Marcin WicharyJust the little push I needed.
(Already half-switched to Apple’s Passwords but might re-think that – have half a year to figure it out! Please send recs.)
Jona 🐳
Norm Tovey-Walsh@mwichary Passwords aren't something I want locked into the OS ecosystem, personally. Mostly, I use various flavors of Apple OS, but sometimes I use Linux and, when forced, Windows. I want a solution that works across all three.
@ndw Yeah, that’s the “re-think” part for me, too.
James Bilsbrough
David Fi&er@mwichary After one of the times that LastPass shit the bed, I switched to bitwarden. It's cheap enough that I don't even think about it.
Many people also like to use one of the keepassx forks and storing their vault in a synced folder. I worry too much about sync errors to rely on that.
Mark J. Blair@mwichary Apple's ecosystem does make things pretty smooth as long as you stay within the walled garden.
Andreas Sikkema@mwichary I love strongbox, all passwords synced between Apple (MacOS, iOS and iPadOS) devices using iCloud Drive using a Keepass file, so easy out and the possibility to also “sync” with non-Mac devices (not easy but doable)
Timo J
Sean Harding@mwichary I'm working on it too. The main hesitation I have is making the transition seamless for my wife, who is a pretty diligent 1Password user, but is not a nerd about this stuff like I am…
Jef Verbeeck@mwichary my work pays a @bitwarden licence which I also can use privately (using a personal vault).
Works like a charm using both Apple and Linux devices.
Works like a charm using both Apple and Linux devices.
Matthias Ott@mwichary I’m using KeePass with KeePassium on Mac and iOS. It’s OSS and works well, although it’s definitely not as comfortable, because you often have to switch into the app to get your password. For some accounts I use Apple‘s Passwords, too.
Dave Rahardja@mwichary I use Enpass. It’s…pretty good…but it meets my needs and allows me to sync and keep passwords off the cloud, so I use it.
SamuelJohnson@mwichary I ditched LastPass for Bitwarden (on Linux and Android). I pay for it and wife and I share passwords as needed. I use 2FA for important things -- Yubikeys. A few things are kept offline. Overall I'm happy with it. I know about Vaultwarden and will try it but think Bitwarden offers greater mitigation for my actual risks.
Bruce Schneier's app is worth a look if you prefer offline only. I think
Steve Purcell@samueljohnson @mwichary I use and really like Bitwarden, but apparently they just started using LLMs on their client repositories, which doesn't inspire confidence for a security product.
@sanityinc @mwichary I have seen that claim but no authoritative source yet. I am not convinced in any case that it's necessarily a bad thing. If, eg, they're using AI to find bugs that might go undetected otherwise. The code is open source and subjected to 3rd party audits. No doubt some of these will be using AI too before long.
floris 🍉@samueljohnson @sanityinc @mwichary I saw this as well yesterday, I think this was where I read it: https://mastodon.social/@mcc/116110912928005524 (also mentioning KeePassXC)
@samueljohnson @sanityinc @mwichary and I also followed the advice I saw recently to block the Claude github user so you can see easily when a repository has contributions from it and sure enough!
jwz@mwichary I switched to Apple ~2 years ago and have no regrets. Exporting works, so there's no lock-in. https://jwz.org/b/ykHP
Migrating from 1Password to Apple Keychain
I had been a user of 1Password for at least 12 years, but now I'm breaking up with them and have switched to Apple Keychain instead. So far, I have no regrets. 1Password 7 was the last version where the program was a product that you could buy. 1Password 8 requires that you pay them monthly rental. I find this business model despicably extractive, and I won't have my passwords held hostage ...
europlus 
James Cridland
💡𝚂𝗆𝖺𝗋𝗍𝗆𝖺𝗇 𝙰𝗉𝗉𝗌📱@mwichary
I don't use any! Here's a write-up of a tip I saw once from an actual hacker (which I've used ever since)... https://dotnet.social/@SmartmanApps/110891046754669701
I don't use any! Here's a write-up of a tip I saw once from an actual hacker (which I've used ever since)... https://dotnet.social/@SmartmanApps/110891046754669701
💡𝚂𝗆𝖺𝗋𝗍𝗆𝖺𝗇 𝙰𝗉𝗉𝗌📱 (@[email protected])
Attached: 1 image 1/3 #TechTuesday #Password I have a #TechTip for you this week about how to create memorable, #Strong #Passwords such as a mix of letters and numbers, at least 1 uppercase, at least 1 special character, etc. I got this one from a video by an actual hacker. He said to think of a memorable sentence, and abbreviate it into a password. So, a sentence like "My birthday is the 29th of February!" abbreviates to "Mbit29thoF!". So it's strong, and easy to remember! But that's only the start...
@SmartmanApps This feels like a really bad advice to me… How are you going to remember dozens of sentences like these?
@mwichary
"How are you going to remember dozens of sentences like these?" - As I said to begin with in the thread, using an appropriate sentence for each website. Been using this tip for well over a decade now, have never forgotten any passwords (which in fact are never actual words to begin with, just abbreviations of some relevant ones), and never been hacked
"How are you going to remember dozens of sentences like these?" - As I said to begin with in the thread, using an appropriate sentence for each website. Been using this tip for well over a decade now, have never forgotten any passwords (which in fact are never actual words to begin with, just abbreviations of some relevant ones), and never been hacked
@SmartmanApps But this feels no different than just having separate passwords for everything. There are no “appropriate sentences” – it’s all arbitrary. The reason password managers exist to begin with is that people are generally incapable of separate passwords without security compromises. Good that it works for you, but steering people away from password managers is a terrible advice to be giving.
@mwichary
"having separate passwords for everything" - same thing, but memorable!
"There are no “appropriate sentences”" - there's plenty! Again, see example in thread. For a Disney site for example you could use something about Mickey Mouse - not hard to remember!
"The reason passwords managers exist to begin with is that people" - don't know this tip
"steering people away from password managers is" - a boon to those who with minimal disposable income, and those who just don't want to pay
Michael Kohl 🇦🇹🇹🇭@mwichary While I'm not happy with the price increase, I'm pretty committed to 1Password. I use most of its features (SSH keys, the `op` CLI for some scripts) and work across all major OSes. None of the other solutions I tried over the past 15 or so years came close. Maybe it's just inertia, but an extra $1 per month for the family plan is definitely not worth the hassle of switching for me.
@citizen428 Unfortunately, for me it’s also been pretty buggy lately, so it’s not just the price hike.
Sam Ellis
robb
Szymon Sokół 🇵🇱🇪🇺🇺🇦@mwichary So what are you switching to? LastPass is mostly crap, and BitWarden allegedly started using LLM-generated code.
Francesco Bernini@blotosmetek @mwichary well if BitWarden is enshitifing too I’m gonna switch too, I hope valid alternatives exists
Doug Wilson@mwichary Very curious where you land. I've used them since 2013 (version 3.8) but also ready to bail.
Rosetta Type/Research@onpaperwings @mwichary Proton Pass serves me well
@rosetta Thanks! Will look into it.
@mwichary I just got the same email, and I plan to respond in the same manner, but I have not selected my next password manager yet. I’m increasingly using Linux as my primary OS, but I still have macOS and iOS systems where I will also want to use a synced password manager.
Chris Silverman 🌻@mwichary I switched from 1Password to Apple's native password management years ago and never looked back. It does the job just fine.
i’m Mi
DarkAthena 🐝@mwichary @ElyseMGrasso Me too! I’m thinking of Bitwarden since I need cross-platform compatibility.