2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to…

  • @Kekzkrieger@feddit.de
    link
    fedilink
    English
    191 year ago

    I use keepass with my database on onedrive.

    Then i connect every device to said onedrive account, copy the private key manually on each device that i need to use.

    I secure my databse with said private key + a passphrase.

    Might not be the best setup, but i feel like with passphrase+key i am secure enough to have the db file in the cloud.

    • NostraDavid
      link
      fedilink
      21 year ago

      For Keepass users: KeepassXC can read your keepass file just fine, but KeepassXC can also run on Linux, whereas Keepass runs only on Windows.

    • slazer2au
      link
      fedilink
      English
      591 year ago

      Prefer KeepassXC but let’s be honest, the best password manager is the only you actually use and keep using.

        • slazer2au
          link
          fedilink
          English
          101 year ago

          Everything gets hacked given enough time. Just not everyone says they were hacked or realised they were.

        • @pixelscript@lemmy.ml
          link
          fedilink
          English
          11 year ago

          I like KeePassXC because it’s written in C and is thus cross platform, while KeePass is written in C# and relies on Windows UI libraries. You can run KeePass on Linux (and I did without usability issue for years) but it will look god awful.

          I won’t knock plugins, everyone has weird use cases, but I don’t know what people need KeePass to do that it doesn’t already do out of the box. I’ve certainly never felt the need for any.

        • @Swarfega@lemm.ee
          link
          fedilink
          English
          31 year ago

          KeepassXC looks better IMO. Also I like that hardware keys work without plugins. Personally I still use KeePass for one feature that XC doesn’t offer.

  • @ebits21@lemmy.ca
    link
    fedilink
    English
    47
    edit-2
    1 year ago

    I use Bitwarden for passwords. Just works so well.

    KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.

      • Reuben
        link
        fedilink
        21 year ago

        @bluetoque @ebits21 Because then every account is only as secure as your Bitwarden account. It become a single point of failure/vulnerability.

        • @ebits21@lemmy.ca
          link
          fedilink
          English
          11 year ago

          Yep, I think keeping TOTP codes in the same place as passwords defeats their purpose (no longer a second factor).

          Less convenient but more secure.

    • @Lem453@lemmy.ca
      link
      fedilink
      13
      edit-2
      1 year ago

      Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don’t need to phone home to access passwords.

    • @Rexios@lemm.ee
      link
      fedilink
      11 year ago

      Dashlane’s app experience across platforms was hit and miss for me. 1Password has been much better.

    • Lunch
      link
      fedilink
      31 year ago

      Aslo more expensive than Bitwarden for example, should u want to pay for premium.

    • BrikoXOP
      link
      fedilink
      English
      111 year ago

      I know they recently published the code for their clients, so that’s a plus. But I can’t find any independent audits for their architecture or clients.

      While all mentioned options does have independent audits done.

  • @madcaesar@lemmy.world
    link
    fedilink
    121 year ago

    KeePass for me. I keep my encrypted vault in my 2 factor encrypted gdrive. Get the best of both worlds. No traditional cloud that’s a target for hackers and I have passes I can share across devices.

  • @jabjoe@feddit.uk
    link
    fedilink
    English
    61 year ago

    No love for Nextcloud Passwords or Passman? Both have plugins for Nextcloud and have Android Apps.

    • @lolgcat@lemmy.ml
      link
      fedilink
      11 year ago

      No love for Nextcloud

      Pretty much in general for me now. I gave it an honest go for six years but there were at least four instances where a server upgrade required nontrivial intervention to bring it back.

      Syncthing + Keepass[DX] has been solid for me.

      • @jabjoe@feddit.uk
        link
        fedilink
        English
        11 year ago

        Which one was that Passman or Nextcloud? I’ve run two instance of Nextcloud Password and one of Passman, for about the same time, with no issues.

        Other people do seam to have issues running Nextcloud in general, but I’ve never had anything but PHP version stuff that is easier fixed. I love Nextcloud!

  • @coffinwood@feddit.de
    link
    fedilink
    111 year ago

    No mention of Enpass? Stores more than just passwords, can be synced locally over wifi or in the cloud without using Enpass servers.

  • @navi@lemmy.tespia.org
    link
    fedilink
    91 year ago

    I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!

    • @helpImTrappedOnline@lemmy.world
      link
      fedilink
      4
      edit-2
      1 year ago

      (I use KeepassXC)

      I use the notes section alot. I can store all kinds of related info. For example on sites that still use a username to login, I can put the email I used to sign up in the notes section.

      I’ll also do security questions answers here. Using a pasphrase generator for those is good. No one is going to check if your first dog’s name really was “consoling-roving-activator-earflap” and no one can find it on your over sharing grandma’s Facebook.

      I’ll also attach any license keys/relevant files for software, now those stay encrypted and backed up with the database instead of in a random folder of text files.

    • @Nath@aussie.zone
      link
      fedilink
      101 year ago

      I need to enter passwords in lots of places that aren’t a browser.

      If Firefox’s password keeper meets your needs, then I would endorse using that, for sure.

    • @Catsrules@lemmy.ml
      link
      fedilink
      31 year ago

      I thought I read somewhere that the build in browser password saves are not very secure.

      This was maybe 5 years ago so i am guessing they have improved it?

    • Skeezix
      link
      fedilink
      31 year ago

      In addition to what the others have said, with those other password managers you dont have to do much if you decide to change browsers some day.

    • @sudneo@lemmy.world
      link
      fedilink
      191 year ago

      I guess a bunch of things, as they are specialized apps:

      • proper auth. I think with Firefox you can have a password, but a password manager will have multiple options for 2fa including security keys, and on phone fingerprint unlock etc. In general, password managers are more resistant to malicious users gaining access to your device.
      • store all kinds of stuff. Not everything happens in the browser, and it’s just convenient to have an app just for credentials. Many password managers allow to store and autofill credit cards too, for example.
      • on the fly generation of aliases. Password managers have external integrations. For example proton and bitwarden can integrate with simplelogin.io to generate email aliases when you choose to generate a new username.
      • org-like features. Password managers can be also convenient for sharing with family (for example). I do manage a bitwardes organization used by all my immediate family, which means I can share credentials easily with any of them. Besides the sharing I can also ensure my (not tech savvy mom) won’t lock herself out (emergency breakglass access configurable) and technically enforce policies on password strength etc.
      • as banal as it is, self-managing. I like to run my own services and running my own password manager with my own backups gives me peace of mind.
      • another perhaps obvious point. More compatibility? I can use my password manager on whatever device, whatever browser. For some, it might not change anything, but it’s a convenient feature.

      As a personal addition, I would say that I simply want the cornerstone of my online security to be a product for a company that is specialized in doing that. I have no idea how much effort goes into the password manager from Mozilla, for example.

        • @sudneo@lemmy.world
          link
          fedilink
          11 year ago

          Yep, I know and it’s very convenient. I discovered recently that bitwarden also has integration, but requires manually provisioning an API key. Not as convenient but quite nice as well.

      • @idefix@sh.itjust.works
        link
        fedilink
        11 year ago

        I’m answering your comment but I’m grateful for those who have answered. You basically have more extensive needs that I have, which makes sense.

        On my side:

        • I’m not planning on leaving Firefox any time soon but the migration seems straightforward
        • The security is sufficient for me: master password on the desktop, fingerprint on my phone
        • To be noted: Firefox is my default password manager for all my android apps. Its scope extends beyond web browsing
    • Gogo Sempai
      link
      fedilink
      71 year ago

      Same. The UI is pretty good and modern, they support TOPT and cards as well and the development is being done at a good pace.