New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I don't see how this is different than email which is generally sold on a subscription model. If you don't pay your G Suite bill on time, your data disappears 30 days later. Even if you host your own email, your VPS and domain are still essentially subscriptions.
I think the subscription model is a healthy model for software that is expected to be actively maintained. Previously, commercial software vendors charged you for an upgrade. Of course, you never had to upgrade but Windows 3.11 won't be very useful for you today.
Use enpass with dropbox or another storage provider to sync the database. Works perfectly here. Even I can say that enpass autofill is better than lastpass, and you have control how your database synced
It also have importer from some password manager including 1 password. I have tried lastpass importer, not perfect, but better than you import your data manually
The most important think is it is multiplatform (windows, mac, linux). We need to make one time purchase for the mobile apps, but it still worth for all you will get. I think that mobile pricing is donation for the developer, little amount of money to keep the project ongoing
That certainly was a rather dumb mistake, likely a solution designed by a front-end person. Fix was less than a day. Dumb as hell- and it won't be the last. Of course, using autofill rests upon the laurels of the user moreso than a checkbox in something designed specifically to NOT have you reuse the same damn password everywhere.
I disagree. Let's put aside the sync part of 1Password as I'm not interested in that. I'm perfectly happy with my safe on Dropbox, and I'd trust their security over AgileBits'.
with Gmail, they're providing a service. Servers, network, admin, etc.
if Gmail jacks up their rates, I can give them the finger and go over to mxroute. If 1Password jacks up their rates again, I don't have another choice.
with traditional software, I get to choose when I pay to upgrade. New version, ok won't be supported in a year or two, but hey it's Christmas and I'd rather live with the old until I get my tax refund, etc. With subscription, you have no choice - you pay now, or you're out.
And, you know, it's not like AB raised the rates to give everyone a discount. Cost went up 300% in just a five-year stretch...over my lifetime, thousands of percent.
Etc.
I hate subscription software. The people who like it, not surprisingly, are publishers because it's a lot more expensive. That's really the story with subscriptions - it's some hand-waving to cover a price increase.
I just can't find that info anywhere. You go to their site, click Pricing, and your only option is $3/mo. I don't see anything in the forums where they're reassuring customers that the old model will stay around.
If the old model (buy a license, pay for upgrades when/if you need them, host on Dropbox) is staying around, I'm a happy camper. But it looks like they're going in a different direction.
I agree and share your point of view completely. I've purchased software on sale for $15-$30 and had companies switch to a subscription model. At just a few dollars a month it still ends up costing me a lot more. My response is to not sign up and either switch products or code my own solution. I understand the developer's position, but as a consumer I'm resistant to the idea of monthly fees for products.
In looking over AgileBits's marketing material, I get the impression that those who purchased the product(s) are being grandfathered. I see the writing on the wall and would not at all be surprised if in five years there's no alternative but a monthly fee to use their products (sync services aside).
AgileBits is providing a service: developers, security auditors, website vulnerability monitoring/reporting through Watchtower, etc.
They might not host anything but they still have developers on payroll working to make sure your product works with latest releases of platforms, browsers and websites.
Maybe it's not worth $3/mo in your opinion - but I think the Canadians are worth that.
1Password allows you to export your vault in .csv or .txt format for data portability.
This is true.
Startups, especially who sell on the app stores, have had a lowball mentality and I think there has been an awakening of selling premium software at premium prices. Password managers are still relatively niche products compared to other things and you need to charge more for niche stuff.
Commericial software has a capitalist component to it, but the market is competitive and, even though there is no law requiring it, 1Password does allow you to port your vault to a common format.
Right, but you could say that about anything. By that logic, all software should be subscription-based.
And I do not, which is a legitimate point of disagreement. But beyond that, I have a strong dislike to subscription-based services because of increased cost, lock-in, and being straight-jacketed into someone's idea of when I should pay.
I wish. More than enough devs out there making apps and selling them, then abandoning them. Usually justified too because their sales hit a cap and they backed themselves into a corner by not requiring some kind of recurring cost, or at least a pay for upgrade model.
Software development is one of the most difficult things you'll ever fail at so easily.
Nah, the big mistake is that they didn't have a business plan before they started/finished writing the software. It doesn't have to be a subscription that pays for past and future development, but you do at least have to work out what it'll take to maintain a sustainable project. Or maybe it legitimately is a one-off development that solves a specific problem, and is then open sourced to allow tweaking by anybody who needs it.
I think that's what offends people most about subscriptions: they're sold as a way to keep getting updates, but companies often treat them as installments for previous development work. And people who bought their software have essentially already made those payments. The smart thing to do would be to offer them a substantially cheaper subscription that does only cover future development.
Are we talking about the tech industry here?
I use pass: https://www.passwordstore.org/
It integrates with git, and there is a Firefox plugin and a Android app.
They were pretty active on hackernews when people were asking questions after the subscription was announced. One such example: https://news.ycombinator.com/item?id=12376841
Can buy the time one version here: https://agilebits.com/store/ . The last paid upgrade for the fully owned version was in 2013. The last 3 or so full version upgrades have been free of charge.
Hope that helps.
I would recommend KeeWeb (https://keeweb.info/). All data is stored on Google drive/Dropbox. There is a web version (https://app.keeweb.info/) and desktop versions. Since the backend file is KeePass compatible, you could sync with an app such as Keepass2Android
PS: And I forgot to mention, it is all free.
Heh. Happens in a lot of industries where people are spending money before they have a single customer. Capitalism needs better checks and balances.
What about Devolutions Password Vault manager, they have a free version and it also has apps for android and IOS
https://password.devolutions.net/Home/Features
$59 to buy a license
roboform
Been using keepass for many years. Still do. I don't want my entire password database floating around out there, even if it is encrypted.
I heard all the arguments about, oh needing expensive developers, and about all that oh so expensive infrastructure ... and I call it bullshit.
Besides the fact that it escapes my understanding why anyone would actually want and pay for having his passwords stored at some internet service, here's what I think:
The core of such a service consists of three elements:
server software
which is pretty much written once and that's about it. One might play funny design update games with the front-end but those are cheap. web-"developers" are a dime a dozen and the front-end work is simple.
client side
the core of which is also written one and that's about it. Again, one might add this or that fancy gadget later but that's no big thing.
server (as in "hosting")
What's the big deal? One can host millions and millions of password/passphrase/keys of millions of customers on a single server. Let's add 2 more for resilience and that's about it.
One could sell secure password store services at 1 cent per year and still earn money on it as far as the hosting concerned.
That's why it's important to see the software side and there in particular one decisive factor: You DO NOT the fuck "update" that kind of software. I happen to work in that field and I'll repeat: You want to get that kind of software right once - and then not muck with it unless there was reason of major importance, say intel dropping dead plus http 3 becoming commonplace.
As for "but there are so many browsers and interfaces and ..." - Fuck it. The answer is "use standard html plus css".
Well noted, I'm not talking about the sales site, which might be jumping and dancing and whatnot. But as for the core interface the customer will actually welcome a simple, clean, standard interface.
That said, I wouldn't trust any internet company with all my sensitive stuff. Nor would I trust them to properly encrypt and safekeep everything. But for those who do that I tell you that anything above 10$/year is a rip off.
You don't trust a company, and yet you wouldn't pay more than $10 a year for such a service that does it properly? Perhaps your budget doesn't align with your security and support expectations.
Wow, an ad hominem and so quickly.
What exactly is your professional background and expertise to judge that? I guess none, nada, zilch.
You see, I actually work in the field, I actually do design secure systems and software, I do write safe code, every line of which runs through static analysis with multiple sat/smt backends. And btw. most of my work is for networks and servers.
And I happen to know the cost structure of both development and of providing internet services.
That said, I'm a mere mortal and there are still many, many things I don't know. So I might well be wrong in what I said here. But then, that's the nature of a forum: discussions.
A simple ad hominem, however, will certainly have one effect only and that is you looking stupid.
Getting to the state of the software being "right" takes a long time though
I would expect a password manager to be end-to-end encrypted, which makes JavaScript mandatory. I also think you have no idea what average consumers want; JavaScript is what enables web applications in the first place. HTML alone is fine for documents, but that's about it.
Prices are not based on costs, they are based on what makes the most money.
Perhaps that was worded poorly, it wasn't intended to be directed at you specifically. Sorry about that.
I'd like to focus more on what is considered to be a reasonable price for maintaining such a service. Including
They do seem to have a decent number of employees: https://1password.com/company/
The original thought from the $10 per year came from the Lowend industry where many seem to have unrealistic expectations or expect the world for almost nothing.
What do we consider to be a valid price for providing this service, a password manager, that I know many of us use an extreme amount of times per day and has become a critical part of our working environment?
End to end Node.
@WSS Got anything of value to say?
Yes. For you, though, no. I discounted your opinion weeks ago.
Weeks? I've only been posting here for a few days. But I'm starting to enjoy this.
It certainly feels longer. Enjoy your javascript-secured data.
No, there's quite a lot more.
You need desktop and mobile apps because people want to store non-web passwords, too. You need to support all the major browsers on all the major platforms (yep, warm up your Internet Explorer on Windows skills). And iOS and Android. Maybe watches. There's all the hard UI stuff - for your users' sake, hopefully this takes the majority of the time. Then you get to master the APIs for Dropbox, OneDrive, Google Drive, and others, or creating your own service (but cunts on LET will complain about that). Then you can figure out how to make all these clients sync. Oh, and you need to get encryption right in all of this, which is never easy, and at some point the sales department will point out that you can get a lot more sales from companies if you pass audits X and Y.
That's not how that works. New OS versions come out, new browser versions come out every week it seems like, and there's a never ending stream of user tickets, bugs, and problems. How often is there a new phone? Etc. You can say your code is immortal, but your users would appreciate you testing it and finding bugs before they do. You're in bed with Microsoft, Apple, and Google whether you like it or not, and they change things.
The hardest part is probably making sure your stuff works on all the web sites. It's up to you to test that it works because your customer isn't going to say "I wanted to use BSDGuyPass to login to my bank, but gosh, they must not be using standards-compliant HTML so I guess I'll change banks"...they're instead going to give you a 1-star review because you're not doing your job. The world is not going to be standards-compliant and as the software publisher, yep, that's your problem.
There's probably few more things but that's the main. That's not simple, and I of course am willing to pay for it. I was arguing about the subscription service, not the complexity of the problem.
Maybe. Maybe not, Let's look at it. Besides the lala "webdesign" and funny jumping balls javascript shit called "modern look" it's 3 core elements: a proper interface, a proper core engine, and a solid system and database.
Realistically, any web-mail service demands more work and resources. Designing and specifying the core properly, that is formally (which almost certainly was not done) might take 6 - 8 man weeks. Cost: Below 50K. Implementing the core in an adequate language, e.g. Ada, might take 6-8 weeks, too at similar costs (Rule of thumb: implementation cost is roughly equal to spec. and design costs). All of which is meaningless because the core was almost certainly not done in a formally verifiable way but hacked in C++, java or the like.
Plus the javascript mumbo jumbo which can be done in parallel and takes less time than the core.
a) why? After all the whole she bang goes through ssl anyway. b) So what? Doing encryption in javascript is no secret rocket science.
a) they'd better not completely costs either, b) is that so?, c) aren't they more based on what can be reasonably milked from a given market.
5 mio customers paying 10$/year is more than 500k customers paying 35$.