What do you all use for password management?
3y 18d ago by vlemmy.net/u/chika in privacyguides@lemmy.one
I'm using KeePass currently, since I don't really want to use anything publicly hosted. But I was curious to see what other people have been using!
Bitwarden
second. i think this one is the best. works well on mobile and desktop. can share stuff. has a good free level. i love it
Third. We even formed a organisation to share passwords to streaming sites (looking at you, Netflix). I like the emergency feature when something happen to me and my partner can access my passwords and login information.
Seems most people are recommending Bitwarden! Is it free to selfhost? I'm new to selfhosting but I'd love to give this a shot.
I've used bitwarden for a few years myself now. I enjoy it. I'm trying to get into self hosting myself and found vaultwarden is an open source fork of bitwarden. That's probably what I'm going to use
IIRC the $10/yr fee is just for hosting. You should be able to host it yourself for free. At $10/yr tho, even if I'm self hosting I'd pay that just to help development
you don't need to selfhost it if you're comfortable using vault.bitwarden.com
Vaultwarden is a go rust fork that is significantly lighter for 1-2 users super easy to self host
Edit: rust fork
Vaultwarden is a go fork
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
But yeah, it's great.
Very easy to self-host using docker-compose. It's my favorite password manager ever since I've started hosting an instance on my NAS. I finally managed to get my wife to use a password manager thanks to the simplicity of use it offers. And it's very easy to import your KeePass database.
Forthed! Does everything I need it to do.
Fifthed
BitWarden
BitWarden has not let me down in 3 years!
Bitwarden. I've used a bunch of password managers, Bitwarden has been by far the best for me.
The mobile, desktop, and web app are all awesome and work great.
Self-hostable, open source, great feature set. Pricing is super reasonable for their cloud hosted features. Ui is simple, clean, makes sense, and so far I've had zero issues with syncing, saving, etc.
IMO, it's a great example of a FOSS application that looks and functions as good or better than the nicest closed source proprietary software.
This. Love Bitwarden
The passphrase generator is the best thing. Yes, I know, I should never see/need the password in clear text, but when you have to login onto something on your TV, it's nice to have words that make sense.
I'm happy with Bitwarden.
Self hosted Bitwarden AKA Vaultwarden.
Looking into selfhosting Bitwarden myself. Has the experience been good for you?
Pretty good, I use it along with Cloudflare tunnels, no ports opened and pretty much a 99% of uptime (I have only had issues when the docker image auto updates because of reasons lol)
Thanks. Will definitely look into it soon.
This is the way.
BitWarden has been a trusted, reliable and very useful service for me.
Keepass xc with syncthing
same here, KeePassXC + syncthing on desktop and KeePassDX + syncthing on android. I also run a second syncthing instance on desktop in read only mode that makes backups to my cloud
same, until keepassdx had problems on my samsung phone, at least for a while, so i swapped it out for keepass2android
Funny, I had keepass2droid but had issues and swapped to KeePassDX
i haven't tried to go back. that was probably a year ago that it broke, and the dev response was that they didn't like samsung's code and thought it was a bad idea to try to work around it. issue is still open
https://github.com/Kunzisoft/KeePassDX/issues/1269#issuecomment-1075449893
Honestly, not being able to reproduce the problem, I don't feel like going blind when it's clearly a problem in the OS. I need an AES symmetric key and if I have to go through certificates and RSA asymmetric keys to workaround this issue, it changes the workflow and requires key invalidations, etc... I really don't know what to do except ask Samsung to implement a proper Keystore.
I mean, that sounds less like that they don't like it and more like it is objectively bad and working around it would make KeePass less secure...
This is what I do. Important to remember to occasionally backup the file as well.
I started using Bitwarden a few years ago and it's been excellent.
Fellow keepass user here
I use KeepassXC from the distro repos and syncthing so I have that shit synced around the whole house.
edit: on android I use KeepassDX
It is keepass all the way down lol
I use Google Cloud to sync my PC/Android(KeePass2Android).
I am looking to try KeePassDX, but I don't see an option to connect/open a google cloud. Idk if i am missing something or if it us just unsupported.
I also use KeePassium XC on my desktop and go r mobile I use an app called KeePassium. I just have them pointed at the file in my Google Drive.
Absolutely the way to go. Unrivaled in terms of flexibility and freedom.
KeePass has been my go to password manager since 2012, and all the apps on various platforms do a good job of integrating with their respective platforms. I personally use KeePassXC on Ubuntu, works great (except no auto-type using wayland). Hardest part is picking a file syncing service for the database file.
