Twitter | Search | |
Kenn White
1Password's decision to sunset local credential storage for a 3rd-party cloud model alienates its most vocal allies — security professionals
Reply Retweet Like More
railmeat Jul 9
Replying to @kennwhite
So where to from here? Do you know of another password manager that offers local storage?
Reply Retweet Like
Sam Schlinkert Jul 9
Replying to @kennwhite
is there a post/link explaining this somewhere?
Reply Retweet Like
Kenn White Jul 9
Replying to @railmeat
there are plenty. Most I've looked at have a lousy security posture, or *very* rough UX. Big opportunity in the market.
Reply Retweet Like
Carbon Dynamics Jul 9
Replying to @kennwhite
It's actually not a bad move, I check it out last October.
Reply Retweet Like
Ryan Brio Jul 9
Replying to @kennwhite
KeePass, KeePassX, KeePassXC
Reply Retweet Like
Carl Malamud Jul 9
Replying to @sts10 @kennwhite
Sam question as Sam … do you have a link to this? Can’t see anything on their home page or in news.
Reply Retweet Like
Kenn White Jul 9
Replying to @carlmalamud @sts10
Reply Retweet Like
Kenn White Jul 9
Replying to @ryanbrio
yes aware of all of those, and no comparison to the low-friction of 1P. I took a look at the Android forks, but unconvinced of subtle errors
Reply Retweet Like
Carl Malamud Jul 9
Replying to @kennwhite @sts10
oy. oh well, I will keep an eye on it. thanks for letting me know. I’m a long time customer, first I’ve heard about it.
Reply Retweet Like
Sam Schlinkert Jul 9
Replying to @carlmalamud @kennwhite
ah. Yeah, similarly, I think their Travel Mode is only available to subscribers. Think I'm going to switch fully over to KeePassXC
Reply Retweet Like
Kenn White Jul 9
Replying to @CarbonDynamics
Oh, I get the use case. It's market driven by much (most?) of their user base. But, for me, "enable remote decrypt to plaintext" is no go.
Reply Retweet Like
Derek Bonner Jul 9
I know has been writing some code to use the OPVault format without the 1Password app.
Reply Retweet Like
Ryan Brio Jul 9
Fair enough. Hopefully will do the right thing and continue to offer local vaults. 🙏🏼🙏🏼
Reply Retweet Like
Chris Jul 9
Replying to @kennwhite
Gaaaah. I hadn't heard. This is indeed bad
Reply Retweet Like
Kevin Riggle Jul 9
Replying to @kennwhite
AIUI, credentials are still encrypted/decrypted locally---storage is just cloud. Depends how much you trust webcrypto.
Reply Retweet Like
Kevin Riggle Jul 9
Replying to @kennwhite
Which... if anybody can get it right, it's AgileBits, but it requires a level of trust (and sets a standard) which I'm uncomfortable with.
Reply Retweet Like
Ben Short Jul 9
Replying to @kennwhite
Definately something I didn't want to hear. A Big reason I am with is local vaults.
Reply Retweet Like
Bruce Fletcher Jul 9
Replying to @practicalsa @kennwhite
Me too. But what really bugs me is the way they claim this is because of 'customer demand'. It's a transparent excuse.
Reply Retweet Like
Ben Short Jul 9
Replying to @befletch @kennwhite
I sort of get they want to improve their income model too. I'm reading there was early adopter pricing, but dont remember that email. 1/2
Reply Retweet Like