Why 1Password is the best proprietary password manager
HTML-код
- Опубликовано: 3 май 2020
- In this episode, we explore why 1Password is the best proprietary password manager.
==============================
TL;DR
==============================
13:57 Enable local sync
==============================
SUGGESTED
==============================
How to configure macOS for privacy 👉 • How to configure macOS...
Why using a password manager is essential and how to choose a great master password 👉 • Why using a password m...
==============================
LINKS
==============================
1Password 👉 1password.com/
==============================
CHANGE LOG
==============================
Opted out from Amazon affiliate program
==============================
SUPPORT
==============================
Support this channel 👉 sunknudsen.com/donate
Me: "Why aren't you using 2FA?"
Sun: "Hold my thermal blanket..."
?
Sun, your content and delivery are just fantastic!! I’m so grateful to have happened upon your videos. Awesome job!!
Thanks for the push!
Wow! Thanks for a well-organized and thorough video. I just wanna keep important passwords local. Your vid showed me how to do that. If I ever wanna actually set-up wlan sync, I will watch your vid again! Thank you, Sun!
Glad the episode was helpful. 🤓
Excellent video about some of the lesser known benefits of 1Password. And your overall approach to security is well informed.
Although I must say that I was surprised about you not using the browser extensions. For the general computer user it provides stronger protection against phishing attacks, not less. When using the browser extension it will only prompt to auto fill when the URL is correct - that is of your actual bank url for example. If there is an optically similar URL, but not actually the same URL the auto fill will not work, which is your hint that something is amiss. When using the OS installed product and copy/paste your credentials you actually increase your likelihood of handing off your credentials to phishing site.
This man is a true genius
Sun, I find you are the best communicator on You Tube. You do not put me to sleep or have "dead air" for long periods. You should make a how to for other contributors.
Thanks for the push John. I will consider putting together a behind-the-scenes on the subject.
Your channel is bloody awesome mate, thanks again :)
Hey, I love your video series about privacy and I am learning a lot! But there is one thing I don't understand about password managers and their auto-fill features.
You mentioned that you use the 1Password status menu widget to quickly copy+paste or drag+drop credentials over to Firefox.
But, since the vault needs to be unlocked for this kind of feature to work and also the vault gets locked every time you lock your device, this means that you have to type in your master password every single time you start/ wake up your PC and want to use the auto-fill feature.
This seems REALLY inconvenient, and at this point you might as well just change your device's login password to match your master password's security level and then get by without a password manager.
I think the point is to keep all your sensitive data (passwords, usernames, payment info, form autofills like adresses, id numbers, etc etc etc) properly encrypted in a trustworthy location / vault, as much as posible.
Browsers can't really be trusted with this. Same for most people's memory and caution vs laziness levels.
Really enjoy your videos man, i smashed that subscribe button so hard, i subscribed / unsubscribed a several times now. loved the thermal blanket thing haha.
Incredible content Sun, question, what are your thoughts on cloud back ups with a local password manager?
Excellent advice. Thank you Sun.
I would like to use 1Password Family plan. I want to use it on my Android phone and Windows corporate laptop. My wife will use it on iPhone and Mac. I can install 1Password app and browser extension on my phone, but I cannot install them on my corporate laptop due to my company restrictions. Thus I have the following questions:
1) Will I be still able to use 1Password on my corporate laptop?
2) Will I be able to automatically sync the corporate laptop with my phone and other devices (my wife's)?
3) What will be the main drawbacks using 1Password on my corporate laptop without app and extension?
Fantastic! Cheers from Paris, Richard
Thanks for the push Richard! Cheers from Montreal!
Great video, but a novice like me still have a few questions. I need one hard password for the account and one even harder password for the local vault? Creating so many new, and safe, passwords makes it hard to remember them all, so i'm not sure if i will remember the account password, if i'm not using it regularly. This stops me from taking the entire step, because i might paint myself into the corner here... And what do i do with the secret key you got asked to download? Should i back it up somewhere, or write on a note and lock in to safe? I got a bit confused about that one. As for now it just seems so much easier to use the keychain app, and just making life a little bit easier to live.
Love your videos, even though i get really confused! Keep it going!
