Password Managers
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
KeepassXC. Sync the file however you want.
-
KeepassXC. Sync the file however you want.
diy synchronizing sucks ass. i can never get anything to do it right
-
I pay for a 1Password family account. I like it.
Getting the family to use it is hard, but that would be the case with any password manager.
I understand there’s a bit of of bias here, but I’ve been using 1Password for probably 10+ years and have literally never had a problem. Transferred between multiple devices, added family, etc.
Solid as hell and super reliable.
Selfhost if you want, but I’ll take the reliability.
-
diy synchronizing sucks ass. i can never get anything to do it right
I use Nextcloud, which always works well for me. I don't use Dropbox or Gdrive or OneDrive, but they should work too. What have you been using?
-
I understand there’s a bit of of bias here, but I’ve been using 1Password for probably 10+ years and have literally never had a problem. Transferred between multiple devices, added family, etc.
Solid as hell and super reliable.
Selfhost if you want, but I’ll take the reliability.
I do selfhost everything I can, but have chosen not to do that with my passwords. It feels to much all-eggs-in-one-basket-y.
1Password also holds my SSH keys and acts as an ssh-agent on most systems, and I also just found out that you can get secrets from your 1Password vault in Python, which means my PyInfra scripts can use it as well.
-
diy synchronizing sucks ass. i can never get anything to do it right
Syncthing. I'm not sure what I'd do without Syncthing at this point.
-
I do selfhost everything I can, but have chosen not to do that with my passwords. It feels to much all-eggs-in-one-basket-y.
1Password also holds my SSH keys and acts as an ssh-agent on most systems, and I also just found out that you can get secrets from your 1Password vault in Python, which means my PyInfra scripts can use it as well.
Yeah, totally agree. I do backups in a similar way. Do I have cloud backups? Yes. Do I also have local? Hell yes.
A combination of the two is likely the best bet but I will say 1Password feels like one of those “oft imitated, rarely replicated” solutions.
Although I’ve also been using Apple’s solution for similar reasons. Works great, too.
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
I'm a massive fan, and long time user, of bitwarden.
-
The struggle with KeePass conflicts is real. Put basically the problem occurs when you change a DB on device A, change the same DB on device B, and then you sync them using Syncthing. That might happen for me once a month.
I think I found a process that can reduce the occurrence of conflicts, mostly, not entirely. Instead of one DB that every device shares I have one DB per device (i.e. the KeePass file includes the name of the device). Most of the time this can't possibly cause a conflict because device A only saves to its own DB. The only time it could create a conflict is if I need to pull in an entry that I made on another device. That's a manual process for me and it makes me more aware that a conflict could happen. I make sure the device I'm syncing from is active in Syncthing, and if it is there's almost no chance of a conflict.
A one-way sync option for KeePass would make conflicts almost impossible so I think I'll propose that or work on a plugin for it.
That's a very clever solution. But it's really convient to create a login in your phone and immediate switch to your laptop and login.
-
diy synchronizing sucks ass. i can never get anything to do it right
Probably not ideal but I use Google drive for synching and it worked fine. The database is encrypted so, at worst, Google knows I have a password manager.
-
KeepassXC is great, but I realised very late in the process of setting it up, that the browser extension does not support Flatpak based browsers: "Please note that in general Flatpak and Snap based browsers are not supported, Ubuntu's Firefox Snap being an exception." (https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide)
I hope this might change at some point.
I think I ran into that exact issue myself when I tried out fedora silverblue. I believe there was a workaround but it was quite involved from what I remember...
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
Bitwarden.
You know if you need more than that and if you’re asking on lemmy you don’t need more than that.
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
I use Keepass but I recommended Bitwarden to less nerdy family members as it syncs out of the box & does what they need it to do. Sync is simple enough to set up with Keepass & the big plus for me is that it allows storage of files/documents. Last time I checked this was a limited/paid feature on Bitwarden
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing
And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.Overall I like this setup because it's decentralized and does not rely on a third party server structure. The only "weak" point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you're capable)
I used to use Bitwarden, and I highly recommend it. I really appreciated it's ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following
- I don't have the money to pay for it (uni student)
- I prefer a more self-hosted approach (I will consider using vaultwarden in the future when I have more money)
- I wanted to move away from using a browser extension for password management on desktop. KeePass' auto type feature is really good, and a more secure input method than a browser extension autofill.
The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.
My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn't too great, but autotype doesn't work on Linux if you install with flatpak, and you can't prevent screen capture of the app on Linux (only on Android and Windows from my understanding)
-
KeepassXC is great, but I realised very late in the process of setting it up, that the browser extension does not support Flatpak based browsers: "Please note that in general Flatpak and Snap based browsers are not supported, Ubuntu's Firefox Snap being an exception." (https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide)
I hope this might change at some point.
There's a workaround, at least for Firefox
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
I recommend Keepass. It's freeware, is available on all platforms and supports biometrics (fingerprints, etc) on Android devices. It also encrypts the password file on your device, so you can keep a copy of that file on a cloud service without worrying if that service really respects your privacy or not.
-
I recommend Keepass. It's freeware, is available on all platforms and supports biometrics (fingerprints, etc) on Android devices. It also encrypts the password file on your device, so you can keep a copy of that file on a cloud service without worrying if that service really respects your privacy or not.
This is perhaps overkill, but you can also encrypt the contents of your online cloud storage with CryFS / Cryptomater. This is particularly useful if you wish to store sensitive documents (healthcare, finances etc) in a cloud environment in case of catastrophic destruction of property (destroying computers / on site backups of data).
In this case you can also backup your keepass file in this encrypted virtual storage medium, on top of the prexisting encryption of the database itself.
-
Unfortunately LastPass had some issues over the past years with hacking where encrypted vaults were stolen. Between myself and my friends in tech, I know of a few conpanie that ditched it after that.
For individual/personal use, I'd reccomend KeePass (whatever fork of it is up to date and maintained lately) and using somethung like syncthing to sync it across devices. That may not be super user friendly for non-technical users though, and I'm not sure how well it works with iPhones.
For iOS devices the most up to date client is "Strongbox". I don't think it is FOSS, but is compliant with the standard. It's sadly a freemium app, but is quite well made in my testing. It cannot sync with syncthing, but does support several cloud services, its own service (which uses iCloud), and local file transfer over LAN. They also have a version of the app with all network connectivity removed for security (if you prefer)
-
I'm a massive fan, and long time user, of bitwarden.
It's so much better since they updated the (IMO) ugly, dated UI design. It looks nice and fresh now. Bitwarden is the MVP.
-
What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I've used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I'm starting to read more about it. What's just a really solid choice all around, that you can feel good about? Free or paid.
No one has mentioned pwsafe, which was originally created by Bruce Schneier and is still maintained.
