Here’s the story of me leaving LastPass. It was 2:30 AM on a Tuesday. I was about to go to bed. I went to Twitter and right there was Lifehacker warning me that LastPass was hacked and I should change my password. Hackers got the good stuff. But LastPass’s security was good enough (hash and salts) so if I had a really long password (which I did), I was fine. Still, I wanted to change my password. I tried a couple of times. Finally, I got through. This was around 3 AM. I typed in a whole new password and a hint which I thought was just right. Then I went to bed.
When I woke up and tried signing in to LastPass on Chrome, I couldn’t remember the password. Well, I’ll just recover the password I thought. Apparently, it’s only possible using a one-time recovery key stored locally, which I had already used up (I didn’t have backup OTPs, which was my mistake). I tried it from other places I had LastPass installed. Same. That was it. I was locked out.
Now, I had a choice. Either create a new LastPass account or give something else a try. All this LastPass hack stuff had me thinking of 1Password anyway. So I went researching, downloaded the trial, played around with the app. The Mac app was available for $35 that week (I already had the Pro version of iOS app). I jumped for it.
Sidenote: All my passwords were unique but based on a long pattern. So I didn’t need to reset all my accounts. I just needed to add them to 1Password and using the Chrome extension, that was easy to do. To know more about the best ways to create strong passwords, check out our guide.
Here’s why. And there’s more to it than me just being careless with my LastPass account.
Also on Guiding Tech
1. 1Password Doesn’t Use Servers to Sync
Unlike LastPass, 1Password uses a local database file that opens with the one master password. If you forget it, that’s it, you’re done.
LastPass, on the other hand, used their own servers to save passwords. While their security measures are really great, they’re still susceptible to hacks. The most recent one was last month. And while the hackers weren’t able to get to all the usernames and password if the user had a strong master password, it was still a cause of worry.
Hacking 1Password is a lot harder because, first of all, the local database in only stored on your Mac/PC. And even if you choose to upload it to Dropbox to make syncing easy, the hackers would still need to hack your individual account/PC. Which is a lot to go through. If you enable 2-factor authentication in Dropbox, you will be stress-free.
Plus, you don’t even have to use Dropbox to sync the database. 1Password will take care of the complicated bits to sync the database over local Wi-Fi network.
Making sense of the pricing structure: One thing that’s not simple about 1Password is the messed up pricing structure. Both Mac and Windows apps are $50 each (they go on sale often). The iOS app is free to use but certain Pro features require a $9.99 in-app purchase. Android app on the other hand only has a 30 day trial, after which you need to pay $9.99. Please do something about this AgileBits. With LastPass, you pay $12 a year and get access to Premium features everywhere.
2. I Always Wanted an All Things Secured Bucket
I like to think of 1Password as less of a password manager and more as a bucket for “All things secured”. And 1Password makes it really easy to use it as one. We all have documents we need to keep digital versions of. But we’re never sure where they should go. Is Evernote or your email safe enough for a scanned copy of your passport or social security number? What about Credit Card details? What about those backup OTP codes where you have 2-factor authentication enabled?
When I was using LastPass, I never felt comfortable adding my Credit Card details there. But I did so in a second after signing up for 1Password. Because the way it’s built, I trust it more.
Plus, when it comes to Secured Notes, 1Password itself has more than a dozen presets with relevant fields ready. You don’t have to do anything. Also, it’s easy to attach files to a note. Say, you want to scan and upload a picture of your Passport along with the details – it’s easy to do. You can also create any kind of custom field you want.
3. 1Password Mini and Chrome Extension
I probably wouldn’t have switched to 1Password if it didn’t have a Chrome extension. LastPass had spoiled me. Although it’s nowhere near as good as LastPass’. I need to login every time I resume my Mac from sleep and it doesn’t have an autofill option. I need to manually select the website from the list to fill-in the details. It’s a bit harder, but I’ve got used to it.
Another really cool thing about 1Password is 1Password Mini. It’s the little menu bar app that’s always available. It’s easy to search details like account passwords and quickly copy it to the clipboard. Plus, you can generate a new password with any parameters you like instantly.
Watchtower: This feature was recently added to 1Password and it helps me keep track of which websites have been compromized and if I need to change my password. Plus 1Password also has a security audit tool built-in.
2 Factor Authentication: I’m sick of Google Authenticator, especially their Android app. 1Password has a system for 2FA it calls “Time-based One-Time Passwords”. I’m yet to try it (playing around with Authy right now). But the idea of having 2FA integrated right in my password manager is really intriguing to me. Especially because it’s going to work even on my Mac. Google Authenticator only works on mobile.
What Are You Using?
Are you a LastPass user? Do you use Apple’s iCloud Keychain? Or do you just save passwords in Chrome (you really shouldn’t)? Share with us in the comments below.