Thanks a lot for the wonderful content. Any recommendations for , Windows users in terms of password managers? Either open source or proprietary.
1Password or KeePass I would say
Hello, great video! I have a quick question. I created a local vault on my main computer at home (iMac). I got it to sync with my iphone, so that is great. But, when I need computer access outside my phone, then I have a macbook as well. How can I get the local vault to syn to my macbook from my iMac. Essentially, I only want 3 devices. My main stationary computer, mobile phone, and laptop. Would I just have to transfer the vault file from the computer to the laptop manually, and then do the same with each update? Thanks.
Hey Sun, great video as always! I was wondering which email service you
use. I saw that you created an alias when creating the demo 1password
account for the video and it was using your own domain. I was wondering
how is this possible ? I have been looking into moving from gmail and
the number one feature I want is aliases. Could you make a video on this
? Are you using some email service or are you hosting you're own thing ?
Thank you for this video!
Awesome! Thank you for these videos !
Can you do one where you compare "1password" with "Lastpass," because i have heard a lot of great things about Lastpass, but i'd like to know the differences. Thank you !
Pleasure Moses! When I decided on using 1Password (a few years ago), my research pointed out that LastPass has had implementation issues resulting in vulnerabilities. 1Password looked more solid and had a local sync feature on macOS.
Great video man.
Thanks for the push Oussama 🤓
I've already downloaded and starting setting up my phone app, how can I start it over to select the WLAN server. I think I've bypassed that.
Is this tutorial for the MAC version of 1password only? I ask because on the PC version there is no feature called "Allow creation of vaults outside of 1password accounts".
Hi Sun would you be able to descriebe what the key difference is between apples keychain and 1password in terms of privacy and security matters. Are they equally safe to use. I have tried to research it, but somehow it is hard to get the full picture on this matter.
Hi Mikkel, I’m sure Keychain is reasonably secure. That being said, it is proprietary to Apple (and only available on macOS and iOS) which creates sovereignty issues. Also, if you sync your data between devices, your data flows through Apple’s servers which I would recommend avoiding.
Also, is there an app you can recommend for storing Wifi Passcodes? Mine is over 50 characters long and a pain. Other than emailing it to myself, so its available to cut and paste on both Windows and Mac, is there an app, preferably open source, specifically designed for storing Wifi passcodes? You could do it in 1Password, but I believe you have to have Wifi on for these programs to work. It would require a program that can be on both Mac and Windows, where the encryption/decryption is handled completely locally.
Hello Sun! Again, thanks for what you do! What if to store the passwords in excel file (password protected). Obviously, not as convenient as 1password, but do you see here privacy issues as well? Thanks for your opinion in advance.
Hey, I wouldn’t recommend using Excel for passwords because the whole file is probably loaded in memory which makes its content vulnerable to memory attacks. Given the passwords are always visible, it makes them more vulnerable to screen capture attacks. Also, if you are referring to app-level password protection, it tends to be very weak. For example, the standard ZIP password protection leaks metadata and is pretty easy to hack.
Hi Sun. First of all, I really appreciate your work even though I'm a Windows user. I'd like to ask u or other user if u have already made a video on how to store encrypted backups on USB, since I can't find it on your playlist. Thanks to all willing to answer me.
What are you thoughs on enpass? It's keeps the DB locally or in the cloud if you want
Hi Sun, great video but as a newbie you lost me completely when your tutorial screen did not switch back to your Mac (time stamp 18:47) to move your personal folders onto Mac. Can you please write us instructions on how to do that as I appreciate the difficulty to reshoot a video for it. Many thanks.
Hi Sun! I stumbled upon your channel today and I have been browsing through your old videos. I'm wondering if you would still be recommending 1Password today or are there other recommendations?
Quick question.
You have your vault on your mac and it syncs with your iphone when in the same network and both devices are on.
But what if your mac gets stolen or crashes.
And you have a new mac, what do you need to do then?
