Bitwarden is awesome. It's my current password manager after I left 1P.
I spent hundreds into 1P before the subscription model, as their apps were expensive and got them on multiple OS and for family members.
Then Dropbox decided (rightfully) that you shouldn't use your public folder to host websites, and 1P told their customers to either get a subscription or lose the online vault which is a critical feature of any password manager. They didn't even have the decency to offer a free year of the subscription to their current paying customers.
It would have cost 1P pennies to just host the vaults on S3, but they decided to force their customers to switch to the subscription model if they wanted to have a feature they had already paid for and 1P had been advertising for years.
It's slightly shocking how angry people get about companies going from one-time purchase to subscription. Like many software companies, 1Password made a business decision to focus on a subscription product. This strikes me as reasonable and naturally aligned with the customer expectation that this software be supported in perpetuity as OSes and browsers evolve over time. $5/month is not a crazy price to pay for a critical piece of software you use every day—to the contrary I kind of feel like it's the minimum price for a consumer software product to be sustainable. I don't want my password manager to be cutting corners because they can't afford to invest properly in the product.
As far as deprecating the bring-your-own-sync approach, I understand this is legit flexibility that some customers want, and I'm glad there is a competitor that does a good job of it. Personally though, after many years of using 1Password + Dropbox, I must say I've had a lot fewer sync problems since migrating over to 1Password for Families. If I had a broad sync strategy maybe I would feel otherwise, but I don't—to the contrary, I'm moving away from Dropbox because of the shenanigans they are pulling with my OS internals, and maintaining a VPS or even an AWS account with S3 is a significant burden that I don't take lightly. As a product engineer, a single integrated sync is easier to provide guarantees, and prevents a lot of problems caused by third parties with no recourse to debug.
I've been thinking about this a lot about Adobe lately, specifically. I've been getting into video editing as a hobby, and the fact that I could use Premier for $20/month rather than the single time purchase of $800 or whatever it used to be is the difference between me being able to use it or not. And yeah, maybe in 40 months I would be spending more money, but there's no guarantee I wouldn't be spending money to upgrade at that point... and then once I started wanting to add in After Effects, Audition and Photoshop, $60/month for literally every Adobe product compared to what, like, $2400 for those four? And if I use any more things from the suite, it's still the same price. I was talking about this with someone the other day, and was like "Imagine telling 12 year old me that I would own a legal license of Photoshop because of how inexpensive it is."
(I am also a happily paying customer of 1password; I strongly prefer the cloud offering...)
And that's beyond the fact that, in some sense, this aligns the business needs closer to mine. It is easier and in some sense, more fair, for me to pay for the software while I use it, and not when I don't. On the business side, it's nicer too. It pretty much feels like a win-win all around, except for certain circumstances. But in the happy path, it's basically almost entirely strictly better.
I feel weird being on this side of this argument these days, but it is what it is.
well I am (or rather my company) is a paying customer aswell. they offering is really cheap and you get tons of family accounts for free.
but I think a subscription model always depends on the use case, I mean it's probably impossible to pay for everything (considering that every software that we would use, will be using a subscription)
I'm on a mac and lots of small tools are priced like 4-5 € which means I only need to buy a new version ones apple updates his os.
I thought it was an open secret that people who were just trying out the Adobe tools (and other software with similar pricing) didn't really pay the sticker price?
Maybe? I dunno, it's been a very long time since I cared about using any of them, and it's cheap enough now (and I like, have a real job and stuff, I'm not a kid and/or in college) that doing anything else would have taken more time than it's worth.
> Or you can buy DaVinci Resolve for $295 and get a lifetime license.
I make good money, and so dropping $20 on something for a new hobby is something I do without thinking, but $295 is something I have to consider. And I'm a software developer who makes a decent salary. It's more than 10x the cost. It takes fifteen months before that breaks even.
> And they make a Linux version.
I'm not a Linux user, so this isn't something I particularly care about these days.
Something I didn't talk about in the original post: I did try a few $0 editing programs at first, and I know that DaVinci Resolve stacks up pretty okay here, but one of the main reasons I went with Premire is how easy it is to get help with virtually everything, given how widely it's used. As someone who is at the "I don't even know what I don't know" stage, that's a real advantage. This isn't part of the whole "monthly fee SaaS vs one-time license" aspect of things, but it did factor into my overall decision.
I just want to add that Resolve is an amazing product no matter how you pay for it. For beginners and professionals alike. You will constantly need help using Premiere and you’ll never think you’re using it right because it’s a sum of mismatch concepts and dead ends. Resolve has a comprehensive design so you can learn how to use it and keep using it that way because the entire software supports those concepts.
I started with 1Password 4 (non-subscription) and considered upgrading to 1Password 7 -- yes, you could buy a non-subscription copy when I checked, although it's increasingly well hidden as an option -- and in addition to Dropbox it may have supported iCloud, not sure about that.
In the end I went with the subscription because I it's bought once for all my devices, and is great for family use, with UX that's easy from children to grandparents. As a bonus, the Dropbox sync issues just stopped - their own sync works much better for me.
I do understand the frustration about subscriptions for everything but I'd like my password manager vendor to remain in good financial health, so I'll happily make an exception and pay regularly for my password manager.
> just host the vaults on S3
That's a fairly niche audience, and it's very easy to misconfigure S3. Product development is about making hard choices, and I'm ok with 1Password choosing not to do this, just as I'm okay with them not supporting WebDAV -- YMMV.
What I do wish is that 1Password would support a few cloud storage options (e.g. Google Drive, OneDrive etc) on mobile so that people who're not inclined to subscribe have an alternative, if only to squelch the inevitable complaints about subscriptions. When 1Password was a smaller company, I can see why one wouldn't want to do that as it'd take away precious dev time, but my understanding is that they have more funding now.
I agree on supporting your vendor, however, I think 1Password is too expensive. That is why I pay for Bitwarden. The difference is 33% less expensive (or 50% more expensive if you look it from the Bitwarden side). I think 3.33 euros per months is about a good valance.
You're getting downvoted, but this is all true and shouldn't be discounted. I'm in the process of migrating off 1Password after their shitty behavior of all but forcing people to migrate to the cloud.
Like OP, I’ve used 1P since the early 2010s. Its approachability (and the fact that I pay for it) finally convinced my family (SO/siblings/parents) to use a password manager. I love the native experience on iOS, and the full desktop version + browser extensions
I remember being frustrated by the Dropbox loss, and I’m
still frustrated that they seem to push 1PasswordX over the native apps. Other than that I’ve only had 3 major gripes:
1) Lack of Linux support
2) Lack of good ssh key management
3) Lack of ability to self host
I’ve been eying BitWarden for awhile-
How was your transition/migration to Bitwarden from 1P?
How does the iOS integration compare to 1P?
Do you self-host?
> I’m still frustrated that they seem to push 1PasswordX over the native apps
This is one of the things that pushed me to choose bitwarden over a 1password families subscription (even though I get the latter for free from my work).
I don't like the idea of credentials living in a browser extension (or even in a browser). I'm not confident in the long-term security of the entire setup, especially with the "evergreen" nature of modern browsers. I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
Interesting! I honestly hadn't seen the perspective that we were pushing 1Password in the browser _over_ the apps. We may need to look at our messaging on that. Personally I think the best experience comes from using both in conjunction, especially with the new mutual unlock feature.
> I don't like telling my less-technical family that this extension is okay, but absolutely don't trust any other extensions.
I do understand this dilemma, but I'm curious how you reconcile that against things like the benefits of filling from the extension avoiding the system clipboard & key loggers, the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items, etc.
Telling folks the 1Password extension is okay and others are not is the approach we take internally.
> I'm curious how you reconcile that against things like the benefits of filling from the extension avoiding the system clipboard & key loggers
I'm mostly punting this to macos. I don't give my kids admin rights on the devices I let them use and in general I think you need a11y access to log keys on mac, granting which requires admin.
AFAIK, modern browsers prevent interaction with the clipboard without user interaction, so using the system clipboard for passwords is not a huge deal. As a mitigation, 1password and other password managers clear the clipboard after a timeout.
On my linux machine, I use a bitwarden CLI in a script that either uses xclip to put the password into the clipboard or xdotool to type it directly. To my understanding, the security model in X is quite a bit worse than that in mac, but I prefer this over using a browser extension.
> the inherent phishing protection that comes from 1Password only suggesting credentials on sites where the URL matches your items
I can't wait for a passwordless world to come. For now, my kids only have credentials on sites that are relatively worthless, and I use U2F on all the sites/services I possibly can that have any value.
On the sites that have value but don't support U2F, I either accept the risk or try to find alternatives. Banks and financial services (I live in the US) are a perennial disappointment here.
I do use the bitwarden app on my iphone, and when you actually go through the password filling feature (instead of just switching to the bitwarden app and searching), it does suggest only those passwords that match the URI you're looking at. I haven't closely examined why I'm okay with this integration but not a browser extension on other platforms, but I am.
I'm happy to hear our export worked well for you. We spent extra effort there to make sure our export format contained enough structured information that it could be imported properly elsewhere. I hate data lock-in and we wanted to make sure you wouldn't be locked into 1Password.
> online vault which is a critical feature of any password manager
I guess by "online" you mean access to your passwords using nothing but a web browser. I can see how that could be a requirement for certain users (e.g. employees permitted to make personal use of a work computer but not install any software) but disagree that that's a critical feature.
I used Dropbox to sync my 1Password vaults (including a shared vault with my spouse) from 2013 but never used the "trick" of publishing it through the public folder before Dropbox dropped that feature in 2017. I continued using Dropbox to sync vaults until last year when I upgraded to 1Password 7 and a family subscription.
