Hy,
In your opinion do you prefer Bitwarden or Proton Pass and why?
It seems proton pass have better integration with Firefox.
Good and bad?
Thanks.
Been using Bitwarden and Firefox for years and years. Never had any integration issues.
Same. Works well on Firefox, iOS, and android.
Yup, it just works.
The hard on’s y’all get for password managers, and the Firefox circlejerks is baffling. Leads me to believe these “federated” instances have a double entendre everyone glosses over because of their shiny new toys.
This is just one of the weirder comments I’ve read, like what did I just read here. Lol
Vote with your feet if you don’t like the consensus
Also, do you have some reason for this apperant disdain?
I use random passwords for every account and using a password manager is the best way I’ve found to manage that. Is there another method that you prefer?
I get it, and they definitely make things easier on people. But how many times have we seen instances of people abusing their custodial privileges? My gripe is with the push I’ve seen to get people using these tools, more than the existence of them in general. Mnemonic techniques to remember your passwords will always be superior from a security perspective. It’s the same as crypto, “not your keys, not your coins.”
deleted by creator
That’s a good point, thanks for explaining. Something I try to remember is that you not only have to trust the company who’s managing your data, but you also have to trust them to protect it from bad actors.
I’m trusting Bitwarden for now, but eventually I’d like to move to a self-hosted option like Vaultwarden. I think that’s the best way to go if you’re confident in administering it.
Mnemonic techniques are okay, but won’t you have to come up with a different one for every service you use? I mean if there’s a pattern, then a breach in any one of them could compromise all your passwords.
I myself use mnemonic password for my master password. And I’ve started to make my passwords longer randomly generated ones. I use a file based password manager as well. I think that’s a good mix of security and convenience.
Correctamundo friend
I have both. Had Bitwarden for many years but trying out Protonpass as an alternative. Bitwarden still the one for me at this moment
I subscribe to both services, and each has its own unique advantages. Proton’s ability to generate disposable email addresses for questionable or bothersome websites is a standout feature that makes it worth the investment. Additionally, Bitwarden’s thorough third-party audit instills confidence, and its excellent autofill functionality coupled with the option to self-host data is highly appealing. Moreover, the ability to unlock your vault using a YubiKey adds an extra layer of security to Bitwarden. While Proton shows promise and has great potential.
Bitwarden works fine with Firefox.
I like Bitwarden because I can host my own server and control it all. Not sure if the other service does set-hosting. Maybe you can do the same with that?
I’ve been thinking of setting up my own server. Does hosting your own server feel secure? I feel capable of setting up my own server but I’m not sure if I trust myself to secure it appropriately.
Yes, it’s secure and of course can be further secured by other services, like vpn and scanners and such. I front my stuff with Cloudflare certs on their free tier as well.
Just use complex passwords for the admin and logins. They also support two-factor authentication which is easy to setup.
Bitwarden because it is open source.
Both are open source
I love bitwarden. I don’t use Firefox though. Any password manager you hold the keys on is good though. Used a few years now
Bitwarden has better features and more clients are available for it. Proton Pass doesn’t offer anything that Bitwarden does not except for a slightly nicer looking browser extension and mobile client.
I have access to both and tested them recently, so I think I got a pretty good picture of them both.
I subscribe and Proton Pass will generate email alias forward to your protonmail account. It is fantastic. Now to clean up all the accounts I used under bitwarden
Bitwarden is an open source, very popular choice, tried and tested. The Firefox extension works great, as do the mobile apps. The free version includes most of the features if you want to try it out.
If you’re considering paying for the most polished experience, 1Password is the nicest in my opinion. Stay away from LastPass. No opinion on Proton Pass, it’s still new. But I still choose Bitwarden because I like that it’s open source, and I COULD choose to self-host a server if I got paranoid (I probably won’t).
Am I a boomer for still using KeepassXC synced via Dropbox?
Nah, still a great solution if you like. That was my solution for years until just about a month ago I switched to bitwarden because it seemed easier to protect with a yubikey. I’ve liked it so far.
I took the opportunity to export all my passwords from Firefox, chrome, and KeePass, then spent about a day cleaning the whole mess up and removing duplicates, THEN imported the csv into bitwarden. Still getting used to not using chrome/Firefox for auto filling and storing passwords, but I like that my passwords don’t feel so spread out across multiple browsers/dbs.
Do you encrypt it before syncing in Dropbox? Or just raw .kdbx and password (+ key)?
I just trust the built-in encryption, which makes it easier to read via keepass2android (since I don’t have to do an extra decryption step).
Yeah that makes sense
deleted by creator
Defense in depth is my thinking
deleted by creator
At the very least it would hide filename in cloud storage so no one would know that it’s a file with all your passwords.
Personally I don’t put anything in cloud storage unencrypted so I’d still just encrypt that file client side with the rest of them if I used keepassx.
Interesting. I assumed it did, two layers of encryption, different passcodes and ideally keys - not sure how it wouldn’t, but now I need to research it
These are my opinions, not a security expert or anything but - if your system is compromised two layers won’t make a difference. If someone gets ahold of the KDBX, two layers might slow them down but if they have the compute to crack the KDBX in the first place a second layer won’t make a difference, even if you’re using a stronger algorithm.
I can only think of two benefits.
-
using two different algorithms adds a layer of protection in the event a flaw is discovered.
-
If it’s wrapped it would likely have a different extension and signature, so if someone were to say, hack the cloud storage provider and grab all the KDBX files you might get missed.
In any case, the encryption algorithms we use today will likely be irrelevant and useless at some point in the near future. If you suspect your KDBX has been stolen, you should change all your passwords - even if they can’t crack it today, you don’t want to get an unpleasant surprise in a decade because you didn’t.
Although changing your passwords on interval is a good security practice anyway.
I also wouldn’t sync them with a cloud storage system either, since you never know.
Yeah, that makes a lot of sense, thanks for the insight!
-
deleted by creator
deleted by creator
Nope, that’s a pretty secure password manager setup.
KeepassXC + SyncThing in my case, to skip the middle man (Dropbox/Google drive)
No sir, I did this for years. I used Kypass on my iPhone so I could use my passwords on my phone as well. I ended up switching to Bitwarden for easier 2FA implementation and granular password sharing rather than having to share my whole vault or manage a separated shared vault
What kind of 2FA setup do you have?
I use Bitwarden with DUO as my Authenticator app. I know that you can set up keepass with 2FA via an extension but I didn’t find it as portable with my existing apps which is why I decided to make the switch
It works but partitions can and will happen and a merge afterwards is non-trivial AFAIK.
Bitwarden. I’ve used it for years, never been unreliable. I pay for it.
I prefer Bitwarden just to not put all my eggs in the same basket
I think it depends on the mobile device you use. I’ve read that proton is better on iPhone and bitwarden doesn’t integrate that well with it but it’s seamless on android. I also haven’t had any issues with bitwarden and Firefox and they’ve been my combo since I started using bitwarden a couple years ago. I haven’t given proton pass a full on try yet though and I pay both companies for their awesome services so I’m a bit of a shill for both. I don’t think you can make a bad choice here.
I use Bitwarden on iOS and have for years now. I have never run into any major issues. Occasionally I’ll have to jump out to the Bitwarden app to copy a password but that’s usually because the website I’m trying to log into has their form set up weird/wrong.
I was copying passwords and usernames all the time. This comment made me realize I didn’t configure it properly
To be fair, I have to do this with Android sometimes as well
