Adam Tuttle

My experience moving from 1Password to LastPass

I love 1Password. A lot. So this is a bittersweet post.

I love 1Password so much, in fact, that after several months -- maybe a year -- of using it for my personal password management, I recommended it as a way for my team to share passwords. We have ~30 applications we maintain, and each has sql passwords, api keys, etc, for each environment (dev, stage, prod)... plus a gamut of other passwords that need to be shared, so something was necessary. The series of text files we inherited wasn't scaling well.

It worked out great... For a while.

I keep my personal 1Password keychain file in my dropbox, for various reasons:

  • Access to it from anywhere, including my phone (making it easy to copy+paste those complex generated passwords on the go) and computers without a 1Password client installed
  • Sharing it across various machines I work from, with automatic sync. If I sign up for a new site while at work, the password is waiting for me when I get home.
  • Free & encrypted cloud-based backup

When we started sharing a 1Password keychain for our team, it only made sense to also put that file in dropbox too. We have a folder that we share with everyone on the team, and we just put it in there.

For a while, this worked quite well. The only problem was that switching between keychain files could be annoying. Luckily, I figured out a workaround that made this pretty painless: Just drag shortcuts to both keychain files onto the OSX Dock (YMMV on other operating systems), and click them to tell 1Password which one you want to use. The browser extensions will always associate with the last file you had open in the application.

That was then. The good ole days. These days, if you use this approach, you may find your credit card numbers (and other private information) in the wrong keychain! Unless you want your coworkers ordering prank books for you, this is probably bad.

So, after much agony and strife, I reluctantly decided to switch my personal password repository to LastPass. I figured switching myself would be less hassle for the rest of the team, who are likely not using 1Password for their personal data.

I was thrilled to find that you can export your 1Password data and import it into LastPass. In fact, that made my day! I was not excited at the prospect of having to manually copy over the details of several hundred accounts. So thank you, LastPass team, for that feature.

So that's the story of how I got here. But what do I think of LastPass so far?

  • The chrome extension lacks polish. In just about every way imaginable, it's usability and user experience is inferior to 1Password. But it works.
  • I really dig how it auto-fills password forms for you without even a button press or keyboard shortcut (in most situations).
  • The software serials that I had in 1Password don't seem to have imported well. There are entries for them, but all of the useful information (license number, amount paid, date purchased, etc) are lost. They end up in the "form fill profiles" section.

It's only been a day. We'll see how I feel about it in a week/month/year. Maybe I'll follow up further down the road.

23 responses:

Adam

Adam

This morning I was dismayed to find that the Android app for LastPass costs $1/month. That may be enough to convince me to look at other solutions. We'll see...
Todd Rafferty

Todd Rafferty

Just a reminder about http://keepass.info/ - and, the android app is free. Should have got worked hooked on that one instead so you didn't have to break from your personal preference. ;)
Nik

Nik

Thanks for sharing your experience, Adam. Being able to selectively share data (with colleagues, family members, students in a classroom, etc.) is one of our top requests. It's something that we're mulling over for future implementation, but I don't have a timeframe for when it'll be possible.

1Password was never meant to support more than a single database, and it's really our mistake that we ever made it possible for the workaround you discovered to actually work. This came back to bite us when new browser extension frameworks forced us to re-architect the way 1Password's browser extensions work, and I'm really sorry about the problem you encountered with personal and work data getting merged. In version 3.8.7, we added a change that prevents the browser extensions from syncing when the data file is changed or recreated. This breaks your workaround, but it also prevents the sort of unintentional merging of data that you experienced.

I'm sorry that 1Password doesn't meet your work+personal needs right now, and hope that we won't keep you waiting too long for the type of selective sharing/sync functionality you need.

--
Nik L.
Happiness Engineer, AgileBits
http://agilebits.com
http://twitter.com/1Password
Adam

Adam

Todd, is it really worth setting up mono? (I'm on OSX) And how is the browser integration?
Todd Rafferty

Todd Rafferty

No, it's not and the browser integration isn't like 1password or lastpass.

