What password manager do you recommend?

Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I’m done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I’ll use Bitwarden. Thanks for recommendations! Now I don’t need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I’ve forgotten my email password as well as a few other accounts I haven’t logged into for a while. Damn, should’ve used a password manager earlier.

Kyrgizion,

My brain. Comes up with the whackiest excuses for why this-and-that password would be a great choice and how easy it would be to remember, only to later explain to me rationally why it was the wrong choice and how I should’ve known I’d forget it. Then again, that’s just extra security. If it’s only stored in my internal memory and even I can’t remember it, no one else is getting in for sure.

kingmook,

+1 for bitwarden. If you want full control you can even host your own server. Easyish to setup at Bitwarden Docker Setup

shapis, (edited )
@shapis@lemmy.ml avatar

protonpass for sure.

Bitwarden is great, but it’s way too easy to lock yourself out of it if it’s your first pw manager ever.

maxxpowerr,

What would you suggest to first time users so they avoid being locked out?

shapis,
@shapis@lemmy.ml avatar

Same way experienced users would prevent that.

Write down your password and recovery codes in multiple safe places.

That’s a bit of a hassle. For me at least.

That’s why I suggested protonpass. You can mess up but as long as you don’t forget your pw you are fine.

miku,

Make sure you absolutely know your master password or put a hint as there’s no way to ever reset or recover that password if you forget it

Pneuma,

You could get creative with a premium account “A” where you can designate another person/account “B”(can be free account) with emergency access after a waiting period.

When B requests access it’ll send an email where A can approve/deny access immediately; or if you’re completely locked out, B will be granted access after the waiting period that you can set passes.

B can either be another person you trust, or it could just be a written backup that can be locked somewhere safe but not accessed on a daily basis.

If you want, after designation you can cancel premium and the emergency access will still be active, you just cannot add/edit who has access.

slimsalm,

I use keepassxc, works well for me.

Moondance,

Bitwarden

Royalish,

This is the way.

NPC,

There are other good options out there, think keypass, 1password and maybe dashlane. But my favourite would definitely be bitwarden

odbod,

This.

Bitwarden.

All day; everyday.

ChrislyBear,

Keepass all the way. Checks all the boxes. Access via browser: If you have a Nextcloud instance, theres a NC-Addon to open kdbx files in the browser.

re: Bitwarden I tried it and it wasn’t sufficient for me. Is it now possible to also store and generate TOTPs? Can you store SSH keys and retrieve them directly from the password storage?

knoland, (edited )

You definitely do not want to generate TOTPs in your password manager. That makes it a single point of failure in the event of a breach.

EN20,

As stated by keepassxc: yes to in the same database results in a single point of failure but the easy and good solution is to store them in a separate database. Definitely more secure that stuff like some authenticator app on the same phone where the otps are used

ChrislyBear,

You’re right, good point! I’m going to separate the OTPs out of the DB right now. Thanks!

justsayit,

Plus one for BitWarden for a great low price/free option that’s open source.

1Password if you have a few extra bucks to spend. I find the look and feel to be worth the money despite not being open source.

Kristho,

I agree on this one. I used Bitwarden first - but now I’m on 1Password for both work and personal use.

Kalkaline,
@Kalkaline@lemmy.one avatar

I use LastPass because my company pays for it, I also export to all of my browsers because LastPass doesn’t fill or save passwords right on some sites and the browser auto fill works better. Sometimes that means I have to search a bit for the right password for an account, but the system works and I haven’t had a compromised password that was my fault in a long time since I use autogenerated passwords. As always 2FA the important accounts.

jagoan,

If you’re comfortable around *nix stuff: pass. Open source, free forever, you can “host” it with Github private repo.

wuddupdude,

Love pass. Been using it for years. Although I’m not sure how you would get it to form fill and stuff, but I don’t need all that.

jagoan,

It has browser extension for Firefox and Chrome, iOS and Android app. On Mac it can even unlock the master password with touch id.

Personally the android app could be a lot better, although I’m not sure if it’s the app problem or just how Android handles password input from another app that needs fixing.

hellequin67,

Now I don’t need to worry about forgetting passwords anymore

Only problem is now I don’t know any of my passwords, apart from master password for BW. 🤣

Norgur,

Chances are that I don't really care about the account if I used @duck.com as a mail alias and a bitwarden password which is the only constellation where an account might be unrecoverable without BitWarden.

TechieDamien,

pass would meet your requirements. It is a super simple implementation of a password manager levying PGP for encryption and git for syncing. You can therefore use any git server for syncing. There are browser extensions for autofill etc and scripts to import/export passwords etc.

SecretPancake,

Been using 1Password since 2010. I tried Bitwarden a few years ago just because of the price. In theory it ticks all boxes but it was a pain to use. I does not flow like 1P, some things did not work the way I expected and it looks like shit. Don’t ask for details because I forgot. So I switched back. The new design of 1Password made it a little worse but it’s still great and the integration into iOS and macOS is amazing.

moopet,
@moopet@kbin.social avatar

1Password has some nice features (like it reads QR codes off the page and automatically handles 2FA for you, which is clever, but not necessarily the "2" in "2FA" you were hoping for) but it also has a lot of weird UI decisions that make it confusing to use, especially in a shared company environment.

It is a lot better than it was before though, now it's cross-platform (it used to be exclusively AppleSuperiorityComplexWare), but it's still not open source.

Kirottu,
@Kirottu@kbin.social avatar

Bitwarden is fantastic, been using it for a long time now withour complaints.

RomanRoy,
@RomanRoy@lemmy.world avatar

Bitwarden, no question

sharan,
@sharan@kbin.social avatar

Bitwarden. Definitely recommended.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • asklemmy@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #