The only feature of 1Password that matters is their business dies overnight if they get hacked so they’ve thought harder about security than anyone you know.
You can’t vibe code that in two evenings no matter how much you ask Claude to “make it secure”
@carnage4life security is hard.
I did consider DIY but besides everyone including Bruce Schneier rightfully shouting "Bad idea, m8!" it would only be a clunkier CLI version of #Passbolt at best.
@carnage4life You mean you hope they have thought harder about security...
fwiw historical trend is for stocks of cybersecurity firms that have been hacked to increase. 😂
@jemonat Yeah, they call it your "Secret Key":
https://support.1password.com/secret-key-security/
This is an extra layer of protection for the vault when it's stored on the 1password servers that helps ensure resistance to offline password cracking and also makes the strength of the password less critical. It was one of the things that made me think their security model was suitably paranoid. 😄
But, yeah, I still totally agree that people absolutely should make a strong master password! You're putting a *lot* of eggs in that basket, so you still want to make sure that only you can access it, and on your own devices only the password is required to access the vault (I believe a copy of the Secret Key encrypted with just the master password is present there). I was only meaning that the copy of the server side is a bit safer. There may also be other caveats depending on what account recovery options you have enabled.
@carnage4life I mean sure, conceptually most things these companies create are relatively basic CRUD apps.
I'm sure you can vibe code something that mimics the core business logic pretty quickly...
But that's not the hard part
One word. Yubikey . There is no substitute
That's an excellent point - get two. One's the backup.
@carnage4life https://onerep.com/blog/1password-breach-what-happened-and-how-to-stay-safe
Um, I don't think that "feature" is applicable
@carnage4life I can also write a server with a database that stores passwords and a login in a couple of evenings without a robot; I would never actually put my passwords in it 🤷🏻♀️
This is the sort of thing I used to do for fun.
In ASP.*
* no, not ASP.NET - the original "write a whole ass website in BASIC" one**
** though I did eventually port it to PHP
@carnage4life and, like, I get it if you just want your computer to do something new for you and you neither have the time nor the inclination to learn to code, or to spend the time on it.
What's wild about the post is that he thinks there's any value to anyone but him there - as if he's the first guy who thought up the idea of Temu 1Password and is now going to disrupt the industry with it.
@tess @carnage4life It's the same people who think they can replace an application developed by 200 people with processes and an elaborate ticketing system with an application developed by 3 engineers and a vat of coffee over 3 days. You can, until someone actually uses it for the intended purpose.
Then they start putting processes in place, start using a ticketing system, and suddenly there's a team of 200.
Josh Calvetti ⛰
Dare Obasanjo
Kevin Karhan 
Cybarbie
ctrl-k x
SQLAllFather
Andy Gates
blackcoat
0x575446, Fifth Columnist
Reid 
Ian
jordan
Martin Schultz
Brad Wilson
lj·rk
Jeremy Monat
Nick
wall-e
tuban_muzuru
Tim 🛥️🌈
Random Damage 🌻
Alex Hoffmann
Dana Fried
Von Xylofon
Tom
Gavin
Oliver D. Reithmaier
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️
patsplat
x0