What password manager should I use? (hexbear.net)

submitted 1 month ago by iie@hexbear.net to c/technology@hexbear.net

41 comments fedilink hide all child comments

all 43 comments

sorted by: hot top controversial new old

[-] paradox2011@lemmy.ml 39 points 1 month ago* (last edited 1 month ago)

If you want to manage your own password vault, KeepassXC for desktop and KeepassDX for mobile, using syncthing for syncing. Vaultwarden is a option for a more involved self-hosted set up.

If you want someone else to manage your password vault, Bitwarden for desktop and mobile.

Those are the only meaningful options that I'm aware of if you want an open-source solution.

[-] someone@hexbear.net 12 points 1 month ago

If you want to manage your own password vault, KeepassXC for desktop and KeepassDX for mobile, using syncthing for syncing.

Seconded.

[-] JustSo@hexbear.net 6 points 1 month ago

oh snap you already mentioned syncthing. My whole ass post was irrelevant. Good taste. Good post.

[-] paradox2011@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

Any recommendation for an awesome tool like syncthing is worth it! Pile it on 🥳

[-] dannoffs@hexbear.net 23 points 1 month ago

KeePassXC

[-] JustSo@hexbear.net 14 points 1 month ago* (last edited 1 month ago)

Best of the best.

Stay away from those online password managers. Look into Syncthing (https://github.com/syncthing/syncthing) for synchronising your database(s) across your devices without needing to rely on cloud services. It works similarly to bittorrent tech afaik.

[-] Enjoyer_of_Games@hexbear.net 5 points 1 month ago

In 15 years when it suddenly becomes important for you to need the password so some site you logged into once with an email address you haven't used in 10 years, KeePassXC will still work on whatever OS you are on and probably look the same as it does now and your password database will just be a file you have saved on a bunch of your devices and probably some USB drives lying around even if you long ago got lazy about maintaining your backup synchronization etc.

None of the password as a service sites will still be around or if they are they will ransomed your passwords if you didn't pay some fee or other bullshit. The self-hosted ones you might still have a backup of but when you spin up the host there will be some out-dated dependencies or other bullshit that will make it a colossal effort just to retrieve a simple line of text.

Keep it simple use Keepass

[-] wheresmysurplusvalue@hexbear.net 5 points 1 month ago

If you're worried about that then you can export your bitwarden passwords on a regular basis and back that up however you want

[-] hello_hello@hexbear.net 19 points 1 month ago* (last edited 1 month ago)

KeepassXC: local storage, you're responsible for backing up and keeping your password database file safe. (Keepass is a open standard for passwords, so you can use any client that supports keepass files, not just KeepassXC)
Bitwarden/Vaultwarden: web-based server-client password manager. You can use bitwarden.com if you want to just set it up and leave it.

Stay away from any password manager that's sponsored on YouTube or that's proprietary (if you can't find the source code anywhere, stay away!)

[-] DavidGarcia@feddit.nl 16 points 1 month ago

a .rtf file with wingdings font

[-] sudoer777@lemmy.ml 10 points 1 month ago

I love self-hosted Bitwarden, whenever my server goes down or there's a power outage and I'm out of town, my extensions and sometimes apps stop working and now I can't access my passwords. Currently experiencing this right now, I might switch to KeepassXC after this

[-] ksynwa@lemmygrad.ml 3 points 1 month ago

Do the clients not download the required data from the server to be able to work offline? That'd a bit strange.

[-] sudoer777@lemmy.ml 2 points 1 month ago

Sometimes the data is cached and it still works but sometimes it tries to refresh or something and then it breaks. It's kind of unreliable, although maybe the new betas do a better job at it.

[-] LisaTrevor@hexbear.net 9 points 1 month ago

I use bitwarden

I keep telling myself I'll switch to KeePassXC after I tell myself I'll switch to Linux

[-] LaGG_3@hexbear.net 9 points 1 month ago

This, plus "oh, I'll set up a NAS, too, soon - I just need to save up for the equipment"

[-] Inui@hexbear.net 5 points 1 month ago

I have a NAS and a server and I still use BitWarden. I'm not hosting email or passwords.

[-] hello_hello@hexbear.net 5 points 1 month ago* (last edited 1 month ago)

The equipment doesn't have to be crazy, a discarded laptop connected to AC power with an ethernet cord can act as a NAS.

Dedicated NAS hardware seems overkill.

[-] LisaTrevor@hexbear.net 3 points 1 month ago

just like me fr (i'm gonna get myself the NAS stuff for christmas tho)

[-] anarchoilluminati@hexbear.net 7 points 1 month ago

Bitwarden.

[-] GalaxyBrain@hexbear.net 7 points 1 month ago

A sticky note in your house. Easily the most secure.

[-] Strayce@lemmy.sdf.org 6 points 1 month ago

Depends on your level of technical skill. Avoid LastPass like the plague, their security is laughable. I used to use them until I got burned in their 2022 breach. Otherwise the two main ones I know of are Bitwarden/vaultwarden and the various forks of KeePass.

I use Bitwarden and I'm fairly happy with it. I use it hosted, but there's the option to self host via the official server or vaultwarden. Neither of which I have experience with, but it's nice that they exist in case of enshittification.

KeePass I'm less familiar with. Seems like you have to self host, and there's a few different forks floating around. Seems like a fairly significant investment of time and energy and I honestly don't trust myself to keep a self hosted solution secure anyway.

I think nextcloud also has a password module, but I know next to nothing about that.

[-] dannoffs@hexbear.net 7 points 1 month ago

You don't "host" keepass, it's an encrypted file you keep synced however you want.

[-] BelieveRevolt@hexbear.net 3 points 1 month ago

Not only has LastPass had a couple of data breaches in recent years, they also changed their pricing so you now have to pay if you want to use their app on desktop and mobile. Basically, they're charging for what Bitwarden offers for free.

[-] ZWQbpkzl@hexbear.net 5 points 1 month ago

Depends on your techie level:

normal person: bitwarden
comfortable with tech: keepass
tech worker: password-store aka pass (aka gpg+git)

If you want to self-host then use vaultwarden instead of bitwarden. Paywalled features of bitwarden are still paywalled in the self hosted version (because its not a different version due to AGPL). Vaultwarden removes those paywalls and has a smaller footprint on your VM.

[-] glans@hexbear.net 4 points 1 month ago

It depends who you are. A fuller question would probably yield a more relevant answer. The 2 contenders from the comments are Bitwarden and Keepass*.

Summary: Most people should start with hosted bitwarden. Use that to import your old passwords from any browser or ad hoc storage method, and get into the habit of using the password manager. As you get comfortable, you will have a better context from which to understand any unmet needs. If you want to try to keepass* on top, it's not too hard.

Telling someone new to password managers to go straight to Keepass* is like telling someone who interested in getting a bike that they have to build their own fixed gear and immediately launching into a speech about how the dish of the wheel will be while truing it.

Both

FLOSS
You can more or less move between them. they don't work exactly the same so could be some complexities.
pretty decent security overall as long as you use them properly

Bitwarden

remotely hostd or you can you can run it yourself if you are that kind of nerd
hosted is free or very low cost
you are mostly limited to their suite of tools such as apps, browser extensions etc; not a lot of 3rd party stuff going on
has sync via app/extensions without having to download and unlock your entire database on every device-- for example a work/public computer.
has some organizational features like being able to share credentials with other people; handy if a family/work situation
You will be able to use your own experience to show people around you they can use a password manager
There is a business in charge of this project, which is good because it gets regular attention including security audits, but bad because the needs of business customers often et priority
I believe there is/was some issues with components/upstream code being non-libre

KeePass*

No hosting, no sync included
It is a file you must keep track of. If you want to share your credential database on your phone and your computer, you need to figure out how to do that.
Options: Syncthing, webdav (eg nextcloud), ?dropbox, ?google drive

whatever you choose it must be reliable and available 100% of the time on every device you might need your passwords on. And not just a web interface. You will need a live synced file on every device on which you might need to make changes. And you must install or have a portable application that can decrypt and make use of the file on each device. You must have the ability to manage your chosen syncing across platforms and environments. Including any and all problems that could arise.

It is a much larger ecosystem of tools so more options to find something you like to use.
I don't think there are any/many businesses involved and the development is more community-oriented
Whatever you get working is unlikely to be suitable for anyone else you know who isn't already a giant nerd

Bitwarden.

