+1 to the idea. No reason to not have this requirement now that there are good options all around.
1 Like
Iâd like to see a bit more feature parody first myself.
Parity or parody? 
1 Like
Parody would probably be a better fit. Bitwarden or Proton Pass features are probably enough for 99% of users.
1 Like
6 posts were split to a new topic: Denote source availability for recommended tools
3 posts were merged into an existing topic: Denote source availability for recommended tools
And requires a Premium account too to use that bridge.
One more reason to remove 1Password and enforce this criteria:
1 Like
Hey, just saw this response and a bunch of questions came up.
Do you have a source for their mobile clients being proprietary?
I understand affordability is a big issue, but its âPrivacyâ guides, and a lot of recommendations (Pixel phones, Yubikeys) are not always affordable. If affordability is a criteria, lets reexamine a bunch of our tools then. Maybe recommend One Drive or Google Drive with Cryptomator for free storage?
Is feature availability a privacy criteria? Then I guess most of the recommendations with bad UIs and UXs are out? Lets recommend Gmail or even Microsoft email for the feature laden set of apps and consistent security records?
Ultimately I donât think PG recommendation would stop you from using whatever software you want to. But it does reflect on the ideals PG wants to push for. I think its always good to remember that PG not listing a tool doesnât mean you cant use it, it just means PG doesnât feel it fits the criteria, or promotes practices that PG does not like (for example- being closed source).
If these are the only blockers to adding an open source requirement (none of them privacy based objections), then we should ideally enforce this condition.
And if open source cannot be enforced for password managers, lets start recommending MacOS, iOS, Windows, etc. which are better designed, have more featyres, and sometimes reasonably more secure than the recommended Linux distros and Mobile OSs
2 Likes
Thatâs the whole point.
We have Proton Pass, Bitwarden, Psono, and all the KeePass clients both with and without sync. There are enough options already.
1 Like
Yeah, It is more understandable when it comes to note taking app. But the password manager recommendation confuses me
1 Like
A note here is that we only recommend it because it provides a very good UX for for nontechnical people. We are looking to replace it with with Proton Pass soon as that product continues to mature, and tighten the criteria to require open source.
The side wide policy is that that opensource is preffered, but that close source alternatives are allowed if they provide genuin UX or security improvements.
3 Likes
I can understand if an app doesnât go through regular audits, has unclear and non-privacy friendly policies, but in 1Password that is not the case.
Yes, being open-source is the ideal scenario, because it lets people to inspect the code, but many other people who doesnât have deep coding knowledge trusts on audits. In 1Passwordâs case they are having frequent audits, so I donât understand why some people are against it.
Yes, there are open source alternatives, but none of them are having functionalities, security features and audits like 1Password.
2 Likes
But they do have - all other managers listed on PG are going through regular audits, are feature-rich and are open source. However, Iâm with you regarding keeping 1Password listed on PG, since it has good reputation and is indeed private.
1 Like
What about Bitwarden and Keepass?
Both are already open source but their features are not on par with 1Password. As for audits 1Password has the most audits compared to Bitwarden and Keepass.
Ref:
https://keepass.info/ratings.html
@TrashPanda I agree with you. 1Password is the only exception closed source password manager app which I can consider for PG. I donât trust rest of the apps unless they prove that they are safe and privacy friendly.
1 Like
Bitwarden has rewritten some of their apps to have an improved UX and especially UI. Just tried their new Android client, and itâs awesome!
1 Like
Perhaps Iâm approaching this topic in a unique way because Iâm still learning and exploring it.
Could it be possible that if a large proportion of users donât utilize Secure Shell (SSH), it could potentially present challenges for those who are new to the product, as it could be susceptible to misuse by those with malicious intent?
Need to revisit this. There are so many open source password managers available now thereâs no reason not to make it a requirement.
3 Likes
Revisit what?
18 votes already to something really obvious that should not needed to be voted on.
Password managers are probably the most sensitive apps out there.
Not having an open source criteria for them is just laughable.
4 Likes