2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to…
You must log in or register to comment.
Keepass + Syncthing is a great combination.
And with Syncthing’s Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
the file is already encrypted so you aren’t getting much more security
I also sync other stuff, so it’s useful anyway.
And it hides file names and sizes by splitting things up, which puts one extra layer of difficulty for someone trying to find my passwords file to target. I have a much stronger password on the syncthing directory than my normal type-each-time password to open keepassxc.
I’ve been using 1Password for about a year now and like it a lot
+1 For KeepassXC, I use it in combination with syncthing to have my passwords available on all devices.
Been using that same setup and very happy with it.
Same for me
Nextcloud syncs my KeepassXC safe.
Syncthing for me, but Nextcloud has its advantages too.
Any options on StrongBox? It seems like a good option but they don’t quite have the reputation that others have, despite being around since 2017.
StrongBox is just a client that uses keepass databases. I think it integrates well when using Apple devices and you can still use your databases on other platforms.
Ah thanks. Ya it’s Apple only but I like how it doesn’t sync to a central server but will still sync between your devices across your local network. Seems to minimize a lot of attack surface.
Strongbox is great, but expensive. I settled on KeePassium instead mostly based on cost.
It’s only $20 a year or $80 for life. I feel like that’s a fair price to support the developers.
It’s not unfair, but for my use case there are cheaper or free alternatives that work really well.
And I’m Canadian so it’s a bit more than that dollar wise.
Buttercup Foss is not mention and is a nice alternative
I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!
I use Bitwarden for passwords. Just works so well.
KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.
Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don’t need to phone home to access passwords.
My setup
I do it exactly like that, except that im connected via vpn most of the time, since my pihole is also located in my lan
Exactly my setup
My favorites:
- Proton Pass
- Pros: Aliases, Proton integration
- Cons: No passkeys (yet), native desktop apps in beta
- 1Password
- Pros: SHH agent integration!
- Cons: Least open
- Bitwarden
- Pros: Most open, self hosting option
- Cons: least polished user experience
Proton Pass Pros: Aliases,
1Password technically does have aliases too but it requires a fastmail.com subscription. I use it and it works quite well though.
- Proton Pass
Vaultwarden
KeepassXC & Syncthing
And I do keepassdx on Android, with a (phone-specific) database synced with syncthing
P.S. syncthing is fantastic: I hope more people consider hosting discovery servers and especially relays
Syncthing is so good!
Indeed I have 1Password (was the best proprietary) and I’m switching to Proton Pass. This year they lacked features but their integration of their Simple login email aliases is game changer
I’ve been using Proton Pass since it launched and I think it’s really really good.
Positives:
- Nice integration with both desktop and mobile
- Integrated in the proton suite, which I was already using
- Allows you to generate an email alias for each login automatically. Websites will never have your real email and you can easily generate a new alias if one has been compromised
- Supports 2 factor authentication via TOTP, works really well
Negatives:
- No passkey support yet
- Free version only supports like 5 email alias
I get a good reason to stay away from lastpass is their dealing with getting hacked. Valid. However, bitching about not getting to use all the paid features as a free user is ridiculous.
In a vacuum, maybe. But there is a difference between adding new features to a paid plan and removing features from a free plan.
KeePassXC my beloved
If you are into the command line, pass is also neat. You can even have your keys in a git repo and access it with a FOSS Android app (requires some dedication to set it up). It’s very useful to feed passwords to scripts without hardcoding them in the source.