Yep, i use KeepassXC on Ubuntu and KeepassDX on android. I use syncthing for syncing
Yes! Keepass2. My database is stored on my OneDrive so I have the same database on alle my devices. If I decide to cancel my OneDrive, I can easily migrate my passwords to another cloud host.
8 was with you until you said onedrivr. I use syncthing for that
I was also using OneDrive for my Keepass database, but syncthing seems really nice, might switch once I get the time
I recently started using KeePassXC and it suits my needs well.
Kepass ftw!
Bitwarden user here. I used to use LastPass, but it's hard to beat free software that does the same thing just as well.
Definitely Bitwarden
I've been using Bitwarden for a while and I have no complaints, works pretty well.
bitwarden has been great, no complaints!
BitWarden in personal life. Recently discovered my corporate overlords approve KeePass (no synching to my phone though). I'm pumped to have literally any pw vault solution.
No joke, 25% of the people in my office have a sticky note on the bottom of their keyboards. I do the odd security audit and I always check.
I was able to use KeePass when I first started my job in 2019, but after I swapped laptops and found I had to get admin permission to install it, and was promptly denied, I was pretty miffed. The IT lord said they were going to implement... some kind of solution, but so far it's never materialized. I might have to open a BitWarden account just for my work passwords because LastPass has only been a stopgap for me. I can't believe we don't have an office-wide password solution because otherwise everyone is going to keep using <<companyname>><<currentyear>>! for everything and that's just terrible.
While waiting for the IT-lords solution you might try KeeWeb
Self hosted Vaultwarden. It's great.
Bitwarden! Used to use LastPass but I'm glad I migrated a few years back. I prefer bitwarden now. It's easy to set up, use and multi platform.
I have been using Bitwarden for a long time and never regretted it. If I wanted to have an offline password manager I would look to KeePassXC.
What are the benefits to self-hosting Bitwarden? I self-host several other services, but I haven't felt the need to self-host Bitwarden.
Bitwarden here. Was also a LastPass user. Switched when I retired so I did not have to worry about still keeping any old accounts from work. P.s. Also I like that I can have Bitwarden sync on my phone and my laptop.
I've been happy with Bitwarden thus far. Used Lastpass back in the day, but migrated over when the renewal prices started creeping up.
Bitwarden pro. Having OTP and all my passwords on my watch is a life changer.
It took me a while to start using it for 2FA but it's a total game changer now that I am.
I’m also using Bitwarden currently.
I've always just used Bitwarden even before I cared about privacy
KeePassXC synced across my devices with syncthing
X2
Big fan of Bitwarden here.
I use KeePassXC (KeePassDX on mobile) synced via SyncThing for sensitive/important logins, and Bitwarden for practically everything else.
Bitwarden is my go to
keepassxc + syncthing for syncing the database across devices.
Self-hosted Bitwarden.
Wait, that's an option? Can you give some more info about it? Is this doable with a usual (home) client license or do I need a business license?
To be fair, I don't know much about it, but here's the install guide
From what I remember, I don't think you need a business license to do so, but you have to go through all the usual hoops to kake something available over the internet.
I looked into the installation guide. My home network is already reachable over the internet via VPN. So it doesn't even need to be able to be reachable over the internet, as long as it's reachable within the local network. Guess I just found a new project :D
Wait, I also have a vpn and a little raspberry pi already running at my house... I'm literally one install away from self hosting, I might give it a shot too! 😝
Check out vaultwarden. Works like a charm and updates are pretty easy on the docker version.
the keepassxc ssh-agent is an absolute lifesaver
Using and loving pass, especially with git integration tosynch across devices. Will check this one out though
Bitwarden
Bitwarden is the way to go. Used LastPass years ago when they suddenly switched to the paid model, then they could get fucked. Been with Bitwarden and haven't looked back (or around for alternatives, super happy)
Bitwarden is great and open source.
Bitwarden since its open source, easy to use and cloud sync is sooo great
I'm just on bitwarden, I was using keepass for awhile but getting the vault moved between devices was a pain, even with syncthing. If it got desynced it was a pain to fix
Started with Lastpass, but migrated to Bitwarden because of open source. And then came the trouble at Lastpass.
KeePassXC with the db synced by syncthing
I use Bitwarden in all my devices. Never gave me a reason to look for anything else.
Firefox browser. 😬😬
At the moment BitWarden, but I'm looking to go to selfhost a VaultWarden server. I've alrrady done it one time with a raspi but after some week it crashed out. Next time I'll use a x86 machine.
One more for Bitwarden. You can even run your own local server and avoid using the cloud.
KeepassXC!
I know a bunch of people here have mentioned Bitwarden, but I would like to mention one feature that makes it superior to all others. You can integrate it to services like SimpleLogin, AnonAddy, Firefox Relay, DDG etc. and auto-generate email aliases within the Bitwarden extension. In theory it is more secure to not do this but it is such a huge QoL feature to just hit the randomize button in the extension to create an alias for a new login. It also populates the info field on simplelogin with something along the lines of "Auto-Generated by Bitwarden for: [website]"
Wait, Bitwarden extension can integrate with SimpleLogin? How come I’ve never heard of this?!
Here is their blog post on the topic.
Thanks!!
Keepassxc with databases in nextcloud for easy sync between devices
Bitwarden for personal, 1Password for work stuff.
I much prefer Bitwarden
Bitwarden. Very happy with it. Been procrastinating setting up my own hosted vault.
I, too, use Bitwarden and I want to set a selfhosted instance up soon, now that I got a home server for my media & stuff.
Firefox sync. The service syncs between your actual devices. Nothing is stored online. There is a catch. Everything is encrypted using your password. So if you forget your password, you lose all your passwords.
I sync between my Linux desktop (OpenSuse Tumblweed), my Android phone, and my Steamdeck.
1password is the only one I trust
I use pass
https://www.passwordstore.org/
Android client: https://github.com/android-password-store/Android-Password-Store
Been with 1Password for a few years now, coming from LostPassword. I feel it strikes a balance with the whole being secure and being convenient.
KeepassXC on desktop, KeepassDX on Android, file on Google Cloud
Same configuration
Bitwarden. It works on iOS, windows and Linux.
I primarily use Bitwarden with a self hosted Vaultwarden server on my NAS. But since Bitwarden doesn't support an auto-type feature (not the same as auto-fill) I use KeePassXC on my desktop PC for applications too.
Been very happy with Bitwarden for quite a few years now.
Bitwarden FTW
KeepassXC. Migrated from KeepassX which I used for a long ass time (over a decade? Maybe more!)
Using bitwarden for company and private purpose in Smartphone and laptop with Browser integration since two years ans beeing really happy
Selfhosted vaultwarden instance
Bitwarden, all the way. On my mobile devices, laptops, etc.
I used to use KeePass but the UI is so antiquated and features also just haven't kept up. Bitwarden free, open source, audited, syncs and works everywhere flawlessly, and I can self host if I ever want to. It's great.
Bitwarden has been amazing for me and I'm slowly getting my family to use it as well
Bitwarden has been great for me as well...I don't know that I'll ever get the certain family members away from their password book though.
My girlfriend made an account as soon as I mentioned that we could be each others emergency contacts, which is the feature we hope never to use, but it is great knowing that we got it covered.
The family thing was the selling point for me.
Oh yeah, that's such a huge feature for my wife and kids.
What are the family features?
Don't forget you can self host it, preferably with Vaultwarden.
Also Bitwarden. Working on getting the whole family on it. It's easy and has all the features I need.
me too. very happy with it, and 10 bucks for the paid version is pretty inexpensive.
Very good point - the paid version is cheap and well worth it.
well, for an average user like me, I never really understood the advantages of a paid version. What did you convince you to pay for it, besides helping the developers?
I know it's risky put all eggs on the same basket, but for some sites/app I add the 2FA on bitwarden too :D
And to help the devs, as well.
I haven't :) I think for most users the free version is everything they need. For $1 or $3 (depending on the tier) you get the ability to store and encrypt files instead of just passwords and text notes, etc. More on that here: https://bitwarden.com/pricing/
The only thing it lacks IMO are custom items types but it's on the roadmap.
Like some others here I use bitwarden, but I'd prefer to move to selfhosted vaultwarden. I haven't taken the leap of opening my server to the world so my family's devices can stay synced. Also, I don't trust my admin skill with server stability and security.
Get a super cheap vps and put it on that. Vaultwarden's secure, and the passwords are encrypted anyway. You can even get a shared ip vps, because you really only input the server's URL once per device. They're like 5 bucks a year or less.
Thanks, I'll check it out
KeepassXC and various other KeePass2 compatible apps depending on the OS I happen to be using.
Vaultwarden
Same, I love it
I've been using KeePass for a very long time. It works, and the Google Drive plugin syncs without any issues. I have it set up on multiple devices, all pulling from my Google Drive, and each instance of KeePass has it's own key file. So even if someone got a hold of the main database, it's useless without the key file, which is only hosted on specific devices.
