What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I’ve used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I’m starting to read more about it. What’s just a really solid choice all around, that you can feel good about? Free or paid.
Bitwarden.
If you want to keep it in a file you want to sync yourself: keepassKeepass + Syncthing is an undefeated combo
Definitely Bitwarden
Use KeepassXC with Syncthing for maximum autonomy or Bitwarden for maximum ease. Both are FOSS. That’s my recommendation and also seems to be the consensus among those who share your needs.
I’ve haven’t looked at KeepPassXC before. I’ll check that out today.
I use KeepassXC which is free and open-source. The passwords are stored as an encrypted file on your own system. No servers or businesses involved.
Personally I put mine in onedrive so it is synced between all of my devices though, so I guess there is still a server involved in that case
KeepassXC is great, but I realised very late in the process of setting it up, that the browser extension does not support Flatpak based browsers: “Please note that in general Flatpak and Snap based browsers are not supported, Ubuntu’s Firefox Snap being an exception.” (https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide)
I hope this might change at some point.
I think I ran into that exact issue myself when I tried out fedora silverblue. I believe there was a workaround but it was quite involved from what I remember…
There’s a workaround, at least for Firefox
Where would one find that?
https://github.com/keepassxreboot/keepassxc-browser/issues/1631#issuecomment-2464608760
I think that was the method that worked for me
KeePass on sandstorm
One virtual server hosts all my open source apps, including my pw manager. It’s insanely great.
Try the one click demo
https://apps.sandstorm.io/app/rq41p170hcs5rzg66axggv8r90fjcssdky8891kq5s7jcpm1813h
KeePass is really good. I use Keepass DX on my phone and use syncthing to sync them. Works amazing.
Samesies. KeePass works great for me as well, storing it on a server so it’s accessible for both phones (using KeePassXC), and desktop using the web app for keeweb.info (app.keeweb.info).
+1 for keepassxc + syncthing
Also generally recommebd syncthing as a replacement for cloud storage for you phone pics and music and stuff.
Samesies!
One very important word of caution (unfortunately coming from experience): Syncthing, as the name suggests, makes it so the content of one device is the same as that of another device. So, even if you have one device set to only receive data, it means that if you delete a file from the sending device, the receiving device will also delete that file to stay in sync with the sending device.
There is a way to use Syncthing as a simple backup storage program (not necessarily the best solution but much better than manually backing up your files every few months and just hoping for the best). But it means that you have to use the advanced folder option “ignoreDelete”. I also use the file versioning system, so even if something is automatically deleted by mistake, it’s still versioned in a special subfolder and accessible to me.
Yeah i basically view it like a network drive in its default configuration. As if you were carrying around a USB drive.
noted, ty
My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.
Overall I like this setup because it’s decentralized and does not rely on a third party server structure. The only “weak” point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you’re capable)
I used to use Bitwarden, and I highly recommend it. I really appreciated it’s ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following
- I don’t have the money to pay for it (uni student)
- I prefer a more self-hosted approach (I will consider using vaultwarden in the future when I have more money)
- I wanted to move away from using a browser extension for password management on desktop. KeePass’ auto type feature is really good, and a more secure input method than a browser extension autofill.
The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.
My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn’t too great, but autotype doesn’t work on Linux if you install with flatpak, and you can’t prevent screen capture of the app on Linux (only on Android and Windows from my understanding)
Edit: I also tried gopass, it’s really fun to have an entire CLI based password manager, but frankly the state of mobile companion apps are appalling. The Android option only is good if you use a dev version, and the iOS one I thought was just ok. I also dislike the metadata leaking that is inherent to the format, and that PGP is the main form of encryption for the time being (some clients were looking at using AGE at some point). Overall it’s a cool but flawed concept, and I feel my other two recommendations are superior.
I use bitwarden for unimportant ones and an offline one for important ones. specifically KeepassXC that was already mentioned.
I’m a massive fan, and long time user, of bitwarden.
It’s so much better since they updated the (IMO) ugly, dated UI design. It looks nice and fresh now. Bitwarden is the MVP.
There’s a lot of good things here to think about. I asked, there’s a lot of experience out there, and I appreciate all of it. Great community, here!
iOS users, i guess the best option available is self hosted Bitwarden
I use Keepass but I recommended Bitwarden to less nerdy family members as it syncs out of the box & does what they need it to do. Sync is simple enough to set up with Keepass & the big plus for me is that it allows storage of files/documents. Last time I checked this was a limited/paid feature on Bitwarden
Bitwarden.
You know if you need more than that and if you’re asking on lemmy you don’t need more than that.
Vaultwarden. It’s FOSS Bitwarden. Host it on your own server/machine :)
I would recommend people not do that unless they know they need to and again, if you know you need to you’re not asking on lemmy.
Hosting your own secrets not only puts the burden of protecting, providing access to and preserving the secrets entirely on you, but puts a very unique set of hosting goals squarely on you as well.
Even a skilled administrator with significant resources at hand would often be better served by simply using bitwarden instead of hosting vaultwarden.
An example I used in another thread about password managers was a disaster. When your local server is inoperable or destroyed and general local network failure makes your cloud accessible backup unreachable, can you access your secrets safely from a public computer at the fire department, church or refugee center?
Bitwarden works well from public computers and there’s a whole guide for doing it as safely as possible on their website.
What’s up with protonpass? Any pointers?
Password manager from proton(protonmail/protonvpn guys)
Yeah, but why wouldn’t it be a good choice?
Oh idk that
That’s alright. Thanks though.
KeepassXC + syncthing
Fully under your control
Keepass
I’m similar to some here, using keepassxc and nextcloud
