1Password Comes to Linux -- Don't Use it.
Вставка
- Опубліковано 3 жов 2024
- If you're going to use a password manager -- and you should -- use one that is Free and Open Source. 1Password may look pretty, but there are better alternatives.
Patreon - / thelinuxcast
Liberapay - liberapay.com/...
===== Referenced ====
www.omgubuntu....
Bitwarden - bitwarden.com/
keypassxc - keepassxc.org/
pass - www.passwordst...
===== Thanks to Our Patrons! ====
Devon C. -- Tier 4 Patron
Marcus B. - Tier 3 Patron
Donnie H. - Tier 3 Patron
Maeglin - Tier 3 Patron
Sven C. - Tier 3 Patron.
Marek M. - Tier 1 Patron
Camp514 - Tier 1 Patron
Mitchel V - Tier 1 Patron
===== Follow us 🐧🐧 ======
Odysee - odysee.com/$/i...
Mastadon - @drmdub@distrotoot.com
/ thelinuxcast
/ mtwb
Subscribe at thelinuxcast.org
Contact us thelinuxcast@gmail.com
/ thelinuxcast
#1password #passwordmanager #foss
I was a Linux user before 1Password was ever written. While I was an undergrad, I found myself in a position to need real MS Office the worst time possible (the middle of an exam!) and so I bought a Mac. Good machine for its day, and I continued using them for end-user tasks throughout and even after my graduate program. In this time I found myself trying 1Password and using it. It was not open-source, but it was a good program, you owned your own data, and the devs said you'd always have that option.
They they went SaaS and on Mac and Windows you could still own your own data … though you'd now pay more for the privilege than getting an online monthly subscription. Oh and browser-based Linux support with online account showed up, but the option of offline wasn't even there on Linux. That's where I started looking for alternatives.
Bitwarden is a thing if you wanna run your own server for it, and Keepass has improved quite a bit. KDE and Gnome both have password wallet apps, too.
Self-hosting your password manager comes with it's own set of risks / concerns. YOU have to manage the whole infrastructure around it - backup plan(s), periodically validating your backup plan(s) by doing a restore, remote access, encryption, acquiring a host on which it runs on, securing that host, high availability, security patches and countless of other things which could go wrong and leave you without any of your passwords. or getting compromised due to something YOU didn't configure properly, and then you got no one to blame but yourself. If a company with many millions of users screws up that's not really on you.
Regarding blindly trusting closed-source vs using open-source argument - I'm confident you didn't read the 300,000 lines of code within the `bitwarden/server` repo, in which case you are blindly trusting others anyway. With regards to 1P being a closed source which can't be trusted, well, that's why audit firms exist. whether you trust the companies who do those audits is for you to decide, but the people there were hired specifically to do just that.
I just want to point out that I'm a big fan of self-hosting anything and everything, but it would be ridiculous for me to suggest self-hosting a Bitwarden server to the average guy who knows nothing about running and exposing web services and is not aware of all the things involved, because there are plenty of them.
I've been using 1Password for years but had to rely on the browser extensions after I switched to Linux full-time. I think it's great that there is now a native version available. Regardless of feelings about FOSS alternatives, the fact that companies are seeing Linux as a viable desktop, and therefore a market for their products, is clearly good for the OS.
Nothing wrong with using it if you already do. I, as I said in the video, just prefer FOSS alternatives. It is a good thing that it's on Linux now, as I said in the video.
I am KeePass fanboy, very reliable and secure.
Just so you know and perhaps become one less uneducated youtuber who just makes the argument of opensource = safe, The way you assess any piece of software's safety is not by skimming it's source code, you run binaries in controlled environments and probe/monitor them and see exactly what they are doing. Being open source has absolutely nothing to do with being more or less secure and there's has been countless arguments including from The Linux Foundation itself against this idea. Please don't sell people false sense of security, i am not saying don't use opensource, use it but also be educated about it and know that sometimes due to this false idea an open source project might hide behind it and cause catastrophic consequences, because people default to trusting opensource, they let their guards down
sorry i had to dislike this video because opensource = safe argument is just false information that many Linux enthusiasts make, and is easily debunked if you ever worked on security or even know the basics of how a program works.
Also you can literally take a "close source" program apart and see exactly what it is and how it does it, you can even reverse it back to source code if you're dedicated enough
@@pushqrdx closed source doesn't equal safe either and with proprietary software you just have to trust it. There's no way to check the code. No control over where or how your data is being kept. Nothing. Just blind trust. At least with a FOSS solution like Bitwarden you can just it yourself.
@@TheLinuxCast i mean did you even read what i said :D, no you aren't forced to trust it, Both open and closed source software are as easy to analyze and verify, you don't analyze software by reading it's source regardless of being open or closed, you analyze it by running **compiled binaries** in controlled environments and monitoring them.
