“There is no free lunch.”
I chose KeePass which is an open source software to manage my password because I felt so insecure. Previously, all my accounts used the same weak password. The random strong password generated with KeePass helps to prevent one of the websites I signed up from being hacked, causing my accounts on other sites to be hacked too. The reason for choosing KeePass instead of 1Password or LastPass which provides ready-to-use service is that I think it’s safer to hold the data by myself. But this is not the case.
Moreover, since KeePass is open source, many other password managers support its format, but it is very difficult to use. Although there are many plugins in the community, it takes a lot of effort and time to configure, mainly in browser extensions and mobile clients. Browser extensions are community-maintained, and the user experience is inevitably poor and unstable. One of the best extensions for Chrome and Firefox is Kee. However, there is still a big gap compared to commercial software. Mobile clients which are easy to use are hard to find. After all, they are maintained by individual developers. I found a KeePass client called KyPass on the iOS App Store. I’m afraid it may be the best one on iOS. However, there are a lot of problems. For example, the default icon of the password entry cannot follow the group icon, it does not support TOTP, the recycle bin cannot be disabled, and there are many other small bugs.
Switch to 1Password
Now I have chosen 1Password and synced with the 1Password.com account. At first, I thought its subscription was costly, but after I experienced the energy and time loss of KeePass, I think this subscription fee is worth spending. As long as the garbage snacks are quit, why can’t I afford it? Quitting snacks is also good for your health. The reason I chose it may be different from most people. Many people prefer it because it’s able to keep the database in their hands without worrying about it. However, its database format is often updated, and there is no third-party apps can be opened it. I don’t think it makes sense. It also adds a lot of risk to myself. The main reason I chose 1Password instead of other ready-to-use services is that it is similar to KeePass and very convenient.
Using 1Password is just like depositing money in a bank, and using KeePass is like taking money in your own hands. Although it is safer to take the money in your own hands, objectively, it is safer to deposit money in the bank. I saw in a post that someone said that his KeePass database was accidentally damaged, but there was no backup, and all the passwords were lost. Even if I use a cloud drive service like Dropbox to sync KeePass’s database, it is difficult to avoid database to damage in a single file, and doing multiple backups will increase maintenance effort and time cost. Therefore, I should trust the “bank” – 1Password that provides a professional password management plan. I should hand over the management of passwords to professionals.
Take a step back, assuming the most extreme situation – 1Password suddenly shut down, and their boss also runs straight without taking any responsibility, I can still sleep well, get up the next morning and log in to the website one by one to reset my passwords. After all, I never put my most important email address in a password manager.
Switch to LastPass instead
I initially chose 1Password is because I can sync my database with Dropbox and I can manage the database files myself. However, 1Password uses its proprietary file format, and this proprietary format will be updated as the version is updated. Other apps (such as KeePass) can only read .csv or .1pif files which must be manually exported by the user. What’s more, it’s a closed source software, and there is no “safe” meaning. Of course, this is not the main reason for me to give up 1Password, but these two points: First, 1Password requires Secret Key to log in to the new device, but I feel that it is entirely useless. Also, I have to find another place to store it, which will increase the risk of leakage. It’s better to use two-step verification to protect accounts. Secondly, 1Password is very rigid. Every time you input your login details in a new URL, it will add that URL to the URL field under the corresponding login information. Over time, it will become very cumbersome. LastPass always performs a pan-match based on the top-level domain name in the login URL, and the user experience is much better.
Thoughts about it
I haven’t written any article for a long time. When I reopened this blog, my first consideration was to buy a web hosting service and install the open source blog software WordPress.org on it, just like the reason I chose KeePass – I’m worried about those ready-to-use services may be shut down. I initially thought my data is “safer” to be held in my hands. However, I have to spend a lot of time managing the blog’s theme and maintaining the security of the server. I won’t have the time and energy to write.
Our time and energy are valuable and often much more expensive than money, so sometimes we should consider spending money on them. After all, we can use these energies and time to do more creative things. I have only mentioned two examples here, and there are countless places where you can use this truth…
Thanks Peter Zhang for helping me with the English grammar of this post.