FusionGrokker

My experience moving from 1Password to LastPass

I love 1Password. A lot. So this is a bittersweet post.

I love 1Password so much, in fact, that after several months -- maybe a year -- of using it for my personal password management, I recommended it as a way for my team to share passwords. We have ~30 applications we maintain, and each has sql passwords, api keys, etc, for each environment (dev, stage, prod)... plus a gamut of other passwords that need to be shared, so something was necessary. The series of text files we inherited wasn't scaling well.

It worked out great... For a while.

I keep my personal 1Password keychain file in my dropbox, for various reasons:

  • Access to it from anywhere, including my phone (making it easy to copy+paste those complex generated passwords on the go) and computers without a 1Password client installed
  • Sharing it across various machines I work from, with automatic sync. If I sign up for a new site while at work, the password is waiting for me when I get home.
  • Free & encrypted cloud-based backup

When we started sharing a 1Password keychain for our team, it only made sense to also put that file in dropbox too. We have a folder that we share with everyone on the team, and we just put it in there.

For a while, this worked quite well. The only problem was that switching between keychain files could be annoying. Luckily, I figured out a workaround that made this pretty painless: Just drag shortcuts to both keychain files onto the OSX Dock (YMMV on other operating systems), and click them to tell 1Password which one you want to use. The browser extensions will always associate with the last file you had open in the application.

That was then. The good ole days. These days, if you use this approach, you may find your credit card numbers (and other private information) in the wrong keychain! Unless you want your coworkers ordering prank books for you, this is probably bad.

So, after much agony and strife, I reluctantly decided to switch my personal password repository to LastPass. I figured switching myself would be less hassle for the rest of the team, who are likely not using 1Password for their personal data.

I was thrilled to find that you can export your 1Password data and import it into LastPass. In fact, that made my day! I was not excited at the prospect of having to manually copy over the details of several hundred accounts. So thank you, LastPass team, for that feature.

So that's the story of how I got here. But what do I think of LastPass so far?

  • The chrome extension lacks polish. In just about every way imaginable, it's usability and user experience is inferior to 1Password. But it works.
  • I really dig how it auto-fills password forms for you without even a button press or keyboard shortcut (in most situations).
  • The software serials that I had in 1Password don't seem to have imported well. There are entries for them, but all of the useful information (license number, amount paid, date purchased, etc) are lost. They end up in the "form fill profiles" section.

It's only been a day. We'll see how I feel about it in a week/month/year. Maybe I'll follow up further down the road.

Published 2011-11-03 08:00 in 18 Responses Meta

18 responses:

Adam

Adam

2011-11-03 @ 8:27 AM
This morning I was dismayed to find that the Android app for LastPass costs $1/month. That may be enough to convince me to look at other solutions. We'll see...
Todd Rafferty

Todd Rafferty

2011-11-03 @ 10:22 AM
Just a reminder about http://keepass.info/ - and, the android app is free. Should have got worked hooked on that one instead so you didn't have to break from your personal preference. ;)
Nik

Nik

2011-11-08 @ 10:06 AM
Thanks for sharing your experience, Adam. Being able to selectively share data (with colleagues, family members, students in a classroom, etc.) is one of our top requests. It's something that we're mulling over for future implementation, but I don't have a timeframe for when it'll be possible.

1Password was never meant to support more than a single database, and it's really our mistake that we ever made it possible for the workaround you discovered to actually work. This came back to bite us when new browser extension frameworks forced us to re-architect the way 1Password's browser extensions work, and I'm really sorry about the problem you encountered with personal and work data getting merged. In version 3.8.7, we added a change that prevents the browser extensions from syncing when the data file is changed or recreated. This breaks your workaround, but it also prevents the sort of unintentional merging of data that you experienced.

I'm sorry that 1Password doesn't meet your work+personal needs right now, and hope that we won't keep you waiting too long for the type of selective sharing/sync functionality you need.

--
Nik L.
Happiness Engineer, AgileBits
http://agilebits.com
http://twitter.com/1Password
Adam

Adam

2011-11-09 @ 7:07 AM
Todd, is it really worth setting up mono? (I'm on OSX) And how is the browser integration?
Todd Rafferty

Todd Rafferty

2011-11-09 @ 7:11 AM
No, it's not and the browser integration isn't like 1password or lastpass.

It's a simple database/tools of passwords and generation/management. I mentioned that it is probably the database you should have introduced at work because it can handle multiple databases and it wouldn't have conflicted with your personal preference of 1password.
Geno Smith

Geno Smith

2011-11-09 @ 10:27 AM
I wouldn't use Last Pass I heard they were hacked
Phillip

Phillip

2011-11-09 @ 8:00 PM
I personally prefer RoboForm by Siber Systems. 1password is still lacking while RoboForm for Mac is steadily adding features. LastPass is a complete joke when it comes to security, just google some of the headlines from this past year. Anyone working as a security consultant over there should be fired because LastPass is a total mess. I will never switch from my RoboForm Everywhere license.
Todd Rafferty

Todd Rafferty

2012-02-03 @ 2:00 PM
btw, someone linked this today:
http://passpack.com/en/home/
Adam

Adam

2012-02-06 @ 10:18 AM
Thanks Todd, I'll look into that!
Jake

Jake

2012-02-23 @ 12:11 PM
Hello,
I love 1password as well, but I've been skeptical about using dropbox to sync the data, and I do like that lastpass autologs you into the site.

How have you found security for lastpass compared to 1password?
Adam

Adam

2012-02-23 @ 1:53 PM
I feel reasonably secure with LastPass, but I don't intend to stay with it forever. Since I changed employers, I plan to rush back into the open arms of 1Password as soon as possible, and relish its loving embrace.
Nick

Nick

2012-07-27 @ 1:39 AM
Thanks for this, in a similar position in that I've loved using 1Password for the most part but now it looks like I'll have to move to LastPass for delegation reasons. Got more confidence to proceed with it now. Cheers.
TriniFOX

TriniFOX

2012-08-10 @ 1:34 AM
Since you changed employers etc, have you decided to stay with LastPass for any reason? I may lean towards last pass as my (and others) are blocking Dropbox and similar over the corporate network.
Adam

Adam

2012-08-10 @ 1:23 PM
No way! 1Password is the gold standard. I've tried them all and nothing else comes close.
nick

nick

2012-10-01 @ 4:33 AM
If you're looking for an Enterprise level password manager take a look at Secret Server:
http://www.thycotic.com/products_secretserver_overview.html

They also have an online service for smaller organisations and for personal use:
http://www.thycotic.com/products_secretserver_online.html

Unlike small consumer products like LastPass and 1Password, Secret Server is truly an Enterprise product with the security to match.

At my last job they used it to store thousands of credentials, from user accounts to service accounts.
James Ford

James Ford

2012-10-31 @ 2:19 PM
I keep seeing people post that LastPass was hacked but from what I can determine it has never been proven they were hacked. As the company put it in an email telling users to change their Master Password, "they were being paranoid". They sent the email after investigating some unexplained traffic on their network. One thing to remember is that LastPass never knows your Master Password since it is encrypted locally and only a blob is sent to them.

For a detailed look into LastPass security I suggest listening to SecurityNow #256 at www.grc.com/securitynow. For those that don't know SecurityNow is hosted by Leo Laporte and Steve Gibson. Steve is a well known security person who coined the term Spyware.
JC

JC

2012-12-30 @ 8:25 PM
LastPass is all I used and I have tried them all. Most like 1Pass you are limited to a computer, browser, or need Dropbox. LastPass is locally encrypted then stored in the cloud. Yes $12 a year for access on mobile devices is well worth it. Everything else is free.
Osiaq

Osiaq

2013-02-26 @ 6:16 PM
Gosh, $12 per year ... People that cant sacrifice 2 hamburgers a year for paying day-to-day excellent tool are just plain idiots. Period.

Your comment:

Leave this field empty:



Playing Games to Save Kids Lives
+