[lucaspiller]

I was using this for ~4 years and really liked it, but recently I've been using 1Password. I tried 1Password as it has a family plan, that didn't really work out though (getting non-technical people to use a password manager is hard - so I'll forever keep being asked "What's the Netflix password?"), but I have stuck with it for myself.

I really like the browser integration, which there isn't anything comparable for pass. I had a bash script [0] which when run would pull the current URL from my browser, and run pass to generate or copy the password to the clipboard - but the 1Password extension is so much nicer. If I'm on a site with weird requirements I'd have to figure out the params to make pass generate a password which matched it; with the extension I just click a few buttons.

I've also got hooked on the iOS app. I didn't know there was one for pass, but it looks rather basic compared to 1Password [1]. 1Password also supports TOTP, so you don't need a seperate app for that - although for security you probably should.

Maybe one day I'll get around to writing my own extension and app for pass, but for now paying $60/year is worth it for me. I don't pay for many apps/services, but this I find really worth it.

[0] https://github.com/lucaspiller/passosx

[1] https://github.com/davidjb/pass-ios

[developer2]

>> 1Password also supports TOTP, so you don't need a seperate app for that - although for security you probably should.

It goes way beyond "probably should" regarding security. You're giving a single company not only potential access to your usernames and passwords, but also your last line of defense - TOTP generation. That combination of apps put everything in reach of one company to fuck you over.

Using a password manager that is being coded and maintained by a random everyday software company should be the only concern anyone has over even considering using such an app. That one company has the ability - whether intentionally or via being hacked - to release an update to any of their client apps that sends your entire database, decrypted to plaintext, to any server in the world.

Can you think of any scenario where someone slips in a 2-line commit to one of their client apps that sends your decrypted database to any server of their choice? We're talking about one disgruntled employee who decides they would like access to millions of users' most sensitive credentials. Or perhaps a single firewall opening or social engineering attack away.

It blows my mind that anyone would put this much trust in any for-profit password manager. Every month we hear about yet another major hack against software companies. One day soon, such a hack will happen to 1Password or LastPass, and the majority of their customers are going to have their entire lives (logins to bank accounts, government portals, etc.) exposed.

Such an eventuality cannot be defended against. It will start and end in less than 48 hours thanks to auto-updating applications, and will affect millions.

[iKlsR]

https://www.enpass.io/ is a winner for me.

[gr3yh47]

>I really like the browser integration, which there isn't anything comparable for pass.

people keep saying stuff like this (the one i use because x feature has no real competitor)

lastpass. i've used most password managers out there and lastpass hits all these points and more

[ohstopitu]

After lastpass was bought out, I went on a spree to find a different password manager and in that process, I tried almost all of them (free & paid). Nothing came close to Lastpass so I decided to stick with them until they mess up.

If the worst comes to worst, I'll probably move to Dashlane (which is significantly more expensive & a bit more work to use - extensions won't work without a desktop app)

[porker]

Why were Lastpass and Dashlane better than 1Password for you?

I've used 1P for a few years without looking at the competition, so curious to hear what they can do.

[ohstopitu]

I did try 1Password, and while it was pretty good, it was never "great". By that I mean,

1. It required a desktop app to be installed to use the clients (while this is an issue with Dashlane, the 1Password windows desktop client is just weird - looks outdated, crashes etc.)

2. The 1Password Android app seemed to not have in-app password fill in (which both Dashlane & Lastpass had). While it's not too much of an inconvenience, I feel like 1Password is great if you are in the apple ecosystem.

This is not to say 1Password is "bad" by any means...I loved it's dropbox sync feature for example and it's integration with Alfred on Mac was awesome!

[Jonovono]

I've tried all of them and Dashlane is by far my favorite and only one I was able to stick to using. Worth the money IMO.

[scbrg]

Command line interface with (or without, for that matter) X integration, and Open Source would be two features it seems to lack.

[mitchty]

There is a lastpass cli for the past year...ish:

https://github.com/lastpass/lastpass-cli

[lucaspiller]

I think you misunderstood my comment. I meant that there isn't anything comparable to 1Password's browser integration for pass (https://www.passwordstore.org/).

[fps]

As an android user, I've tried 1password and it's pretty much the worst password experience on the platform. The Android client can't generate passwords, and it also can't cache my passphrase for any amount of time if I'm using the 1password keyboard (which is, as far as I can tell, the only way to make 1password fill a field.) After typing my fairly long passphrase 10x a day on the fiddly 1password keyboard with no feedback for the past few weeks, I'm switching to pass.

I understand that 1password on iOS doesn't interact as a third party keyboard, and 1password is an iOS/mac app first and foremost, but that's no excuse for making their Android UX so incredibly frustrating.

[SevereOverfl0w]

I've been using passff[0] with a lot of success for an in-browser pass client with filling support and so on. Works really well.

My understanding is that Chrome makes it difficult to have this kind of thing due to it's sandbox. There was some talk of exposing pass over the network locally so there were no sandbox concerns.

[0] https://github.com/nwallace/passff

[pimlottc]

> If I'm on a site with weird requirements I'd have to figure out the params to make pass generate a password which matched it; with the extension I just click a few buttons.

How does this work? I don't suppose there's a micro format for password requirements? Does 1password just have a database of password formats for popular websites?

[gcr]

Pass doesn't have a sane iOS app. The only app available for Pass requires a jailbreak and doesn't function on phones without Cydia, GPG, and an SSH daemon running.