Great videos and just catching up; subscribed instantly :) Just to follow up on this video, what would one do if your devices were stolen; how do I set 1Password up in the replacement machines; do I need to reset passwords/pass phrases etc? Maybe this could be another video?? Thanks for the videos :)
Sun is looking happy in this video! :)
hey sun! as of latest developments in the 1Password business strategy, using local vaults is no longer wanted and as of July 2023, the browser extension for tagging the right password to the website will be discontinued as google stops support. i am highly concerned regarding 1Password transferring to a subscription based online service and would like to know what your best recommendation is to continue using the convenience of 1Password. I assume switching provider or going with transferring to a subscription based online account are the two options here. would love to get your take on this!
Hey, I switched to using KeePassXC on my Mac and Tails OS a while back… that said, I also accepted to not sync my passwords between devices. Haven’t looked into 1Password for a while but, historically, their tech is really solid so if I craved convenience, I would likely use 1Password even if dataset is synced using their cloud. Password and secret key never leave one’s computer so it is theoretically impossible for anyone to decrypt dataset (including nation state actors unless a backdoor is present). 1Password controls the app after all so if exfiltrating data is the risk one is accounted for, they already have all they need to do so. Hope this helps!
Hey Sun, would love to hear your updated thoughts on the password manager subject, now that 1password 8 doesnt support local sync anymore. Is it still the best alternative out there?
Truly disappointed about that!
Yes. Now that local sync is gone what would Sun recommend? 🤔
What's your views on using Alfred by enabling 'integrations' in 1P settings? This effectively replaces the menu widget you speak so highly of in terms of conenience. I find Alfred better in terms of keyboard shortcuts but is it less secure?
I would recommend against it. Privacy is a trade off between privacy/security and convenience. If you're opting for convenience then you are likely losing privacy/security.
Awesome 😄
Great video!! I have question my friend, do I need antivirus on my IPhone or my MacOS? And thanks for the video.
Hey, I never installed an antivirus on either... nor do I know anyone who has (except for enterprise users). Just be really careful what you install, use an application-layer firewall such as Little Snitch and use virtual machines (VirtualBox) if you have to run apps you don’t trust. Perhaps others have advice?
Hi Sun Knudsen, thanks for your response! I will try Little snitch. Looking forward to your next video!!
I use Keepass for my passwords on Linux. Is there any reason to switch?
Great episode.
Regarding unlocking the password manager with biometrics (18:22). Doesn't it really boil down the probability of someone recording your masterkey using a keylogger or a camera vs the probability of someone physically forcing you to unlock?
With Touch ID somebody could just knock you out and put the finger on the sensor. It is more difficult with Face ID though...
yeah I think he is a bit hardline on that subject. Biometrics is amazing UX for mainstream users. Just using 1Password in the first place and getting rid of most remote attack surface is a 0-to-1 improvement for most users.
Discussing the problems with biometrics is good though.
Hi Sun sorry for the amateur question! If I have more than one mac and would use the family subscription on 1password - would the configuration with the local vault and sync work? 1) Would the setup automatically sync between lets say my 2 or 3 macs? 2) If I wanted to share a vault with my wife, as is possible on the clous based version, would that somehow work with the configuration local vault and sync? 3) If one chooses to use the clous based version - how bad is that when it comes to privacy and security when it comes to 1password? 4) Do you losse any features in 1 passord using the local vault and sync solution?
Thank you for your patience taking your time to read this!
All questions are totally valid! 1. I believe it would but never tried WLAN sync between computers (only between my Mac and my iPhone). 2. I believe you can’t share local vaults over WLAN sync. My gut feeling is this feature is designed for personal use only. 3. For sensitive passwords, I prefer using WLAN sync as my passwords are never uploaded to the cloud. For less sensitive passwords, the 1Password cloud should be fine. 4. Beside password sharing, I don’t think so. It always boils down to the threat model. As a privacy and security researcher, I tend to favor privacy and security over convenience. That being said, using the 1Password cloud is more than enough for most use cases.
@@sunknudsen Thank you so much for taking time to answer my questions. Truly appreciated!
Hi, if you sync password over wlan, any new password won't be sync'ed across your devices when they aren't in the same wlan until next sync when they are on the same wlan.
Hi, what about dashlane? Is there any significant difference or what are your thoughts on it? Btw thanks for ur amazing videos !
Thanks for the push. I used to like Dashlane, but find 1Password is more solid and has amazing power user features such as local sync.
