What password manager do you recommend?

Tom_bishop, 11 months ago

Used to love LastPass, then it charge expansive for pc and android multi device. I’m too looking for better pm.

teawrecks, 11 months ago

Keepass is

• open source and free
• just uses a file, so you can sync it wherever/however you want
• has a browser plugin with autofill if you’re into that
• is supported on all platforms
• database lives in an encrypted file that you put wherever you choose

sonstwas, 11 months ago

For syncing I use Syncthing. It’s open-source as well and syncs two/multiple devices without the need for cloud-storage

gandalftheBlack, 11 months ago

Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don’t.)

Its also a privacy friendly service which has passed multiple security audits from external entities

mojo, 11 months ago

+1 for Bitwarden

onichama, 11 months ago

Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

cokane_88, 11 months ago

Online password manager GTFO never ever doing that.

I use password safe desinged by Bruce Schneier, it’s legit AF, pwsafe.org

mojo, 11 months ago

Do you not need to sign in to your accounts from different devices? Not to mention autofill support is a big deal, hence why browser addons are so important. The other password managers are plenty secure, especially with 2fa and webauth which that app certainly is not going to have.

cokane_88, 11 months ago

The convenience factor is not there but you probably sacrifice security for the conveniences. Browser add-on is something else that can get hacked.

mojo, 11 months ago

What do you do for a living where you somehow don’t need mobile autofill? Do you not leave the house?

cokane_88, 11 months ago

I used do cyber security for a fortune 500, that’s where I got exposed to that password manager. Now I don’t work, stay at home dad aka house manager.

magicalbeast69, 11 months ago

Why are online password manager bad? Sure, the risk is obviously higher than the offline one, but online password manager would be sufficient for most people. Convenient outweigh for like 99.99% of people. Even if there is a data breach, passwords’ hashes are not easy to crack, even if you know the salt. The only way to crack it is that you reuse password. So, as long as you use strong enough master password, it’ll most likely be fine.

Also, if you care about security, you’ll also probably be using TOTP 2FA anyway. So unless, TOTP secret is leaked at the same time as your password, then you are fine.

cokane_88, 11 months ago

blog.lastpass.com/…/security-incident-update-reco…

That’s a breach they told the public about. What’s worse is when a company gets breached and they don’t know it happened or it takes them years to find out. I’d rather step on my own ding ding than put my credentials online.

Robertej92, 11 months ago

Guess I’m gonna have to give bitwarden a go, I’ve used LastPass for years but their quality of service and value for money has plummeted.

boletus, 11 months ago

Been using Bitwarden for a long time. Secure, easy to use and never had any problems with it.

Voroxpete, 11 months ago

I switched from Lastpass to Bitwarden. Couldn’t be happier.

Selmafudd, 11 months ago

Brah I’ve seen so many of these post asking what password manager people use and the comments filled with bitwarden replies… it could just be lots of people really interested in password managers use Lemmy or bitwarden is astroturfing. One of these seems more likely

Zagorath, 11 months ago

I used LastPass up until they re-started charging for multiple devices. I was happy to pay LastPass back in like 2013 when they used to charge for multiple devices, but when they decided to bring that charge back in 2022 (or whatever year it was) they were charging an obscenely high amount for it, and frankly the UX wasn’t good enough to justify that price. On Android, more often than not I was having to go into the app to copy/paste it, because the native integration just wasn’t working.

With Bitwarden I’m back to free, and it works so much better anyway. I never looked back.

b000urns, 11 months ago

is there a straightforward way to migrate? thanks in advance 🙏

Zagorath, 11 months ago

They have a tool for directly doing the import for you.

Or if, for whatever reason, that doesn’t work for you/you don’t want to use that, they have detailed step-by-step instructions for how to manually export your LastPass vault and import it into Bitwarden.

Hope this helps!

b000urns, 11 months ago

Legend, thanks!

idle, 11 months ago

Bitwarden, bonus points if you self host it. I use the Vaultwarden variation.

paris, 11 months ago

This is one of the few things I don’t want to selfhost, at least right now. If I fuck something up with Vaultwarden or the PC it runs on, I lose access to EVERYTHING all at once. I’d rather offload that risk to Bitwarden’s official server.

idle, 11 months ago

As long as you are using it on multiple devices you are ok. If the server goes down the app still works. So absolute worst case scenario, you can just export your vaults from your phone, then sign up for Bitwarden and import it.

I periodically take proactive exports every few months and put them on an external hard drive still though.

ErwinLottemann, 11 months ago

Backups is the keyword. I run Vaultwarden on my internal network, the data gets backed up to an external hard drive, borgbase and another remote machine using borg backup. I also stored the passphrases for these backups in a KeePass database (that is backed up elsewhere). I don’t think I need to worry about data loss. Plus - if the Server is not reachable the synced devices should still have access to the passwords.

Socialphilosopher, 11 months ago

You can use SafeInCloud.

gclawson, 11 months ago

What’s people’s thoughts on Dashlane?

restingboredface, 11 months ago

I used it for a while. It was okay but I got frustrated with some of the UI on Desktop. It struggled to recognize a lot of website password forms so I had to do a lot of manual login entry (even if it was copy paste it was still a pain). I really liked having a desktop app that didn’t require a browser but they stopped supporting it, which was the last thing I was staying for so I dropped it for Keeper, then One Password.

With all that said, it’s one of few pm tools that made it super easy to share passwords securely (more than keeper or Onepassword) , and it was pretty seamless to share logins for household stuff like Netflix and our mortgage servicer. My husband hated using though since he had his own system that preferred using, but used dashlane for things we shared.

LoyalOrange503, 11 months ago

Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven’t paid a single penny to them. Autofill is possible, on both android and web browser, although you’ll have to set it up through an extension. Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.

it ticks all your requirements!

Concept1037, 11 months ago

Bitwarden is great. If OP wants they can self host it via Vaultwarden which I’m using. It works perfectly.

Rathernotsay, 11 months ago

I pay just because I love them and it’s under 1$ a month

LoyalOrange503, 11 months ago

I would love to, but I’m a bit tight with cash atm. I’ve been meaning to pay the 10-11 quid a year plan just to support them. They’ve given so much to me and I haven’t given anything back :(

Caaaaarrrrlll, 11 months ago (edited 11 months ago)

KeeWeb. Compatible with anything that uses KeePass files.

It checks more than half or even all of your boxes.

• Free and Open Source, on GitHub.
• Can be self hosted. Or go to app.keeweb.info.
• Can be synced to the cloud of your choice. Even supports WebDAV, which is very lightweight.
• Encrypted at rest and end-to-end. Those clouds don’t have your decryption key. Decryption happens in your browser client-side.
• Cross platform. Anything that can load a webpage or is compatible with KeePass can use it. It can be bookmarked to the home screen on mobile and it becomes its own app.
• Auto fill via hotkey on PC.
• Supports PINs/Multi-Factor Authentication codes.
• Can attach secret files like backup codes or SSH keys.
• Can configure how strong the encryption is on the KeePass file.
• Theme support.
• Secrets can be exported.

Edit: in another comment someone mentioned the KeeWeb developer is looking for another maintainer due to their own personal health issues. It’s been stale since mid-2022, while the core is considered still secure there is concern for its dependencies. It can be compiled at home with updated dependencies if that concerns you.

kamen, 11 months ago

One vote for BitWarden.

dgrabla, 11 months ago

Hummm am I the only one using ‘pass’ ?

lntl, 11 months ago

You’re not alone

Schnaftator, 11 months ago

What I don’t like about pass is that every entry is visible in the file system. An attacker needs just a directory listing to know where I have accounts.

Christopher, 11 months ago

One more point on Bitwarden - when the top password managers were being hacked/exploited, Bitwarden was keen to fix what appeared to be vulnerabilities in an extremely timely manner. I don’t remember where I read the article but it still fared best out of all the other managers out there.

It may have been ars technica, I don’t remember.