What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.
I’ve used:
- LastPass
- 1Password
- ProtonPass (Now using)
I thought ProtonPass was a good choice but I’m starting to read more about it. What’s just a really solid choice all around, that you can feel good about? Free or paid.
What’s up with protonpass? Any pointers?
Password manager from proton(protonmail/protonvpn guys)
Yeah, but why wouldn’t it be a good choice?
Oh idk that
That’s alright. Thanks though.
Bitwarden.
If you want to keep it in a file you want to sync yourself: keepassKeepass + Syncthing is an undefeated combo
Definitely Bitwarden
Use KeepassXC with Syncthing for maximum autonomy or Bitwarden for maximum ease. Both are FOSS. That’s my recommendation and also seems to be the consensus among those who share your needs.
I’ve haven’t looked at KeepPassXC before. I’ll check that out today.
Bitwarden
I’ll second bitwarden. I also have proton-pass but use bitwarden.
I’d used KeepassXC + Nextcloud to sync for ~4 years.
Then I switched to Bitwarden client + self-hosted Bitwarden Server/Vaultwarden for ~2 years and I haven’t looked back.
The problem you’ll face with KeepassXC + any syncing mechanism is that conflicts will happen. Meaning, you’ll make a change on your cellphone, your internet has a hiccup or stops working. Then you make a different change on you desktop. When everything is synced, you’ll be left with a KeePass conflict file that you need to fix. This might be fine if you immediately notice it, but if you stumble upon a conflict file from a month ago - good luck merging the differences.
Bitwarden client + Vaultwarden has improved my password experience radically. I have phones, laptops, browsers, etc all talking to Vaultwarden. Any conflicts are handled automagically by the clients. Everything “just works” in offline mode (meaning I can add/update credentials while offline and it’ll update the server whenever it can - without needing to do any mental gymnastics).
I can share passwords with friends and family without needing to share everything. Plus, as my instance is self-hosted, my family can get “emergency access” (would be a “premium feature”) to my passwords if something unfortunate happens to me. Plus, requesting emergency access is pretty easy to do, for non-tech people.
edit: a word
The struggle with KeePass conflicts is real. Put basically the problem occurs when you change a DB on device A, change the same DB on device B, and then you sync them using Syncthing. That might happen for me once a month.
I think I found a process that can reduce the occurrence of conflicts, mostly, not entirely. Instead of one DB that every device shares I have one DB per device (i.e. the KeePass file includes the name of the device). Most of the time this can’t possibly cause a conflict because device A only saves to its own DB. The only time it could create a conflict is if I need to pull in an entry that I made on another device. That’s a manual process for me and it makes me more aware that a conflict could happen. I make sure the device I’m syncing from is active in Syncthing, and if it is there’s almost no chance of a conflict.
A one-way sync option for KeePass would make conflicts almost impossible so I think I’ll propose that or work on a plugin for it.
I’m similar to some here, using keepassxc and nextcloud
iOS users, i guess the best option available is self hosted Bitwarden
Unfortunately LastPass had some issues over the past years with hacking where encrypted vaults were stolen. Between myself and my friends in tech, I know of a few conpanies that ditched it after that.
For individual/personal use, I’d reccomend KeePass (whatever fork of it is up to date and maintained lately) and using somethung like syncthing to sync it across devices. That may not be super user friendly for non-technical users though, and I’m not sure how well it works with iPhones.
Great thread and good recommendations from folks. I use RoboForm for personal and happy with that for many years now, and Bitwarden for my company and happy with it.
I pay for a 1Password family account. I like it.
Getting the family to use it is hard, but that would be the case with any password manager.
I understand there’s a bit of of bias here, but I’ve been using 1Password for probably 10+ years and have literally never had a problem. Transferred between multiple devices, added family, etc.
Solid as hell and super reliable.
Selfhost if you want, but I’ll take the reliability.
I do selfhost everything I can, but have chosen not to do that with my passwords. It feels to much all-eggs-in-one-basket-y.
1Password also holds my SSH keys and acts as an ssh-agent on most systems, and I also just found out that you can get secrets from your 1Password vault in Python, which means my PyInfra scripts can use it as well.
Yeah, totally agree. I do backups in a similar way. Do I have cloud backups? Yes. Do I also have local? Hell yes.
A combination of the two is likely the best bet but I will say 1Password feels like one of those “oft imitated, rarely replicated” solutions.
Although I’ve also been using Apple’s solution for similar reasons. Works great, too.
KeepassXC. Sync the file however you want.
diy synchronizing sucks ass. i can never get anything to do it right
Syncthing. I’m not sure what I’d do without Syncthing at this point.
I use Nextcloud, which always works well for me. I don’t use Dropbox or Gdrive or OneDrive, but they should work too. What have you been using?
Probably not ideal but I use Google drive for synching and it worked fine. The database is encrypted so, at worst, Google knows I have a password manager.
I use bitwarden for unimportant ones and an offline one for important ones. specifically KeepassXC that was already mentioned.
There’s a lot of good things here to think about. I asked, there’s a lot of experience out there, and I appreciate all of it. Great community, here!
I’m a massive fan, and long time user, of bitwarden.
It’s so much better since they updated the (IMO) ugly, dated UI design. It looks nice and fresh now. Bitwarden is the MVP.