I used to use last pass but I switched to Bitwarden over 1password. It has a great feature set and you can even self host if you want to. Great video though :)
I didn’t know we could self-host Bitwarden. Very interesting! Did you try it out?
Sun Knudsen I haven’t yet since I saw stuck at university for a while but I’m planning on trying it out soon. If I have any success I’ll be sure to let you know 👍
@@sunknudsen I've tried Bitwarden but it's a big pain on my iPhone. I manually have to type in the master password every-time I need to autofill vs using touch id used by default on iOS and macOS. Also as you've mention, it's open source so it's UX is shitty. I'm a UX Designer and I'd love to revamp their UX .😂
Excellent video! I used to store my passwords on LastPass, but since they kinda disappointed me with their changes to the free tier last year, I decided to find something else. Really wanted to switch to 1Password, but because of financial problems, I switched to Bitwarden. It's a really solid and open source solution to password storing. What are your thoughts on it?
Mikey boy looking a lil stoooooooooooned, thanks for the vid bruh
Hi. I just saw this. I was wondering if there is an update? Or a comparison with another provider? 🙂
Hi and thank you for your great Videos 🙏🏼 I have one question. Is it possible to use local and internet sync at the same time.
In general I would like to sync only local. But for some situations, where the password is not as problematic and I would like to share passwords with friends or family, I would like to use both sync ways at the same time.
Hey Marco, I believe it is, but unfortunately, 1Password is deprecating local sync.
@@sunknudsen hi and thanks for your answer. But I think, you are wrong because with some testing local sync without cloud is running😊. At the moment I only have one local wallet and I am looking on how to get some more wallets 🤓
Hello Sun, great tutorial.
Question: do you have an idea how to Wifi Sync when 1password is already installed on the device? For some reason, the Settings>Sync option is not under the setting preferences.
Mm, okay, apparently one should complete sign-out of 1password in order to have a primary Wifi Sync option being available again :-)
Interesting... thanks for sharing!
Very informative video.
Definitely subbed!
Followed all of the steps. Established a local vault/primary
Unfortunately, I cant seem to get my Android phone to sync. with my Mac (Windows/Androids devices suck!)
when I hit sync nothing seems but I get an message saying "please configure sync in application settings" yet there is no place within
the Android app to do so!
Gonna have to contact 1Password support I guess.
In terms of 1Password's browser extension, it doesn't automatically fill in login information into website forms. You have to trigger it by clicking in the field and then clicking on whatever login you need. The extension is so much more convenient and efficient than using 1Password mini all the time without compromising security, imo.
Thanks for sharing Nilesh. I agree the browser extension is more convenient, but personally favor using Mini as things are less integrated (which reduces the attack surface).
@@sunknudsen I totally understand. I love the channel, by the way! I haven't come across anyone on RUclips who is talking about privacy and security in an engaging way like you are.
With the latest version don’t they require you to use their cloud account? Do you still feel it’d the best?
@Sun Knudsen, I have a strong distrust for using password managers, as it appears to me that hackers probably look for these, and can use keyloggers to hack into them, etc. I think it's a better idea to hide all passwords in the code of a jpeg file for example, or in a obscure .txt file, or buried in a pdf, amongs other gibberish words... In essence a place where no one can find it. What do you think?
Interesting perspective Luke. If keylogger is running on computer, there is little one can do. I would recommend installing as few apps as possible, using application-layer firewall such as Little Snitch or Lulu to keep track of outbound network requests, updating OS on a regular basis and always enabling multi-factor authentication. For sensitive use cases, I recommend compartmentalization.
I too don't understand what is the master password for...i changed it, but never been asked...i thought it was a password to log into the program... when do you use it? because right now anyone hacking my computer and opening the prgram, can have access to my saved passwords..
Hi, Sun, I really enjoyed your video, and I appreciate all the time and effort you put into making these informational videos for people like me who are less technically knowledgable. But I have a question about a part that confused me. It's about when you said you should change the Master Password to enable local syncing, to change the Account Password to the password of the Encrypted Local Vault. Does this mean that your account now has 2 passwords? Or has the Account password now been erased? When do you need to use the Account Password vs. when do you need to use the Encrypted Local Vault password. In general I was confused by this step, and also why the Account Password could be simpler than the Encrypted Local Password. If you could explain this part of the process a some more I would really appreciate it. Thanks again for your great videos.
