What password manager do you recommend?

gandalftheBlack, 11 months ago

Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don’t.)

Its also a privacy friendly service which has passed multiple security audits from external entities

Moondance, 11 months ago

Bitwarden

Royalish, 11 months ago

This is the way.

NPC, 11 months ago

There are other good options out there, think keypass, 1password and maybe dashlane. But my favourite would definitely be bitwarden

odbod, 11 months ago

This.

Bitwarden.

All day; everyday.

acetone, 11 months ago

Bitwarden.

donut4ever, 11 months ago

You’ve just described bitwarden.

steal_your_face, 11 months ago

I use the managed version of Bitwarden and I like it a lot compared to others.

doppelgangmember, 11 months ago

Bitwarden 100%

ram, 11 months ago

Bitwarden checks all the boxes. I’ve had great experience with it. bitwarden.com

I will say, auto-fill on load is a bad idea. On desktop I keep my auto-fill bound to a key so it doesn’t actually end up in fields it shouldn’t be.

2FA is locked behind the $10/year premium if that’s something you wanted, but beyond that the free plan has everything 99% of people will use. They do third party security audits, have public white papers, and is completely open source.

hinterlufer, 11 months ago

Email and TOTP 2FA options are available in the free version, YubiKey, FIDO2 and Duo options are only available in the 10$/year premium option.

Moonwalk, 11 months ago

I’m sure they meant TOTP 2FA for the accounts saved in Bitwarden, not for the Bitwarden login itself.

Saintcloud, 11 months ago

I’ve been curious about a Yubikey like option for a bit now. Would you recommend one and if so which type?

dan, 11 months ago

Get a Yubikey that supports Webauthn and FIDO2. It’s the future of two-factor authentication on the web. At work we use the YubiKey 5C Nano, but I think the entire Yubikey 5 series supports Webauthn.

DuskLoaf, 11 months ago

Is there much benefit to having access to the 2FA option if I already use RAIVO for 2FA codes.

Interstellar_1, 11 months ago

No, it’s good to have a seperate service for that

Makeshift, 11 months ago

Bitwarden only autofills if the page’s URL is the same as the account in your vault. So it actually helps you make sure that you aren’t putting your info into a phishing site or something

although, I’m pretty sure autofill is disabled by default anyway?

ram, 11 months ago

Bitwarden only autofills if the page’s URL is the same as the account in your vault. So it actually helps you make sure that you aren’t putting your info into a phishing site or something

This is true, though wasn’t my concern. My concern is that it (and other PW managers ofc) can sometimes fill in fields its not supposed to, and you end up accidentally including a username or password in a GET header.

although, I’m pretty sure autofill is disabled by default anyway?

Auto-fill on page-load is, yes.

DoctorWhookah, 11 months ago

*Sees post. Guess I should make sure someone has said Bitwarden.

*Checks comments. Hmm, Bitwarden, Bitwarden, another Bitwarden.

*Good. I don’t need to reply.

Nikki, 11 months ago

*Replys anyway

Bitwarden ftw!

LoyalOrange503, 11 months ago

Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven’t paid a single penny to them. Autofill is possible, on both android and web browser, although you’ll have to set it up through an extension. Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.

it ticks all your requirements!

Concept1037, 11 months ago

Bitwarden is great. If OP wants they can self host it via Vaultwarden which I’m using. It works perfectly.

Rathernotsay, 11 months ago

I pay just because I love them and it’s under 1$ a month

LoyalOrange503, 11 months ago

I would love to, but I’m a bit tight with cash atm. I’ve been meaning to pay the 10-11 quid a year plan just to support them. They’ve given so much to me and I haven’t given anything back :(

onichama, 11 months ago

Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

foxinabox, 11 months ago

I’d say keepassxc.org covers all of your needs except the “Can be accessed via a browser” (Autofill works fine with a browser plugin)

Psychosadistic, 11 months ago

except the “Can be accessed via a browser”

Well - this is a selfhosted solution but still would give the access via browser. keeweb.info

crocodileneptune, 11 months ago

They are searching for a maintainer. I hope they still fix security issues.

github.com/keeweb/keeweb/issues/2022

github.com/keeweb/keeweb/issues/2077

hal_5700X, 11 months ago

Links to KeePassXC’s browser extensions, Firefox, & Chrome/Chromium.

sirnak, 11 months ago

Happy KeepassXC User reporting and there actually is a browser plugin that works flawlessly.

Hubi, 11 months ago

KeepassXC with a browser plugin on the desktop and Keepass2Android on the smartphone. The password files are synced over my self-hosted Nextcloud and backed up to OneDrive. I couldn’t be happier with this setup.

relative_iterator, 11 months ago

Same but I’m using strongbox on ios

quortez, 11 months ago

I would be happier with KeePass if the Android situation wasn't so bad. The most reliable app still uses UI elements from goddamn Froyo and the more sleek, modern, auto fill aware app can't deal with cloud sync to save its life. I hate it here.

x2XS2L0U, 11 months ago

I use KeepassDX on Android and it feels alright

quortez, 11 months ago

KeepassDX is the modern one I'm referring to. Because of the whole Android 11 SAF/scoped storage issue, syncing to databases and clouds that use DocumentsUI (the special folders you see when your Files manager window opens) fails all the time. I've repeatedly lost data due to KDX not properly saving or syncing, causing file conflicts and the passwords I literally just saved to vanish the next time I unlock the database.

The developer's response is that it's everyone else's fault that their apps' SAF implementation is bad, not KDX.

I absolutely cannot recommend using it.

x2XS2L0U, 11 months ago

I use it all the time and sync it between devices without problems…

Schooner, 11 months ago

What are you using for sync? I use Nextcloud and haven’t had any sync issues.

quortez, 11 months ago

I've had it fail with most SAF locations I tried after Android 11, especially pCloud. After the database locks and KDX leaves the RAM, it often cannot find the database it literally just saved, and will often just generate a merge conflict to the location it attempted to save. As a result, after you unlock once, it can no longer unlock the database and you have to bring up DocumentsUI again.

Schooner, 11 months ago

You know, I did have this problem like a year ago. Except, it was a problem with saving the database. I don’t know what happened but haven’t faced it in a long time now.

Kekzkrieger, 11 months ago

is the browser plugin safe to use? it kinda seems fishy

korok, 11 months ago

How is the OSX and iOS support for Keepass nowadays? Are there desktop and browser clients for OSX, and what’s the autofill situation like?

Keepass was the first password manager I used and I really liked it, but I had to switch when I started using Apple devices for work a few years back, and the lack of platform support there was a nonstarter.

moonmeow, 11 months ago

Strongbox for ios works with keepass formats.

korok, 11 months ago

Writing this down for later, thanks!

Christopher, 11 months ago

One more point on Bitwarden - when the top password managers were being hacked/exploited, Bitwarden was keen to fix what appeared to be vulnerabilities in an extremely timely manner. I don’t remember where I read the article but it still fared best out of all the other managers out there.

It may have been ars technica, I don’t remember.

idle, 11 months ago

Bitwarden, bonus points if you self host it. I use the Vaultwarden variation.

paris, 11 months ago

This is one of the few things I don’t want to selfhost, at least right now. If I fuck something up with Vaultwarden or the PC it runs on, I lose access to EVERYTHING all at once. I’d rather offload that risk to Bitwarden’s official server.

idle, 11 months ago

As long as you are using it on multiple devices you are ok. If the server goes down the app still works. So absolute worst case scenario, you can just export your vaults from your phone, then sign up for Bitwarden and import it.

I periodically take proactive exports every few months and put them on an external hard drive still though.

ErwinLottemann, 11 months ago

Backups is the keyword. I run Vaultwarden on my internal network, the data gets backed up to an external hard drive, borgbase and another remote machine using borg backup. I also stored the passphrases for these backups in a KeePass database (that is backed up elsewhere). I don’t think I need to worry about data loss. Plus - if the Server is not reachable the synced devices should still have access to the passwords.

Robertej92, 11 months ago

Guess I’m gonna have to give bitwarden a go, I’ve used LastPass for years but their quality of service and value for money has plummeted.

boletus, 11 months ago

Been using Bitwarden for a long time. Secure, easy to use and never had any problems with it.

Voroxpete, 11 months ago

I switched from Lastpass to Bitwarden. Couldn’t be happier.

Selmafudd, 11 months ago

Brah I’ve seen so many of these post asking what password manager people use and the comments filled with bitwarden replies… it could just be lots of people really interested in password managers use Lemmy or bitwarden is astroturfing. One of these seems more likely

Zagorath, 11 months ago

I used LastPass up until they re-started charging for multiple devices. I was happy to pay LastPass back in like 2013 when they used to charge for multiple devices, but when they decided to bring that charge back in 2022 (or whatever year it was) they were charging an obscenely high amount for it, and frankly the UX wasn’t good enough to justify that price. On Android, more often than not I was having to go into the app to copy/paste it, because the native integration just wasn’t working.

With Bitwarden I’m back to free, and it works so much better anyway. I never looked back.

b000urns, 11 months ago

is there a straightforward way to migrate? thanks in advance 🙏

Zagorath, 11 months ago

They have a tool for directly doing the import for you.

Or if, for whatever reason, that doesn’t work for you/you don’t want to use that, they have detailed step-by-step instructions for how to manually export your LastPass vault and import it into Bitwarden.

Hope this helps!

b000urns, 11 months ago

Legend, thanks!

Maticzpl, 11 months ago

KeepassXC on PC KeepassDX on android Nextcloud for sync

Abualiexpress, 11 months ago

Second Keepass.

Or BitWarden.

Generator, 11 months ago

Same but I use Syncthing instead

Schooner, 11 months ago

Literally same setup!

YourMomLovesMe, 11 months ago

Keepassxc

miikaroo, 11 months ago

Non self-hosted: Bitwarden

Self-hosted: Keepass

Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that’s not a problem for you then it’s a great choice.

terk, 11 months ago

It’s more to setup, but I have my keepass auto sync across several devices using OneDrive. Each device has a local copy of the database that is synced with the cloud version using triggers.

Swarfega, 11 months ago

This is what I used to do. Although KeePass is better these days in that it will recognise when a database has changed and ask you if you want to synchronise the changes. KeePassXC will even reload the database when it detects changes.

flashgnash, 11 months ago

Bitwarden supports self hosting doesn’t it? There’s an option in the UI to specify server

jakob, 11 months ago

the name is vaultwarden. a reimplementation of bitwarden i think in rust. you can use it with all bitwarden-clients.

Racle, 11 months ago

Yup, you can selfhost bitwarden and use your own private server to sync between devices.

Swarfega, 11 months ago

You sound like me. I used KeePass for many years. AutoType rules. That said it wasn’t as slick as other password managers for browser credentials. I moved my home stuff to Bitwarden and use KeePass for work. I honestly could never give up AutoType for work. Typing credentials into other applications is so handy and one majority of other password managers lack, including Bitwarden.

kwelzel, 11 months ago

One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren’t you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don’t know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

mojo, 11 months ago

+1 for Bitwarden