What password manager do you recommend?

Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I’m done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I’ll use Bitwarden. Thanks for recommendations! Now I don’t need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I’ve forgotten my email password as well as a few other accounts I haven’t logged into for a while. Damn, should’ve used a password manager earlier.

justsayit,

Plus one for BitWarden for a great low price/free option that’s open source.

1Password if you have a few extra bucks to spend. I find the look and feel to be worth the money despite not being open source.

Kristho,

I agree on this one. I used Bitwarden first - but now I’m on 1Password for both work and personal use.

xtremeownage,

Vault warden. (Implements bitwarden).

Works with bitwarden apps / browser plugins. Locally hosted. Rust.

cwagner,
  • Bitwarden: Paid, but with a free tier, ticks all your boxes
  • KeepassXC: Free, ticks all but browser access (great android and browser integration, though), syncs through any file sync service (WebDAV support makes for a nicer Keepass2Android experience, though)

Note that I’d not recommend Keepass for multiple users, I heard of sync issues there and you can’t do partial shares. Not an issue for me, though. With Bitwarden, the free tier offers 1 extra user.

Personally I don’t want to be dependent on some other service (like bitwarden hosting for me), but also not be reliant on my own server for something as important as passwords, that’s why I’ve been using Keepass(XC) for the last 7 years (thought it was longer, but it turns out I had LastPass premium till 2016. Fuckers).

Jackolantern,

Bitwarden is ok

Version,

Definitely Bitwarden, but there‘s also a new product from Proton called Proton Pass. It works similarly to Bitwarden, but a few features are still missing.

RustedSwitch,
@RustedSwitch@lemmy.world avatar

It’s been a long time since I switched to 1Password, but I used to use keepass. I’m not sure whether keepass has a browser extension, but otherwise (if I recall) it checks your other boxes.

1Password is great, even though it’s not open source, and you get to a spot in life where $3/mo is feasible.

pirate526,
@pirate526@kbin.social avatar

buttercup.pw

Disclaimer: I’m the developer

lukstru,

As someone who uses Bitwarden, what’s the advantage of using buttercup?

ChrislyBear,

Keepass all the way. Checks all the boxes. Access via browser: If you have a Nextcloud instance, theres a NC-Addon to open kdbx files in the browser.

re: Bitwarden I tried it and it wasn’t sufficient for me. Is it now possible to also store and generate TOTPs? Can you store SSH keys and retrieve them directly from the password storage?

knoland, (edited )

You definitely do not want to generate TOTPs in your password manager. That makes it a single point of failure in the event of a breach.

EN20,

As stated by keepassxc: yes to in the same database results in a single point of failure but the easy and good solution is to store them in a separate database. Definitely more secure that stuff like some authenticator app on the same phone where the otps are used

ChrislyBear,

You’re right, good point! I’m going to separate the OTPs out of the DB right now. Thanks!

ebits21, (edited )
@ebits21@lemmy.ca avatar

There’s only two real choices imo.

Bitwarden or Keepass (KeePassXC for desktop, you’ll need one of many app choices for your phone).

Keepass you would sync to your own cloud provider and use a key file for protection.

Bitwarden is the obvious answer that fits all your criteria.

Rakn,

Why are these the only real choices? What makes the others not real?

ebits21,
@ebits21@lemmy.ca avatar

Only ones I trust that are open sourced and have some kind of audit.

Rakn,

Don’t closed ones like 1Password also have audits? But I guess it’s a personal philosophy.

ebits21,
@ebits21@lemmy.ca avatar

Sure. But I wouldn’t trust closed source software for passwords. Personal decision.

ChrislyBear,

What are thr benefits of KeePassXC over the regular “original” application?

ebits21, (edited )
@ebits21@lemmy.ca avatar

I use Linux and flatpaks so XC is the obvious choice for me - much nicer to use across platforms that aren’t a windows and only one available as a flatpak. Nicer interface. Supports TOTP codes (all I use it for, Bitwarden for passwords). More active development.

