What password manager do you recommend?

smallpanther, 2 years ago

I’ve been using Google’s password manager mainly for convenience but had been looking to switch for a while, this thread made up my mind to switch to Bitwarden!

Trapping5341, 2 years ago

Made the same switch in October last year. Glad I made the switch. My work phone is an iphone and I don’t generally use personal things on there but I do sometimes and being able to just login to bitwarden and sign into all my stuff is great. At first the switch sucks because my god did I personally have so many accounts but as you go it gets easier and easier. I recommend it to everyone and generally just get weird looks lol

techgearwhips, 2 years ago

KeePass all day. Completely open sourced and free.

I use

KeePassium on iOS

KeePassiumXC on desktop

Keepass2Android (no net) on Android.

All synced via Nextcloud but you can sync via sync thing as well if you don’t want to self cloud host.

foxinabox, 2 years ago

I’d say keepassxc.org covers all of your needs except the “Can be accessed via a browser” (Autofill works fine with a browser plugin)

Psychosadistic, 2 years ago

except the “Can be accessed via a browser”

Well - this is a selfhosted solution but still would give the access via browser. keeweb.info

crocodileneptune, 2 years ago

They are searching for a maintainer. I hope they still fix security issues.

github.com/keeweb/keeweb/issues/2022

github.com/keeweb/keeweb/issues/2077

hal_5700X, 2 years ago

Links to KeePassXC’s browser extensions, Firefox, & Chrome/Chromium.

sirnak, 2 years ago

Happy KeepassXC User reporting and there actually is a browser plugin that works flawlessly.

Hubi, 2 years ago

KeepassXC with a browser plugin on the desktop and Keepass2Android on the smartphone. The password files are synced over my self-hosted Nextcloud and backed up to OneDrive. I couldn’t be happier with this setup.

relative_iterator, 2 years ago

Same but I’m using strongbox on ios

quortez, 2 years ago

I would be happier with KeePass if the Android situation wasn't so bad. The most reliable app still uses UI elements from goddamn Froyo and the more sleek, modern, auto fill aware app can't deal with cloud sync to save its life. I hate it here.

x2XS2L0U, 2 years ago

I use KeepassDX on Android and it feels alright

quortez, 2 years ago

KeepassDX is the modern one I'm referring to. Because of the whole Android 11 SAF/scoped storage issue, syncing to databases and clouds that use DocumentsUI (the special folders you see when your Files manager window opens) fails all the time. I've repeatedly lost data due to KDX not properly saving or syncing, causing file conflicts and the passwords I literally just saved to vanish the next time I unlock the database.

The developer's response is that it's everyone else's fault that their apps' SAF implementation is bad, not KDX.

I absolutely cannot recommend using it.

x2XS2L0U, 2 years ago

I use it all the time and sync it between devices without problems…

Schooner, 2 years ago

What are you using for sync? I use Nextcloud and haven’t had any sync issues.

quortez, 2 years ago

I've had it fail with most SAF locations I tried after Android 11, especially pCloud. After the database locks and KDX leaves the RAM, it often cannot find the database it literally just saved, and will often just generate a merge conflict to the location it attempted to save. As a result, after you unlock once, it can no longer unlock the database and you have to bring up DocumentsUI again.

Schooner, 2 years ago

You know, I did have this problem like a year ago. Except, it was a problem with saving the database. I don’t know what happened but haven’t faced it in a long time now.

Kekzkrieger, 2 years ago

is the browser plugin safe to use? it kinda seems fishy

korok, 2 years ago

How is the OSX and iOS support for Keepass nowadays? Are there desktop and browser clients for OSX, and what’s the autofill situation like?

Keepass was the first password manager I used and I really liked it, but I had to switch when I started using Apple devices for work a few years back, and the lack of platform support there was a nonstarter.

moonmeow, 2 years ago

Strongbox for ios works with keepass formats.

korok, 2 years ago

Writing this down for later, thanks!

Maticzpl, 2 years ago

KeepassXC on PC KeepassDX on android Nextcloud for sync

Abualiexpress, 2 years ago

Second Keepass.

Or BitWarden.

Generator, 2 years ago

Same but I use Syncthing instead

Schooner, 2 years ago

Literally same setup!

YourMomLovesMe, 2 years ago

Keepassxc

cokane_88, 2 years ago

Online password manager GTFO never ever doing that.

I use password safe desinged by Bruce Schneier, it’s legit AF, pwsafe.org

mojo, 2 years ago

Do you not need to sign in to your accounts from different devices? Not to mention autofill support is a big deal, hence why browser addons are so important. The other password managers are plenty secure, especially with 2fa and webauth which that app certainly is not going to have.

cokane_88, 2 years ago

The convenience factor is not there but you probably sacrifice security for the conveniences. Browser add-on is something else that can get hacked.

mojo, 2 years ago

What do you do for a living where you somehow don’t need mobile autofill? Do you not leave the house?

cokane_88, 2 years ago

I used do cyber security for a fortune 500, that’s where I got exposed to that password manager. Now I don’t work, stay at home dad aka house manager.

magicalbeast69, 2 years ago

Why are online password manager bad? Sure, the risk is obviously higher than the offline one, but online password manager would be sufficient for most people. Convenient outweigh for like 99.99% of people. Even if there is a data breach, passwords’ hashes are not easy to crack, even if you know the salt. The only way to crack it is that you reuse password. So, as long as you use strong enough master password, it’ll most likely be fine.

Also, if you care about security, you’ll also probably be using TOTP 2FA anyway. So unless, TOTP secret is leaked at the same time as your password, then you are fine.

cokane_88, 2 years ago

blog.lastpass.com/…/security-incident-update-reco…

That’s a breach they told the public about. What’s worse is when a company gets breached and they don’t know it happened or it takes them years to find out. I’d rather step on my own ding ding than put my credentials online.

SeaOtter, 2 years ago

Thanks for this! I have been using iCloud Keychain for a while and was generally satisfied. However, it wasn’t until I recently switched from desktop Safari to Arc that I considered a third party password manager, but was stuck in decision paralysis.

Given the overwhelming responses in this post, BitWarden it is!

idle, 2 years ago

Bitwarden, bonus points if you self host it. I use the Vaultwarden variation.

paris, 2 years ago

This is one of the few things I don’t want to selfhost, at least right now. If I fuck something up with Vaultwarden or the PC it runs on, I lose access to EVERYTHING all at once. I’d rather offload that risk to Bitwarden’s official server.

idle, 2 years ago

As long as you are using it on multiple devices you are ok. If the server goes down the app still works. So absolute worst case scenario, you can just export your vaults from your phone, then sign up for Bitwarden and import it.

I periodically take proactive exports every few months and put them on an external hard drive still though.

ErwinLottemann, 2 years ago

Backups is the keyword. I run Vaultwarden on my internal network, the data gets backed up to an external hard drive, borgbase and another remote machine using borg backup. I also stored the passphrases for these backups in a KeePass database (that is backed up elsewhere). I don’t think I need to worry about data loss. Plus - if the Server is not reachable the synced devices should still have access to the passwords.

LoyalOrange503, 2 years ago

Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven’t paid a single penny to them. Autofill is possible, on both android and web browser, although you’ll have to set it up through an extension. Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.

it ticks all your requirements!

Concept1037, 2 years ago

Bitwarden is great. If OP wants they can self host it via Vaultwarden which I’m using. It works perfectly.

Rathernotsay, 2 years ago

I pay just because I love them and it’s under 1$ a month

LoyalOrange503, 2 years ago

I would love to, but I’m a bit tight with cash atm. I’ve been meaning to pay the 10-11 quid a year plan just to support them. They’ve given so much to me and I haven’t given anything back :(

teawrecks, 2 years ago

Keepass is

• open source and free
• just uses a file, so you can sync it wherever/however you want
• has a browser plugin with autofill if you’re into that
• is supported on all platforms
• database lives in an encrypted file that you put wherever you choose

sonstwas, 2 years ago

For syncing I use Syncthing. It’s open-source as well and syncs two/multiple devices without the need for cloud-storage

Tom_bishop, 2 years ago

Used to love LastPass, then it charge expansive for pc and android multi device. I’m too looking for better pm.

dgrabla, 2 years ago

Hummm am I the only one using ‘pass’ ?

lntl, 2 years ago

You’re not alone

Schnaftator, 2 years ago

What I don’t like about pass is that every entry is visible in the file system. An attacker needs just a directory listing to know where I have accounts.

gandalftheBlack, 2 years ago

Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don’t.)

Its also a privacy friendly service which has passed multiple security audits from external entities

mojo, 2 years ago

+1 for Bitwarden

onichama, 2 years ago

Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

Steamymoomilk, 2 years ago

I just use my very smooth brain Although its not very relible

001100010010, 2 years ago

Yea my smooth brain almost forgot my lemmy password lol. Hard to remember passwords when constantly depressed.

Christopher, 2 years ago

How about your login name? Hopefully your string of binary means something to you so it’s also memorable!

001100010010, 2 years ago

Shhh… It’s the secret to time travel! Or at least 1/3 of it.

Edit: Spoilers: It’s from

spoilerFuturama, Bender’s Big Score, the time code printed on Fry’s ass (yes, literally)

Christopher, 2 years ago

As long as it’s not also your password in reverse!

001100010010, 2 years ago

No my password is not in reverse, it’s in inverse. Hackers are so dumb, when I’m already playing 5d chess. 🤓

110011101101

Christopher, 2 years ago

Be sure to invert it twice, to be extra secure. 🔐