most important to me is that I don't have to ever worry that someone will be able to get them from me no matter how much I've had to drink while browsing the internet...

Assuming the manager already does the basics (logins, notes), I have a definite need for good support for custom fields, and accessing them from the rt-click menu. My bank requires answering a security question after name and password are accepted. I have 5 on file, so it chooses one at random. I'd like to have a manager that allows me to specify which custom field to enter on a given login attempt, based upon the security question asked. No password manager I've tried so far does this. Bitwarden comes close, as I can access the custom fields from the extension menu, and copy a specific field to the clipboard, but this is a little inelegant. I can easily rt-click to enter my name/password, but then have to move my mouse pointer to the extension to copy/paste my security question answer. Nordpass has no support for custom fields, and Roboform doesn't give me access to the custom fields using the extension (I have to go into the application or the website and copy/paste from there). I also have a need for properly searchable secure notes, to pick out specific information from longer notes. I can sort-of do this from the browser using Nordpass or Bitwarden, but that's only using the Ctrl-F functionality from the browser itself. I lose this option if I use the Android app.

@SK Bitwarden is good -- very good. It's especially good knowing it's free for 90% of its features, and extremely inexpensive for 100% of its features. It has some minor drawbacks, as I mentioned already, but overall, it's a solid choice.

I guess which one is better. Fingerprints or face.

@SK The only problem (for me) with Bitwarden is that to transfer from 1Password I have to download all my 1PW data to a .csv and then upload to Bitwarden. So I'm staying with 1PW for now while I use Bitwarden for the other stuff (which 1PW doesn't do anyway).

I’ve considered a password manager. But everyone putting their passwords in a big pile is just a big bullseye for hackers. Seems like not if, but when. You guys talking about LastPass hacked more than once. They worked every day for security also. Maybe a rung down the ladder.. I don’t know. But I hesitate to join in the target. And as far as biometrics, how long until AI bests that one. No thanks. IMO

Great to hear!

bitwarden is damn ugly (design) but yes is good

Great work!

agree on PII data

🙏🙏

You can, but I recommend against it. Browsers were made to browse the internet, not keep passwords secure.

There are so many, and while there isn't a "bad" choice, I think very highly of 1Password, which is why I use it exclusivly.

Awesome! Glad to hear it.

Which language would you like to have added?

@@AllThingsSecuredSpanish (Latin American) por favor y gracias.

Generally no. I would recommend using some kind of encrypted cloud storage or encrypted email like ProtonMail.

Thanks, John! Unfortunately no. Signing up for something like Privacy.com requires you to go through a KYC (know your customer) process that verifies whether or not you're a US resident.

Also you may be able to set up an easier way to access on your app, like fingerprint, PIN, etc. Check the settings on your app.

Yes I think it’s okay to have an easy to remember master password. Just try to be sure it contains upper case, lower case, numbers and special characters and is at least 16 characters long.

1Password costs the same as LastPass premium. SInce LastPass has been hacked again, I am leaving them and trying out 1Password which I like so far

Yes, you can use Apple's Face ID to log in.

@@AllThingsSecured Thank you for answering my question about logging into the 1Password iPhone app with Face ID! One more question: Can I share a Personal account with my wife? Or, does that require a family membership. I don’t auto fill usernames and passwords, I only store the usernames and passwords in secure notes.

Using Android and Windows with 1password, has been seemsless intregration/connection. No worries.

You can use biometrics on Android, (open your vault with your fingerprint), and set the length of time it takes until the session ends then asks you to re-enter your password. The same on Windows with Windows hello, either a pin or face recognition. So with Android and Windows you are all good with 1password.

If you’re logging onto the web app from a trusted computer, then yes. It’s not a security risk, don’t worry.

@@AllThingsSecured thank you

@@AllThingsSecuredAnother question. I am ready to export my passwords and first get this message. What backup software would that be? I have a Mac and use Time Machine with an external hard drive. I assume as long as that is not plugged in, I’m fine but, is there any other backup software I need to be concerned about? Then once all Passwords from Keychain, Safari and Chrome are exported is there anything I need to delete? If so, how do I do that? Sorry, if these are silly questions, I’m not that tech savvy.

No, there isn't a way to create a password-protect note inside of a password-protected vault. You'll have to either make sure your password manager master password is really strong and backed up by good 2FA...OR just find a different way to store your seed phrase.

