It's a tradeoff based on convenience. I use Linux, Windows, Android, and iOS on a daily basis; using some combination of SyncThing, OneDrive, Google Workspaces, and iCloud. Getting an offline-first PW manager to work correctly and consistently across those devices, operating systems, and services is no easy feat. Doubly so if you actually want proper integration with the OS & browser keychain.
At some point the closest you'll get is a self-hosted BitWarden instance, in which case you are basically running LastPass/1Password/et al. yourself anyways. Then you have to ask yourself (a) can you host it cheaper than a monthly subscription of a competing service, and (b) can you maintain that instance better _in your free time_ than some engineers that get paid to do it every day?
The answer to (a) for me is definitely not, my colo bill is much larger than a 1pass subscription, and (b) is also probably a big fat no considering there were concerns in this article I hadn't even thought of. So ultimately I'm happy paying a nominal fee for someone to keep up w/ the ever changing landscape of OS/browser integrations & minefield of security pitfalls regarding credential storage.
I wish there was some elegant way to magically kept all my devices in sync, that was portable & standardized, but the reality is modern vendors seem more interested in creating silos than standards.
---
However there are things I don't put in my 1pass, despite it having great support for them, because I consider the alternatives more convenient or secure:
(1) My PGP/SSH keys are on a YubiKey
(2) My 2FA TOTP codes are on that YubiKey or some other authenticator
(3) My 2FA backup codes are on an encrypted volume. That secret is not stored in 1pass.
(4) My critical services (DNS, e-mail) require hardware backed 2FA.
The theory being even if you steal my PW vault you can't own my DNS, without my DNS you can't own my MX, and without my MX you can't truly own my online identity.
At some point the closest you'll get is a self-hosted BitWarden instance, in which case you are basically running LastPass/1Password/et al. yourself anyways. Then you have to ask yourself (a) can you host it cheaper than a monthly subscription of a competing service, and (b) can you maintain that instance better _in your free time_ than some engineers that get paid to do it every day?
The answer to (a) for me is definitely not, my colo bill is much larger than a 1pass subscription, and (b) is also probably a big fat no considering there were concerns in this article I hadn't even thought of. So ultimately I'm happy paying a nominal fee for someone to keep up w/ the ever changing landscape of OS/browser integrations & minefield of security pitfalls regarding credential storage.
I wish there was some elegant way to magically kept all my devices in sync, that was portable & standardized, but the reality is modern vendors seem more interested in creating silos than standards.
---
However there are things I don't put in my 1pass, despite it having great support for them, because I consider the alternatives more convenient or secure:
(1) My PGP/SSH keys are on a YubiKey
(2) My 2FA TOTP codes are on that YubiKey or some other authenticator
(3) My 2FA backup codes are on an encrypted volume. That secret is not stored in 1pass.
(4) My critical services (DNS, e-mail) require hardware backed 2FA.
The theory being even if you steal my PW vault you can't own my DNS, without my DNS you can't own my MX, and without my MX you can't truly own my online identity.