I'm not sure Bitwarden is a replacement for them either as 1Password has a lot of niche features companies might use but private people tend to not care about.
Honestly, the only feature of 1Password that is locking me in is their MultipleVault support.
I have a lot of different vaults, every side project has a different vault, every contract I do has a different vault, and I split a lot of my personal stuff up, I have a vault I share with my partner, personal vault, one with finance stuff, one for all my software licenses.
I then have my main search setup to only use my personal vault, my shared vault with my partner, and two other vaults.
I can't do this with Bitwarden. The best I can do is a folder per 'vault' and then remember to select which folder I want every time I auto-fill, which adds enough pain to the workflow that I just won't make the switch.
Did you read the article? This requires your computer to already be compromised with malicious software. While not a great vulnerability, if your device is compromised the security of anything on it is now in question.
Also, I think you’re thinking of lastpass that keeps having breaches - this is the first 1Password exploit I remember in recent time, though I could be wrong.
> The security vulnerability was found within 1Password for macOS and targets users of all 1Password 8 for Mac versions before 8.10.36. To exploit this vulnerability, an attacker would have to specifically target 1Password for Mac users and convince them to run malicious software on their computer. An attacker could, the 1Password support posting confirmed, abuse missing macOS-specific inter-process validations in order to impersonate a 1Password browser extension.
> The macOS XNU (macOS kernel) inter-process communication framework is system-native and used by 1Password to enforce ‘hardened runtime’ protections that should prevent tampering with such processes and, therefore, prevent certain types of local attacks from taking place. The Robinhood Red Team hackers found a way around this protection during an independent security assessment of 1Password for Mac.
I pay for Bitwarden for personal use, but I work in a company that uses 1Password. I can say that 1Password is waaay ahead of Bitwarden in terms of UX.
Honestly, it's hard enough to convince employees / family members to use a password manager as it is. "Good UI" is vastly underrated as a solid security measure.
This is a local flaw that requires malicious software running on the users's machine. The malware can read the unlock key by pretending to be a web browser extension.
This is a reminder that no security is 100% and that it is an endless battle...
15 comments
[ 3.5 ms ] story [ 45.6 ms ] threadThey should move to Bitwarden.
I'm not sure Bitwarden is a replacement for them either as 1Password has a lot of niche features companies might use but private people tend to not care about.
I have a lot of different vaults, every side project has a different vault, every contract I do has a different vault, and I split a lot of my personal stuff up, I have a vault I share with my partner, personal vault, one with finance stuff, one for all my software licenses.
I then have my main search setup to only use my personal vault, my shared vault with my partner, and two other vaults.
I can't do this with Bitwarden. The best I can do is a folder per 'vault' and then remember to select which folder I want every time I auto-fill, which adds enough pain to the workflow that I just won't make the switch.
Also, I think you’re thinking of lastpass that keeps having breaches - this is the first 1Password exploit I remember in recent time, though I could be wrong.
> The security vulnerability was found within 1Password for macOS and targets users of all 1Password 8 for Mac versions before 8.10.36. To exploit this vulnerability, an attacker would have to specifically target 1Password for Mac users and convince them to run malicious software on their computer. An attacker could, the 1Password support posting confirmed, abuse missing macOS-specific inter-process validations in order to impersonate a 1Password browser extension.
> The macOS XNU (macOS kernel) inter-process communication framework is system-native and used by 1Password to enforce ‘hardened runtime’ protections that should prevent tampering with such processes and, therefore, prevent certain types of local attacks from taking place. The Robinhood Red Team hackers found a way around this protection during an independent security assessment of 1Password for Mac.
Also 1Password has multiple vaults, which I really like
This is a reminder that no security is 100% and that it is an endless battle...