A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_[email protected]~
Been a Bitwarden user for several years now, both personal and deployed at multiple small businesses.
It has been fantastic the whole time. Pricing is great, open source, runs on basically everything, and easy to use.
KeypassXC if you're uber-paranoid or a hardcore Stallmanite, otherwise, Bitwarden all day 100%
Also voting for bitwarden
Definitely Bitwarden
KeepassXC + syncthing
Fully under your control
Bitwarden.
If you want to keep it in a file you want to sync yourself: keepass
Keepass + Syncthing is an undefeated combo
Keepass
KeepassXC + webdav
What's up with protonpass? Any pointers?
Password manager from proton(protonmail/protonvpn guys)
Yeah, but why wouldn't it be a good choice?
Oh idk that
That's alright. Thanks though.
KeePass + Tresorit
No one has mentioned pwsafe, which was originally created by Bruce Schneier and is still maintained.
I recommend Keepass. It's freeware, is available on all platforms and supports biometrics (fingerprints, etc) on Android devices. It also encrypts the password file on your device, so you can keep a copy of that file on a cloud service without worrying if that service really respects your privacy or not.
This is perhaps overkill, but you can also encrypt the contents of your online cloud storage with CryFS / Cryptomater. This is particularly useful if you wish to store sensitive documents (healthcare, finances etc) in a cloud environment in case of catastrophic destruction of property (destroying computers / on site backups of data).
In this case you can also backup your keepass file in this encrypted virtual storage medium, on top of the prexisting encryption of the database itself.
My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.
Overall I like this setup because it's decentralized and does not rely on a third party server structure. The only "weak" point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you're capable)
I used to use Bitwarden, and I highly recommend it. I really appreciated it's ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following
The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.
My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn't too great, but autotype doesn't work on Linux if you install with flatpak, and you can't prevent screen capture of the app on Linux (only on Android and Windows from my understanding)
Edit: I also tried gopass, it's really fun to have an entire CLI based password manager, but frankly the state of mobile companion apps are appalling. The Android option only is good if you use a dev version, and the iOS one I thought was just ok. I also dislike the metadata leaking that is inherent to the format, and that PGP is the main form of encryption for the time being (some clients were looking at using AGE at some point). Overall it's a cool but flawed concept, and I feel my other two recommendations are superior.
I use Keepass but I recommended Bitwarden to less nerdy family members as it syncs out of the box & does what they need it to do. Sync is simple enough to set up with Keepass & the big plus for me is that it allows storage of files/documents. Last time I checked this was a limited/paid feature on Bitwarden
Bitwarden.
You know if you need more than that and if you’re asking on lemmy you don’t need more than that.
Vaultwarden. It's FOSS Bitwarden. Host it on your own server/machine :)
I would recommend people not do that unless they know they need to and again, if you know you need to you’re not asking on lemmy.
Hosting your own secrets not only puts the burden of protecting, providing access to and preserving the secrets entirely on you, but puts a very unique set of hosting goals squarely on you as well.
Even a skilled administrator with significant resources at hand would often be better served by simply using bitwarden instead of hosting vaultwarden.
An example I used in another thread about password managers was a disaster. When your local server is inoperable or destroyed and general local network failure makes your cloud accessible backup unreachable, can you access your secrets safely from a public computer at the fire department, church or refugee center?
Bitwarden works well from public computers and there’s a whole guide for doing it as safely as possible on their website.
I'm a massive fan, and long time user, of bitwarden.
It's so much better since they updated the (IMO) ugly, dated UI design. It looks nice and fresh now. Bitwarden is the MVP.
I use bitwarden for unimportant ones and an offline one for important ones. specifically KeepassXC that was already mentioned.
KeepassXC. Sync the file however you want.
diy synchronizing sucks ass. i can never get anything to do it right
Probably not ideal but I use Google drive for synching and it worked fine. The database is encrypted so, at worst, Google knows I have a password manager.
the last time I did this it was Dropbox and I ended up with a thousand conflict copies of the database
Syncthing. I'm not sure what I'd do without Syncthing at this point.
I use Nextcloud, which always works well for me. I don't use Dropbox or Gdrive or OneDrive, but they should work too. What have you been using?
There's a lot of good things here to think about. I asked, there's a lot of experience out there, and I appreciate all of it. Great community, here!
iOS users, i guess the best option available is self hosted Bitwarden
Great thread and good recommendations from folks. I use RoboForm for personal and happy with that for many years now, and Bitwarden for my company and happy with it.
I pay for a 1Password family account. I like it.
Getting the family to use it is hard, but that would be the case with any password manager.
I understand there’s a bit of of bias here, but I’ve been using 1Password for probably 10+ years and have literally never had a problem. Transferred between multiple devices, added family, etc.
Solid as hell and super reliable.
Selfhost if you want, but I’ll take the reliability.
I do selfhost everything I can, but have chosen not to do that with my passwords. It feels to much all-eggs-in-one-basket-y.
1Password also holds my SSH keys and acts as an ssh-agent on most systems, and I also just found out that you can get secrets from your 1Password vault in Python, which means my PyInfra scripts can use it as well.
Yeah, totally agree. I do backups in a similar way. Do I have cloud backups? Yes. Do I also have local? Hell yes.
A combination of the two is likely the best bet but I will say 1Password feels like one of those “oft imitated, rarely replicated” solutions.
Although I’ve also been using Apple’s solution for similar reasons. Works great, too.