Bitwarden all day every day. I don’t even know any of my passwords because they’re all randomly generated. Try to guess my password now hacker man
yup randomly generated 20+ digit passwords are the way to go
Same, just gotta watch out for sites that don't support it and don't tell you that they don't. I got into a password reset loop with a site once, until I realized it was truncating my 20 character password to their supported max of 16. They never said the max was 16, and never game an error that 20 wasn't allowed. Just simply an asshole design. I probably could check bitwarden for whatever password I changed the most and see if it's still an issue with the site.
I consider this lazy programming. I've had it happen a few times but luckily it has been rare for me.
That sounds infuriating
Reddit used to do that but silently truncated at 20.
Think I'm still on keepassxc but looking to change. Bitwarden is looking good.
Do you selfhost?
I used to, and it was a fairly easy process. I eventually just decided to use Bitwarden’s own servers because I didn’t trust myself to not lose all my passwords while self hosting
I use Bitwarden!! It's great cause I have a long complicated password to access the vault (my phone will do it by fingerprint though) but it's the only password I need to actually memorize. Don't know how someone can be secure without one nowadays, way too many services
Already do and most are receptive to it once you show them that every single one of them were caught up in a breach at some point.
But what about Bitwarden? What you say about the breach is exactly what I'm worried about when having ONE source that has EVERY password. At least now I have different passwords for different sites so only one can be affected, it's just a pain in the ass to have to go look them up. I save a portion of my passwords with cryptic messages that only I understand.
I can't think of anything that hasn't been hacked, I feel like it's just a matter of time before these password sites are too if they haven't already. :/
The way that Bitwarden stores your data, it is encrypted as a blob on AWS. If anyone compromises Bitwardens infrastructure, they can’t do anything because even Bitwarden doesn’t have the keys to decrypt your vault.
Your vault can only be decrypted with your master passwords, and decryption happens locally, on device. No decrypted information is sent over the internet.
As far as someone gaining access to your master password and this all other passwords stored in the pass manager, that is why 2 factor authentication exists.
I could give you my Bitwarden master password right now, but that won’t help if you don’t also have my 2fa code.
And that’s just talking about using the hosted version of Bitwarden.
If you self host, you don’t even have to have the app available to the public internet, and can access it purely through a vpn to your LAN.
Then the attacker would not only need to have access to your local network, also know your master password, and have access to your 2fa.
If they know that much about you, you have larger concerns.
So in short, your concern is mostly addressed and not really a concern if you utilize the features provided, such as 2fa
A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn't have the keys to lose -- they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).
Alternately, they could try to brute-force the master password offline. If you think you could guess a user's password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you're a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that's the general principle. Bitwarden can't leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could -- a sufficiently good master password is effectively impossible to brute force at all). And that's time you can use to change your important passwords like your email and banking passwords.
One important realization for people to have is that none of us get to choose perfection here. You don't only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your "cryptic messages that only I understand" scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it's, as you put it, "a pain in the ass" to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.
+1 for bitwarden. The only problem I encountered was all of logins are saved from login folder. Now I have 100+ saved passwords on single folder and have to scroll or search for this mess. But I think that's on me.
Would be better if the app has a "add to new folder" prior to saving passwords.
Password manager-less life with notebooks and reused passwords is life in the stone age. If you or anyone you know isn't using one, get on bitwarden.
Everyone knows why password manageras are absolutely essential, but here's an often neglected perk: I can list every site I ever signed up to. Wanna delete some old accounts?
"Did you sign up to X yet?"
Simples.
+1 for BitWarden. Tried LastPass, 1Password, but ultimately settled on BitWarden because of how well it integrates with multiple platforms e.g. MacOS. It also allows sharing TOTP which is not a great idea in general but is sometimes required - e.g. my kids’ school requires it but only allows one “parent” account that my wife and I share.
bitwarden is the first thing i install on any device and every fresh install
Bitwarden is the best! I actually started with one of the more popular ones, Dashlane, and the thing I found most annoying about it was the boxes and stuff that would always pop up anytime I clicked on a text field. Bitwarden never puts a box on the middle of the screen.
It's free, open source, use it on your phone, mac, PC, browser extension for Firefox. It's the best.
Huge fan of Bitwarden as well.
I love that you can assign a shortcut for autofill. I found the automatic autofill a bit too trigger happy and the shortcut solves that since it'll only autofill when I know there's actually a username/password box on the page. It also works perfectly with websites that ask for the username and password at seperate times (google, Microsoft, etc).
Everyone should be using a password manager. Every service should have a different password (and some service should have several passwords) and it's impossible for the average person to keep track of all of those. Every time I hear about someone losing control of an account it's because they were using the same password as another service.
I recommend:
KeePassDX: Can be completely offline. Probably the most secure but can be a little awkward to use sometimes.
Bitwarden: Cloud based but open source. You could run a server but the main service offers MOST of the features for free.
Your mileage may very with some of the proprietary platforms. However my job uses 1 Password and it seems to be fairly safe.
Vaultwarden is a selfhostable bitwarden implementation where all the features are free. (Some are not implemented, though)
KeePassXC here. Locally encrypted, Locally stored, cloud backup of an encrypted file, synced with SyncThing to mobile devices.
I will never trust nor recommend a cloud based manager with all the breaches.
This is the way.
Same! I've got a script that runs weekly to back mine up in 5 different places including a synching folder. No surprises, no losses, and no need to trust anyone else ever with my entire password db.
Yeah, KeePassXC + SyncThing all day every day. Can't in good conscience trust someone else with my sensitive data, even if I encrypt it before it gets to their servers. My database is keys-to-the-kingdom level shit.
I used to use KeePassXC and it does work wonders. However now I self-host Vaultwarden on my Raspberry Pi 4 NAS. The app on Android is Bitwarden, and you can then update the server to point towards the self hosted Vaultwarden server. In my Google Keyboard, I then have the password entries show up in apps and webpages
Specificly VaultWarden. Gives you all the premium features of Bitwarden for free!
I like to support devs who makes great products, excellent ones like bitwarden. Otherwise they will go away and we will be left with big tech products only. Because I don't think people like to make excellent products and still don't see a dime in their pocket.
I like to support devs, too - But I don't like being forced into paying for access to features already present in software that is running on my own hardware. The code is already on my machine, I should be able to run it.
That's my biggest complaint about Bitwarden - I want to share passwords with my wife, and they want to charge me money for that even when I host it myself.
Any reason to use the original Keepass over KeepassXC?
Also, tip for anyone using Keepass or KeepassXC: there's an Android app called KeepassDX that supports the keepass database format, so you can keep your passwords synchronized between your computer and phone by simply syncing the database file with Syncthing. No third-party server required!
The whole database is encrypted. Just put it on Google Drive or similar and it will be synced automatically.
Also I don't see Keepass(XC) as difficult or geeky.
Bitwarden fan over here. Been using it for a month and I have just 1 complaint; can't sign into the Android app. Signing in with my mobile browser works though. No idea why the app is being fussy. I'll contact them about it when I stop being lazy.
If you haven't already, you could try resetting the app's storage before trying again. It won't prevent the bug for others but it could get it working for you!
Bitwarden is just fantastic, it works so well. After migrating from LastPass years ago to BW I haven't looked back once and have encouraged friends to switch over as well.
Genuinely supprised how much better BW works right of the bat.
Yes, Bitwarden is the way to go
In general, password managers are a must-have in today's world. The question is not if you should have one, but which one and why.
As a Software Engineer very conscious about security and privacy, but also with a high practicality sense, I'd say you should opt for whatever you feel more comfortable.
If you don't want to manage anything, then 1password, BitWarden, LastPass or any of those might be right for you. If you are more of the kind to tinker with everything, then you can have your own OwnCloud/NextCloud and use KeePassXC.
I particularly used the later setup, but NextCloud was too much to handle for me, and settled with KeePassXC + Dropbox.
Another vouch for bitwarden, its free and has everything I need. Been using it for at least 5 years.
There are so many responses for Bitwarden that I am suspicious. Is it just that popular, or is this some sort of astroturfing? I didn't think Lemmy was popular enough to attract that, but who knows.
It's open source so lemmy users would naturally gravitate to it.
Been using it for years since LastPass' fiasco, no regret.
It is just easy to use and no issue.
But hey this comes from me random internet user talking to you another random internet user. If that's called astroturfing then we all do that around here.
It probably is that popular among this crowd. There's options to self-host your own Bitwarden instance IIRC.
I've started migrating away from LastPass and am using Bitwarden for new projects personally. LastPass is way better than nothing, but I wouldn't recommend LastPass over Bitwarden these days.
Yes, so long as we're using passwords- I like Keepass because it doesn't have a browser integration or exploit pathways if any one of my passwords is out there on some host that gets compromised
I expect that pretty soon we'll be moving on to using passkeys instead of passwords
I'll reevaluate how I keep my auth keys and passwords when that day comes
Bitwarden. Integrates extremely well on Android and on my PC in Firefox.
I absolutely love Bitwarden. They've never been hacked (to my knowledge). Are super transparent. Answer support tickets extremely quickly and it only costs $1 a month to use 2FA. The extension and app are super fast, extremely well made as far as user-experience goes and I have never had a problem with them.
Tried Keepass, KeepassXC, 1password, Nordpass, et cetera. Bitwarden does it all better imo and fits my use-case perfectly.
2FA is still available in the free tier, it's just limited to TOTP and email code based 2FA. The paid teirs unlock additional methods like FIDO2 and yubikey protocols. Even if you don't use the advanced 2FA methods or any of the other benefits, it's still good to throw them a little money to keep them running.
At this point NOT using a password manager is absolutely insane from a security perspective. Password managers not only make your life easier, but if you use them correctly, you can setup each service with its own dedicated and complex password. Good luck doing that without one!
absolutely. My average password is something like "!^knqopLy4qiVa@2msZ8nLxjjz". while it can be occasionally annoying copying it to something new (for example, when i log into my VR headset after factory resetting it), its more than worth it for security.
Bitwarden is fine with me, but a company needs to earn my trust before I let them have that kind of information. Most companies out there just aren't trustworthy enough to hand that kind of data to.
Bitwarden for sure. I use it to store passwords, of course. But also to generate stronger passwords than I can make up myself. I also like the secure notes and emergency contact functions.
Here for keepass aw well. It might not havethee convenience of having it hosted somewhere eweily accessible. But 2smalls files are easy to store on my phone and nas.
I have been using BitWarden, and it's pretty good, but I'm shifting over to Keepass now, syncing the database with syncthing. Means I don't have to trust they won't be breached, but it is definitely a bit more of a faff to get set up. For anyone unsure, I would definitely recommend a managed service like BitWarden though. I got my sister on it, who would probably have a single password for everything otherwise, and she got the hang of it super quick.
I do the same, works pretty well as long as you aren't editing both files at once. Make sure to enable versioning in-case of an erroneous change or deletion 😊
I am also using 1Password since ages. Using a password manager is a great investment into your security. There are so many data leaks and reusing passwords is bad practice and will create headaches.
I am looking for alternatives though, since 1Password is getting worse.
1Password is an expense I cringe at every year. After trying several others, though,I settled on its expensive-but-simple option. The biggest advantage is that my family uses it - wife, daughter, parents, in-laws - on my family account. We have several shared vaults for passwords which affect subsets from in-laws sharing critical financial passwords with her, my parents with me, to my daughter and I teaming up on Starbucks and Panera.
The best part is that it’s simple enough for our octogenarian parents to use, and I help set it all up and got their emergency recovery kits created, filled out, and stored in their safety deposit boxes. As long as I can keep them using it I’ll keep paying for it.
Absolutley. You should absolutely use a password manager.
Personally, I use keepass synced via google drive with a yubikey to authenticate.
But, I'm happy if someone is just using the password manager at all.
Been using Bitwarden since 2017, I think.
I love it! I did use other password managers, but I ended up retaining Zoho Vault and KeePass. Zoho for work credentials while KeePass for archive and backup purposes.
One more vote for Bitwarden over here. I use the paid version, which is really cheap and because it supports the development. Been using it for almost 5 years and it's the absolute best.
Just started using bitwarden maybe 3 months after I noticed an uptick in unwarranted 2FA requests, possibly the best decision I've made. Getting used to it took a little while, being used to builtin auto fill features from browsers, etc. But after getting the hang of it, logging in has become a breeze, same with credit cards.
If you don’t use one, then what the hell are you doing?
Also, Bitwarden. Selfhosted
Using a password manager was a game changer for me and I recommend it to everyone. I use both Bitwarden and 1Password. I find Bitwarden to run better on Android and 1Password better on iOS. But both are the best password managers in my opinion.
I use bitwarden. I like it a lot, especially because I like to switch between operating systems and web browsers. It works really well for my use case and I do recommend it to friends and family.
Using Bitwarden for some time now, the Android app doesn't always detect the login fields so i prefer 1Password, but Bitwarden is free.
Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.
To add to this, I use a self-hosted version of bitwarden. My favourite feature so far would be being able to fill TOTP seamlessly for websites that has TOTP added as 2FA.
The moment I select an account to autofill on any device and login, the TOTP is automatically copied to the clipboard.
It feels seamless as hell to use the auto-generated TOTPs compared to diving in to emails, checking texts, bringing up google authenticator, etc. I can't go back.
Not using a password manager (be it digital or simply a paper notebook) is just asking for a breach or getting hacked.
No one can remember the amount and complexity of passwords that are needed to live a secure digital live.
Every service/account you register for years now and couldn't live without it. I've set up a paper notebook for my mother and that works too.
But reusing passwords or using too short or insecure passwords is the number one reason why people get hacked or stuff gets leaked and stolen.
As a side note: a secure password doesn't have to include weird characters. Just make it long. Everything with 32 chars of letters and numbers or longer will be super secure for a while. And because your password manager takes of it, you don't even notice.
This thread inspired me to take a look at Bitwarden. It's so much better than what I was using that I switched instantly.
LastPass to BitWarden here. Instant and dramatic improvement
I use Bitwarden, and pay for their premium services. I really like it, it helps me keep track of all of my accounts, I'm able to keep all of my individual account passwords secure and unique, and I'm able to autofill my login credentials on all of my devices.
I pay for 1password. Previously I used KeePass and kept the database in my Dropbox folder. I would definitely recommend the 1password family plan. My wife forgot her password and I was able to unlock her account without her losing everything.
Absolutely necessary to have and use. KeePass offline works well for me. Clouds are for rain!
Use KeePass, sync the passwords with your preferred service (I use Dropbox), then use another method to transfer and save a key file to use together with your master password.
Don’t trust bitwarden unless you selfhost.
KeePass with Keepass2Android on my phone with the vault synced via Dropbox. Use biometrics to access both apps. I also use Secure Password Generator on Firefox to get passwords + several options in KeePass (readable passphrase, diceware, etc.)
I switched from LastPass to Bitwarden. I think they're great, being able to use a strong bespoke password for every service along with one nuclear missile arming grade password plus 2FA for the manager itself.
I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
I’ve been using passwords manager since a few years, but I switched to Bitwarden around Christmas last year after the data breach from LastPass. It’s so much safer than storing them in the browser or on one service that’s not available elsewhere
it simply is not plausable to remember so many complex passwords and services. i use bitwarden and i just need to remember one password, that's it. can not recommend it enough.
I switched to bitwarden after LastPass changed their offering and I'm glad I did because LastPass has had a number of security breaches since then!
I don't even know most of my passwords at this point!
Currently I use Bitwarden on both my phone and my pc, but I'm looking into self hosting it with vaultwarden. This gives you access to premium features (such as TOTP support, for which I currently use Aegis Authenticator). It also gives you full control over your data.
Password managers are a requirement for me these days. With how many breaches occur daily that we might not even know about you probably want a password that hasn't been reversed or used before. For me I don't know what I'd do without Bitwarden. I previously used LastPass until they added some restrictions and I figured out that Bitwarden was opensource. I don't currently run my own instance of it but easily could, keeping my passwords off other peoples computers.
I personally use keepass and only sync my database between devices with either syncthing or a flash drive
As others have said, bitwarden. I've also heard good things about roboform.
I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you've got the knowledge to do so.
Of course, if you're self hosting it make sure you have a solid backup strategy for your vault.
I self host a Bitwarden instance.
They are a must in this day and age.
KeepassXC on desktop with browser plugin, KeePassDX on android I find it less confusing to use than Keepass2Android.
It is only a bit difficult to setup sync, but you can use syncthing, or drive and it works nicely.
I like the simplicity of password-store. It's just a simple wrapper around a text editor, gpg, and git that allows you to make an encrypted, version controlled password repository that you can sync between devices using GitHub/Gitlab/etc. It also doesn't lock you in to any app since the passwords are just stored in gpg-encrypted files.
I think the best quote on PW Managers was "Password Managers are the vegetables of the internet. We all know they're good for us, but a lot of people are still content with the equivalent of password junk food".
Password managers are great, and the time i have to spend unlocking Bitwarden to autofill my password, is about the same time that it would take me to type out a password on my own. AND my passwords are exponentially more secure!
Since switching everything over to bitwarden I never have to recover a password. I used to do it everytime I used a less common service
So many answers for Bitwarden but I too will agree. It's my go-to ever since I've found out about it, I don't know any of my passwords apart from my Bitwarden vault master password tbh.
1Password family account for my partner and I. Super handy to have a shared vault for household things.
Yep, 1Password for the win. The private and shared vaults are nice, and the built-in “haveibeenpwned” checker is a great feature. Only improvement I can think of is a username generator, but not a totally random one like Bitwarden’s.
Speaking of…I’m thinking of switching to Bitwarden because their paid tier is dirt cheap and I love open source.
Keepassxc for storage/backup and then I let the browser save the passwords I use. I like this setup.
Been using KeePass for years since I couldn't keep track of every single random passphrase I have. And yes, I recommend it highly.
I use KeePass (more specifically KeePassXC). I manually copy my password files around like a caveman but I don't mind. At least my kdbx files are not accessible easily.
I used to use BitWarden but switched to 1Password about a year ago once I decided to buy a business account for my department at work (which gives every user a free family account)
1Password is fantastic. It stores more than passwords, it's fine tuned to do that, but really can be used to store anything securely. The dev team uses it to share secure .env variables and API keys for example.
One of the best features though is the ability to share secured links to VIEW passwords outside of your network. When a coworker asks me to share an account password I don't just copy and paste the username and password over email. I click share in 1Password and shoot them a link that only they can view (using email 2fa). I can also make more open links to shared credentials that expire (or until I expire those links myself).
The phone app works great and once you get it set up on one device it's easy to configure it on others.
I can't imagine not having a password manager. I even got my mom to switch to bitwarden. I'm not sure if I just don't know how to do it, but the only thing I wish I could do with bitwarden is share a password with another bitwarden user.
You can share passwords with another user for free on bitwarden.
They have family plan if you need more than that and corporate organization tier for even more options.
You can. Look at the organizations features. For basic use I think it's only like one other person, paid opens this up more if you need it.
My goto is KeePass. Does everything I need. I like the use of hotkeys and the ability to have complete control over how the autotype works. Plus if you have a fingerprint scanner (phone or laptop or something) you can use autotype with that too. And the program is completely free.
My mom would use the same password for everything or she would mix it up a little tiny bit.
Her passwords were like.
Rainbow2002!
rainbow2003
RAINBOW!!!
It was a different word from rainbow, but that's just an example.
I got her using two factor with Google with a really good password and she's using the built-in Google password manager. Now all of her passwords are 20+ random strings instead of a single word with different numbers at the end.
I think that's a much better system than what she was using before.
I also use Bitwarden. I would recommend it to anyone who can benefit from a cloud-based password manager because the basic functionality is free and the more advanced features (premium, family) are very affordable.
Using Bitwarden safely will make your digital life safer, but it will most likely be more complicated than it is now. You will need to:
Use a randomly generated password for the master password, which is unintuitive but increases your safety
Enable two-factor authentication (2FA) for all of your accounts that offer it.
Make an encrypted backup of your Bitwarden vault.
Create an emergency sheet with your master password, 2FA recovery key, and other important information.
Plan for what will happen to your passwords if you become sick or die.
You can think about increasing your safety/convenience step by step by keeping a book of password (which can be lost, so has to be kept secure and probably make backup) with
Random password/passphrase generator
Yubikey + recovery numbers
Drop the book, use an offline password manager (which some consider safer)
Switch to cloud-based cross-platform password manager, which maximizes convenience
I got this news from Linux Magazine first as I remembered, so I think this is credible and best alternative solution for us to use KeepassXC than other (never heard other apps has been audits by independent security firms / consultants like this).
I use KeePassXC and synchronise it with syncthing. This allows me to keep it off devices I have no control over (OneDrive servers) and also allows me to have per device version history.
Use KeePass!! It's an opensource, offline if you'd like, password manager that doesn't trust any third party servers to manage your sensitive information.
https://keepass.info/
Yes, 100%... In fact, I often do recommend it to others. Personally I use Bitwarden (paid account even) but I've also recommended 1pass to apple only users because it fits well in that ecosystem.
You can use them to generate a different password for each and every login. And it's really just random letters, number and special characters. That one site gets compromised? They can't then use those credentials to login anywhere else.
You don't have to remember those passwords. Passwords that are easy to remember are probably found in dictionary attacks. You know what's not? Wt2Pwi#$a@Nzeq7*8UwSJ7sTsMKdC!HSGZZ7JnzCtxhfCfFCiXP&FD!yM!c^$DisSR@2 (which I just generated with bitwarden)
2-factor auth is also really easy with most password managers and makes logging in with 2-factor auth easy. I hit one hotkey to fill in the web form with my username/password, hit enter to login and then it auto-copies my TOTP code so I can just paste it and go. Super secure but super easy.
You go to a phishing site? Guess what, a good password manager will store the url and if it doesn't match, that should be your first red flag. If I end up at g00gle.com instead of google.com, it won't show as having a login available.
1Password since forever. Can’t imagine having to type passwords or remember them.
Have been using 1password for about 5 years now and have not have a single problem. I really like the integration with browsers and the iOS app. I am keen on testing protons though since I use the VPN and email.
In the same boat. Love 1pass, and excited to use Proton's as I use all the other apps in their environment. There is a lot that is missing from proton's but its new and a work in progress so we will see!
Bitwarden by a mile.
I've used password managers for as long as I've used the internet. I find it absolutely essential.
If you're not currently using one, it's likely that as the number of your login credentials increase, bad habits will increase. So it's probably better to use a password manager any way.
If you're using good, separate password, saving logins in the browser might work for you too. In that case I'd suggest you read up on the security your browser provides, ability to sync, migrate etc.
Been using Bitwarden for years now. It's one of the first apps I install on every new device or browser.
1Password for years, never had any issues.
I'm not going to say whether it's the best or not because I have not compared, but I have used Keepass2Android for years which seemlessly integrates with my cloud storage and key files (stored offline), has useful randomized password generation, and is overall unobtrusive
Butwarden. Always Bitwarden. Just like almost everyone else in here it seems like.
My nickname in HS was Buttwarden.
Keepass2 as well. Probably can't go wrong with either one!
Switched from LastPass to 1Password after their ridiculous security breaches and haven't looked back. 1Password also kindly gave me the first year free after sending them my LP invoice.
I prefer a password with pronounceable content of nonsense words, separated by dashes, with some numbers and symbols in there somewhere. Such as: tostog-Meenish-flurbit-dalsag-3023# . It's long enough to be very secure, and easy to transcribe if I have to type it. None of the words are in a dictionary. I keep a big list in a note on my desktop, and peel'em off as needed, finally keeping the utilized PWs in Enpass.
I've used Dashlane for a few years now and I can't say there are any issues with it at all.
I used to just use a list stored in Google Keep, "encrypted" in such a way that only I knew what the passwords were. That got really old.
I love Dashlane.. it has always treated me well.
I absolutely use one and regret I didn't use one earlier. I remember so often how I had to reset my passwords for different sites. Now every password I super complex because I don't have to remember it.
Does a sheet of paper count as a password manager?
If you are not using a password manager you are doing it wrong.
Started with LastPass many years ago - but has changed to 1Password just last week.
Bitwarden and Dashlane were close contenders, but I found that 1Password's sharing feature was better in my usage scenarios.
it is has become so much easier to manage my password after I started to use bitwarden it is just convenient
It’s 1Password for me. Looks good, works good and is available for every platform that I use.
For work I use KeepasXC and Bitwarden+Vaultwarden as well.
Using a sheet of paper right now, am in the process of switching to a self-written password manager. It uses Vigenere encryption using a key that is not saved anywhere (that I have to remember) and saves to a .dat file. Should I use my own tool or a service?
So happy I got 1Password set up and it has treated me right during the years I’ve used it. I wish my parents had such a thing. They have all the passwords written on a sheet of paper that sits under the keyboard. Like the digital version of car keys up in the visor.
Used last pass for years until they decided no account sync for free users now I use bitwarden which I find is fantastic.
I've been a KeePass user for over a decade and it's always been good to me, especially when using Box and OneDrive to sync it between devices. The ecosystem is great with enough plugins and support to make it fit your use case on any modern OS.
Can't recommend it enough. Especially over other options that are offered by a commercial company (LastPass for example). Not only because you're intently placing your trust in them to not expose your data and keep it secure, but also because you're giving them a lot of leverage to turn around and hold your passwords for ransom at some point in the future (when they IPO for instance, as a popular example) or lock you out after they fold for whatever reason.
I haven't heard anyone mention Google password manager, which is the one I started using recently. I assume very few people trust it because... Google?
Been using the keepass format with varying applications for about 14 years. I used to host it in SVN repo for that sweet sweet cloud access! Not that smart im retrospec.. I feel like you shouldnt trust your passwords to the cloud, especially if their thing is password management. Last pass for example is under constant battery from attackers.
I personally moved to Bitwarden from 1Password due to the cost, and I believe for an average user, Bitwarden is definitely the way to go as it is very value-friendly (at $10 USD/year), and it is open-sourced unlike many other proprietary password managers. 1Password may get more features, however it being $3.99 USD/month, many users don't need the extra security features and I strongly believe that common sense is the best security for any user.
Keepass. Keepass2Android - can sync via cloud, I have my password file synced via OneDrive.
Been using this system for years now, works pretty flawlessly and keeps me in control of my password database. You can even self-host the database if you don't want to use a cloud storage provider
I use 1Password because I got my wife to use it. The paid plan is worth it just for the fact that she also uses it. If it was just myself, I would probably self-host Bitwarden.
We had a scare when my wife's phone died. Like, just totally dead and no way to get data off. She was not logged into her Google account anywhere else at the moment and didn't remember her password. We were able to do some sort of recovery through my email (I wasn't listed as a backup) but with a crazy delay, like 48 hours. I guess they have some way to see we have sent emails to each other that look personal.
Since then she has been using 1password with me. It's a little rough around the edges at times but it works great. The rough parts are parts that I didn't have at all in KeePass so it is still a net positive.
I couldn't live without one these days. I personally use Bitwarden. I have tried most of the other manager suggested in this thread. They each their own benefits. I would recommend one of the hosted services for most people (1password, Bitwarden, not LastPass). I came to prefer Bitwarden for their combination of features and openness. I have self hosted it in the past, but these days just use their hosted service.
There are a lot of side benefits to using one besides just remembering your usernames and passwords for you too.
It lets you use catch-all emails if you have your own email domain
allows you to give services their own address to track abuse
makes you more resistant to someone taking your leaked credentials from one site and using it for another
easier spam filtering
Most password managers support random password generation
Saving things that aren't logins
Family member's SSNs and DL numbers
Credit cards
Wifi passwords
Gate codes
Sharing always up to date passwords and other secrets with people (for hosted options)
2FA is easier
LastPass
Not lastpass because of their data breach?
I use keepass and host the files "myself", means in my clouds, keepass droid is a nice adfree app, I just like to have control over my passwords after I read some articles about password "safes". It's a bit effort to setup, but since then works perfectly.
I don't but I should even though my threat level is zero.
But then isn't a single point of failure a problem? I guess we use these to make life easier with strong passwords, but what if the cloud with sync gets leaked, or someone keylogs my pass manager then I lose all passwords not just those incidentally affected by a leak or hack?
KeePass. Putting your passwords on someone else's webserver is just asking for trouble.
I used Bitwarden, I just signed up for pro last month. I like that it’s cross platform and there’s a web app too I believe.
Started with LastPass, used it for 10 years. Switched to Bitwarden a while ago, would never go back.
I've used bitwarden for awhile now and even got my wife on it. I love it and it's simple to use.
What are my thoughts on a password manager?
I think it’s both a good thing, and a crutch. I feel the fact that most services are rendered unusable without an account is sad, and with the 100’s of accounts one is expected to have a password manager is sadly needed if you can’t memorize a password or can make passwords with a consistent pass phrase.
Do I use one?
Nope, I have a password system which is good enough for most accounts that’s always more than 7 character long and unique for each account without being lost to me. The only time it has failed as when my work decided to have us change our passwords every quarter, and I ran out of password ideas.
Using a password manager to keep your passwords safe is a good practice. I’m still a bit hesitant to use the cloud based options. Even though all is encrypted. I use KeePass and OneSafe. Currently looking into the new password manager from Proton to investigate whether that is a good and practical one to use.
Yes.
I’m in the free KeePass ecosystem. Self hosted via iCloud and backed up to Proton Drive.
KeePass2Android no net on my Android.
Keepassium on my iPhone.
And KeepassDX on my desktop.
Bitwarden's browser extension is great, which is something I can not say about their mobile app which is slow and not very user friendly. It does, however, make my passwords safer since I tend to use random ones.
Using Bitwarden for password manager, Aegis for 2fa, been working great for me so far.
Is it bad that I just love built-in Chrome/Google auto-fill manager? Is this not safe? Autosync to Android does it for me + the fact that i can auto-generate and save/fill passwords seamlessly without having to switch between apps
I use KeepassDX, one of the variants of Keepass. I don't know if it's any better or worse than the other variants but it has worked well for me so far.
The advantage is you are hosting your own password database so you aren't reliant on some cloud platform that inevitably gets hacked.
Yep, would totally recommend using one.
I started with KeePassXC but switched to BitWarden later coz of simple convenience (sync and all that jazz).
i am happy since years with 1password
I can't imagine not using a password manager. I am a long-time user of 1Password and have been very happy with the service and apps. I recommend it to everyone. Worth every penny and then some IMO.
I use 1password. I heard that Apple uses 1password internally. I figure their IT guys are more expert than me, a random internet dude. So I chose 1password. Works great on desktop, mobile, and even Linux. Family plan is a good deal. You can even share passwords between users for common things like bank accounts, etc, between family members.
KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.
I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.
I'm probably going to get grilled for this but I've Been using Firefox's Saved passwords, I really don't need anything better.
I started using Bitwarden a few years ago, and I will never turn back. Passwords available across all my devices (android app, chrome extensions etc). You can also sign up with them (they have free which is pretty limited and a paid version) or you can selfhost.
I run it selfhosted, so I don't pay and don't have any limitations.
They have received a huge influx of users recently from 1password Lastpass after that breach.
KeePass user here for.....a long-ass time. Won't use anything else. Official KeePass 2.x on my computers, and KeePass2Android on my phone. The database is synced to my Google Drive, and a strong passphrase plus a key file keeps it nice and secure.
I use Bitwarden with some trepidation. I keep hoping that eventually Proton Pass morphs into something that seems even more secure but right now it's pretty basic.
Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.
They are totally necessary - if you don't use the same passwords across the internet I mean.
How many accounts do you have on the web? I can count at least twenty accounts that I have and use from a variety of services. Keeping different usernames, emails (through alias) and passes in mind is no easy task, so a good password manager is absolutely needed.
People are recommending Bitwarden and I can't say it's bad, truly, it's a really secure and private alternative. Although, in my opinion, keeping a offline safe for your accounts is way better because only you have the absolute control over all the credentials. I use KeePassDX on my PC and phone, synced by Synching, and being loving it for some years still.
A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.
On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.
I honestly don't know how anyone manages without one these days. How would you even keep track of it all? Even if you go the 'same password for everything' route of horrible security, different websites have different requirements for both username and password. Wouldn't be able keep it all straight at all.
I personally use 1password, which is better than Lastpass for sure. Probably not as good as Bitwarden, but I'm too lazy to switch a second time.
Ive used 1password since almost the beginning. Cant say I have any complaints at all!
I've used 1Password for years. Works well on all my devices (MacBook and Samsung Galaxy phone). I'd absolutely recommend you use one.
Not only are they great for handling complex passwords, but a benefit I've not seen mentioned here is that they are a way of just keeping track of just how many sites and accounts you've registered with.
For example - You buy one product once from an online store, save a password so you can monitor the order status but never use that site again. Before I used 1Password I'd just have forgotten I'd even used that site. But now I can just look down my 1password account and see a whole list of all these passwords and accounts ive created. And there's loads. You forget just how many online accounts and passwords you have out there.
Loving vaultwarden. Easy to share with family for passwords, great browser extension.
I couldn't imagine not using a password manager anymore, so I'd certainly recommend it. At work we use 1Password, and I use NordPass privately. Both are great IMO.
Over the last 15 years or so I've moved from 1Password to LastPass to Bitwarden. I don't know how anyone manages without them.
I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.
Having a password manager is incredibly useful when someone dies and you need access to their accounts. I think bitwarden and probably others lets you grant emergency access to someone, definitely leaving it in my will.
I can’t imagine life without one. So many bad password habits can be eliminated by using a password manager to generate a strong, unique password for every site you use, and devoting your limited password-remembering powers to one decent master password. (Or better yet, secure your password manager further using other forms of authentication.)
It’s not just for helping you (and your less technically inclined friends and family) remember and use strong, unique passwords, though. Since a password manager only recognizes the real web address that any given password was designated to, it won’t be fooled by a scam website using a similar-looking name to a legitimate one. While this doesn’t eliminate the risk of falling for a scam, every little bit helps, no matter how skilled you are at cybersecurity.
I use Bitwarden, which I’ve been using ever since Lastpass started limiting you to using a single device class (mobile or desktop) for free accounts. It integrates with both Firefox and Chromium-based browsers and with the password manager features in smartphones. Their free account is nice, but I went with the paid option so that I could keep and use 2FA passcodes within Bitwarden itself. There have been several debates between doing it like this versus using a separate authenticator app, but I feel like it’s both very secure and really, really convenient. It encourages me to use increased security on every website that supports it.
