You must log in or register to comment.
Also worth reading https://www.privacyguides.org/en/passwords/
Personally I’m using Dashlane, I’m pretty comfortable with it and as far as I know there have been no breaches in security
Dashlane is fantastic. I was a bit hesitant about the price, but it’s so much sleeker and functional than everything else I’ve tried.
Bitwarden gang
deleted by creator
Is pass really part of GNU?
deleted by creator
Bitwarden, been using it for 3yrs
Bitwarden - does everything, and is free. You can even setup a shared vault so 2 people can have access to shared stuff like online shopping and streaming sites. Takes a bit of admin work but it is not hard.
Sadly that second but requires the other person to care enough to make an account and not just text you when they need the password 😂
Just send a photograph of your screen showing the requested password of 25 random characters so they have to type it out. Guaranteed their next question will be where they sign up for an account.
lol that’s generally what I do. Sometimes I’m nice enough to copy and paste. We don’t share a lot of accounts so it’s not a huge issue.
They forgot to include the best one: 1Password
yeah… you can’t publish a “the best” list like this that doesn’t include the most popular/well-know options without at least writing a little bit about why not those alternatives
to me, it feels a little less like a “the best” and more a “the best that happens to be developed in a reasonable OSS-friendly fashion”
Bitwarden. Tried Proton Pass but ultimately stuck with Bitwarden.
It has been my password manager of choice for quite some time and I didn’t see any reason to change.
Been using KeePassXC (and before that, KeePassX) since I abandoned LastPass about a decade ago. The apps integrate with Nextcloud perfectly and at least for me, it’s a breeze. I use it for TOTP too, and I second the recommendation of a hardware token for an additional layer of security. There are some USBc options that work on phones (I’m using a pixel 7 pro).
I’m curious about using the same store for passwords and TOTP. Technically if someone gets screwed to your database, they have both your factors, yes? But I guess it does thwart someone trying to brute force your password.
Technically you do lose the second factor, but nowadays 2FA is often mandatory or they force some crap like SMS/email verification onto you. If you are aware of the risk then it isn’t a huge deal.
Though you might want to consider not using it at least for the most important stuff like banking (here you don’t even have an option; banks have their own 2FA apps that you have to use) and primary/recovery email.
Adding a hardware key, like Nitrokey, would be an additional level of safety there. I would not use the database without some kind of additional key (something you know and something you physically have).
If there’s something nefarious that has user access, you’ve already lost in that regard.
Just to add, you can also use multiple databases to help maintain separation
This is what I do: I have 3 KeepassXC databases (regular passwords, “security” questions, TOTP tokens) each with a different password.
I never got YubiKey to work on desktop with it. Key files seem to work good enough and easy to manage.
YubiKey works for me, both on desktop with KeePassXC and on Android with KeePassDX to the same DB
I like the look of KeePassDX but I was bothered by the fact that I have to use the yubikey every single time to unlock the database, unlike keepass2android which allows me to store the yubikey credential with biometric lock until the phone restarts. Keepass2android is not as nice of an app but that feature was really required for me.
KeepPassXC can do this as well, but it does require the yubikey to be inserted every time you want to save a change to the database.
Look under Settings -> Security -> Convenience -> Enable database quick unlock (Touch ID/Windows Hello)
Using that I can quick-unlock my database using my laptop’s fingerprint scanner, just like how KeepPassDX works on Android.
its not a huge issue on KeePassXC because I keep a yubikey nano plugged into my laptop, but for my phone, I haven’t been able to make this work reliably with KeePassDX. I’ll have to give it another go.
Ah yeah you are right, it makes me tap my key every time I open the app.
The biometrics seem to only replace the master password.
I do wish it worked more like KeePassXC where the key is only needed to save the database after unlocking and confirming with fingerprint
While we’re on the topic of open source products, may I suggest the SoloKey:
So it’s like a YubiKey?
Yes, same type of device.
It does require some configuration within yubikey manager. I did not find it straightforward but once set up its really reliable.
yup, no need to pay for a password manager. and far more secure.
Self-hosted bit warden works like a charm plus you get to learn reverse proxies if you use docker on a Nas, it’s pretty fun, would recommend
OK, I understand some of those words. I have a nas and I want to self host with docker. I have read a little but its confusing. Do you have any links that explain the whole process? Especially the reverse proxy and making your containers available outside your lan? Thanks
There are many tutorials on YouTube. I recommend SpaceinvaderOne’s tutorials. Very in-depth and easy to follow.
It definitely is confusing, and I didn’t full grasp it when I did it 😅
The installation process will vary depending on your OS. I have a synology, so I followed this walkthrough and some youtube videos as well: https://mariushosting.com/how-to-install-bitwarden-on-your-synology-nas/ but QNAP, FreeNas, etc will have their own install process. They should be pretty similiar, though, if you use docker.
I second the recommendation for Bitwarden.
I switched over from Dashlane and never looked back. They even have a browser extension for mobile Firefox (the browser you should be using anyways) so it’s easy and convenient on all my devices.
+1 for Bitwarden. There were growing pains at the start to move off of iCloud Keychain. Once done and being more proactive with managing passwords it’s so good and trustworthy
Is there another way than just going back and forth and manually putting them in?
Manually putting what in?
You can import from another service if that’s what you mean
I spent some time when I migrated from just storing my passwords in Chrome. I went through and made sure all of them were strong, unique passwords. I set up categories for all of them. I set it up so I could share the right ones with the family and whatnot.
Doing the raw import is easy, but it was a good time to make sure everything was in order.
First time using it you export your password data and move it into BW. Then browser extension can help auto fill and detect new ones. It also has a password generator built in so that’s handy
Phone app can integrate and auto fill. On iPhone I’m not sure it if can detect and save. But the few times I’ve needed to sign up on phone I manually input.
I still use Firefox password and iCloud saves when prompted. Doesn’t hurt to have a backup I suppose.
Agreed. Bitwarden has been fantastic. I just wish it was easier to swap between accounts on the browser extension. You can do it on desktop and mobile pretty easily.
Is there a reason to use the mobile extension over the app itself? The app can input into other apps as well
I have never even got the mobile extension to work. When I set it up and enter in my email and master password, the Captcha that is supposed go show up is missing entirely. There is just a blank space under the password field where the Captcha is supposed to have appeared.
If you have a custom DNS or VPN, that might be blocking the CAPTCHA.
The desktop application runs on Chromium, so that’s something to consider.
Don’t know honestly - I’ve never tried the app so I don’t have a comparison. Didn’t even know they had one.
Ah nice :)
I find it a lot better, worth a try if you can get it
https://play.google.com/store/apps/details?id=com.x8bit.bitwarden
Part of why I picked Bitwarden over keepass was that it had nice apps/extensions for all my devices, like you said. I didn’t miss any features when I switched, and instead gained a few cool ones.
The app is nice if you want to use bitwarden to login to other appa. You can allow it permission to run alongside other apps that can fill in login forms.
have being using Enpass for a long time, it’s really good, you can choose any cloud provider or host your vault yourself, subscription based payment or one time only
I am also using Enpass since a decade or so and never had the urge to switch to another provider. Everything works, you got all the features (TOTP, pawned password auto-checks, native apps and autofill, storage of other things than passwords; …) and pricing is still very reasonable.
It can be fully used offline too (with WiFi sync) or with any local storage or online cloud option.
I bought it one time back then but still pay the small subscription fee since I don’t want Enpass to go away.
Many of these tools share practically the same set of features, so I like Enpass’s ability to store files (i.e. certificates) and any kind of key/value pairs even more.
I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It’s barely-secure, but the data is not accessible except when I’m updating it. It’s similar to the mooltipass but all the passwords are stored on eeprom.
Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.
Honestly, I’d love to just simply be able to afford a mooltipass though. :(
This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/
And I usually generate the passwords with an online tool so that I’m never using the same password twice.
That’s a lot of trouble to go into to have questionable security. Though it’s admittedly really cool.
I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still…
Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn’t protect you against inputting data on a wrong (phished) domain.
Why not keepass and its editors and just keep the vault file on a flash drive?
Not OP but this is exactly what I do and it works great
Same. Keepass either on a flash drive or synced via syncthing.
Exactly. Plus, if you’re a windows user, you can keep the portable version of KeePass on the drive as well.
While I find a discussion about password managers great, I found the article to be underwhelming.