I use KeePassium on iOS with the same vault.

wilberfan,
@wilberfan@lemmy.world avatar

Gratifying to see all the love for Bitwarden!

Dirk,
@Dirk@lemmy.ml avatar

Since you don’t want to selfhost anyway just use the one built-in to your browser. Nowadays you can set up synch with a password

Coreidan,

Terrible idea. Never use your browser to save passwords. Way too easy to hack.

Dirk,
@Dirk@lemmy.ml avatar

I am pretty sure you can provide reliable sources that are not one blog article by one individual telling their opinion.

If it’s really “way too easy to hack” there should be plenty of souces.

Caaaaarrrrlll, (edited )

KeeWeb. Compatible with anything that uses KeePass files.

It checks more than half or even all of your boxes.

  • Free and Open Source, on GitHub.
  • Can be self hosted. Or go to app.keeweb.info.
  • Can be synced to the cloud of your choice. Even supports WebDAV, which is very lightweight.
  • Encrypted at rest and end-to-end. Those clouds don’t have your decryption key. Decryption happens in your browser client-side.
  • Cross platform. Anything that can load a webpage or is compatible with KeePass can use it. It can be bookmarked to the home screen on mobile and it becomes its own app.
  • Auto fill via hotkey on PC.
  • Supports PINs/Multi-Factor Authentication codes.
  • Can attach secret files like backup codes or SSH keys.
  • Can configure how strong the encryption is on the KeePass file.
  • Theme support.
  • Secrets can be exported.

Edit: in another comment someone mentioned the KeeWeb developer is looking for another maintainer due to their own personal health issues. It’s been stale since mid-2022, while the core is considered still secure there is concern for its dependencies. It can be compiled at home with updated dependencies if that concerns you.

ablackcatstail,
@ablackcatstail@lemmy.goblackcat.com avatar

I am a fan of Vault Warden.

Fisch,
@Fisch@lemmy.ml avatar

He specifically stated that he doesn’t want to self host

shapis, (edited )
@shapis@lemmy.ml avatar

protonpass for sure.

Bitwarden is great, but it’s way too easy to lock yourself out of it if it’s your first pw manager ever.

maxxpowerr,

What would you suggest to first time users so they avoid being locked out?

shapis,
@shapis@lemmy.ml avatar

Same way experienced users would prevent that.

Write down your password and recovery codes in multiple safe places.

That’s a bit of a hassle. For me at least.

That’s why I suggested protonpass. You can mess up but as long as you don’t forget your pw you are fine.

miku,

Make sure you absolutely know your master password or put a hint as there’s no way to ever reset or recover that password if you forget it

Pneuma,

You could get creative with a premium account “A” where you can designate another person/account “B”(can be free account) with emergency access after a waiting period.

When B requests access it’ll send an email where A can approve/deny access immediately; or if you’re completely locked out, B will be granted access after the waiting period that you can set passes.

B can either be another person you trust, or it could just be a written backup that can be locked somewhere safe but not accessed on a daily basis.

If you want, after designation you can cancel premium and the emergency access will still be active, you just cannot add/edit who has access.

SecretPancake,

Been using 1Password since 2010. I tried Bitwarden a few years ago just because of the price. In theory it ticks all boxes but it was a pain to use. I does not flow like 1P, some things did not work the way I expected and it looks like shit. Don’t ask for details because I forgot. So I switched back. The new design of 1Password made it a little worse but it’s still great and the integration into iOS and macOS is amazing.

moopet,
@moopet@kbin.social avatar

1Password has some nice features (like it reads QR codes off the page and automatically handles 2FA for you, which is clever, but not necessarily the "2" in "2FA" you were hoping for) but it also has a lot of weird UI decisions that make it confusing to use, especially in a shared company environment.

It is a lot better than it was before though, now it's cross-platform (it used to be exclusively AppleSuperiorityComplexWare), but it's still not open source.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • asklemmy@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #