2026-07-02

Comparison of password managers

I created this table for my own use, as I'm occasionally tempted by a password manager other than the one I'm using.  You may find it useful too.  It focusses on differences that are important and/or less obvious.


Feature/Area

Bitwarden Premium

Proton Pass Plus

1Password Individual

Cost

$20/year

$45/year

$43/year

Sharing

2 shared folders, both shared with 1 other user

multiple shared folders, each shared with up to 10 users

shared individual items, each shared via a secure link (N.5)

Emergency Access

Yes

Yes

No

Company jurisdiction (N.4)

USA

Switzerland

Canada

Vault protection against decryption (in case of breach)

Password strength

Password strength

Password strength + Secret Key (N.3)

 

 

 

 

TOTP authenticator feature

 

 

 

in password manager vault/app

Yes

Yes

Yes

TOTP token syncing between devices

Yes

Yes

Yes

in separate app

Yes: Bitwarden Authenticator

Yes: Proton Authenticator

No (N.1)

Syncing from password manager vault to Authenticator app

Yes (optional)

No

n/a

TOTP token syncing between devices

Yes but N.2

Yes

n/a

app protection options

biometrics, nothing

biometrics, PIN, nothing

n/a

 

N.1: This means that some other provider's Authenticator app (e.g., Bitwarden Authenticator) is needed to protect the login to 1Password itself (if you use TOTP for this)

N.2: Each Bitwarden Authenticator app has two stores of TOTP tokens: tokens synced from the Bitwarden vault (if enabled), and tokens kept locally on that device (if any).  Either or both can be used.  Any TOTP tokens kept in a Bitwarden Authenticator's local store are *not* synced to other devices.

N.3: If your master password is not very strong, 1Password would be the best choice because of the extra protection from the 128-bit Secret Key.

N.4: Given the E2EE, jurisdiction is less important than for some other services.

N.5: If the source vault item changes (e.g., a changed password), *no* update to the shared item is sent.

2026-03-18

Cybersecurity talk April 15 in West Kelowna

I'll be presenting another cybersecurity fundamentals talk on April 15, 2026 in West Kelowna.  It will be oriented toward individuals, professionals, and small businesses.  

The event page is here:  https://orl.libcal.com/event/4006967 

A registration link will appear on that page in the near future.

2025-02-04

Outlook privacy issue

This post describes a nasty privacy issue with Outlook:

https://tuta.com/blog/outlook-business-security-issue

It's complicated so I'll summarize the actions that I see.  I'm assuming here that you don't want all your email credentials stored in the Microsoft cloud.

1. Hopefully you're still using "Outlook (classic)" (good) instead of "Outlook for Windows" (bad).

Classic Outlook comes from a Microsoft 365 download while Outlook for Windows is either built into Windows or comes from the Microsoft Store.

To figure out: press the Windows key then type: outlook

You're good if you see this, viz. "Outlook (classic)":


2. Hopefully you're still on the "old" Outlook (good), i.e., you haven't yet moved to the New Outlook (bad).

In Classic Outlook, Microsoft added a toggle in the top right corner to try to encourage you to switch: 

You're good if you see this, viz. "Off":


3. Assuming you're still using Classic Outlook with the New Outlook toggle "off", hide the toggle so that you don't turn it on by mistake.  To do this, add two values in the registry using regedit:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General

Add DWORD: HideNewOutlookToggle, value= 1

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\Options\General

Add DWORD: HideNewOutlookToggle, value= 1

(You might need to add the keys "Options" then "General" before you can add the DWORD.)