> you've probably never lost your phone while traveling.
Yes, like most people, I have not. If I did, on most trips I’ve had a laptop and anything critical would also be in the shared vault on my spouse’s phone.
If I didn’t have any of that, I could install the client on another device to access my vault, if someone would let me; a risk but possibly worthwhile in some critical hypothetical and not really different than using a browser on it (I don’t even know what such a scenario would be, if I was robbed of everything?). Or I could buy a device (even if I was robbed, I could call my parents to pay).
Since Bitwarden is end-to-end encrypted, the risk isn't who hosts the data but who controls chrome extension and App Store updates. Bitwarden's servers being compromised would cause you no harm except data loss, but a malicious client update could steal all of your passwords.
Bitwarden is awesome, and super easy to self host with Docker. Heck, you could get a $5/mo DO droplet and host bitwarden_rs along with a static site or a bunch of other things! I wouldn’t suggest this to people who are unfamiliar with hosting, Linux, docker, and how to make backups, so the self hosting is admittedly limited in appeal, but even their SaaS offering seems like a great deal!
Bitwarden is a great alternative. But it must be mentioned that you need to be willing to accept the responsibility and burden of the operational overhead required to run it.
I realize that most people tout self-hosted as a "benefit", and it might be a benefit for the demographic reading HN. But for the average person, self-hosting is far from practical. Most people can't realistically boot up a DO droplet and install Docker and Bitwarden.
Heck, I am a SysAdmin as a career. I build highly available architecture all day long, but for my personal/family passwords it is honestly not something I personally want to handle. Maybe it is because I actually work in highly available architectures all day long that I am more fearful of throwing all my passwords onto a $5/mo DO droplet, that by its nature is not HA. Sure I have the expertise to lock it down, keep it secure, keep it backed up, keep it updated, etc.. But I am paying $60/yr for the VPC ($5/mo x 12 mos = $60/yr), which is the same cost as 1Password for a Family plan and is more expensive than the $36 they charge for a personal plan.
So even though I am qualified to reliably self-host everything, why would I want to? Why not just pay the same amount of money for someone else to accept that burden? Plus that company is scaled up to be running their customers on far more reliable architecture systems than I would alternatively be using on my single VPC/droplet.
This isn't to shit on Bitwarden. In fact i have a ton of experience with both Bitwarden and 1Password. These are easily the two best options on the market. Both have close to feature parity. You can't go wrong with either. But I would just cautiously warn people that want to self-host Bitwarden. This is a major responsibility to self-host an app that contains such critical information. Before you click install I would do a thought experiment of what would happen if you lost your Bitwarden installation, and therefore ALL of your unique passwords across the entire internet. Now ask yourself, how confident are you that you can avoid that situation. Then remember that affordable alternatives exist that take that responsibility away from you.
This isn't saying that you shouldn't do it. Just that it isn't practical for most people. And I honestly don't see the draw for self-hosting a personal or family account. I would self-host a business account. But why bother with personal or family? Just get a hosted account so you don't have to play "IT Person" at home when your partner gets locked out of Netflix and can't access the password.
You're not required to self-host Bitwarden, it's simply touted as an option around here for those too paranoid to let a third party host their passwords.
If you are already in the 'let someone else deal with it' camp, then Bitwarden is dead simple. It works everywhere and does a great job of keeping your vault in sync on any device. All for way less than 1Password.
Going to confirm this: BitWarden is dead simple to set up without any hosting requirement. There's an option to host it, which I haven't tried, because the base setup is so dead simple.
This whole comment was a great read, and parallels how I personally feel about self-hosting. I have a homelab with my own servers where I love to play with this kind of stuff. Do I want the responsibility of setting up and maintaining the 1Password service all by myself as a production environment? Absolutely not.
I have more infrastructure in my basement than some small companies have in their entire organization. :D But in terms of relying on that infrastructure, run by me alone, for something as mission critical as 1Password? I'll pass.
Bitwarden is a great option. It has all the features you could need, and is cheaper (and critically has a free plan). That's basically my default recommendation for most people. I know most people won't consider anything other than free.
I still choose to use 1Password personally, because the higher polish and experience is worth the slightly higher price for me.
I had to reduce #Lastpass importance here, when they crippled the multiple plaform usability so my natural choice was #Bitwarden. THe fact that they are open source and will not pull such a stunt as lastpass did was vital for me.
Lastpass is now reduced to usage on linux machines, while bitwarden superceeds it on all platforms, even when new ones come in the future
Very nice!
The UI is not pretty, but the UX surely is great. Bitwarden also provides true black theme for OLED.
Website auto-detect key works well on Safari, but hit-and-miss on other browser (just like 1P is—or was).
Has clients for all platforms, open source, self hosting or free plans and saas.
Waited long time for 1password for linux and switched last year to bitwarden. Family Account for 6 Users ($40 per year)