What password manager does everyone use?

I couldn’t at first. Upon Googling, I found that you need to enable the ‘auto-fill accessibility service’ as well as the ‘auto-fill service’.

Give that a try if you haven’t already

I tried to reach out to them on their website using live chat but it just says “Our agents are not available right now. Please leave a message and we’ll get back to you.”

I guess it’s a different timezone, so will give Twitter or Messenger a go

They also have a support forum:

I have nothing but good things to say about 1Password- it’s one of the few subscription apps I’m happy to pay for, rather than doing so begrudgingly.

From what I’ve read on here it sounds great. It might just be me but their website doesn’t tell you anything about the features it has which is disappointing

• I want to know what “types of things” I can save?
• How it handles TOTP?
• What about those enter the fourth, fifth and tenth codes?
• What authenticators does it support?
• Can I add custom fields for it to autofill?
• Can I tweak its detection for subdomains and such?
• Can it automate password changes?

The list is endless, but their video just promotes it as a secure place to save your passwords and doesn’t give away much else.

If I was to get into 1Password, I think it would be a no brainer to buy a gift card and use that (if possible) as I’d get a year for free?

• Just about everything I’d consider reasonable. Passwords, bank cards, bank accounts, software licences, documents, secure notes etc. Anything particular you need?
• Extremely well. All handled in-app. Can scan the pairing QR code, and presents the 2FA code alongside the rest of your info. These are synced across devices (Looking at you, Google Authenticator). When you autofill a password, the corresponding TOTP is placed in your clipboard.
• Never tried this. I believe with some tinkering it could work.
• Can you expand on this? YubiKey etc?
• Custom fields yes, you might have to play around a little to get it to autofill correctly.
• I’ve never put much time into this, honestly, but you can certainly edit the URL that autofills are tied to, so I imagine you could be as specific as you wanted.
• Not automatically, as far as I’m aware. 1Password Watchtower alerts for things like reused passwords, pwned logins etc.

That’s awesome, thank you for taking the time to answer all of that! 1Password certainly ticks a lot of boxes so I’m looking forward to giving it a go later.

The only thing out of all that is the auto password reset. Lastpass automated resetting these for you and then updated your saved password too. It’s not the end of the world I guess but it was a nice little feature

For the majority of cases(not 100% of the time) If you change your password in a browser that 1Password is activated in then it will ask you if you want to update the login. Mostly automates it, you just have to use 1 click to approve it

Yeah that worked in Bitwarden and Lastpass too.

In Lastpass you could get it to go through all your saved credentials and reset the passwords on mass. You could see it in the background navigating through Facebook (for example) going to the password reset page and changing your password all in a few seconds - then it moved onto the next website and the next one and so on.

I’m just lazy and it was a nice security thing to just periodically change all my passwords on mass at the click of a button

Ahhh, I didn’t know about that, that’s cool! I’d like that too if I had it

Edit: I just checked 1Password to make sure I’ve not been missing out on a cool feature since we swapped to them, they don’t do it At least that i can see

It was a nice little feature, however it only worked on popular websites. It’s still in beta though so hopefully they expand on it further

Like I said though, it’s not a showstopper as all my passwords are around 30 characters and watchtower seems good so I can keep on top of it all that way

That sounds great - I’d love that!

It can’t automatically enter these, but has a great feature to make it easy:

Clicking and dragging on the pop up makes it persistent until you click the close button.

It seems to handle this automatically, as it recognises subdomains based on the URL without any extra effort.

To be honest, if you’re using strong passwords (and it sounds like you are), you shouldn’t be regularly changing them. The practice of changing passwords is outdated advice from before the days of password managers. There’s no point in changing a strong password, unless it has been compromised.

Don’t enforce regular password expiry

Regular password changing harms rather than improves security. Many systems will force users to change their password at regular intervals, typically every 30, 60 or 90 days. This imposes burdens on the user and there are costs associated with recovering accounts.

Forcing password expiry carries no real benefits because:

And yet some companies insist on you changing it every 60 days. Normally the same ones who say “max 10 characters”

The NCSC advice above is intended to stop companies doing this because it’s clearly very poor security practice. But most IT departments are slow moving and stubborn.

I find tech businesses tend to have the worst websites. And the nhs

I’m all setup with 1password now

First impressions are that there isn’t many categories. These seem to be handled by tags?

In LastPass you created folders and sub folders. So I had all my email accounts in one, shopping sites in another and so on.

I had 3 top level categories “Personal”, “Workplace 1”, “Workplace 2” - I guess these now need to be seperate vaults and I somehow need to re-organise everything which isn’t going to be an easy task

Yh I use vaults like categories, once its set up i find it works quite well

So far 1password isn’t as good as Bitwarden in my opinion.

It isn’t differentiating between subdomains, so for example if I have logins for:

something.google.com
something1.google.com
something2.google.com

Whenever I visit any of these it is auto filling for the first one in the list every time.

I can’t change settings like in Bitwarden for “exact match”, “first characters”, or “last characters”. Lastpass seems to work this out itself.