| I use and generally recommend 1password. I've used it on every major mobile and desktop OS browser. (I've had some issues on Android, but it was not a standard Android OS.) The UX is generally nice. First, they encrypt with the secret key AND the master password. This is the most important thing, and I was shocked to learn Lastpass doesn't do it. Second, the master password runs through PBKDF2 with 100000 rounds, but a precursory Google search suggests the very earliest versions used around 10000. Lastpass's problem was a low 5000 rounds, and did not update the number of rounds. I don't know if 1password updates the number of rounds. Third, they use a zero-knowledge proof protocol called "secure remote password". When I was sharp in cryptography, this is what made me choose 1password over the others. I don't understand all the details anymore, and I don't know if it is "post-quantum secure." Fourth, the UX is nice and I can recommend it to anybody who is literate. (This is not a cynical take-- I don't know how good the UX is for someone who is not fluent in a language 1password uses.) (Also, 1password recently released "1password 8", a new UI. I have not tried it and cannot speak to it.) Fifth, 1password's biggest (only?) controversy was moving to a subscription model. I actually prefer this. (I want devs to be paid in perpetuity to keep this secure! I assume 1password has security holes somewhere, and I want 1password to pay their folks to find them first.) Unfortunately, the monthly price "billed annually" is $3/month, but it seems the true monthly price is hidden behind a signup wall. I feel comfortable assuming the price is less than $10 per month. Sixth, and most importantly: If your payment lapses, you can still access all your passwords, but you no longer get sync. (But I have not tried this in practice.) --- 1password security whitepaper: https://1passwordstatic.com/files/security/1password-white-p... 1password security overview: https://support.1password.com/1password-security/ Secure Remote Password (SRP) overview: https://blog.1password.com/developers-how-we-use-srp-and-you... |