Bitwarden is fantastic. And can even pair up with your own open source 'enterprise vault'. Meaning that if you have a decent VPN setup in your home router, you can host the vault in your rpi (for example). It's great
On that note, a simple point where Bitwarden is lacking is the custom fields feature. It feels disconnected, separated from the main fields, and doesn't integrate very well into web forms that use the extra fields. 1Password, on the other hand, handles the custom fields amazingly, and event lets you creat sections to group them together in entries.
Exactly, secrets management is a really critical need that 1Password meets for me, and I'd much rather they charge me an honest price than sell out to advertisers. These things require upkeep (not just defending against everyone trying to break in, but also keeping current on the latest technologies like passkeys), so I find the yearly price of admission is totally reasonable for 1Password's quality and importance.
> I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money.
I have no problem paying for software. But in this case I’d far prefer a one-off purchase. The only reason there are ongoing infrastructure costs are because I’m being forced into using the company’s cloud service. I already pay for infrastructure in the form of my own cloud storage. I want to pay, once, for software that will use that infrastructure.
More generally, while I might see the value in paying $45 a year for a password service a lot of non-tech folks don’t. They’re happy using the same password everywhere they go (until they aren’t, of course), making them pay a few months-worth of Netflix to use software they’re already not inclined to use means they just won’t do it.
> I don't get the hand-wringing when it comes to reasonably priced services.
For me, it has nothing to do with the price and everything to do with the fact that I don't want a service dependency for my most critical passwords. I want them to be available no matter what. The product should be standalone. And this isn't a hypothetical concern, either: my employer is contractually mandated to disallow cloud-based password managers, so I must use standalone ones (yes, this is a stupid policy, but one that I'm bound by).
And on top of that, 1Password 5 was an excellent product and it is just steadily getting worse, in my opinion.
I'm with you: I'm happy to pay a recurring fee for a good service, usability, and dependability.
I've been a 1password customer for as long as I can recall, and it feels weird dumping my subscription to save a few bucks when it's been such a great service at a fair price the whole time. Why I'd keep it around if the OS solves the same problems, I don't know … just saying it feels weird.
KeePass was a great bit of software but managing the vault syncing myself and having to wait for (and trust) the third-party Firefox extension to update was tiresome. For about a buck a month, LP was a pretty good deal and handled all of that overhead for me.
I eventually moved to 1Password and it's still what I recommend to most people. $45CAD a year is a pittance for how often I use it. The app and extensions are always up to date, they "just work" even for my 70 year old father. At $12CAD a year, Bitwarden is pretty damn reasonable too.
I don't get the hand-wringing when it comes to reasonably priced services. Development and infrastructure costs money. Yes, a power user can manage everything entirely with free software and a portable sqlite db but that isn't sensible approach for the vast majority of people.