I store my seed phrases in a password manager however I removed one of the words from each sequence. My captured seed phrase words are numbered so the omission is clear. I have 3 hardware wallets and I have removed 3 words that can be used to create a silly event/story for ease of remembering.

If you like Lastpass and everybody is already using it, just stay there. The only reason I’d say to move is if you’re uncomfortable with the various hacks that have happened to LastPass recently.

@@AllThingsSecured yes it happened to me about 6 months ago. couldnt get into lastpass. lost all my information. I made a move to 1pass months ago. very happy with it . never going back to lastpass

You can use "Travel Mode" when traveling with 1Password to make sure this isn't an issue.

I’m not sure I follow what you mean by manually entering?

Yes and no. I don’t use Facebook personally, but I want to reach and educate people who do. That requires me to maintain a Facebook account.

Just to add to Josh's point and to express my own opinion, using Facebook responsibly while being security focused is not a conflict (unless you're security focused in the sense of not wanting to be publicly known ie. face to a name and even with this you can choose not to have a profile picture). Using Facebook might conflict with someone who is heavily privacy focused and against the monitoring of ones online activities for marketing/profits. I'm a security professional, I have a Facebook account for various valuable purposes, I used it with caution and only when I really have to. I don't browse feeds, engage with any posts or post any content myself. It's as secure as it can be for me because it feeds me information from family members abroad rather than me feeding it (algorithmically). 😁

Thanks, Brad. You don't need internet access to use 1Password.

1Password is not open source software, this is correct. They have had several independent audits to make sure they are doing what they say they are doing. That may be good enough for you - it may not.

Bitwarden is open source, cheaper than 1Password, and better IMO

Goodness sakes…I don’t delete comments unless you’re swearing. Otherwise, that’s between you and KZbin. They do their own kind of censoring so don’t get mad at me.

@@AllThingsSecuredI am sorry, I didn't swear at all, and my comment was still deleted, thats why i got a bit angry.

1) ideally once you've moved over the passwords, to 1P,assword (1P) you won't need to re-access Keychain. I would say remove it from Keychain once you've confirmed the passwords have been moved over, but that becomes a personal choice. 2) it is possible to have 1P "freeze" your account by basically making the account essentially work as a read-only file. in this case, you could copy over your account back to Keychain or somewhere else. if you don't have a mac, you will have to manually enter the passwords to Keychain, although if you do have a mac, the process might not be that much smoother. Just remember if you want to delete the account, you will have to export the data first before the deletion of the account. 3) 1P and keychain are separate apps, and therefore any changes to either 1P or keychain would not affect the other app. even if you have the same login in both 1P and keychain, any changes to keychain would not cause 1P to update these changes

I really appreciate the feedback, Tom. That's helpful.

So my biggest complaint against your argument is simply this: the FOSS community claims that open source is better, but have you EVER checked the source code of one of these apps that you used? If you're honest, the answer is likely no (unless you're a security researcher). So all you're really doing is trading your trust of a company with closed source software that has a reputation to uphold with the trust in an ambiguous group of security researchers who have no skin in the game. I'm not saying Bitwarden or Keepassxc are bad pieces of software. I'm sure they're great. But I'm not sure I buy the whole "because it's open source, it's automatically better" argument. I'm still doing my own research, though, so feel free to try to convince me otherwise!

@@AllThingsSecured Damn big comment, I respect it Look, as me little old Ismael, no. but as for Linux for example you have the eyes and more big project is more better. and at least you do not have to take words of devs. Look I'm not saying closed source is bad It just I really can't trust what FB dev say for example :p or google for that matter I did not say "because it's open source, it's automatically better" I'm just saying specially in security you do not have to trust anyone. and yes again I do not look up but at least I have the way to do unlike closed source and at least company will get scared to put spy in the wild you know, so many eyes on your project like what signal did when it waited year on their server side code. all called them out so I'm just saying at least it gives you the ability to look at code when you need to or push another pressure on your company to do the right thing because at least one security researcher looking at your code So you are right, I trade dev words with trust in open source but at least I can look at the code unlike closed source :p My English is not my first language so I know my grammar is bad, sorry xd

@@esmailelbob Unless you build your own password manager, you are always going to be trusting it to someone else, FOSS or not. Bitwarden is kept in the cloud, so theirs is just as dangerous (relatively speaking) as 1Password, Last Pass, etc unless you download a CSV and delete your passwords every time. It's all about your threat model vs convenience.

@@RogierYou wait, cloud sync? I think bitwarden syncs itself