I suspect there are others here who also use 1Password. If so, you may already have noticed that 1Password 8 (now in “early access”) will be subscription only (as well as being an Electron app and no longer supporting local vaults).
For me, at least (after using 1Password for almost exactly 10 years), this represents several steps too far. You may wonder why I choose to post about it here. I’m in the process of researching alternative password managers and, while I don’t think DT is a “password manager” (at least in the sense of simple integration with browsers like Safari and Firefox) it can most certainly cope with secure notes and, maybe, other items people would otherwise have included in a password manager. That, of itself, makes the search for an alternative password manager (or even use of Keychain alone) somewhat easier.
I hope this is not regarded as too far off topic for a post here.
The good thing about 1Password and similar products is that they do this one thing well. I’m not sure that DT will fill in this perceived void, given that it knows about documents only, not about passwords and the where and when I need them.
Searching for, eg, a banc account’s password in a bunch of documents containing the bank’s name… Not for me.
Also, I don’t mind subscription per se (at least not as much as I used to). If the product is worth it, why not? At least it generates a steady stream of income for the developers, reducing the risk of them going bankrupt.
Theoretically, being Apple user only, you could manage passwords with DT. You could have the list of user/pass in a document. I see two problems: generate passwords and security.
You typing randomly in the keyboard is not a good password generator, and there are a lot of patterns there.
Once you open your “password” document, you see all your passwords, with risk to modify one without intention.
And, of course, remain those like me that use Windows and Android, and those using Linux…
Too. My main point is that in a password manager I get a specific, appropriate piece of data, ready to use (password, pin, OTP, credit card number). In DT, I get a not or less unstructured document.
It might be feasible but it’s not convenient.
I agree with that. I’m currently experimenting withh BitWarden—which seems quite good (although arguably not quite so sophisticated as 1Password) and which imports reasonably satisfactorily from 1Password. I might even be tempted by the (much lower) subscription cost as I need to share some login and other details with my partner.
I didn’t intend this thread to veer wildly off-topic for this forum so beg forgiveness from the powers that be if it tends to do so!
I’m not sure what you mean; if you mean 1Password can be used as an authenticator (i.e. the second factor) and msecure say nothing of being able to do that, then I believe you are correct. To the best of my knowledge msecure cannot be used as an authenticator. On the other hand, I’m not sure I want my password and my authenticator (i.e. second factor) in one app. If you mean when setting up a new device no second factor is required, I think you are wrong; in addition to account details, an account key (provided as a QR code) is required IIRC and interpret the article on security on the app’s homepage correctly.
I’m not actually specifically recommending msecure; on the face of it, it offers the functionality I need from a password app; it can sync locally over wifi or via a selection of cloud services, which I like. I know nothing of the company behind it; ideally I’d like to know more, to have a reason to trust them as I trust DEVONtech. Each and any person who users a password app needs to weight the potential advantages and disadvantages of doing so, including the question of backups, access after head injury, trust, you name it…
If the worst comes to the worst, it could always find itself moved to the miscellaneous section It’s certainly a topic which touches on DEVONthink, and probably most of its users, so perhaps we’ll get away with it
Yes, I meant that… And your last phrase is making me think a lot. I used 1password as authenticator for commodity, but if 1password got broken/leaked/whatever… well, they will have muy seed to generate the second factor as well…
While I have been using the 1P subscription for some time now, their switch to Electron has me worried.
It’s ironic that Electron is what made me end up with DEVONthink in the first place, after Evernote’s version 10 became unusable. I’m afraid there is no DEVONthink equivalent, i.e., an island paradise application for 1Password refugees.
I’m hoping it will be fine because I don’t need to have the UI visible all the time or interact with it, e.g., scrolling alone is gross in Electron apps.
I remember you saying that recently and have been thinking about it a lot in the context of:
considering the improvements to password management that are coming in Monterey; and
getting to grips with BitWarden and in the process tidying many of my old passwords and secure notes—which (to wrestle the thread back to forum relevance) has made me consider a number of things more appropriately stored in DT (guarantees relating to purchased equipment, for example).
It may not be comfortable for everyone (and I admit I do have a good memory in general), but I know my passwords by heart.
PS: Yes I make my own passwords, as generating random passwords not only makes no sense to me. To do so is to be reliant on some other application to remember them for me. I’m not a fan of this kind of dependency personally.
PPS: I employ several of my own methods of creating passwords.
And while it’s not a guarantee of safety, I use this page offline to get a feel for how a method I’m devising is working…
I was considering 1Password but these changes likely end my interest.
I’ve been using Firefox Lockwise for a few years and like it well enough. This seems to be a Mac-specific, open access alternative: https://macpassapp.org/
It’s certainly a topic which touches on DEVONthink, and probably most of its users, so perhaps we’ll get away with it 
I spend much too much time thinking about this stuff, and I honestly don’t know whether I’m any safer for it.