[-] huf@hexbear.net 4 points 1 month ago* (last edited 1 month ago)

pass

it's free software, it's cli (because why should something like this have a gui?!), it uses gpg to encrypt/decrypt the password store and git to share it between machines.

https://www.passwordstore.org/

[-] JasonDJ@lemmy.zip 4 points 1 month ago

It doesn't need a GUI but browser plugins or some means of auto fill are just the bees knees.

[-] frauddogg@hexbear.net 2 points 1 month ago

because why should something like this have a gui?!

bc some of us were born in the days after the terminal became a choice ya fossil /j

[-] huf@hexbear.net 2 points 1 month ago

i grew up in the days of GUI like you, i just didnt like it very much

[-] frauddogg@hexbear.net 2 points 1 month ago

Damn fair lmfao

[-] electric_nan@lemmy.ml 4 points 1 month ago

Keepassxc. Keep the database file synced however you want. Use a very strong master passphrase (look up "diceware"), and then you can safely sync it with Dropbox/gdrive/onedrive if you want, or find/host a Nextcloud server.

[-] Meowxist@hexbear.net 3 points 1 month ago

Honestly I prefer methods like SuperGenPass or Lesspass, which create passwords algorithmically based on a domain name. Nothing is stored anywhere.

[-] BK85@feddit.nl 2 points 1 month ago

Started using kepassxc, then moved to self hosted vaultwarden en when that crashed i moved to protonpass during a move away from google.

[-] const_void@lemmy.ml -2 points 1 month ago

Apple Passwords

[-] frauddogg@hexbear.net 1 points 1 month ago

...You rlly trust Apple of all people?

[-] const_void@lemmy.ml 1 points 1 month ago

Yeah, why not? What have they done to violate privacy?

[-] frauddogg@hexbear.net 1 points 1 month ago* (last edited 1 month ago)

They're the literal flipside of Microsoft and Google. One shouldn't be asking "what have they done" and more "what are they planning to do". Doesn't matter who the corporation is; you shouldn't trust that anybody with a profit motive has your privacy in mind

Apple's the snake in the grass that gets no scrutiny while Microsoft and Google are constantly in the news, why do you think that is? Is it at all possible those stupid markups for little more than a logo are going to lobbyists to get fed into politician pockets to keep our geriatric oligarchs from looking Apple's way? Again: You shouldn't trust anybody with a profit motive, ESPECIALLY not when serving you gets in the way of said profit motive

They will sell everything they have on you the minute it becomes profitable-- assuming they haven't already

[-] const_void@lemmy.ml 1 points 1 month ago

I imagine it’s probably because they don’t create anti-user, privacy violating products like Recall or Gmail. You say it’s a big conspiracy but offer no proof.

[-] frauddogg@hexbear.net 2 points 1 month ago* (last edited 1 month ago)

And that iCloud shit, all those photo and document and everything else you put on an iProduct to get uploaded to online storage that keeps getting pried open and leaked like Apple's name is Sony aren't privacy violating? Fanboy.

A capitalist corporation is a capitalist corporation, they're no different from the others-- just quieter but

I'll come back around the next time there's a Fappening-tier gigaleak happening to iCloud just to laugh at your ass

[-] const_void@lemmy.ml 1 points 1 month ago

You can call me names or whatever but you still offer no proof.

[-] frauddogg@hexbear.net 3 points 1 month ago* (last edited 1 month ago)

Nah nvm I got the time for your consoomer ass after all. Manifold privacy gaps where it benefits them, illicit data harvesting, privacy researcher concerns, but there's no proof, right? You don't have Google?

You one of them Apple fanboys from r/privacy ain'tcha. Or maybe you work for them or some shit. Iunno I don't have a reason to take you in good faith making me go do your research for you. Don't bother responding, neither; 'cause I can already anticipate the fanboy bullshit finna leave your fingers to keep running defense and I'm genuinely disinterested. You won't say shit that I haven't heard from a thousand others of your kind a thousand different ways. Have fun getting fleeced for a logo and misplaced faith.

this post was submitted on 23 Dec 2024

43 points (100.0% liked)

technology

23446 readers

487 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net