How do you handle your passwords? (beehaw.org)

submitted 1 year ago by Dymonika@beehaw.org to c/opensource@lemmy.ml

65 comments fedilink hide all child comments

I rely on Bitwarden (slooowly migrating from... a spreadsheet...) and am thinking of keeping a master backup to be SyncThing-synchronized across all my devices, but I'm not sure of how to secure the SyncThing-synchronized files' local access if any one of my Windows or Android units got stolen and somehow cracked into or something. I'm curious about how others handle theirs. Thanks in advance for sharing!

(page 2) 16 comments

sorted by: hot top controversial new old

[-] powermaker450@discuss.tchncs.de 1 points 1 year ago

I've set up Vaultwarden as I used Bitwarden before that and it made switching very easy. Doesn't get easier than that, synced passwords across all your devices/browsers.

[-] Manalith@midwest.social 1 points 1 year ago

I was using Bitwarden up until I moved my email service to Proton. Now, I just use all their things, but I didn't have any issues with Bitwarden personal. I do have some issues with their organization accounts though.

[-] Dymonika@beehaw.org 1 points 1 year ago* (last edited 1 year ago)

I do have some issues with their organization accounts though.

Like what? And is Proton Pass open-source?

[-] Manalith@midwest.social 1 points 1 year ago

Just management things, they don't do nested permissions, removed the ability to have groups auto added to collections and the desktop app has been broken for creating new entries in an organization because it can't for some reason it can't see collections, but that's something that broke in an update and they just haven't fixed for a few versions.

[-] ChallengeApathy@infosec.pub 1 points 1 year ago

Proton Pass. If you're comfortable with cloud E2EE managers, it's far more worth it than Bitwarden, since you get unlimited email aliases. Better for privacy and even security. Plus, I trust Proton, they have a phenomenal track record in terms of security and encryption.

[-] Dymonika@beehaw.org 1 points 1 year ago

they have a phenomenal track record in terms of security

I read that they have bowed to email subpoenas in the past.

load more comments (1 replies)

[-] kevincox@lemmy.ml 1 points 1 year ago

I mostly just use Firefox Sync. For critical passwords or non-web passwords and other small keys I store them in pass.

[-] CCRhode@lemmy.ml 0 points 1 year ago

I'm agnostic about password managers, and I'm agnostic about sync'ing password repositories between devices. I believe there would be grave risks of losing access to my own repositories by misplacing their pass-phrases or bungling other kinds of authentication. I try not to put anything on portable devices that is super confidential. On the other hand, I restrict physical access to my desktop computer. I back it up continually, power it from an uninterruptible power supply, and run only a handful of server-side processes there. ... so I feel safe ... sort of.

I suppose it may seem heretical to members of this community, but I put all my passwords in a plain-text *.csv file on my desktop machine that I maintain with my own python script.