Many people here appear to be misled by this claim. Why bother mentioning that Bitwarden is open source ? 1Password relies on internal and 3rd party audits we can only hope they are doing a good job. A lot of folks really scrutinize Bitwarden's code and people submit Pull Requests to the application for many cool features like the new more secure argon2 KDF that is coming soon. Bitwarden being cheaper and open source is really nice. For example I had to get used to some of the quirks like dropdown boxes not being obvious with normal design elements like arrows to indicate their usages.īut these were kinda of minor things. Bitwarden's UI/UX is perfectly usable thou but it doesn't feel like they spent a lot of effort on it. The 1 Password UI/UX is more slick and feels like they put more effort into the UI/UX design. But in Bitwarden's defense they only have 2 trackers: Google Firebase Analytics (currently only used to enable auto sync) and Visual Studio for crash reporting. More on this here.ġPassword has no trackers built into their app. 1Password encrypts everything about an entity in 2 bloobs, a header bloob and contents bloob, you have no idea what's in these bloobs. For example if you use the TOTP field then someone with access to the vault would know that, they wouldn't know what the TOPT secret is because it's encrypted but they would know you use TOTP for that account. Bitwarden doesn't encrypt field names, just the field contents, that means you can gleam some info on what data is stored. The vault structure of 1Password reveals less metadata. I use this for my family and for the life of me it's hard to teach some folks to use complex passwords that aren't silly like dog$name1234 (This is like peak password for some folks. The secret key protects users who have issues with complex master passwords. I ended up choosing 1Password and so did my friend for the following reasons: My friend also did the same.īoth are good products with their pros and cons. I feel like it's mostly a feature to protect people with weak passwords in case of a database breach, and in that sense it is useful, but it doesn't make much difference if you already have a strong password. ![]() I'd much prefer to have a strong password than the hassle of having to keep the secret key safe and secret. For example, a 6-word passphrase is unbreakable for the foreseeable future. ![]() ![]() Tbh, I never liked that feature because it's advertised as a security feature, but that's true in practice only if your password is weak, in which case the secret key doesn't always protect you.īut it's perfectly doable to have an unbreakable password without it being ridiculously long. It's a difference between "impossible" and "even more impossible". With a strong master password, this is not a difference between "not easy" and "almost impossible". This is not easy, if you have a good master password, though 1Password makes it almost impossible. In that respect, Bitwarden is similar to LastPass in that if the vaults are stolen, the hacker only needs to brute force your password to access your vaults.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |