|
|
|
|
|
|
by jorvi
960 days ago
|
|
|
1Password is very trustworthy too. They get audited frequently, and their db file format is open source (meaning you can write a 3rd party tool to decrypt them). With UI/UX they are lightyears ahead of Bitwarden. I want to like Bitwarden, but when your application doesn’t even support extremely basic stuff like drag ‘n drop, I’m gone. In general they also support newer tech much faster. And their secret key system is more secure than Bitwarden’s password-only method. |
|
|
1Password is arguably moving backwards these days, UI-wise.
I don't know if it's caused by the Electron update or just coincided with it, but I've been finding the keyboard autofill shortcut as well as keyboard navigation for selecting a given login on a page very unreliable lately.
That said, 1Password's "auto-rotate password" feature is still ahead of the competition, though. Bitwarden doesn't even seem to try, but that's still better than LastPass, which reliably used to lock me out by irrevocably overwriting the old stored password before the website confirms the new one as having been accepted.
> their secret key system is more secure than Bitwarden’s password-only method.
I don't know, their security key mechanism seems to be getting weakened in the interest of convenience as well. I was recently very surprised to notice that the iOS client apparently synchronizes the security key for any logged-in vault to iCloud Keychain, with no way to opt out – even for enterprise vaults!
Bitwarden will also soon support the WebAuthN/CTAP2 "PRF" extension, which is even better than a static security key since it rotates with every vault unlock.