• youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      1 month ago

      For something that literally holds all your credentials, just it being closed source should be enough of a concern.

    • helpImTrappedOnline@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 month ago

      You’re trusting a third party to store, protect and not loose your passwords behind a vault you never see.

      Google had messed up pretty bad a few months ago. Last pass has had issues. I’m unaware of 1pass having issues, but I don’t exactly pay close attentions. https://www.keepersecurity.com/blog/2024/08/01/google-password-manager-loses-millions-of-passwords/

      These days its not if something bad happens, its when and how bad.

      Keeping your database private, also reduces the risk of random attacks a lot. If you’re passwords aren’t part of a big data leak, they can’t use them. Hackers are after the big payouts or the easy payouts. They’re less likely to spend a lot time trying to crack your one database, when they can move on to the next guy who keeps them all in a word doc.


      If you do have reason to keep using 1pass for whatever reason, be it convince or lack of time to switch, I highly recommend at least getting your important (email, bank, etc) passwords duplicated to something like Keepass (back that file up too) so if/when 1pass ever looses your passwords, you at least have a solid starting point for recovery. Its also good way to familiarize/try out a few options with out dedicating to a full switch.