Because it’s closed source, there’s a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.
For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it’s simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.
Going to play Devil’s advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.
Heartbleed was introduced into OpenSSL source code in 2012 and wasn’t discovered and fixed until 2014
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Because it’s closed source, there’s a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.
For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it’s simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.
Thanks, this answer in particular have me something to think about.
Going to play Devil’s advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.
Heartbleed was introduced into OpenSSL source code in 2012 and wasn’t discovered and fixed until 2014
Absolutely, but it’s a probability game. Between those two options of BW and 1Password I’ll go with the choice that has the higher probably of safety.