I self-host through Vaultwarden but I think I miss this. Besides, I feel like paying these guys anyway just for the great product. We use 1Password at $dayjob and it's so primitive by comparison.

What is lacking in 1Password by comparison? I pay for a family plan but maybe I should switch next year.

Here are the things that get me, and maybe it's because I haven't configured it well yet.

1. On firefox first start-up is slow after unlocking to actually find a password for a site. The interface says, "No logins for xyz.com" for maybe 5 seconds before the login loads.

2. Along those lines when I open it first thing in FF the box for its password isn't focused and I have to click it.

3. The keyboard combo to open it also only works in Chrome.

4. To add a new login I have to go to the site. I haven't figured out how to do it from within the plugin.

5. We get alerts at least once a week about service disruptions but they don't seem to actually affect me.

6. I like Bitwarden's command line tool but I bet 1Password has something at least as good that I haven't found yet.

How is 1password primitive? It does totp. It integrates with TPM in Windows hello. It does sh keys and has its own agent which is a huge help. It's sync is nearly instantaneous. It handles multiple accounts with ease.

TOTP works with vaultwarden.

Oh cool! I'll have to dig into it.

Yes definitely. Works great.

1Password supports TOTP?

Really? I find it to be the complete opposite.

The moment you put TOTP in Bitwarden it is no longer a 'second factor'. Pretty bad security advice to be honest. Better to use hardware tokens or a secure phone (with enclave) instead (never SMS though).

In most cases a true second factor isn't really what any involved party cares about.

My bank (I mean, they use SMS, but pretend they use TOTP) just care about not having to spend money on support because I used "password1!" as my password for every account and lose all my money.

I just want to log in to my bank.

If I've got a long, random, unique, securely-stored password, I don't actually care about having a second factor, I'm just enabling TOTP so that I don't have to copy/paste codes from my email or phone.

> If I've got a long, random, unique, securely-stored password, I don't actually care about having a second factor

I'm not comfortable with my entire online identity being protected by a single line of defence which is a company that I'm paying a few dollars a month to. Not having to type 6 digits off a phone is a pretty minor convenience for me.

Do you then avoid syncing any passwords to your phone to avoid having your two factors in the same place? (And similarly, avoid syncing SMS to any devices where you do have passwords.)

I think it’s mostly nice for places that require TOTP but don’t actually rate carrying around/plugging in a yubikey for.

It costs $10/year, so there's really no reason to not pay for it.

I have two reasons not to pay for it: 1) Aegis is free. 2) I rather not have my second factor be stored in the same database as my first factor.

You can just not store the TOTP tokens in Bitwarden? I don’t see how this is an argument against.

If I only store passwords in Bitwarden, not TOTP tokens, then I don't have to pay for it. So, it's an argument for spending less money while being more secure.

I’ve never paid and Bitwarden does 2FA/TOTP for me?

Is this sarcasm?