Prompted by an account lockout at work, I migrated my passwords from 1Password to Strongbox earlier this year and never looked back.
I was locked out of my work account earlier this year – a remote lockout that HR resolved only after my manager reported it was a mistake. Worse, I didn’t have my manager’s phone number or email. Fortunately, I remained logged into Slack and could reach my team.
If my work account was easy to lock, why not my personal 1Password account? (This applies to any centralized password vault). I control neither the client nor the server. A billing dispute, admin error, or executive decree could lock me out of every password. As a centralized vault, it’s a target for hackers worldwide – state actors and script kiddies. Any recourse would take weeks.
Decentralized password sync solves this. No single point of failure and no central hub to attack. Manual sync means hacks don’t auto-propagate. Each device has its own master password. I own the data; the server just stores it.
Two things matter: standardized format and multiple clients. Keepass delivers both through the KDBX File Format Specification, which commercial and open-source projects both use.
I switched to Strongbox, a commercial iOS/MacOS app with decentralized syncing and no central server. I can also access my password database with open-source KeePassXC.