Another Password Manager Leak Bug: But KeePass Denies CVE - Security Boulevard:

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The issue is that KeePass has this weird feature that queues up a cleartext password export for the next time you authenticate. And that feature is itself configured via a plain-text config file, writable in the user’s security context. This strikes many as dangerous. However, Reichl blames the victim, saying an exploit would be the notional user’s fault for using an insecure device.

I have been a 1Password user since… well, I don’t remember. I do remember waiting eagerly for 1Password to launch on the iPhone - I have 1Password and 1Password Pro in my early purchase history.

I’ve been happy with them ever since. No major security vulnerabilities, responsive and quick to answer/clarify technical questions on how they’re keeping our data safe and not once have I seen a “you’re holding it wrong” response or any other type of victim blaming.

Many years ago at my previous employer, we wanted to make 1Password available to all our employees, recognizing that although our path was passwordless, security began at home. One phone call later, we were offered 1Password for both Mac and Windows for 5 devices for every license we purchased. This was back in the days of perpetual licensing - was this the genesis of 1Password for Business including 1Password for Families?

I also had an early briefing on the 1Password cloud service when they were only supporting Dropbox and iCloud, and how they were determined to truly minimize how much information they knew about their users and never having access to the contents of the vaults.

In the years since then, I’ve heard many complaints about their pricing model changing - while I can’t put a price on keeping my passwords and other secrets safe, 1Password is a no brainer for me. When we started Procella we instantly switched from individual 1Password for Families to 1Password for Business. which includes protection for up to 5 family members.

We’ve setup referrals for 1Password, but if you have 10 or more seats, talk to us first :)

1Password defined the password management business. Other companies have come and gone but 1Password still defines it for me. Unless you’re on BitWarden, it’s time to switch.

Mastodon