It's a simple database/tools of passwords and generation/management. I mentioned that it is probably the database you should have introduced at work because it can handle multiple databases and it wouldn't have conflicted with your personal preference of 1password.
Geno Smith

Geno Smith

I wouldn't use Last Pass I heard they were hacked
Phillip

Phillip

I personally prefer RoboForm by Siber Systems. 1password is still lacking while RoboForm for Mac is steadily adding features. LastPass is a complete joke when it comes to security, just google some of the headlines from this past year. Anyone working as a security consultant over there should be fired because LastPass is a total mess. I will never switch from my RoboForm Everywhere license.
Adam

Adam

Thanks Todd, I'll look into that!
Jake

Jake

Hello,
I love 1password as well, but I've been skeptical about using dropbox to sync the data, and I do like that lastpass autologs you into the site.

How have you found security for lastpass compared to 1password?
Adam

Adam

I feel reasonably secure with LastPass, but I don't intend to stay with it forever. Since I changed employers, I plan to rush back into the open arms of 1Password as soon as possible, and relish its loving embrace.
Nick

Nick

Thanks for this, in a similar position in that I've loved using 1Password for the most part but now it looks like I'll have to move to LastPass for delegation reasons. Got more confidence to proceed with it now. Cheers.
TriniFOX

TriniFOX

Since you changed employers etc, have you decided to stay with LastPass for any reason? I may lean towards last pass as my (and others) are blocking Dropbox and similar over the corporate network.
Adam

Adam

No way! 1Password is the gold standard. I've tried them all and nothing else comes close.
nick

nick

If you're looking for an Enterprise level password manager take a look at Secret Server:
http://www.thycotic.com/products_secretserver_overview.html

They also have an online service for smaller organisations and for personal use:
http://www.thycotic.com/products_secretserver_online.html

Unlike small consumer products like LastPass and 1Password, Secret Server is truly an Enterprise product with the security to match.

At my last job they used it to store thousands of credentials, from user accounts to service accounts.
James Ford

James Ford

I keep seeing people post that LastPass was hacked but from what I can determine it has never been proven they were hacked. As the company put it in an email telling users to change their Master Password, "they were being paranoid". They sent the email after investigating some unexplained traffic on their network. One thing to remember is that LastPass never knows your Master Password since it is encrypted locally and only a blob is sent to them.

For a detailed look into LastPass security I suggest listening to SecurityNow #256 at www.grc.com/securitynow. For those that don't know SecurityNow is hosted by Leo Laporte and Steve Gibson. Steve is a well known security person who coined the term Spyware.
JC

JC

LastPass is all I used and I have tried them all. Most like 1Pass you are limited to a computer, browser, or need Dropbox. LastPass is locally encrypted then stored in the cloud. Yes $12 a year for access on mobile devices is well worth it. Everything else is free.
Osiaq

Osiaq

Gosh, $12 per year ... People that cant sacrifice 2 hamburgers a year for paying day-to-day excellent tool are just plain idiots. Period.
Jack

Jack

Love LastPass! It saves my life daily by having access to all my log in information and I recommend it to everyone! Thanks!
Tim Harper

Tim Harper

Nik,

You guys would sell so many corporate copies of 1Password if you implemented shared databases. 2 years later, 1Password 4 beta, I'm feeling dismayed :(

Ended up rolling a custom solution that uses AES encryption to/from RAM disks. It works, but lacks browser integration.
Martin Seibert

Martin Seibert

We would love the selective sync for our company as well. Waiting ...
Nik

Nik

Tim, Martin, thank you for your comments. 1Password 4 for Mac introduced shared vaults, and so far the feedback has been fantastic. It's still in its infancy, of course, and we have a lot of ideas to help it realise its full potential, but for now we want to get this initial implementation on all our supported platforms and into our customers' hands as quickly as possible.

If you would like to talk more about this, please join us in our forums or e-mail us. We're also on Twitter and ADN.

Cheers,
--
Nik Lal
AgileBits Happiness Engineer
support@agilebits.com
Job Arroyo

Job Arroyo

I have been a 1 password user ever since the collapse of palm inc and the rise of the iPhone.

I am moving on to LastPass because of different reasons:

1. They have taken quite long time to develop the Android version. Reader was not enough for my use.
2. I am wondering if they will charge the Android version or if it will require me to update to 1 Password 4. Summing it all up, it would be cheaper to pay Lastpass and I have instant cross platform functionality in all my devices.

Any opinions?

Thanks.

Your comment:

Leave this field empty: