What is a really smart choice for password manager apps? Concerned about privacy and politically involved CEOs.

I’ve used:

  • LastPass
  • 1Password
  • ProtonPass (Now using)

I thought ProtonPass was a good choice but I’m starting to read more about it. What’s just a really solid choice all around, that you can feel good about? Free or paid.

  • Gayhitler@lemmy.mlEnglish
    3·
    1 hour ago

    Bitwarden.

    You know if you need more than that and if you’re asking on lemmy you don’t need more than that.

  • Whooping_Seal@sh.itjust.worksEnglish
    1·
    50 minutes ago

    My personal choice right now is KeePassXC (PC) / KeePassDX (Android) + Syncthing And Aegis (Android) for 2FA codes, with a yubikey for services that support FIDO keys.

    Overall I like this setup because it’s decentralized and does not rely on a third party server structure. The only “weak” point would be the Syncthing relay servers or the Tailscale VPN that I use, but this goes back to ensuring encryption of the database is adequate with a long password, and using an open source synchronization protocol that ideally has been vetted by a trusted third party (or yourself if you’re capable)

    I used to use Bitwarden, and I highly recommend it. I really appreciated it’s ability to integrate with email aliasing solutions to generate new aliases from within the bitwarden UI itself. However, my main reasons for switching were the following

    • I don’t have the money to pay for it (uni student)
    • I prefer a more self-hosted approach (I will consider using vaultwarden in the future when I have more money)
    • I wanted to move away from using a browser extension for password management on desktop. KeePass’ auto type feature is really good, and a more secure input method than a browser extension autofill.

    The only additional advice I have for both recommendations is that I do not think it advisable to add Totp 2fa information to your password manager even if it supports it. I feel like this should be separate, on a single device, and backed up in ~2 locations (one preferably off site). This is really to avoid problems if a device is compromised and if your password manager is compromised, but this is definitely in the more unlikely category I feel.

    My only major issues with keepass are the potential for sync conflicts and the some feature differences between platforms. A centralized server config like vault/bitwarden prevents the sync conflict issues, at the cost of having one point of failure. The feature differences problem isn’t too great, but autotype doesn’t work on Linux if you install with flatpak, and you can’t prevent screen capture of the app on Linux (only on Android and Windows from my understanding)

    Edit: I also tried gopass, it’s really fun to have an entire CLI based password manager, but frankly the state of mobile companion apps are appalling. The Android option only is good if you use a dev version, and the iOS one I thought was just ok. I also dislike the metadata leaking that is inherent to the format, and that PGP is the main form of encryption for the time being (some clients were looking at using AGE at some point). Overall it’s a cool but flawed concept, and I feel my other two recommendations are superior.

  • Saltarello@lemmy.worldEnglish
    1·
    1 hour ago

    I use Keepass but I recommended Bitwarden to less nerdy family members as it syncs out of the box & does what they need it to do. Sync is simple enough to set up with Keepass & the big plus for me is that it allows storage of files/documents. Last time I checked this was a limited/paid feature on Bitwarden

      • JillyB@beehaw.org
        1·
        4 hours ago

        Probably not ideal but I use Google drive for synching and it worked fine. The database is encrypted so, at worst, Google knows I have a password manager.

      • electric_nan@lemmy.ml
        2·
        6 hours ago

        I use Nextcloud, which always works well for me. I don’t use Dropbox or Gdrive or OneDrive, but they should work too. What have you been using?

  • Scrath@lemmy.dbzer0.com
    45·
    12 hours ago

    I use KeepassXC which is free and open-source. The passwords are stored as an encrypted file on your own system. No servers or businesses involved.

    Personally I put mine in onedrive so it is synced between all of my devices though, so I guess there is still a server involved in that case

    • hedgehog@ttrpg.network
      13·
      11 hours ago

      You can self-host Bitwarden, too. My understanding is that VaultWarden is much simpler to self-host, though. Note that VaultWarden isn’t a “fork”; it’s a compatible rewrite in Rust (Bitwarden’s codebase, by contrast, is primarily C#).

      I also use Bitwarden and strongly prefer it over every other password manager I’ve tried or investigated, for what that’s worth. I’d recommend it to 99% of non-enterprise users (it’s probably great for enterprise use as well, TBF).

      The only use case I wouldn’t recommend it for is when you don’t want your passwords stored in the cloud, in which case KeePass is the way to go. To be clear, that recommendation does not apply if you’re syncing your vault with a cloud storage provider - even one you’re hosting, like SyncThing - even if your vault is encrypted. At that point just use Bitwarden or VaultWarden, because they’re at least audited with your use case in mind (Vaultwarden has only been audited once afaik, though).

      • trouble@lemm.ee
        10·
        12 hours ago

        I’m happy with Bitwarden, the iPhone app and windows software / Firefox extension all work seamlessly and easily

    • foiledAgain@lemmy.worldEnglish
      2·
      11 hours ago

      Bitwarden paid version also lets you set emergency access for others in the case of your death or inability to access

  • Churbleyimyam@lemm.ee
    19·
    12 hours ago

    Use KeepassXC with Syncthing for maximum autonomy or Bitwarden for maximum ease. Both are FOSS. That’s my recommendation and also seems to be the consensus among those who share your needs.

  • nis@feddit.dk
    6·
    10 hours ago

    I pay for a 1Password family account. I like it.

    Getting the family to use it is hard, but that would be the case with any password manager.

    • TheColonel@reddthat.com
      4·
      6 hours ago

      I understand there’s a bit of of bias here, but I’ve been using 1Password for probably 10+ years and have literally never had a problem. Transferred between multiple devices, added family, etc.

      Solid as hell and super reliable.

      Selfhost if you want, but I’ll take the reliability.

      • nis@feddit.dk
        3·
        6 hours ago

        I do selfhost everything I can, but have chosen not to do that with my passwords. It feels to much all-eggs-in-one-basket-y.

        1Password also holds my SSH keys and acts as an ssh-agent on most systems, and I also just found out that you can get secrets from your 1Password vault in Python, which means my PyInfra scripts can use it as well.

        • TheColonel@reddthat.com
          2·
          5 hours ago

          Yeah, totally agree. I do backups in a similar way. Do I have cloud backups? Yes. Do I also have local? Hell yes.

          A combination of the two is likely the best bet but I will say 1Password feels like one of those “oft imitated, rarely replicated” solutions.

          Although I’ve also been using Apple’s solution for similar reasons. Works great, too.

  • LedgeDrop@lemm.ee
    5·
    10 hours ago

    I’d used KeepassXC + Nextcloud to sync for ~4 years.

    Then I switched to Bitwarden client + self-hosted Bitwarden Server/Vaultwarden for ~2 years and I haven’t looked back.

    The problem you’ll face with KeepassXC + any syncing mechanism is that conflicts will happen. Meaning, you’ll make a change on your cellphone, your internet has a hiccup or stops working. Then you make a different change on you desktop. When everything is synced, you’ll be left with a KeePass conflict file that you need to fix. This might be fine if you immediately notice it, but if you stumble upon a conflict file from a month ago - good luck merging the differences.

    Bitwarden client + Vaultwarden has improved my password experience radically. I have phones, laptops, browsers, etc all talking to Vaultwarden. Any conflicts are handled automagically by the clients. Everything “just works” in offline mode (meaning I can add/update credentials while offline and it’ll update the server whenever it can - without needing to do any mental gymnastics).

    I can share passwords with friends and family without needing to share everything. Plus, as my instance is self-hosted, my family can get “emergency access” (would be a “premium feature”) to my passwords if something unfortunate happens to me. Plus, requesting emergency access is pretty easy to do, for non-tech people.

    edit: a word

    • BrianTheeBiscuiteer@lemmy.world
      1·
      9 hours ago

      The struggle with KeePass conflicts is real. Put basically the problem occurs when you change a DB on device A, change the same DB on device B, and then you sync them using Syncthing. That might happen for me once a month.

      I think I found a process that can reduce the occurrence of conflicts, mostly, not entirely. Instead of one DB that every device shares I have one DB per device (i.e. the KeePass file includes the name of the device). Most of the time this can’t possibly cause a conflict because device A only saves to its own DB. The only time it could create a conflict is if I need to pull in an entry that I made on another device. That’s a manual process for me and it makes me more aware that a conflict could happen. I make sure the device I’m syncing from is active in Syncthing, and if it is there’s almost no chance of a conflict.

      A one-way sync option for KeePass would make conflicts almost impossible so I think I’ll propose that or work on a plugin for it.

      • LedgeDrop@lemm.ee
        1·
        4 hours ago

        That’s a very clever solution. But it’s really convient to create a login in your phone and immediate switch to your laptop and login.

  • ParlaMint@lemmy.mlOPEnglish
    2·
    9 hours ago

    There’s a lot of good things here to think about. I asked, there’s a lot of experience out there, and I appreciate all of it. Great community, here!

  • Tiger@sh.itjust.worksEnglish
    2·
    10 hours ago

    Great thread and good recommendations from folks. I use RoboForm for personal and happy with that for many years now, and Bitwarden for my company and happy with it.