Do you know what he thinks of 1Password? e.g. I've seen this comment [1] on 1Password, but do you know what his actual thoughts are? He's not fond of it, but does he have anything concrete to say about it as to why? I have friends using 1Password and I would like to be able to tell them and give them concrete reasons to switch to KeePass if there are security issues with it.
There aren't security issues with 1Password really, but there are other issues, mostly around the company AgileBits. From my other comment on this thread:
These days AgileBits(the 1password people) are doing everything they can to get everyone onto a subscription plan, and are breaking local vaults slowly. Most people don't seem to recommend it anymore.
The only security issue really is the online vault(which isn't a security issue per-say, but is a security weakness since your passwords are no longer under your direct control). This may or may not be an issue for you, depending on your security posture.
Thanks! So would you know what he meant with that tweet? Was he just annoyed at the subscription plan...? It seems out of place given that he's a security researcher from what I gather?
No, and that tweet was from Aug. 2016 with nothing further from him about 1password, unless I missed it, so clearly he didn't feel compelled to either continue his research or he didn't find anything worth disclosing. Your guess as to which is meant.
But other researchers have played with 1password and most have historically had good things to say about it, except recently when they started pushing everyone to the online vaults like I mentioned.
I just tried it and the lack of plugin or sync support was a deal-breaker for me. I have plugins for syncing to cloud storage, for browser integration, for OTP generation, etc., none of which it seems to support?
KeepassXC is the active fork of KeepassX. KeepassX/C are cross-platform Qt apps that use the same vault format as Keepass, a Windows app that apparently will run under Mono as well.
