back to article 1Password unsheathes Rusty key, hopes to unlock Linux Desktop world

1Password has unveiled a full-featured desktop app for Linux, written in Rust and using the ring crypto library for end-to-end encryption. The release features encrypted browser and desktop integration and, according to the business, "uses the Linux kernel keyring to establish a fully encrypted connection between 1Password in …

  1. LordHighFixer

    Not a fan

    I have never been a fan of password managers. Just another point of failure. Never been much of a fan of passwords for authentication either...

    1. Victor Ludorum

      Re: Not a fan

      I'm intrigued to know what your preferred method is for user authentication?

      1. ibmalone

        Re: Not a fan

        Saying, "Do you know who I am?" in a loud voice.

        1. razza

          Re: Not a fan

          Post of the month. Your job is done,.

          1. ibmalone

            Re: Not a fan

            Thanks! Pints all round.

      2. bombastic bob Silver badge

        Re: Not a fan

        Who needs a password locker? There are *OTHER* ways for storing passwords:

        * Fa[e]ceBook, Tw*tter, G[a,oo]gle, Micros~1 Login

        * Sheet[s] of paper

        * Same PW, EVERYWHERE! "Correct-Horse+Battery*Stapl3"

        * Keep it short and easily remembered

      3. Ilgaz

        Re: Not a fan

    2. bombastic bob Silver badge

      Re: Not a fan

      So far the best password manager I've found is KeePassXC (the C language version of KeePass that can be compiled from source on Linux and FreeBSD).

      There's even a button to make passwords visible. I use it a LOT so i can have longer more random ones. And though it may be possible to auto-paste into a browser, I typically just copy/pasta the passphrase from the KeePassXC 'edit' dialog box directly into the browser or ssh session. Or you could use the 'make visible' button to see the password and just type it.

      (and I must have about 50 of them stored in there, now, because I *REFUSE* to use FB, T, G, or Micros~1 logins)

      1. TFL

        Re: Not a fan

        Yeah, there is a browser extension as well, that talks to a running instance of KeepassXC.

  2. Yet Another Anonymous coward Silver badge

    Is that the risk?

    A dodgy web site plugin requests your bank password and this software ensures that the transfer of that password to your browser is totally secure from any other apps running on your own machine?

    Isn't that like insisting that you only access Facebook from a TEMPEST shielded terminal

    1. big_D Silver badge

      Re: Is that the risk?

      If you try and enter your username and password using 1Password, it won't offer you any default credentials, if you visit a phishing site (same for LastPass and all other PMs I've used). If you really want to enter your banking credentials into a phishing site, you need to open 1Password and manually search for your bank logon and manually tell 1Password (or any other PM worth its salt) to fill it in for you or to copy and paste it manually.

      On my account, it offers a drop-down with credentials that are used for the current site (E.g. Amazon I have private and business accounts, the same for Microsoft 365 etc.), but it never automagically fills in the details, I have to explicitly select them to be filled in.

      If you land on a phishing site, you won't be offered anything to fill in, so it is fairly obvious it is a phishing site and the fact you have to manually search for the "correct" login for that site should be a huge warning that it isn't the site you are looking for...

      1. padamiak

        Re: Is that the risk?

        Plus if you have a family account you can all share secure access easily between multiple devices.

  3. Anonymous Coward
    Anonymous Coward

    Not this s£$£$& again!!

    Just F.O.... F.O. please!!

  4. Tom Chiverton 1 Silver badge

    Umm, no?

    Password Safe, DB in Dropbox / Nextcloud

    Done. Free forever. Easy sharing across any number of users on any modern OS

    1. big_D Silver badge

      Yes, as long as the users know what they are doing. I've tried it with non-technical users and it is a pain to set it up for them on each device and train them up.

      The likes of 1Password, LastPass etc. aren't as autark as I would like, but it "just works" on any new device, without having to jump through too many hoops (i.e. just install the browser add-in, sign in and go.

      With you solution, they have to sign into Dropbox or Nextcloud, install the PM and set-up the PM to read the right file. For a technically versed team, no problem. For users who don't know the difference between an ERP application and an RDP client, or accidentally click the "pin" in the Outlook menu ribbon, then call up to say Outlook is broken, that is too much.

      1. padamiak

        One client used password safe that way. Essentially many employees were copying the passwords out to store them in Excel or notepad. Pretty horrible

  5. Anonymous Coward
    Anonymous Coward

    Yeah, blah blah big password, but

    While if I was just managing stuff for my self I'd be meh, since I have to work in a team having integration on the linux side isn't a bad thing, and we could see some of the good parts migrate to OSX or the ever more Unixy underlayers of Windows.