I use bitwarden and it's great! Will test out Proton Pass when they open it up.
Selfhosted Vaultwarden and the Bitwarden apps.
Gives me access to all my things basically any time and anywhere. Its pretty neat. And if I don't want it anymore, I can export the data and just nuke it - and it's gone. :)
I also use vaultwarden couldnt live without it 😄
Unix pass! Because I have to be different apparently
If you're into DIY, you can get a very robust system set up with GnuPG, rofi-pass, and git. Plus I can even push passwords to my phone using Android-Password-Store.
Me too!
Qtpass on Mac. Password Store on Android. And the browser extensions.
It's a little cumbersome at times but it's super secure.
I wanted to do the same but Android-password-store is not compatible with my phone so I only use pass on my work computer for work related passwords.
While there hasn't been a release in a while, the Android-Password-Store dev seems to be actively working on it (at least per the GitHub page), so hopefully it'll get updated for your phone soon.
For what it's worth, I currently have it working on GrapheneOS on a Pixel 7 Pro phone, which I figure is pretty modern as phones go
I've been hosting my own vaultwarden server for a few months now and it's been great, especially being able to move my TOTP stuff off of my phone
Kepass (and Keepass2Android) + Nextcloud instances to keep sync and backups
Keepass is great, use it at work.
1Password for my personal stuff
Lastpass has had too many leaks / issues for me to ever trust them again
KeepassXC on PC
KeepassDX on Android
The database is synced between devices with syncthing (selfhosted, stuff is synced using wifi) so my database is not uploaded to the internet
Same. Everyone is sleeping on syncthing.
KeePass still too! I use keepass2 on Android and it's basically changed my life. Auto fill w/ bio unlock...it's the BEST
I've been using KeePass and KeePassdroid for at least 10 years now. "Sync" my dB through one drive, only because at one time we were allowed to use our personal one at work, but since they blocked personal folders in favor of corporate ones it is much less handy.
I used to use Dashlane but when I found out bitwarden was free I just started using that
+1 1Password (coming from LastPass) this manager is really great. Good mobile, desktop and browser support.
Bitwarden is the way.
Keepass and Strongbox.
I don’t like the honeypot that is anything too centralized, even if it is e2e encrypted. I’d be worried about exploits or compromised client payloads.
I just use hunter2 as my password literally everywhere. Otherwise it's easy to forget if you use more than one. I also use Bitwarden to manage all those passwords. It's really easy cuz you only need to type "hunter2" only once when you log in. After that you can just click it.
Okay, but why did you censor the password? I only see *******
KeepassXC on desktop and Strongbox on mobile. Syncing works through any cloud provider of choice
Self hosted vaultwarden for personal use and pass at work.
BitWarden for me. I got the premium plan so I use it to share family password with my Partner (one collection), my dad (a second), and my in-laws (a third). I've definitely gotten my money's worth and I've been happy with it.
Looking forward to seeing if the passwordless (like key vaults) works for my automated processes, but even if they don't, it's been fairly good for me and has a decent contingency (self-hosted).
I used KeepassXC and Keepass2Android but the implementation seems a bit janky at times and the need to sync it manually or let it sync via a cloud is not all that comfortable.
I switched to Bitwarden about a month ago and consider it still as a test phase for now. I'm not that happy with just having my passwords lying around on a random cloud server.
I use KeepassXC and Keepass2Android Offline and sync everything with syncthing. Works without any issue very reliable since years.
You can always self host your bitwarden instance if you want.
For me, bitwarden is a good middle ground, it's super easy to setup, works super well on desktop and android, and it's still way better than using the same 8 character password everywhere. I think it's easier to recommend as a starter to anyone that's not using a password manager.
That's super helpful. Not just privately but also on a business side, since we're looking to replace our current solution that's basically discontinued.
I self host vaultwarden which is more lightweight but compatible with all the apps server part.
Have the exact same setup, I spun up a vaultwarden container to test it out. I might swap over, and since i have vpn at home it is very easy for me to sync at any time.
1Password because we’re an Apple household (aside from my work laptop, and even then it’s easy enough to use through the web interface). The main thing that irks me about it is that they keep offering discounts for new subscribers but longtime users have to keep paying the full price. But I’ve been considering switching to Proton for email, and they’re in the process of rolling out a password manager that seems similar so I may be switching to that sooner rather than later.
Another very happy 1Password user here!
I switched my workplace to 1Password and I moved from Dashlane at the same time. One thing that's nice about 1P from that perspective is that our plan gives everyone a free personal account that they could take with them if they left the company (they'd have to pay for it themselves at that point of course).
Usability is the best of any password manager I've used, but the killer feature for us as a development team was the flexibility. Being able to assign the same credentials to multiple URLs (e.g. dev, stage, QA, prod) was just not possible with everything else we looked at the time.
me too! I've already installed the extension. Just waiting to get access!
+1 for 1Password. I used and loved Bitwarden but there’s a few things that 1Password can do, especially on PC, that Bitwarden can’t. IMO it’s worth the extra $20ish dollars a year.
But since there’s no free tier, I do recommend Bitwarden to folks who don’t use one since their free tier is fantastic.
Self hosted Bitwarden out of my house. I bought an old server a while back and it's been running like a champ. The official version s a bit cumbersome, but it seems to work really well. No complaints.
Selfhosting Vaultwarden (Bitwarden)
Another vote for Bitwarden. Works on everything I use!
Dashlane here. I self host a lot and could definitely use Keypass or something locally, but the risk of losing all your passwords if I fuck something up was too great. I'll pay professionals.
The way I do it is that I use gdrive to sync the database between devices, which acts like a kind-of backup of the database. That way I don't lose it :)
I use 1password, I used KeePass for years but it didn't work will on Android so I moved on.
Also using 1Password, works great for what my family needs.
I’m entirely in the Apple ecosystem, so I use the built in Keychain, synced across devices through iCloud.
It would be Bitwarden otherwise.
I recently got my first Apple product in about 10 years or so and I’ve been using BitWarden on all my other devices, but it’s not quite as convenient on this iPad. Is the built-in Keychain good and secure? Like I said, I’ve just been out of the Apple ecosystem for a long time.
Maybe you already know this, but you can set Bitwarden as your default password manager in iOS. It works perfectly for me, filling in username and password automatically when I click on a password/username field.
No, I did not know that, but now I do! I'll see if it works more like I want it to now haha. Thanks!
@bleuy007 I've found BitWarden to be fairly convenient on iPad. I can't imagine Keychain would be any more convenient than changing the default password autofill to use BitWarden.
true, besides generating passwords
Yeah, I’m also a recent iPad Pro user. Last Apple product I bought was an iPod Video back in 2005.
Apple’s Keychain is just like BitWarden but is obviously much, much better integrated than BitWarden on an iDevice. It also has some neat options to suggest you different kinds of secure-passwords and it alerts you when one of them has been leaked. As far as it being secure, I’m know nothing about data security, but all the mumbojumbo on their tech specs sounds secure enough to me.
https://support.apple.com/guide/security/keychain-data-protection-secb0694df1a/web
I used to use KeePass, but switched to https://www.passwordstore.orgwith a YubiKey after discovering how janky the KeePass 2FA system is designed a while back.
Same here. I used to use KeePass, KeePassXC, and Bitwarden, but I am now happy with the pass command-line password manager on Linux and the Password Store app on Android.
For work I use 1Password, for at home I use Bitwarden.
1Password. Wasn't thrilled with their move to electron, but it hasn't been as bad as I feared, and they've earned my trust at this point
Doesn't hurt that my work now uses it, so I get the family plan for free either
KeePassXC and Keepass2Android auto-synced with my Nextcloud instance. Works great cross-platform for Linux/Windows/Android.
I know what you mean, trusting a SaaS provider with my master password list always felt like a bad plan.
My approach is a bit more complicated than of many commenters here: I use both Keepass and Bitwarden.
Bitawarden is for most of the passwords, and I use it to share some passwords with family.
Keepass is for the most sensitive stuff - online banking and emails. Also, I use it for non-web apps. Keepass DB is synced with Syncthing between desktop and mobile.
TOTP is handled by Aegis android app. I was thinking to move it to Keepass, but I really like interface of a dedicated app. And it's data automatically backed up to Nextcloud
Enpass, no puplic hosting. Clients in phone and PC. You can use your own services if you want to upload or keep it in a folder on the phone.
My reasons for prefering Enpass over Bitwarden:
- UX is nicer (you can even prepare templates for new items)
- Completely decentralized (every synced device has the full database. That makes it easier to backup)
- the browser extension uses the fat client for fill in, so I don't need to log into multiple bitwarden clients/installations. Especially when using multiple browsers.
I'm really surprised there's so little love for Enpass. I was a long-time 1password user, and even jumped through all the hoops they required for people that purchased their service as a 1-time fee before they transitioned to a subscription service. Until they broke their iOS app (I think? memory's fuzzy).
Transitioned to Enpass and it has been spectacular. The ONLY feature I've found to be missing is setting up OTPs on desktop is a difficult experience when the site uses a QR code. 1pass had this really cool little window you could drag over the QR code to read it, but with Enpass I think I had to pull my phone out to scan the QR code on my desktop screen.
Password managers are for suckas, I just use password123 for everything.
Lmao, thats nothing, i use pazzword12369
Another happy KeepassXC user here! Keepass2android on Android. I keep the passwords synced with nextcloud
1Password is a genuine life saver.
Bitwarden all the way
KeepassXC and Keepass2Android
KeepassXC with syncthing
I just lead the migration from LastPass to 1Password for the business I work at. It was really prompted by the breaches at LP and their poor handling of it. For personal stuff, I just did whatever I was doing at work because the business plans come with free licenses for personal accounts.
Bitwarden here too
Bitwarden enjoyer here
I use OneNote, with a bunch of coded words that mean other things and mix and match those to make longer passwords that are all different. Because I'm too lazy for a real app, and this is secure enough and useful enough.
It might be a minimal effort to set up. But afterwards any pw-manager will propably save you lots of effort.
Vaultwarden for work, KeePass and KeePassDroid for private use.
Keepass on OneDrive, so I can access it from my computer and phone.
Self hosted Bitwarden is the bees knees.
Bitwarden. I left LastPass about 3 years ago and haven’t looked back. I pay for bitwarden so I can use the TOTP feature and because i can’t wrap my head around the recovery process for my wife if something were to happen to me. I think another, more technically fluent human will need to be involved if that ever comes to pass.
I've been using keepass on PC and KeepassDX on Android.
Bitwarden user here.
I use Bitwarden and honestly couldn’t be happier. My partner and I both use it, so it’s incredibly easy to share any credentials we both need to use. It also works great on every platform I’ve personally tried it on, and I like that I can use it for totp 2fa as well.
I rolled my own, actually. I don't store any passwords (even encrypted). Instead, I just append the site name to my base password (which is in my head), hash it, and base-52 it. (I also start each password with the same uppercase letter, lowercase letter, punctuation mark, just to ensure it gets past any bullshit filters)
I like that there's nothing that can be leaked (except what's in my head) and nothing to be lost and nothing to back up.
Can you please elaborate on each step. I'm not sure on the hash and base52 - do you use a program you're written to do that for you? A simple example would be fantastic.
Yeah I wrote the code for it. It's simple enough that I could write it again if needed.
By "hash" I mean SHA256 (though if I were to do it all again, I would probably use a different hash algorithm these days, but whatever, good enough). "base52" means turning the SHA256 binary code into a sequence of letters/digits. That part I wrote, too, but it's quite straightforward.
quiet similar to what Masterpasswordapp does!
Bitwarden, easily. You can self host if you want to for added privacy. I don't, but the option is there.
Passman on self hosted nextcloud with passman android app from fdroid and browser extension on laptop
Enpass. I sync my vault with my Nextcloud, but it would also work completely offline or with direct-sync between my devices.
Was starting to think I was the only enpass user out there
There's a couple of us!
KeepassXC on desktop and KeepassDX on my android device, synced using syncthing. I don't trust servers keeping all of my passwords anymore, encrypted or not
NextCloud
- Bitwarden for my Passwords.
- Keepass for my password for Bitwarden.
- An master password + picture(key) combination for access to my keepass.
What does the intermediate step add?
Not the guy you are replying to, but it would allow the user to create a very strong password for Bitwarden, and use an easier one to remember for Keepass, since Keepass would still require a key file to open the database.
I kind of like the idea, actually! LOL
Bitwarden for several years.
Same here. I used to have LastPass, but after their privacy fiasco, I moved to Bitwarden, which I find to be rock solid. The fact that it's open source helps me feel more at ease that they won't pull any crap as easily as other password managers.
self hosted passbolt is very convenient, didn't see more secure alternatives. The only bad thing is that it cannot save TOTPs currently
Have you looked into vaultwarden? That supports TOTPs
I use a self hosted vaultwarden instance! Should probably migrate it to my new server soon-ish though...
Well, ahem, I use index-cards in a box. Never looses batteries - totally hack-proof !
I simply use Google/Chrome
Be aware that browsers saving passwords usually store them in some plain text or trivially decipherable format. So someone with physical access to your drive can steal all your passwords, basically.
although to be fair, physical access generally = game over. i would be (am) more concerned with exfiltration over a really innocuous-looking google endpoint
Might not be the most popular answer on this platform but it is the most seamless and easy for me. The integration between chrome and android is really nice.
Not that other options are difficult but the only reason I can see to migrate is ideological which is completely fair. I would probably do it if I was younger and had more time and effort to deal with it.
i’m using KeepassXC!
Bitwarden. I used to use LastPass but got terrified of their security.
I used to use 1Password standalone, but they moved away from it and started only selling password management as a service and I really didn't want that, so I'm running Bitwarden now on a private VaultWarden instance for myself and my wife. It's been great and is a good option if you want to run your own platform and not use Dropbox or other third party cloud storage or platforms for the data. Obviously, you're then responsible for backing the data up, etc., but I like the flexibility and data ownership of it.
Keepass2 and keepass2android combined with input stick to type my passwords wherever I need them. It's a wonderful combination. I host my password file on Google drive and other places but I keep a key file on the local device. It's not perfect and wouldn't never stop a threat from a state actor but I don't think I've got time for that kind of security anyway.
Incidentally the input stick can function as an on the fly rubber ducky if you really want it to. It does some really really cool stuff.
I'm very surprised at how web centric some of these answers are. I have so many passwords that have nothing to do with a web site.
"Google Chrome" is not gonna type in the bitlocker password on a dual boot system everytime there's a kernel update :p.
Get yourself a mooltipass :D
Keepass with a separately stored keyfile and an otherwise shared passwordDB. Keepass2Android makes the bridge into Android.
I've been using Bitwarden, but the second proton releases proton pass to the public I'll try to switch
Has anyone tried Proton Pass?
I use pass but recommend Bitwarden when people ask for a recommendation.
When using pass, if you have a lot of devices and forget to sync at times you better know at least basic git lol.
I use pass as well and acknowledge it's not for everyone. For me, the lack of automatic synchronization is a feature though, I don't feel comfortable having all my passwords on my phone in case it gets stolen.
If you don't mind I'm going to re-post my question I asked mori
Do you use pass on any mobile devices & do you find the need to use any of the browser extensions made for it? I am just looking at it right now and it seems really fascinating I will say.
I only ask since I am currently a bitwarden user but I am not against trying something new, and it does look quite interesting. thanks in advance!
Do you use pass on any mobile devices & do you find the need to use any of the browser extensions made for it? I am just looking at it right now and it seems really fascinating I will say.
Mobile apps:
- Android (use daily w/ YubiKey): https://github.com/android-password-store/Android-Password-Store
- IOS (not tried): https://mssun.github.io/passforios/
Browser extension is a bit more complicated as you have to have a helper running for the extension to connect to, but it does exist: https://github.com/browserpass/browserpass-extension
Yes, I use Password Store F-Droid Play Store on a few Android devices. I don't personally feel the need for browser extensions on desktop and just use QtPass.
All in all I use it on 6 devices; 1 desktop, 2 laptops, 2 phones, and 1 tablet. Only ever have "issues" when I forget to sync one for a while and create a password on it.
Maybe a tangent, but what are the security implications of a password manager? It seems like it would replace many individual things that can go kinda wrong with one big single point of failure, which frightens me 😆
Happy to be wrong though. They definitely seem convenient.
This line of reasoning kept me away from password managers for a while, but I've been using Bitwarden for almost a year now, and I could never go back.
You're technically right, but a better way to look at it is that it reduces your surface of attack from many weak points, down to one, very strong and secure point (assuming you use a reasonably strong password for your vault, and don't log into your vault on public networks or anything like that).
But at the end of the day, using a password manager is vastly superior to relying on your memory, which is what many people still do.
You have a point there. But if you use a password manager with strong encryption, 2fa etc. you can minimize the risk somewhat. I came to the conclusion that the benefits of using extremely long, secure passwords outweigh the risks if you follow all the best practices. Plus the added comfort.
Keepass 2 on Windows Keepass2Android on phone & tablet with the file on DropBox
I have been on Bitwarden for about 8 years now. Paid for it about 7 years ago. I LOVE it. I also use KeePassXC On my Linux box and for work - That's a great platform for anything that requires even more security (Work, Security focused websites, etc)
Ditto!! I love bitwarden, I've never had a problem with it, just remember to install the browser extension!
Dashlane. I need a service where I can share/manage things for my elderly parents, and Dashlane is easier for that after LastPass became a dumpster fire
Using Keeper at the moment. I used to use 1password, then moved to Bitwarden. Using keeper now because my employer has licensing to give each employee a personal account and a business account for free. So, basically I'm just taking advantage of that.
My office uses non-commercial keeper accounts (less than 10 of us) so i’m stuck with it on work devices, but I use 1Password personally and there is 0% chance I would switch over to keeper even if someone else paid for it.
I use Keeper on Android. What's wrong with it? I guess I've never tried another one so not sure what makes them better.
It's definitely not the best out there, but I'll take free. I also have the ability to share the account, so I shared it with my fiancée.
I've started using Bitwarden after two of my coworkers quit to go work at Bitwarden. Really nice interface, and very easy to use
Personally, bitwarden because of the browser addon, and then KeepassXC to store the 2FA recovery codes
I use KeePassXC in my linux desktop, KeePassDX in my android smartphone and syncthing-fork/syncthing to sync modifications between all devices. The encrypted database (long passphrase generated with Diceware method) never goes online. I also use yubikeys and multi factor auth for all important accounts
KeePassXC and Nextloud to sync things between devices…
Bitwarden, I use it everywhere. I even wrote a Bitwarden app for my Linux phone.
Bitwarden after lastpass started charging for the same service
pass
I like the fact that it is a minimal and simple program that does one thing, and does it well. If you already use GnuPG for encryption, you will get used to it quickly.
The only downside for me is that it doesn't encrypt password names, only the content.
It also has many plugins and android/ios apps.
Switches from KeePassXC to Nextcloud Passwords recently and I absolutely love it. Sync and Browser Plugin are much more reliable.
I’m currently hosting Vaultwarden, an implementation of Bitwarden. It’s working perfectly so far.
Regular Bitwarden because I'm too chickenshit to self-host my password manager (like, if my NAS goes down or is unreachable, I'm screwed).
I was a longtime Keepass user before that, and may go back to it because I love the idea of a password + key file.
This isn't as scary as it seems. If your server were to go down, you can push your passwords back (to a new install or main website) from your client.
Yeah, what I meant is that without a connection to the database, wouldn't I be SOL? Many of the passwords to access my NAS rely on my password manager to be available at all times.
Or does a cached version on mobile keep running even without the server?
(2nd concern is knowing that I've actually set it up to be secure... synology NAS's are always a target for hackers, and they come in waves of hundreds of attempts at a time some days.)
Yes, there's a cached version on your device. I never opened my server to the internet, just let it sync when on wifi. I used the vaultwarden docker container.
That sounds like a plan!! If it's not open to the internet, I'd be way more comfortable with the idea. Thanks!
I'm using gnome-passwordsafe (gtk keepass) both on Arch desktop and postmarketOS phone with Gnome-mobile
Nextcloud for sync
NordPass, but looking to switch due to their constant upselling ads in their app.
1Password, it's cross-compatible across all my devices, and for all sites that support it, a YubiKey hardware 2FA key.
But if you're not a fan of trusting a 3rd party company, then KeePass is probably still your safest bet.
Yup 1Password has been top notch. They're staying ahead of the curve, too, with passkey support. My office uses it and we get paid personal accounts through that which is great.
Yeah, bitwarden rules
I used to use keepassxc, but I was too lazy to sync everything with syncthing. That's why I use bitwarden
What I use is just password manager. It's offline and it only backs up to your phone or SD card. I ended up getting the paid version so I could store more than 12. I never looked for another one because this one does exactly what I want and ir seems solid privacy wise.
I use keepassx and cloud storage to move it between computers like a caveman.
hunter2
/s
In all seriousness, I’ve been using 1Password and have had no complaints.
iCloud Keychain
Been using Keeper. I would run a self-hosted Bitwarden instance but I travel a ton and don't trust AWS / GCP with my data (would put it on a Raspberry Pi I have lying around). If I didn't travel, I would 100% have self-hosted it for the added security and peace of mind.
So far, I've had a great experience with Keeper. It hasn't had a breach in a hot minute, and it auto fills on all my devices perfectly regardless of OS. Very happy so far, but will probably move as soon as I stop travelling quite as much.
bitwarden, keypass.
Strongbox (basically Keepass for Mac).
Old school.
Pen, paper and locked fireproof case.
gopass and unfortunately also Firefox sync + chrome passwords on mobile
Bitwarden FTW
Ima big fan of Mooltipass the hardware password manager.
https://www.tindie.com/products/stephanelec/mooltipass-mini-ble-authenticator/