Hy,

In your opinion do you prefer Bitwarden or Proton Pass and why?

It seems proton pass have better integration with Firefox.

Good and bad?

Thanks.

    • Zeta@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      KeepassXC + SyncThing in my case, to skip the middle man (Dropbox/Google drive)

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      No sir, I did this for years. I used Kypass on my iPhone so I could use my passwords on my phone as well. I ended up switching to Bitwarden for easier 2FA implementation and granular password sharing rather than having to share my whole vault or manage a separated shared vault

        • TORFdot0@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I use Bitwarden with DUO as my Authenticator app. I know that you can set up keepass with 2FA via an extension but I didn’t find it as portable with my existing apps which is why I decided to make the switch

    • ShellSurf@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Nah, still a great solution if you like. That was my solution for years until just about a month ago I switched to bitwarden because it seemed easier to protect with a yubikey. I’ve liked it so far.

      I took the opportunity to export all my passwords from Firefox, chrome, and KeePass, then spent about a day cleaning the whole mess up and removing duplicates, THEN imported the csv into bitwarden. Still getting used to not using chrome/Firefox for auto filling and storing passwords, but I like that my passwords don’t feel so spread out across multiple browsers/dbs.

    • Atemu@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It works but partitions can and will happen and a merge afterwards is non-trivial AFAIK.

      • jplate8@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I just trust the built-in encryption, which makes it easier to read via keepass2android (since I don’t have to do an extra decryption step).

            • unable_blitz@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              Interesting. I assumed it did, two layers of encryption, different passcodes and ideally keys - not sure how it wouldn’t, but now I need to research it

              • Zikeji@programming.dev
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                1 year ago

                These are my opinions, not a security expert or anything but - if your system is compromised two layers won’t make a difference. If someone gets ahold of the KDBX, two layers might slow them down but if they have the compute to crack the KDBX in the first place a second layer won’t make a difference, even if you’re using a stronger algorithm.

                I can only think of two benefits.

                1. using two different algorithms adds a layer of protection in the event a flaw is discovered.

                2. If it’s wrapped it would likely have a different extension and signature, so if someone were to say, hack the cloud storage provider and grab all the KDBX files you might get missed.

                In any case, the encryption algorithms we use today will likely be irrelevant and useless at some point in the near future. If you suspect your KDBX has been stolen, you should change all your passwords - even if they can’t crack it today, you don’t want to get an unpleasant surprise in a decade because you didn’t.

                Although changing your passwords on interval is a good security practice anyway.

                I also wouldn’t sync them with a cloud storage system either, since you never know.

            • endbringer93@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              At the very least it would hide filename in cloud storage so no one would know that it’s a file with all your passwords.

              Personally I don’t put anything in cloud storage unencrypted so I’d still just encrypt that file client side with the rest of them if I used keepassx.

  • havuq@lemmy.world
    link
    fedilink
    English
    arrow-up
    32
    ·
    edit-2
    1 year ago

    I like Bitwarden because I can host my own server and control it all. Not sure if the other service does set-hosting. Maybe you can do the same with that?

    • vortic@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I’ve been thinking of setting up my own server. Does hosting your own server feel secure? I feel capable of setting up my own server but I’m not sure if I trust myself to secure it appropriately.

      • havuq@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yes, it’s secure and of course can be further secured by other services, like vpn and scanners and such. I front my stuff with Cloudflare certs on their free tier as well.

        Just use complex passwords for the admin and logins. They also support two-factor authentication which is easy to setup.

  • plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    ·
    1 year ago

    Bitwarden isn’t a brand new solution. I don’t understand the comment in Firefox, though, Bitwarden has no issues with it that I’ve found.

    • CoderKat@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I’ve used Bitwarden heavily in various browsers and Android. It’s really great and very effective at filling in passwords. Every now and then there’s a site that does something weird to make it autofill a bit wonky, but I can only recall seeing that happen with registration forms (sometimes the enter + confirm your password fields seem to confuse it). It’s near perfect at sign in forms that I’ve used.

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      There are issues with Firefox private browsing windows that don’t happen in Chrome. Quoting their help article:

      • Your vault will lock every time the browser extension closes, unless you set vault timeout to Never.
      • Unlock with PIN will work only if the Lock with master password on browser restart option is not selected.
      • The badge icon will not update to show vault state (locked or unlocked).

      Not huge issues, but definitely annoying on a daily basis.

      • Atemu@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I don’t have experience with the second point but the other two don’t happen to me; it works as it should.

        • asap@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Really? With Firefox in a Private browsing window - are you certain?

          Here’s mine, with the vault currently locked, but not showing any locked state (point 3):

          And for point 1, just unlock the dropdown extension, exit the extension window, then click on the icon again. It will be re-locked when it shouldn’t.

          If you’re really not seeing this, would you mind telling me how you fixed it?

          • Atemu@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            I missed that you said in private tabs. I can reproduce it there but BW also says that private tabs support is still experimental when you try to do it.

  • GrumbleGrim@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    24
    ·
    1 year ago

    Don’t combine email, password manager, or 2FA authenticator together with the same company. All 3 should be completely separate from each other.

    Bitwarden has a distinct advantage for this reason alone.

  • madsen@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    Been using Bitwarden and Firefox for years and years. Never had any integration issues.

  • dorkian_gray@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    I love Proton but I don’t use their password manager because I use Proton for email (and calendar, and VPN, and cloud storage). If my email gets compromised somehow, I don’t want my password manager compromised too.

  • parachaye@lemmy.world
    link
    fedilink
    English
    arrow-up
    16
    ·
    1 year ago

    Been a longtime user of Bitwarden (free, and over the last year paid). It’s a straightforward/good but a bit boring UI, connects very well and easily into browser, phone etc. Works well, highly recommended, and having 2FA on paid version is awesome.

    Been trying out Proton Pass for the last few days since I already pay for Proton Unlimited. It’s got a good UI and so far it’s been working well in Firefox and on my phone. It’s much better integration with Simple Login features so I like the slightly more seemless sign-up ability. It’s not 100% feature parity with Bitwarden paid though.

    Bottom line - I prefer proton pass as a heavy proton user already BUT if I just wanted a standalone password manager, Bitwarden is probably better. Both are good options though, and competition is good.

    • radix@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      (Possibly a silly question: Is there anything wrong with a boring UI? What makes a good UI not boring?)

      • parachaye@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Nothing wrong with a utilitarian boring UI/UX. It’s not going to be a determining factor but a nicer looking and feeling experience is…nicer.

      • Tangent5280@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I was just about to ask this too. I think boring is better than complicated, Especially for something you use everyday and that too, on autopilot a significant amount of time.

    • MeowdyPardner@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      I love this. I have it running on my Synology which has native docker support, reverse proxied through a wire guard tunnel to a digital ocean droplet.

  • neardeaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Bitwarden. I’ve used it for years, never been unreliable. I pay for it.

  • backseat@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    I’ve never used Proton Pass so I can’t comment on which is better. However, my wife and I have both used Bitwarden for a number of years and have no complaints. Works with Brave, Chrome, Firefox; works on Linux, Mac and Android. We don’t have Windows or iPhone so can’t comment on those. We can share selected passwords between us.

    And it all just works.

    • AttackBunny@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Works great with iPhone. It gets a little angsty when you have the Apple keychain or whatever it’s called activated sometimes. Honestly it is just a matter of selecting which to use, but the software gets a little confused sometimes.

  • PeachMan@lemmy.one
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    Bitwarden is an open source, very popular choice, tried and tested. The Firefox extension works great, as do the mobile apps. The free version includes most of the features if you want to try it out.

    If you’re considering paying for the most polished experience, 1Password is the nicest in my opinion. Stay away from LastPass. No opinion on Proton Pass, it’s still new. But I still choose Bitwarden because I like that it’s open source, and I COULD choose to self-host a server if I got paranoid (I probably won’t).