Hey Daniel, great question and I agree this part is confusing. When setting up 1Password initially, we are asked for a master password which is also our 1Password account password (used for billing etc...). That password doesn't need to be extra hardened given we will never store passwords on the cloud (when using this setup). I also recommend enabling 2FA. When creating a local vault, we want to make sure we use a different and hardened password as this vault will hold all our passwords. Hope this helps!
@@sunknudsen I am confused too because the first password, which you named "account password" is also named "Master Password" by 1Password. So it seems to me, that you just changed the master password and from now on you have to type in that one everywhere and the (shorter) first one is gone.
I guess i am missing out something here and the easiest part would be if you could tell an example, where you still use the old/short password.
Ok, I tried it now a bit and I think i got it: After you changed your Masterpassword, you can go to preferences -> Accounts. There is a button to change a password which is apparently different from the Masterpassword. I tried the "old" password and voila, it that one. So there are two diffrent ones. thank you.
Another question maybe: 1Password claims to create backups automatically. Are they in the cloud? If yes, is it safe to leave them there, or is that against the purpose of creating a local vault?
thank you for your great content!
@@TerminalslayerX Thanks for posting this! I really appreciate it!
Sun is it really more secure to copy passwords on to clipboard and paste them manually instead of having keychain or 1password autofill them? I feel uncomfortable when I copy sensitive info on to clipboard and when I glance over at the info on the clipboard. Really makes me nervous.
Great question! If you use 1Password, I would suggest looking into the drag and drop feature of 1Password mini. support.1password.com/1password-mini-mac/#use-drag-and-drop-to-fill-in-apps
@@sunknudsen this is really great. Thanks for the info.
I was using BitWarden for sometime and dropped the whole idea for iCloud Keychain due to inconvenience . But this is so convenient.
How do you protect your data/passwords from a fire or some other event that would make both your computer and phone to available any more?
Great question Emanuel... I am a little overkill on the subject... I always have a copy of my "keys" on me at all times (when running, I carry a waterproof SD card... when sleeping, I have my iPhone near the bed). That being said, I am planning an episode on the subject that will also cover amnesia. Stay tuned!
@@sunknudsen Looking forward to it. Keep up the good work with this channel! :)
What are your thoughts on keeper security.
Très bonne vidéo de présentation des choses pertinentes à savoir à propos de 1Password merci :)
Hey Sun, great video.
I have a question: If you use the local vault, does that mean that I will lose access to all of my passwords if my Macbook is destroyed for any reason?
Hey Justin, correct... hence why backing up "/Users/sunknudsen/Library/Group Containers/2BUA8C4S2C.com.agilebits/Library/Application Support/1Password/Backups" or equivalent on your system is critical.
@@sunknudsen Thanks for the answer. I have one more question if you don't mind:
Does it also mean that I wouldn't have access to my passwords on my phone if I am not on the same wifi network as my computer?
Hi, I found the wlan local storage part quite confusing (mobile is shown when you are explaining the mac actions).. but it may be my fault... One question: why having local storage passwords if they can be lost forever if your mac gets stolen or broken? I am missing this point.. thanks
Great question... to not use the cloud where password database would live. Someone could force 1Password to hand over user dataset or a hacker could exfiltrate datasets of all users. Using local storage decentralizes this. That said, one needs great backups as a result... I have published many episodes on the subject.
Yeah many vids about backup but couldnt find the right one to answer my question. Can you give link ?
Succession and emergency planning are very significant concerns. I can' t think of a way to allow trusted others to have access to my passwords as I determine without using the cloud. If you can, Sun, I'd really love to know.
Umm.. how’s onedrive & vault with mfa.. honestly, this is tough, impossible for a regular human to redesign products and use securely.
If attention detection is on (on by default), you can't unlock the iphone with faceid if person is waked in the head. Just saying. Awesome video, went through few times, super useful. thanks
What are your thoughts on free cloud-synced password managers like LastPass and Bitwarden? I'm trying to follow your videos to secure my devices as much as possible with a $0 budget (full time student with no job bc of covid) :p
Hey John, I try to avoid uploading sensitive data (even when encrypted, unless I really trust or audit the code) to the cloud. Haven’t tried Bitwarden yet, but in theory it is possible to self-host the server side of things and given the project is open source and peer reviewed, I guess it is safe. I am hoping to publish an episode on the subject in the future. I would avoid LastPass and recommend digging into the business model of any provider you are evaluating. If there isn’t a clear reason why something is free (such as open source community driven initiatives), I would avoid it!
@@sunknudsen Thanks for your response! In that case, I'm no longer sure there's a realistic way to be more secure for me. There is certainly that Convenience vs. Security tradeoff going on, but a lot of what's keeping me on insecure, privacy invasive services is necessity. All my computers use Windows 10 because I'm a broke university student- all of our software works best on Windows and Chrome. Our school accounts are Google Suites. Our apps are from the Play Store. I don't have an income for a VPN or a premium password manager (though I wonder what you think of the no-sync LessPass?). Also, my internet is really slow, like 20/5 Mbps for Downloads and Uploads on a good day. Using free VPNs are excruciating sometimes, so I stopped. I also find it very confusing that internet privacy advocates never seem to agree on anything here on RUclips. Like whether to use a VPN at all, or what levels of internet security is right for the average user (actually, I find very few talking about this). Though I enjoy using technology, I don't know much about this realm of data science and cybersecurity. It's very overwhelming and hard to know which practices I am able to adapt that are worth it. So my internet life might look like a bit of an insecure tracker cesspool at the moment. ://
Feel you... I would avoid free VPNs like the plague... and many RUclips are paid to promote VPNs which makes things very confusing. I would use Bitwarden for passwords, a hardened Firefox to browser (see my episodes) and, depending on your ISP, DNS over HTTPS for DNS. That is a good start and it’s free!
@@sunknudsen Thank you so much! How do I secure my connections to my college campus WiFi? It's not open, but to connect from my phone I use the PEAP, MSCHAPV2, and for the CA certificate, "Do Not Validate." Is that last one an issue that I can resolve?
This is awesome but, how do you do this on windows?
What about Non/Mac pc? Will same process work?
@Sun Knudsen I've been watching your videos and you said twice that you're not comfortable with having your ENCRYPTED password on a proprietary cloud. Why is that? Is that not safe?
Hello Sun, I admire the work you are doing. I have a question. Since i cannot afford premium password managers, I am using open source and free password managers, mainly KeepassDX for my smartphone and KeepassXC for my computer. Are they safe?
Good question! :D (I can't do an audit on the app I'm developing, so an external review will be a good thing.)
I haven’t experimented with those. Adding them to my research backlog. Thanks for sharing.
@@sunknudsen looking forward for this.
@@kunzisoft2957 Thanks for developing this app. I really wish i could donate for the development of these apps.
Im replacing my free password manager to a new subscription password manager. If I hit the permanently delete all button, since i cant see any deactivation of account, is that safe already? There’s no trace of my passwords in the old password manager?
I don't feel comfortable answering this question because or the risks involved... Make sure your passwords have been migrated and backed-up and then I guess you can safely sunset the old password manager.
Before you commit your money to a password manager, review/research BitWarden.
Hello Sun Knudsen,
I discovered your channel because a user (maybe you) linked this video on the github of the KeePassDX app. It's very interesting so I subscribed, the purpose for me is to get the maximum of information on the use cases and create a password manager as secure as possible and less binding for the user, which is not easy.
The main drawback of 1Password is that we don't know what it actually does, even if we check the local setting and put a firewall. Did you also put a firewall on your phone? Without being able to study the functioning of the source code of 1Password, it is difficult to know if it does not send backup files to the servers intermittently.
As other users suggest, we should favor open source products (specially in security). If you only want local synchronization, I recommend Bitwarden, you can watch how it works and create your own local server. Otherwise you can make a home synchronization system with KeePass (which is more complicated).
For the use of the fingerprint/faceprint, I generally agree. But what do you think of using it as a second factor, in addition to the main password? Because here, I think you advise not to use it only if it contains the main full password.
You must also pay attention to the sharing of passwords by the clipboard, I don't know how a mac is made but in most systems, the clipboard is shared with all programs, so a service could recover it. Why do you think autofill is a less secure approach on apple product?
You talk about "gestion succession". I just think of a way to technically send credentials only when we die and I'm curious about your research on the subject.
I'm going to watch your other videos.
Hey, I’m currently AFK, but you have raised many interesting points. Will follow up shortly!
@@sunknudsen do you have any updates on this?
Hey why is it not safe to use browser extension to autofill the passwords?
Hi, mate. I use the strongbox manager password. Do u know this software? It’s secure?
What is your opinion on double blind passwords?
Custom Fields, Ability to have multiple passwords under one entry that is a must in an enterprise, easy to link domains, cheap compared to others, they use RUST
@16:35. we can see every character being typed before it turns into a *. I assume you are aware, but just giving a heads up
Thanks for sharing... I use dedicated operating systems, apps and passwords for the privacy guides so all good. 🤓
Hey, dude. Hi from Brazil!!
Which is better, 1Password or Bitwarden, to your pov?
I favor 1Password from a UX perspective... but Bitwarden has a great reputation and is open source. Both have their benefits...
@@sunknudsen Gotcha.
I'll try them. Thank you!
So, I really like the idea of MacPass. The only problem is that there is not a Windows version--I suppose for obvious reasons. If you use both Mac and PC, you can still store Windows-exclusive app and website content passwords in MacPass. The fallback is that, to my knowledge, there's no way to use universal clipboard between Windows and iPhone or Windows and macOS as there is with macOS and iPhone, making MacPass a difficult option for those who are not completely married to Mac, e.g. because there are some applications in Windows that aren't available on MacOS. Should we forget about MacPass in those situations?
Also, is there safety in using a primary 2FA app, in order to hide the password to a second 2FA app, the latter of which is the primary password container? That would essentially make it 3FA?
I’m torn between 1Password vs Dashlane. But with your videos I might choose 1Password. My question is do you keep your vaults in WLAN server? Do these might severe your security?
I actually switched from Dashlane to 1Password and I'm very happy with the move. I only allow inbound 1Password WLAN server connections (using the macOS firewall) when on trusted networks. Perhaps overkill, but I feel safe that way.
@@sunknudsen I get it using a trusted network to store your vaults. In case you use public or any shared wifi. What is your recommended to use to store your vaults?
I store the vaults locally (on my Mac vs the 1Password cloud) and use WLAN sync to sync passwords to my iPhone once in a while.
Have you looked at StrongBox for iOS and Mac?
Thanks for sharing. Looks promising. Will look into the project.
Sun Knudsen yeah, for sure! Thanks for the good content! Keep it going!
Just loved the way you secretly promoted lickstats by wearing that cap!!!
Better than wearing a Nike hat right?
@@sunknudsen But you did not monetize that in the video, Why?
Lickstats is essentially running itself for the time being. I am way more excited about the privacy guides. That being said, one day I might push Lickstats again and the subtle promotion on the privacy guides might be helpful.
@@sunknudsen would love hear about more!!!
Hi Sun Thank you for a great video! I was already in the middle of setting up 1Password before I saw your video. Therefore I already had the app up and running on my Iphone - I dont find the WLAN server to connect to the phone vide 15 m 30 sec - what do I do?
Hey Mikkel, I suppose you are also running 1Password on your computer? If you are, make sure your passwords are backed up (File, Backup). Then, on the iPhone, go to "Settings", "Advanced" and select "Erase All 1Password Data". That will reset the app so you can link it to your computer using WLAN instead of the cloud.
@@sunknudsen Thank you!
“This is going to look a little weird, but…” 🤣
This is hard core. Appreciate the video. But does that mean once your device where you set up the local vault is gone, it’s forever gone, the passwords will never be retrieved?
My main-concern is: what if one of these password-managers suddenly no longer exists (for example: the developer/company that runs the manager for some reason decides to "delete" the software/stop delivering the service). What happens with all your stored passwords? Of course the software takes back-up files every now and then, but doesn't these back-up files only work on that specific software?
Just had to throw this thought out somewhere - my mind need a good answer to this question 😅
Great question... most (if not all) proprietary password managers allow us to access existing credentials even once we stop paying. The same logic applies if a provider goes under... we are safe given the app is installed on our computers.