And you utilize trust in both cases, the mere fact that you didn't read the ~20 million lines of firefox or chromium code that you're running just now is a proof of that
im usin that shit
I switched to BitWarden...It's open source and you can use your own storage on your owncloud, or use something like google drive, or you can just store on their servers if you want. And they don't charge for mobile and multi-device use like lastpass and others do. There is even a linux cli client.
Hey Matt! It would be great if you can make a video about Unix pass password manager.
I've used pass in the past. Haven't done a video on it because there are a lot of those. But maybe if I can find a good angle on it I might do one.
Hi, what is the best practice way to share `pass` vault across devices?
IDK if this link will come through or not, medium.com/@chasinglogic/the-definitive-guide-to-password-store-c337a8f023a1
@@TheLinuxCast Niiice, thank you :-)
Bitwarden is great... 10bucks a year for premium is great to support them...
Unix pass was the first password I have ever used, and it will be the last password manager I use.
And how do you access it on a phone?
@@danieldoherty5034 you can ssh with you phone to the PC or keep the gpg keys on the phone.
KeepassXC ftw
Title is baity..
"Don't use X" <
"Alternatives to X"
If this video is about - "its great that its on linux, yeay win" - then the title comes off as a baity.
First off, a UA-camr making a click bait title? That's never happened before.
Second, the video isn't about "it's great it's on Linux." It's about "It's great it's on Linux, but you shouldn't use it because it's not free and open source." Which is why the title makes sense.
Bitwarden for life
I never understood why would one use a password manager. Seems to me like the ones built in to Firefox and Chrome are much more convenient, and for those who use passwords on phones, I don't know about android but when I enter a password either manually or a brower (FF or Chrome) does it or me, my iPhone would just ask would I like to save this password.
I understand that you might not want to give proprietary companies your password, but isn't stuff like LastPass and 1Password the same? Why would I want to install another app that does the exact bit that I want and the exact bit that I don't want on my phone when it already does it pretty well on its own?
The point is to use unique randomly generated passwords for every site so in case of data breach, the same password cannot be used to login to other sites as you. Hence password managers remember all the unique passwords for you. If you don't see the need for it, it's probably isn't for you, just like everything else in life. Cheers
Also the iPhone asking you to save password for you is technically a password manager. So you actually are using one
@@zer0r00t I meant an external one, and I don't remember seeing it on my phone, but Firefox has been suggesting me generated passwords too
@@ekim4926 using a dedicated password manager makes it easier to backup. eg: keepass databases are just files. Can slap them it anywhere you backup and they'll stay safe. You can even send a copy to a trusted family member for backup. Takes less than a minute. Others have their own cloud based backup and sync so even if you get your primary device stolen or lose access to it, you can get back to your passwords. What I can infer from what you're saying is you don't actually use unique password for every site, and if that's the case I highly encourage you to start doing (believe me, I speak from experience). Get a free one, play around with it, maybe you'll like it, and if you do, start replacing existing passwords with long 18-24 character random unique passwords for every site. Use a passPHRASE for your manager itself (5-8 words). Easy to memorize. Oh and please, use second factor authentication. You don't have to use proprietary software, you can use keepass or bitwarden both of which are FOSS. I personally use bitwarden and I'm very happy with it. People way smarter than me who are in the Linux community seem to like these 2 too, and both of these have been audited by security experts and the audits are publicly available
@@zer0r00t those features? auto generated passwords and exporting them are available in FF as far as I know. I agree about it being FOSS is better, but afaik FF isn't closed source in any sense. Whether I use external or internal services, I would have to remember at least 1 password (phrase, whatever, same thing, I can set my FF password to some long string) and that phrase must be easy to remember, otherwise if I forget it then I lose all my passwords.
Also, exporting them can is handy sometimes, sure, but then I would have to secure that backup by, you guessed it, a password
Have you ever used it or a Mac? This is just your opinion, let people like Mental Outlaw explain why not to use something! It’s like your rant on Adobe not being available. Just to let you know OSX is based on BSD and Next. So if Adobe wanted to it world be an easy port to Linux. But there is no market share. This comes from someone that spent 22 years in tech working for such companies.
Of course, it's my opinion, it'd be silly for me to give someone else's opinion on my UA-cam channel.
Yes. I've used a Mac. Yes, I've used 1Password (even paid for it on both Mac and iPhone). My opinion, which I'm free to give (as again, it's my UA-cam Channel), is that if you are looking to use a password manager, a Free and Open Source option is the best choice.
If you had actually paid attention to my Adobe video, you'd have known that that video was more about Linux and less about Adobe.
@gghhkm Sorry still not correct. Apple bought Next and started with NextSTEP in 1996. NextSTEP used the MACH kernel. which was switched to the OSF. Then started to put in FreeBSD code. Apple then brought parts of the BSD kernel back into the MACH kernel. Making it a hybrid kernel but is still BSD. May I google it for you?
Enpass