If it can help you, I'm in the process of choosing a password manager for my small company and asked this (awesome) community for help.
I made a table with the results so far. You can find it here : https://sh.itjust.works/post/52850975
I'm still lost, but I hope it can help you...
KeepassXC
I use ExpressVPN and their PW manager. I love it. It also has 2fa keys. Super dynamic and has worked on a few different phones I've had as well as browsers (Vivaldi, brave, etc)
I wouldn’t trust any of those vpns that do a shit ton of youtube sponsors. You should try mullvad.
not aware of youtube sponsorships or why that would matter. I've used it for like 4 years now and have had no problems.
I don’t understand your issue with needing to enter your master password repeatedly with Bitwarden. You can use biometrics or a pass code to sign in on mobile. It’s pretty easy to enable in the settings. You enter master password once, turn on passcode or biometrics and then that’s it.
For me, I'm extra paranoid.. Someone can forcefully unlock with biometric
there's the lockdown or similar feature at the phone level in Android and iOS
if you're in a situation where you don't want someone to access Bitwarden, then you probably also want to stop them from using your browser with all the cookies and logins it currently has
so temporarily block all biometric access on your phone in such cases, and merrily enjoy biometric access when you're physically safe again
on Android, it's Power + Volume-Up, then Lockdown
Same on iOS too. Same buttons.
You can set a pin as an alternative. Pin would be easier to brute force but no different to a password when forcefully unlocked by coersion.
i think you can alsk yubikey
I tried bitwarden wasn’t good cuz on mobile I had to reenter master pass over and over
Setup fingerprint unlock and enable it in Bitwarden.
Bitwarden, is still the way to go. I say this as a proton customer. I've learned to work around it's small annoyances
If your main concern is usability, 1password works pretty well. The downsides are it's paid, closed source, and I think they removed the option to use a local vault, so it might have to be cloud.
I’ll check it out. If it’s cheap I might be willing to try it. Its not like proton is FOSS.
WDYM? Isn’t it?
Only the frontend. Not the backend, so you can’t self host without modifying both browser extension and mobile app, along with rewriting a server from scratch.
Okay fair enough, but that is at least slightly different than saying Proton isn’t FOSS, but I understand.
They have a pretty good FOSS standing and audits for software they distribute. While that doesn’t make it easy to host privately, it does make it trivial to see how data is shipped to their servers.
Keepass is good, with Synching you can synchronize everything better
Use bitwarden, go to Settings -> account security -> unlock with pin and turn it on. If it’s already on, toggle it off then on. You will be prompted to set your pin. Dont forget your master password.
I wont :) I should give bitwarden another try.
After you eventually settle on bitwarden, rotate all passwords and uninstall or clear out the contents of other password managers. From your replies in this thread it seems like you’ve used many different managers.
I’ve switched 5 times in one day
Whats wrong with keepass. I'v been syncing with syncthing for years now. I still don't know why frontend matters is not like you will use it every 10 minutes
I get to keep the ass? I should switch to that.
Idk it was so bad it was annoying me, when I tried. Maybe I should force myself to use for a month, and see the results.
I don't know if Syncthing is available on iOS but this works great to sync Keepass's database between Linux and Android.
Synctrain is an ios syncthing client. It works great!
Good to know, thanks.
KeePassium on iOS and the .kdbx-files in your iCloud for sync? Strongbox for macOS.
I don’t wanna be reliant on icloud. Also keepassxc web ui sucks ass.
What's wrong with having your data on proton's servers? I thought the app and browser extensions are verifiably only sending encrypted packets? Or do they only encrypt your password and send metadata as is?
I wanna use a different proton service, but using 2 services from proton is a bad idea.
Why
Use one service for one thing, so that when it gets disabled, only that one thing is affected.
https://ignorethecode.net/blog/2025/06/11/stop_uploading_your_data_to_google/
That's fine as a general guideline, but does not need to be a steadfast rule. You can use your own judgement. I like ProtonPass's SimpleLogin feature so I use that for email aliases. Its so nice and convenient.
I'm in the same boat. Wanted to do Bitwarden but their sign up process is garbage. It never sends me the confirmation email. If love to set up a keypassxc server, but didn't know about the frontend issues.
The frontend for keypassxc isn’t necessarily horrible, it’s just proton pass feels like magic, while key pass feels just barely working. idk I remember it being kinda awkward
KeePassXC. I think you can install client on every OS.
Ive found pencil/pen and paper and memorization work (ive been got by a bad download they cant scrape the paper) its old school but its pretty good not all eggs in one basket kind of thing
All good until your house burns down/floods or something.
Dizzyam. nice call. i didnt think of that. Those could be a problem but the pass words a quick grab away so if im alive they ok(flood would be worst clothes get wet. Fire im out the window) ill put them in zip locks.
If they are serious passwords, look at putting them in a fireproof bag.
Otherwise, what happens if something happens when you are out?
Nice Thank you this is good thinking
Doesn't have to be your main copy (those bags are annoying to use). But put a copy in there at least (and keep it up to date with the important ones)
DON'T put the paper in a plastic organiser etc, plastic melts/burns at lower temperature so can ruin them even if the bag would have otherwise been able to protect them.
Good luck, but I still recommend encrypted offline strong passwords
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)