You could keep the most recent export file of the passwords, but make sure to keep that file on an encrypted drive or encrypted container that is not kept connected to the computer all the time. You would have to export when you change your passwords though so it's not exactly the easiest solution. And keep the exported file secret and safe.
Can you explain why privacytools.io recommends *not* using 1Password? I'm genuinely curious since you said it was open source.
I can’t answer for PrivacyTools, but 1Password being proprietary (not open source), perhaps it is out of scope at their end. On this channel, I don’t mind recommending proprietary software (although I prefer open source) when its governance is good and sovereignty is built-in. The feature I really like from 1Password is the ability to sync data between devices without ever uploading it to the cloud.
It isn't clear from your video how to get your passwords into the local vault that you just created. Does one password automatically put them in the cloud then you have to move them?
I haven't setup 1Password in a while, but if you are using the cloud, I believe you need to copy the passwords over to the local vault and set local vault as the default in Preferences / Vaults.
is 1password better than bitwarden?? and the firefox pass manager?
I used LastPass, do you recommend switching to 1password ? Any suggestions welcome..
I favor 1Password over LastPass... Historically LastPass has had implemented issues revealed by security researchers. 1Password has a better track record.
Yes and stay on 1password, my brother had a horrible time and a one-time issue that forced him to leave it, he made the happy switch to 1Password and has a great experience for the last 3 years (including me for 10 years)
Does local device sync only work when you create a one password account?
Local sync is unfortunately being deprecated by 1Password… one had to create account and pay even if one did not use cloud.
Why not use Bitwarden which is free, open source, peer reviewed ? Looking forward for your thought. In what way could anybody decrypt your password if they are online?
I tried Bitwarden a while back and didn’t like the UX and the fact data was synced between devices online. Depending on password, it is definitively possible to decrypt data using a brute-force attack. If password is truly random and over 13 characters long, it would take a targeted attack... and if password is longer than 28 characters, I believe even a nation-state attack would likely not be practical. A “$5 wrench attack” or “rubber-hose cryptanalysis” would likely be used.
@@sunknudsen Even if you are using 2FA to access your bitwarden account ? How realistic who be to breaks into an encrypted Bitwarden account with a strong password and 2FA not link to a phone number? Thanks !!!!
I think open source stuff is more secure than proprietary softwares. Don't you think that too? In that case, Bitwarden should be more secure than 1Password right?
Open source is not always more private or secure... it really depends who is behind a project and how extensively peer reviewed a project is. This is especially true for security... so 1Password could likely be more secure than Bitwarden.
Can you do a video on Bitwarden - free and open source password
Hey, thanks for the feedback. Bitwarden is on my backlog.
@@sunknudsen hazza!
You should consider taking a look at bitwarden
What about Bitwarden?
Thoughts or video update; Re: upcoming 1password update that takes away local storage?
Good point… have to look into it.
for me the WIFI sync does not work. On my iphone it just doesnt show up. Any idea? I am using 1password.eu
Are you syncing from macOS to iOS? Is 1Password blocked in "Firewall Options..."?
@@sunknudsen thanks for your answer! Yes, correct. Actually it cannot be blocked by my firewall. Even when I turned off the firewall on my MacBook it didn’t work.
Any other idea?
Whats wrong with using the mac's default password manager?
Hey so, I didn't watch the whole video BUT.... did you just give us all your masterpassword at 16:00!? :o
Thankfully that was a test account on a test computer. 🤓
what about bitwarden?
Can we use local Nextcloud instead ?
Not sure... you mean vs using 1Passwords' server feature?
Hi Sun, your contents are very helpful! but now I'm stuck because if I follow your guides, I have to remember too many password.
at least 2 for unlock device ( phone and pc )
2 for 1password ( 1st master password and vault password )
1 for OTP app
1 for Encrypted backup drive
All of these passwords can't store in password manager.
So at least I have to remember 6 passwords. How can I deal with all of those?
Great question, feel you. I recently published a whole series on passwords that expands on when one should use multiple passwords and when it is OK to use same password. I believe series should answer scratch your itch. ruclips.net/video/bPE3XkPgkRg/видео.html