    Get both of those and you get close to being able to implement a proper cross platform keyring api for passwords. And that would be great right.

    Trick is we probably need to give them a little shove in that direction. So if you are applying for one of those free Linux dev accounts, put a word in their ear...

  6. Anonymous Coward

    Your Password Is Safe In The Cloud ...

    Should I continue? Or have I covered everything already?

    1. SW10

      Re: Your Password Is Safe In The Cloud ...

      Do continue.

      Your bank is effectively in the cloud, along with tens of other repositories of sensitive information. Moreover, so is your real Achilles heel; your email account to which all password resets are sent.

      You may be some kind of infosec ninja, but my mum isn’t, neither are millions of others who need to move away from Password123, or my initials and birth date

      1. Anonymous Coward

        Re: Your Password Is Safe In The Cloud ...

        > Your bank is effectively in the cloud [ ... ]

        My bank is not in the Cloud. They actually make a Big Deal out of that. I'm sorry to hear yours is.

        > [ ... ] along with tens of other repositories of sensitive information.

        Which do get leaked or spilled, proving my initial point. Which is why I don't reuse passwords. Which is also why I rely on my browser's local storage to save passwords.

        And your point was? That using a stupid, insecure, Cloud password management service is better because ... you now have a single point of failure for spilling all your passwords on the open Internet?

        1. big_D Silver badge

          Re: Your Password Is Safe In The Cloud ...

          Your bank doesn't offer any online banking and doesn't have automated transactions with other banks?

          1. Anonymous Coward
            Anonymous Coward

            Re: Your Password Is Safe In The Cloud ...

            > Your bank doesn't offer any online banking and doesn't have automated transactions with other banks?

            US inter-bank transactions do not happen over some sort of Cloud.

            Inter-bank transactions within the US are done through FedWire. Not on the open Internet. Doesn't run on Python on AWS.

            International inter-bank transactions are done through SWIFT. Not Cloud.

            Yes, my bank offers online access, bill payment service, the whole enchilada. Not on AWS or Google Cloud or any such other similar crap. They maintain their own infrastructure.

            US banks have some very strict requirements when it comes to data security. They aren't willing to take the risk of spilling customers' financial data by using some general-purpose cloud provider.

            1. big_D Silver badge

              Re: Your Password Is Safe In The Cloud ...

              Yes, but still "in the cloud", as in accessible from the Internet.

              There is a difference between an isolated bank that has not Internet access and one that has some server access through the Internet (i.e. the cloud, before folks at places like AWS, Microsoft Azure or Google Cloud Services made Cloud with a capital C something different).

      2. BloggsyMaloan

        Re: Your Password Is Safe In The Cloud ...

        >Your bank is effectively in the cloud, along with tens

        >of other repositories of sensitive information.

        Oh well. Might as well hang your front door keys outside the local key-cutter's shop with a stack of flyers with maps showing your address.

  7. Robigus

    Self host

    Bitwarden, Docker container, RPI4, home hosted.

    Bingerty bongerty boo.

    1. Anonymous Coward
      Anonymous Coward

      Re: Self host

      People who can self host are not 1Password's target demographic.

      Half arsed IT admins who use root for everything are the target here.

  8. jemmyww

    Colour me surprised

    I've used it for a long time, since before they had cloud accounts. It's a great service. I have a family account so my wife and I can have a shared password vault. The company I work for uses it too, and the apps work with multiple accounts.

    I use it on my company Mac, my personal Linux laptop, Android, and my wife on ChromeOS. The browser extension by itself was pretty acceptable on Linux. There's also a command line version which has occasionally been useful. Happy to see this native version too, makes creating and editing entries easier.

    1. BloggsyMaloan

      Re: Colour me surprised

      >I use it on my company Mac, my personal

      >Linux laptop, Android, and my wife on ChromeOS.

      How did you get a wife on Chrome OS?

      Was rooting necessary?

      1. shifty_powers

        Re: Colour me surprised

        You root your wife? This is a family forum, I'll have you know.

  9. MtK

    My problem with the 1Password app on Windows

    Is that once you unlock it, a memory dump of the process shows all of the passwords. The KeePass 2 app does not and has some sort of obfuscation.

    1. Anonymous Coward
      Anonymous Coward

      Re: My problem with the 1Password app on Windows

      That's kind of a huge security blunder! You should tell the devs, since obviously they didn't think about the implications of loading the whole unencrypted database in memory (as opposed to just the parts you currently need).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon