What do you all use for password management?
What do you all use for password management?
I'm using KeePass currently, since I don't really want to use anything publicly hosted. But I was curious to see what other people have been using!
Bitwarden
second. i think this one is the best. works well on mobile and desktop. can share stuff. has a good free level. i love it
Third. We even formed a organisation to share passwords to streaming sites (looking at you, Netflix). I like the emergency feature when something happen to me and my partner can access my passwords and login information.
Seems most people are recommending Bitwarden! Is it free to selfhost? I'm new to selfhosting but I'd love to give this a shot.
I've used bitwarden for a few years myself now. I enjoy it. I'm trying to get into self hosting myself and found vaultwarden is an open source fork of bitwarden. That's probably what I'm going to use
IIRC the $10/yr fee is just for hosting. You should be able to host it yourself for free. At $10/yr tho, even if I'm self hosting I'd pay that just to help development
you don't need to selfhost it if you're comfortable using vault.bitwarden.com
Very easy to self-host using docker-compose. It's my favorite password manager ever since I've started hosting an instance on my NAS. I finally managed to get my wife to use a password manager thanks to the simplicity of use it offers. And it's very easy to import your KeePass database.
Forthed! Does everything I need it to do.
Fifthed
BitWarden
BitWarden has not let me down in 3 years!
Bitwarden. I've used a bunch of password managers, Bitwarden has been by far the best for me.
The mobile, desktop, and web app are all awesome and work great.
Self-hostable, open source, great feature set. Pricing is super reasonable for their cloud hosted features. Ui is simple, clean, makes sense, and so far I've had zero issues with syncing, saving, etc.
IMO, it's a great example of a FOSS application that looks and functions as good or better than the nicest closed source proprietary software.
This. Love Bitwarden
The passphrase generator is the best thing. Yes, I know, I should never see/need the password in clear text, but when you have to login onto something on your TV, it's nice to have words that make sense.
I'm happy with Bitwarden.
Another happy Bitwarden user here!
Bitwarden ftw!! Best $10 a year...... Looking to self host also...but would still donate the $10 a year, because its 100% worth it in my opinion
As far as I've seen, Bitwarden does exactly what I need it to and does it well
I agree. It just hits the sweet spot between security and comfort for my needs.
Yup bitwarden is a good option. Curious if Proton's new manager will be any good.
I also pay the $10 a year or whatever to be able to store TOTP codes in Bitwarden. I love having them copied to my clipboard automatically while logging in! (Yes I know it's less secure. I don't care lol. I don't feel like getting locked out of everything because I broke my phone.)
people slag me off for putting my totp codes into keepass, they say it's less secure. i care only about not being able to replay. if someone got into my password manager, it's game over in so many more ways than a couple of totp configs
Bitwarden for where convenience is important, which is the majority of my logins (forums, social media, memberships). In turn I also have self hosted Keepas for "key" logins (Bitwarden, online banking, Google).
Self hosted Bitwarden AKA Vaultwarden.
BitWarden has been a trusted, reliable and very useful service for me.
Keepass xc with syncthing
This is what I do. Important to remember to occasionally backup the file as well.
Fellow keepass user here
I use KeepassXC from the distro repos and syncthing so I have that shit synced around the whole house.
edit: on android I use KeepassDX
It is keepass all the way down lol
I also use KeePassium XC on my desktop and go r mobile I use an app called KeePassium. I just have them pointed at the file in my Google Drive.
Absolutely the way to go. Unrivaled in terms of flexibility and freedom.
I use Google Cloud to sync my PC/Android(KeePass2Android).
I am looking to try KeePassDX, but I don't see an option to connect/open a google cloud. Idk if i am missing something or if it us just unsupported.
KeePass has been my go to password manager since 2012, and all the apps on various platforms do a good job of integrating with their respective platforms. I personally use KeePassXC on Ubuntu, works great (except no auto-type using wayland). Hardest part is picking a file syncing service for the database file.
Yep, i use KeepassXC on Ubuntu and KeepassDX on android. I use syncthing for syncing
Kepass ftw!
I started using Bitwarden a few years ago and it's been excellent.
I've been using Bitwarden for a while and I have no complaints, works pretty well.
Definitely Bitwarden
Bitwarden user here. I used to use LastPass, but it's hard to beat free software that does the same thing just as well.
BitWarden in personal life. Recently discovered my corporate overlords approve KeePass (no synching to my phone though). I'm pumped to have literally any pw vault solution.
No joke, 25% of the people in my office have a sticky note on the bottom of their keyboards. I do the odd security audit and I always check.
I was able to use KeePass when I first started my job in 2019, but after I swapped laptops and found I had to get admin permission to install it, and was promptly denied, I was pretty miffed. The IT lord said they were going to implement... some kind of solution, but so far it's never materialized. I might have to open a BitWarden account just for my work passwords because LastPass has only been a stopgap for me. I can't believe we don't have an office-wide password solution because otherwise everyone is going to keep using <<companyname>><<currentyear>>! for everything and that's just terrible.
While waiting for the IT-lords solution you might try KeeWeb
Self hosted Vaultwarden. It's great.
bitwarden has been great, no complaints!
Bitwarden! Used to use LastPass but I'm glad I migrated a few years back. I prefer bitwarden now. It's easy to set up, use and multi platform.
I have been using Bitwarden for a long time and never regretted it. If I wanted to have an offline password manager I would look to KeePassXC.
Bitwarden here. Was also a LastPass user. Switched when I retired so I did not have to worry about still keeping any old accounts from work. P.s. Also I like that I can have Bitwarden sync on my phone and my laptop.
I've been happy with Bitwarden thus far. Used Lastpass back in the day, but migrated over when the renewal prices started creeping up.
Bitwarden pro. Having OTP and all my passwords on my watch is a life changer.
It took me a while to start using it for 2FA but it's a total game changer now that I am.
I've always just used Bitwarden even before I cared about privacy
I’m also using Bitwarden currently.
keepassxc + syncthing for syncing the database across devices.
This is the way to go. No DB in the cloud, only on your own/trusted devices.
Been using that setup for many years now.
Of course, syncthing is useful for other things too, I sync my notes between devices, for example (note taking app is Joplin)
Big fan of Bitwarden here.
I use KeePassXC (KeePassDX on mobile) synced via SyncThing for sensitive/important logins, and Bitwarden for practically everything else.
KeePassXC synced across my devices with syncthing
X2
Bitwarden is my go to
Bitwarden is the way to go. Used LastPass years ago when they suddenly switched to the paid model, then they could get fucked. Been with Bitwarden and haven't looked back (or around for alternatives, super happy)
Bitwarden is great and open source.
Self-hosted Bitwarden.
Wait, that's an option? Can you give some more info about it? Is this doable with a usual (home) client license or do I need a business license?
To be fair, I don't know much about it, but here's the install guide
From what I remember, I don't think you need a business license to do so, but you have to go through all the usual hoops to kake something available over the internet.
Check out vaultwarden. Works like a charm and updates are pretty easy on the docker version.
Bitwarden
Using and loving pass, especially with git integration tosynch across devices. Will check this one out though
I'm just on bitwarden, I was using keepass for awhile but getting the vault moved between devices was a pain, even with syncthing. If it got desynced it was a pain to fix
Bitwarden since its open source, easy to use and cloud sync is sooo great
Started with Lastpass, but migrated to Bitwarden because of open source. And then came the trouble at Lastpass.
KeePassXC with the db synced by syncthing
Firefox browser. 😬😬
Keepassxc with databases in nextcloud for easy sync between devices
And keepassdx for android.
I have KeePassDroid but whatever works, the standard is open baby
I use Bitwarden in all my devices. Never gave me a reason to look for anything else.
I know a bunch of people here have mentioned Bitwarden, but I would like to mention one feature that makes it superior to all others. You can integrate it to services like SimpleLogin, AnonAddy, Firefox Relay, DDG etc. and auto-generate email aliases within the Bitwarden extension. In theory it is more secure to not do this but it is such a huge QoL feature to just hit the randomize button in the extension to create an alias for a new login. It also populates the info field on simplelogin with something along the lines of "Auto-Generated by Bitwarden for: [website]"
Wait, Bitwarden extension can integrate with SimpleLogin? How come I’ve never heard of this?!
Here is their blog post on the topic.
At the moment BitWarden, but I'm looking to go to selfhost a VaultWarden server. I've alrrady done it one time with a raspi but after some week it crashed out. Next time I'll use a x86 machine.
One more for Bitwarden. You can even run your own local server and avoid using the cloud.
KeepassXC!
Bitwarden for personal, 1Password for work stuff.
I much prefer Bitwarden
Been with 1Password for a few years now, coming from LostPassword. I feel it strikes a balance with the whole being secure and being convenient.
Firefox sync. The service syncs between your actual devices. Nothing is stored online. There is a catch. Everything is encrypted using your password. So if you forget your password, you lose all your passwords.
I sync between my Linux desktop (OpenSuse Tumblweed), my Android phone, and my Steamdeck.
Bitwarden. Very happy with it. Been procrastinating setting up my own hosted vault.
I, too, use Bitwarden and I want to set a selfhosted instance up soon, now that I got a home server for my media & stuff.
1password is the only one I trust
I use
passhttps://www.passwordstore.org/
Android client: https://github.com/android-password-store/Android-Password-Store
Yeah
passis great. It's basically just a git repo of text files encrypted with gpg. That means if you know those other tools there's nothing extra to learn/ nothing bespoke to depend upon or maintain. I sync my secrets between laptop and phone via a Diskstation NAS without needing to install anything special.Gopass
Bitwarden FTW
I primarily use Bitwarden with a self hosted Vaultwarden server on my NAS. But since Bitwarden doesn't support an auto-type feature (not the same as auto-fill) I use KeePassXC on my desktop PC for applications too.
KeepassXC on desktop, KeepassDX on Android, file on Google Cloud
Same configuration
Vaultwarden
Same, I love it
KeepassXC. Migrated from KeepassX which I used for a long ass time (over a decade? Maybe more!)
Bitwarden. It works on iOS, windows and Linux.
Selfhosted vaultwarden instance
Like some others here I use bitwarden, but I'd prefer to move to selfhosted vaultwarden. I haven't taken the leap of opening my server to the world so my family's devices can stay synced. Also, I don't trust my admin skill with server stability and security.
Get a super cheap vps and put it on that. Vaultwarden's secure, and the passwords are encrypted anyway. You can even get a shared ip vps, because you really only input the server's URL once per device. They're like 5 bucks a year or less.
Thanks, I'll check it out
Been very happy with Bitwarden for quite a few years now.
KeepassXC and various other KeePass2 compatible apps depending on the OS I happen to be using.
Bitwarden, all the way. On my mobile devices, laptops, etc.
I used to use KeePass but the UI is so antiquated and features also just haven't kept up. Bitwarden free, open source, audited, syncs and works everywhere flawlessly, and I can self host if I ever want to. It's great.
Also Bitwarden. Working on getting the whole family on it. It's easy and has all the features I need.
Don't forget you can self host it, preferably with Vaultwarden.
The only thing it lacks IMO are custom items types but it's on the roadmap.
Using bitwarden for company and private purpose in Smartphone and laptop with Browser integration since two years ans beeing really happy
KeepassXC :)
I've been using KeePass for a very long time. It works, and the Google Drive plugin syncs without any issues. I have it set up on multiple devices, all pulling from my Google Drive, and each instance of KeePass has it's own key file. So even if someone got a hold of the main database, it's useless without the key file, which is only hosted on specific devices.
Selfhosted Vaultwarden and the Bitwarden apps.
Gives me access to all my things basically any time and anywhere. Its pretty neat. And if I don't want it anymore, I can export the data and just nuke it - and it's gone. :)
I also use vaultwarden couldnt live without it 😄
I've been hosting my own vaultwarden server for a few months now and it's been great, especially being able to move my TOTP stuff off of my phone
Unix
pass! Because I have to be different apparentlyIf you're into DIY, you can get a very robust system set up with
GnuPG,rofi-pass, andgit. Plus I can even push passwords to my phone using Android-Password-Store.Me too!
Qtpass on Mac. Password Store on Android. And the browser extensions.
It's a little cumbersome at times but it's super secure.
I wanted to do the same but Android-password-store is not compatible with my phone so I only use pass on my work computer for work related passwords.
While there hasn't been a release in a while, the Android-Password-Store dev seems to be actively working on it (at least per the GitHub page), so hopefully it'll get updated for your phone soon.
For what it's worth, I currently have it working on GrapheneOS on a Pixel 7 Pro phone, which I figure is pretty modern as phones go
I use bitwarden and it's great! Will test out Proton Pass when they open it up.
KeepassXC on PC
KeepassDX on Android
The database is synced between devices with syncthing (selfhosted, stuff is synced using wifi) so my database is not uploaded to the internet
Same. Everyone is sleeping on syncthing.
Keepass is great, use it at work.
1Password for my personal stuff
Lastpass has had too many leaks / issues for me to ever trust them again
Kepass (and Keepass2Android) + Nextcloud instances to keep sync and backups
BitWarden for me. I got the premium plan so I use it to share family password with my Partner (one collection), my dad (a second), and my in-laws (a third). I've definitely gotten my money's worth and I've been happy with it.
Looking forward to seeing if the passwordless (like key vaults) works for my automated processes, but even if they don't, it's been fairly good for me and has a decent contingency (self-hosted).
I've been using KeePass and KeePassdroid for at least 10 years now. "Sync" my dB through one drive, only because at one time we were allowed to use our personal one at work, but since they blocked personal folders in favor of corporate ones it is much less handy.
Selfhosting Vaultwarden (Bitwarden)
1Password because we’re an Apple household (aside from my work laptop, and even then it’s easy enough to use through the web interface). The main thing that irks me about it is that they keep offering discounts for new subscribers but longtime users have to keep paying the full price. But I’ve been considering switching to Proton for email, and they’re in the process of rolling out a password manager that seems similar so I may be switching to that sooner rather than later.
Another very happy 1Password user here!
I switched my workplace to 1Password and I moved from Dashlane at the same time. One thing that's nice about 1P from that perspective is that our plan gives everyone a free personal account that they could take with them if they left the company (they'd have to pay for it themselves at that point of course).
Usability is the best of any password manager I've used, but the killer feature for us as a development team was the flexibility. Being able to assign the same credentials to multiple URLs (e.g. dev, stage, QA, prod) was just not possible with everything else we looked at the time.
me too! I've already installed the extension. Just waiting to get access!
+1 for 1Password. I used and loved Bitwarden but there’s a few things that 1Password can do, especially on PC, that Bitwarden can’t. IMO it’s worth the extra $20ish dollars a year.
But since there’s no free tier, I do recommend Bitwarden to folks who don’t use one since their free tier is fantastic.
Self hosted Bitwarden out of my house. I bought an old server a while back and it's been running like a champ. The official version s a bit cumbersome, but it seems to work really well. No complaints.
Keepass and Strongbox.
I don’t like the honeypot that is anything too centralized, even if it is e2e encrypted. I’d be worried about exploits or compromised client payloads.
I just use hunter2 as my password literally everywhere. Otherwise it's easy to forget if you use more than one. I also use Bitwarden to manage all those passwords. It's really easy cuz you only need to type "hunter2" only once when you log in. After that you can just click it.
Okay, but why did you censor the password? I only see *******
I used KeepassXC and Keepass2Android but the implementation seems a bit janky at times and the need to sync it manually or let it sync via a cloud is not all that comfortable.
I switched to Bitwarden about a month ago and consider it still as a test phase for now. I'm not that happy with just having my passwords lying around on a random cloud server.
I use KeepassXC and Keepass2Android Offline and sync everything with syncthing. Works without any issue very reliable since years.
You can always self host your bitwarden instance if you want.
For me, bitwarden is a good middle ground, it's super easy to setup, works super well on desktop and android, and it's still way better than using the same 8 character password everywhere. I think it's easier to recommend as a starter to anyone that's not using a password manager.
That's super helpful. Not just privately but also on a business side, since we're looking to replace our current solution that's basically discontinued.
Have the exact same setup, I spun up a vaultwarden container to test it out. I might swap over, and since i have vpn at home it is very easy for me to sync at any time.
I self host vaultwarden which is more lightweight but compatible with all the apps server part.
Bitwarden is the way.
KeepassXC on desktop and Strongbox on mobile. Syncing works through any cloud provider of choice
I do almost the same. KeepassXC on desktop, strongbox on mobile (keepassDX when I used android) but syncthing for syncing between phones and PCs
Self hosted vaultwarden for personal use and pass at work.
KeePass still too! I use keepass2 on Android and it's basically changed my life. Auto fill w/ bio unlock...it's the BEST
+1 1Password (coming from LastPass) this manager is really great. Good mobile, desktop and browser support.
I used to use Dashlane but when I found out bitwarden was free I just started using that
Bitwarden all the way
Another happy KeepassXC user here! Keepass2android on Android. I keep the passwords synced with nextcloud
I used to use KeePass, but switched to https://www.passwordstore.org with a YubiKey after discovering how janky the KeePass 2FA system is designed a while back.
Same here. I used to use KeePass, KeePassXC, and Bitwarden, but I am now happy with the
passcommand-line password manager on Linux and the Password Store app on Android.
Another vote for Bitwarden. Works on everything I use!
KeepassXC with syncthing
Dashlane here. I self host a lot and could definitely use Keypass or something locally, but the risk of losing all your passwords if I fuck something up was too great. I'll pay professionals.
The way I do it is that I use gdrive to sync the database between devices, which acts like a kind-of backup of the database. That way I don't lose it :)
My approach is a bit more complicated than of many commenters here: I use both Keepass and Bitwarden.
Bitawarden is for most of the passwords, and I use it to share some passwords with family.
Keepass is for the most sensitive stuff - online banking and emails. Also, I use it for non-web apps. Keepass DB is synced with Syncthing between desktop and mobile.
TOTP is handled by Aegis android app. I was thinking to move it to Keepass, but I really like interface of a dedicated app. And it's data automatically backed up to Nextcloud
I also use KeePass and Aegis, and I love them both. I also considered using KeePass for TOTP but I think it makes more sense security-wise to use a separate app.
KeePassXC and Keepass2Android auto-synced with my Nextcloud instance. Works great cross-platform for Linux/Windows/Android.
I know what you mean, trusting a SaaS provider with my master password list always felt like a bad plan.
KeepassXC and Keepass2Android
I’m entirely in the Apple ecosystem, so I use the built in Keychain, synced across devices through iCloud.
It would be Bitwarden otherwise.
I recently got my first Apple product in about 10 years or so and I’ve been using BitWarden on all my other devices, but it’s not quite as convenient on this iPad. Is the built-in Keychain good and secure? Like I said, I’ve just been out of the Apple ecosystem for a long time.
@bleuy007 I've found BitWarden to be fairly convenient on iPad. I can't imagine Keychain would be any more convenient than changing the default password autofill to use BitWarden.
Yeah, I’m also a recent iPad Pro user. Last Apple product I bought was an iPod Video back in 2005.
Apple’s Keychain is just like BitWarden but is obviously much, much better integrated than BitWarden on an iDevice. It also has some neat options to suggest you different kinds of secure-passwords and it alerts you when one of them has been leaked. As far as it being secure, I’m know nothing about data security, but all the mumbojumbo on their tech specs sounds secure enough to me.
https://support.apple.com/guide/security/keychain-data-protection-secb0694df1a/web
I use 1password, I used KeePass for years but it didn't work will on Android so I moved on.
Also using 1Password, works great for what my family needs.
For work I use 1Password, for at home I use Bitwarden.
Password managers are for suckas, I just use password123 for everything.
Lmao, thats nothing, i use pazzword12369
Enpass, no puplic hosting. Clients in phone and PC. You can use your own services if you want to upload or keep it in a folder on the phone.
My reasons for prefering Enpass over Bitwarden:
- UX is nicer (you can even prepare templates for new items)
- Completely decentralized (every synced device has the full database. That makes it easier to backup)
- the browser extension uses the fat client for fill in, so I don't need to log into multiple bitwarden clients/installations. Especially when using multiple browsers.
I'm really surprised there's so little love for Enpass. I was a long-time 1password user, and even jumped through all the hoops they required for people that purchased their service as a 1-time fee before they transitioned to a subscription service. Until they broke their iOS app (I think? memory's fuzzy).
Transitioned to Enpass and it has been spectacular. The ONLY feature I've found to be missing is setting up OTPs on desktop is a difficult experience when the site uses a QR code. 1pass had this really cool little window you could drag over the QR code to read it, but with Enpass I think I had to pull my phone out to scan the QR code on my desktop screen.
1Password. Wasn't thrilled with their move to electron, but it hasn't been as bad as I feared, and they've earned my trust at this point
Doesn't hurt that my work now uses it, so I get the family plan for free either
1Password is a genuine life saver.
I use Bitwarden and honestly couldn’t be happier. My partner and I both use it, so it’s incredibly easy to share any credentials we both need to use. It also works great on every platform I’ve personally tried it on, and I like that I can use it for totp 2fa as well.
Self hosted Bitwarden is the bees knees.
Vaultwarden for work, KeePass and KeePassDroid for private use.
I use OneNote, with a bunch of coded words that mean other things and mix and match those to make longer passwords that are all different. Because I'm too lazy for a real app, and this is secure enough and useful enough.
It might be a minimal effort to set up. But afterwards any pw-manager will propably save you lots of effort.
I've been using keepass on PC and KeepassDX on Android.
Bitwarden user here.
Bitwarden enjoyer here
Bitwarden. I left LastPass about 3 years ago and haven’t looked back. I pay for bitwarden so I can use the TOTP feature and because i can’t wrap my head around the recovery process for my wife if something were to happen to me. I think another, more technically fluent human will need to be involved if that ever comes to pass.
I just lead the migration from LastPass to 1Password for the business I work at. It was really prompted by the breaches at LP and their poor handling of it. For personal stuff, I just did whatever I was doing at work because the business plans come with free licenses for personal accounts.
Keepass on OneDrive, so I can access it from my computer and phone.
I rolled my own, actually. I don't store any passwords (even encrypted). Instead, I just append the site name to my base password (which is in my head), hash it, and base-52 it. (I also start each password with the same uppercase letter, lowercase letter, punctuation mark, just to ensure it gets past any bullshit filters)
I like that there's nothing that can be leaked (except what's in my head) and nothing to be lost and nothing to back up.
Can you please elaborate on each step. I'm not sure on the hash and base52 - do you use a program you're written to do that for you? A simple example would be fantastic.
Yeah I wrote the code for it. It's simple enough that I could write it again if needed.
By "hash" I mean SHA256 (though if I were to do it all again, I would probably use a different hash algorithm these days, but whatever, good enough). "base52" means turning the SHA256 binary code into a sequence of letters/digits. That part I wrote, too, but it's quite straightforward.
Bitwarden here too
Bitwarden, easily. You can self host if you want to for added privacy. I don't, but the option is there.
self hosted passbolt is very convenient, didn't see more secure alternatives. The only bad thing is that it cannot save TOTPs currently
Have you looked into vaultwarden? That supports TOTPs
I have been on Bitwarden for about 8 years now. Paid for it about 7 years ago. I LOVE it. I also use KeePassXC On my Linux box and for work - That's a great platform for anything that requires even more security (Work, Security focused websites, etc)
Ditto!! I love bitwarden, I've never had a problem with it, just remember to install the browser extension!
Has anyone tried Proton Pass?
I've been using Bitwarden, but the second proton releases proton pass to the public I'll try to switch
Bitwarden after lastpass started charging for the same service
Enpass. I sync my vault with my Nextcloud, but it would also work completely offline or with direct-sync between my devices.
Was starting to think I was the only enpass user out there
There's a couple of us!
NextCloud
- Bitwarden for my Passwords.
- Keepass for my password for Bitwarden.
- An master password + picture(key) combination for access to my keepass.
What does the intermediate step add?
Not the guy you are replying to, but it would allow the user to create a very strong password for Bitwarden, and use an easier one to remember for Keepass, since Keepass would still require a key file to open the database.
I kind of like the idea, actually! LOL
Bitwarden for several years.
Same here. I used to have LastPass, but after their privacy fiasco, I moved to Bitwarden, which I find to be rock solid. The fact that it's open source helps me feel more at ease that they won't pull any crap as easily as other password managers.
I use a self hosted vaultwarden instance! Should probably migrate it to my new server soon-ish though...
Well, ahem, I use index-cards in a box. Never looses batteries - totally hack-proof !
I simply use Google/Chrome
Be aware that browsers saving passwords usually store them in some plain text or trivially decipherable format. So someone with physical access to your drive can steal all your passwords, basically.
although to be fair, physical access generally = game over. i would be (am) more concerned with exfiltration over a really innocuous-looking google endpoint
Might not be the most popular answer on this platform but it is the most seamless and easy for me. The integration between chrome and android is really nice.
Not that other options are difficult but the only reason I can see to migrate is ideological which is completely fair. I would probably do it if I was younger and had more time and effort to deal with it.
I used to use 1Password standalone, but they moved away from it and started only selling password management as a service and I really didn't want that, so I'm running Bitwarden now on a private VaultWarden instance for myself and my wife. It's been great and is a good option if you want to run your own platform and not use Dropbox or other third party cloud storage or platforms for the data. Obviously, you're then responsible for backing the data up, etc., but I like the flexibility and data ownership of it.
I use pass but recommend Bitwarden when people ask for a recommendation.
When using pass, if you have a lot of devices and forget to sync at times you better know at least basic git lol.I use pass as well and acknowledge it's not for everyone. For me, the lack of automatic synchronization is a feature though, I don't feel comfortable having all my passwords on my phone in case it gets stolen.
If you don't mind I'm going to re-post my question I asked mori
Do you use pass on any mobile devices & do you find the need to use any of the browser extensions made for it? I am just looking at it right now and it seems really fascinating I will say.
I only ask since I am currently a bitwarden user but I am not against trying something new, and it does look quite interesting. thanks in advance!
Do you use
passon any mobile devices & do you find the need to use any of the browser extensions made for it? I am just looking at it right now and it seems really fascinating I will say.Mobile apps:
- Android (use daily w/ YubiKey): https://github.com/android-password-store/Android-Password-Store
- IOS (not tried): https://mssun.github.io/passforios/
Browser extension is a bit more complicated as you have to have a helper running for the extension to connect to, but it does exist: https://github.com/browserpass/browserpass-extension
Yes, I use Password Store F-Droid Play Store on a few Android devices. I don't personally feel the need for browser extensions on desktop and just use QtPass.
All in all I use it on 6 devices; 1 desktop, 2 laptops, 2 phones, and 1 tablet. Only ever have "issues" when I forget to sync one for a while and create a password on it.
Maybe a tangent, but what are the security implications of a password manager? It seems like it would replace many individual things that can go kinda wrong with one big single point of failure, which frightens me 😆
Happy to be wrong though. They definitely seem convenient.
This line of reasoning kept me away from password managers for a while, but I've been using Bitwarden for almost a year now, and I could never go back.
You're technically right, but a better way to look at it is that it reduces your surface of attack from many weak points, down to one, very strong and secure point (assuming you use a reasonably strong password for your vault, and don't log into your vault on public networks or anything like that).
But at the end of the day, using a password manager is vastly superior to relying on your memory, which is what many people still do.
You have a point there. But if you use a password manager with strong encryption, 2fa etc. you can minimize the risk somewhat. I came to the conclusion that the benefits of using extremely long, secure passwords outweigh the risks if you follow all the best practices. Plus the added comfort.
Keepass 2 on Windows Keepass2Android on phone & tablet with the file on DropBox
Dashlane. I need a service where I can share/manage things for my elderly parents, and Dashlane is easier for that after LastPass became a dumpster fire
Using Keeper at the moment. I used to use 1password, then moved to Bitwarden. Using keeper now because my employer has licensing to give each employee a personal account and a business account for free. So, basically I'm just taking advantage of that.
My office uses non-commercial keeper accounts (less than 10 of us) so i’m stuck with it on work devices, but I use 1Password personally and there is 0% chance I would switch over to keeper even if someone else paid for it.
I use Keeper on Android. What's wrong with it? I guess I've never tried another one so not sure what makes them better.
It's definitely not the best out there, but I'll take free. I also have the ability to share the account, so I shared it with my fiancée.
I've started using Bitwarden after two of my coworkers quit to go work at Bitwarden. Really nice interface, and very easy to use
I'm very surprised at how web centric some of these answers are. I have so many passwords that have nothing to do with a web site.
"Google Chrome" is not gonna type in the bitlocker password on a dual boot system everytime there's a kernel update :p.
Get yourself a mooltipass :D
Keepass with a separately stored keyfile and an otherwise shared passwordDB. Keepass2Android makes the bridge into Android.
Switches from KeePassXC to Nextcloud Passwords recently and I absolutely love it. Sync and Browser Plugin are much more reliable.
pass
I like the fact that it is a minimal and simple program that does one thing, and does it well. If you already use GnuPG for encryption, you will get used to it quickly.
The only downside for me is that it doesn't encrypt password names, only the content.
It also has many plugins and android/ios apps.I would like to highlight the browserpass extension for Chrom(e|ium) and Firefox (and derivatives) which allows you to enter credentials into web pages without having to copy from a terminal.
Passman on self hosted nextcloud with passman android app from fdroid and browser extension on laptop
I’m currently hosting Vaultwarden, an implementation of Bitwarden. It’s working perfectly so far.
KeepassXC on desktop and KeepassDX on my android device, synced using syncthing. I don't trust servers keeping all of my passwords anymore, encrypted or not
i’m using KeepassXC!
Bitwarden. I used to use LastPass but got terrified of their security.
Keepass2 and keepass2android combined with input stick to type my passwords wherever I need them. It's a wonderful combination. I host my password file on Google drive and other places but I keep a key file on the local device. It's not perfect and wouldn't never stop a threat from a state actor but I don't think I've got time for that kind of security anyway.
Incidentally the input stick can function as an on the fly rubber ducky if you really want it to. It does some really really cool stuff.
Personally, bitwarden because of the browser addon, and then KeepassXC to store the 2FA recovery codes
I use KeePassXC in my linux desktop, KeePassDX in my android smartphone and syncthing-fork/syncthing to sync modifications between all devices. The encrypted database (long passphrase generated with Diceware method) never goes online. I also use yubikeys and multi factor auth for all important accounts
KeePassXC and Nextloud to sync things between devices…
Bitwarden, I use it everywhere. I even wrote a Bitwarden app for my Linux phone.
NordPass, but looking to switch due to their constant upselling ads in their app.
Ima big fan of Mooltipass the hardware password manager.
https://www.tindie.com/products/stephanelec/mooltipass-mini-ble-authenticator/
I used to use keepassxc, but I was too lazy to sync everything with syncthing. That's why I use bitwarden
Bitwarden FTW
Strongbox (basically Keepass for Mac).
1Password, it's cross-compatible across all my devices, and for all sites that support it, a YubiKey hardware 2FA key.
But if you're not a fan of trusting a 3rd party company, then KeePass is probably still your safest bet.
Yup 1Password has been top notch. They're staying ahead of the curve, too, with passkey support. My office uses it and we get paid personal accounts through that which is great.
Regular Bitwarden because I'm too chickenshit to self-host my password manager (like, if my NAS goes down or is unreachable, I'm screwed).
I was a longtime Keepass user before that, and may go back to it because I love the idea of a password + key file.
This isn't as scary as it seems. If your server were to go down, you can push your passwords back (to a new install or main website) from your client.
Yeah, what I meant is that without a connection to the database, wouldn't I be SOL? Many of the passwords to access my NAS rely on my password manager to be available at all times.
Or does a cached version on mobile keep running even without the server?
(2nd concern is knowing that I've actually set it up to be secure... synology NAS's are always a target for hackers, and they come in waves of hundreds of attempts at a time some days.)
iCloud Keychain
hunter2
/s
In all seriousness, I’ve been using 1Password and have had no complaints.
What I use is just password manager. It's offline and it only backs up to your phone or SD card. I ended up getting the paid version so I could store more than 12. I never looked for another one because this one does exactly what I want and ir seems solid privacy wise.
I'm using gnome-passwordsafe (gtk keepass) both on Arch desktop and postmarketOS phone with Gnome-mobile
Nextcloud for sync
Been using Keeper. I would run a self-hosted Bitwarden instance but I travel a ton and don't trust AWS / GCP with my data (would put it on a Raspberry Pi I have lying around). If I didn't travel, I would 100% have self-hosted it for the added security and peace of mind.
So far, I've had a great experience with Keeper. It hasn't had a breach in a hot minute, and it auto fills on all my devices perfectly regardless of OS. Very happy so far, but will probably move as soon as I stop travelling quite as much.
gopass and unfortunately also Firefox sync + chrome passwords on mobile
bitwarden, keypass.
I use keepassx and cloud storage to move it between computers like a caveman.
Yeah, bitwarden rules
Old school.
Pen, paper and locked fireproof case.