1Password is not open source, so I'm not a fan. I find Proton Pass has better integration and UX than Bitwarden, though I also recommend Bitwarden.
Both Proton Pass and Bitwarden are great for syncing to cloud-based password managers (PWMs) and are awesome for people whose threat model allows for more convenience.
The reality is, most people will not sacrifice much convenience for privacy. They would rather use (and reuse) easily crackable passwords that they can remember than deal with a PWM that does not sync on all their devices.
For many, if not most threat models, using a PWM is a huge step forward for their OPSEC (Operational Security). It is scary how many people still don't use password managers. Using and reusing easy-to-remember (and crack) passwords is far riskier than the potential threat of a PWM hack.
Okay, that said, KeePassXC is awesome! It's a great PWM to install in an air-gapped VM on QubesOS, for example, for more sensitive "mission-critical" passwords and even seed phrases that you don't want syncing anywhere.
KeePassDX is also great on mobile for more sensitive passwords. One can even use SyncThing with end-to-end encryption (E2EE) to sync its database to other devices, should they choose to do so.
I recommend storing any mission-critical recovery phrases for other password managers, wallets, 2FAs, etc., in KeePass since it does not sync with any cloud.
For convenience with less sensitive or frequently used passwords (know your threat model), both Proton Pass and Bitwarden are great options. Bitwarden can even be self-hosted, and that's pretty cool.
I gave Proton Pass a test spin about a year ago and still haven't returned to Bitwarden as my daily driver.
If anyone is concerned about Proton being an all-in-one service, they can sign up for another free Proton Pass or Proton VPN or Proton Mail account over Tor, then upgrade using BTC or cash. These accounts would be completely separate from the user's main identity account and used for purposes one does not want associated with their identity at all.
If you sign up for a paid plan, you will have to use a credit card. If you sign up for free and then upgrade, you can use BTC, cash, etc.
Do not provide a recovery email or phone number; they are not required and are metadata that could be used to identify users. Instead, use their recommended recovery phrase.
This way, one can manage their business, get away from Google, use it for all the front-facing tasks, then sign up for a separate Proton VPN and Proton Pass account not associated with their front-facing Proton account for other purposes they do not want associated with their identity.
Privacy and security through isolation and compartmentalization.
ava
npub1f6u…zcka
2024-06-06 21:08:43
in reply to nevent1q…x32e
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazckaPublished at
2024-06-06 21:08:43Event JSON
{
"id": "7ff73ceed86f6eae0287c4a7a55409902acb750b1a3a0eed6c0b139d6c2c2d68",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1717700923,
"kind": 1,
"tags": [
[
"e",
"21b2ef129fa49a64f7bef631f4a39da3088ffe62b8ec548bf4169c087ee15903",
"",
"root"
],
[
"e",
"60ff305b166b56211a2dbe7b460a12a1a108647ec8d18628b5f4a6c4173b906e",
"",
"reply"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"18f54af1e10c5bb7a35468b0f62b295d12347903c9f95738d065c84bef1402ef"
]
],
"content": "1Password is not open source, so I'm not a fan. I find Proton Pass has better integration and UX than Bitwarden, though I also recommend Bitwarden.\n\nBoth Proton Pass and Bitwarden are great for syncing to cloud-based password managers (PWMs) and are awesome for people whose threat model allows for more convenience.\n\nThe reality is, most people will not sacrifice much convenience for privacy. They would rather use (and reuse) easily crackable passwords that they can remember than deal with a PWM that does not sync on all their devices.\n\nFor many, if not most threat models, using a PWM is a huge step forward for their OPSEC (Operational Security). It is scary how many people still don't use password managers. Using and reusing easy-to-remember (and crack) passwords is far riskier than the potential threat of a PWM hack.\n\nOkay, that said, KeePassXC is awesome! It's a great PWM to install in an air-gapped VM on QubesOS, for example, for more sensitive \"mission-critical\" passwords and even seed phrases that you don't want syncing anywhere.\n\nKeePassDX is also great on mobile for more sensitive passwords. One can even use SyncThing with end-to-end encryption (E2EE) to sync its database to other devices, should they choose to do so.\n\nI recommend storing any mission-critical recovery phrases for other password managers, wallets, 2FAs, etc., in KeePass since it does not sync with any cloud.\n\nFor convenience with less sensitive or frequently used passwords (know your threat model), both Proton Pass and Bitwarden are great options. Bitwarden can even be self-hosted, and that's pretty cool.\n\nI gave Proton Pass a test spin about a year ago and still haven't returned to Bitwarden as my daily driver.\n\nIf anyone is concerned about Proton being an all-in-one service, they can sign up for another free Proton Pass or Proton VPN or Proton Mail account over Tor, then upgrade using BTC or cash. These accounts would be completely separate from the user's main identity account and used for purposes one does not want associated with their identity at all.\n\nIf you sign up for a paid plan, you will have to use a credit card. If you sign up for free and then upgrade, you can use BTC, cash, etc.\n\nDo not provide a recovery email or phone number; they are not required and are metadata that could be used to identify users. Instead, use their recommended recovery phrase.\n\nThis way, one can manage their business, get away from Google, use it for all the front-facing tasks, then sign up for a separate Proton VPN and Proton Pass account not associated with their front-facing Proton account for other purposes they do not want associated with their identity.\n\nPrivacy and security through isolation and compartmentalization.",
"sig": "83414fb3651e241864372a89af75e71f2e33070a4958bb8f86ccef1e368b6a4d6137c61a36f525be9dd361f0715efcab3874d3848579ff48849ade7bd51d8224"
}