Just moved from bitwarden to proton pass, so far so good.
Would recommend keepass, bitwarden,1password but definitely not lastpass.
Yes, it saves on the odd site I use once a year and trying to have to remember that.
I’ve been using Bitwarden for years and also use the Apple password manager on my phone and iPad so I have a copy in case something happens.
I also keep some less sensitive work passwords on chrome because I don’t want to open Bitwarden at work.
It's a must.
Went LastPass (avoid) -> 1Password -> Bitwarden. Pretty happy with BW, as it has reasonable integrations on Android. Prior to that, i was using a UNIX tool called "pass", which used GPG and allow some degree of organization. I still use it for some stuff.
Self custody is something you need to keep in practice. I use keepassXC everywhere.
They should be a hard requirement to anyone that wants to access the internet by now. Although the ones built-in to the operating system such as Gnome keyring, Kwallet, Windows Credential Manager and Apple Keychain are OK, the third party ones are 100% better.
Personally I use KeepassXC and just have it synced across different devices via Syncthing. While I also keep weekly backup copies (without the Key file) on Mega with it zipped and password protected.
Using no password manager and a different password for every account would be the most secure option but most people (including me) would be too lazy for that. Instead I used to use the same password everywhere, which is obviously very unsafe. I then switched to Bitwarden, where I can just generate a secure password for each account and I can access them all with one password. I still need to remember only one password but it's a lot more secure than using the same one everywhere.
1password family user here. I cringe nowadays when people still try to remember their passwords and accounts and say they have a "good" system. It's a necessity nowadays. Sounds like the consensus favorite around here is Bitwarden. Anyone wanna tell why they prefer it over 1password? Is it because it's self-hostable?
Bitwarden all day every day. I don’t even know any of my passwords because they’re all randomly generated. Try to guess my password now hacker man
yup randomly generated 20+ digit passwords are the way to go
Same, just gotta watch out for sites that don't support it and don't tell you that they don't. I got into a password reset loop with a site once, until I realized it was truncating my 20 character password to their supported max of 16. They never said the max was 16, and never game an error that 20 wasn't allowed. Just simply an asshole design. I probably could check bitwarden for whatever password I changed the most and see if it's still an issue with the site.
I consider this lazy programming. I've had it happen a few times but luckily it has been rare for me.
That sounds infuriating
Reddit used to do that but silently truncated at 20.
Think I'm still on keepassxc but looking to change. Bitwarden is looking good.
Do you selfhost?
I used to, and it was a fairly easy process. I eventually just decided to use Bitwarden’s own servers because I didn’t trust myself to not lose all my passwords while self hosting
I self host using the vaultwarden implementation, works great
I use Bitwarden!! It's great cause I have a long complicated password to access the vault (my phone will do it by fingerprint though) but it's the only password I need to actually memorize. Don't know how someone can be secure without one nowadays, way too many services
Yup. "All day, every day", indeed. Absolutely essential.
+1 to Bitwarden. I can't live without it anymore
They are mandatory in current digital age.
Yes. Bitwarden.
Already do and most are receptive to it once you show them that every single one of them were caught up in a breach at some point.
But what about Bitwarden? What you say about the breach is exactly what I'm worried about when having ONE source that has EVERY password. At least now I have different passwords for different sites so only one can be affected, it's just a pain in the ass to have to go look them up. I save a portion of my passwords with cryptic messages that only I understand.
I can't think of anything that hasn't been hacked, I feel like it's just a matter of time before these password sites are too if they haven't already. :/
The way that Bitwarden stores your data, it is encrypted as a blob on AWS. If anyone compromises Bitwardens infrastructure, they can’t do anything because even Bitwarden doesn’t have the keys to decrypt your vault.
Your vault can only be decrypted with your master passwords, and decryption happens locally, on device. No decrypted information is sent over the internet.
As far as someone gaining access to your master password and this all other passwords stored in the pass manager, that is why 2 factor authentication exists.
I could give you my Bitwarden master password right now, but that won’t help if you don’t also have my 2fa code.
And that’s just talking about using the hosted version of Bitwarden.
If you self host, you don’t even have to have the app available to the public internet, and can access it purely through a vpn to your LAN.
Then the attacker would not only need to have access to your local network, also know your master password, and have access to your 2fa.
If they know that much about you, you have larger concerns.
So in short, your concern is mostly addressed and not really a concern if you utilize the features provided, such as 2fa
A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn't have the keys to lose -- they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).
Alternately, they could try to brute-force the master password offline. If you think you could guess a user's password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you're a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that's the general principle. Bitwarden can't leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could -- a sufficiently good master password is effectively impossible to brute force at all). And that's time you can use to change your important passwords like your email and banking passwords.
One important realization for people to have is that none of us get to choose perfection here. You don't only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your "cryptic messages that only I understand" scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it's, as you put it, "a pain in the ass" to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.
Bitwarden, all the way.
+1 for bitwarden. The only problem I encountered was all of logins are saved from login folder. Now I have 100+ saved passwords on single folder and have to scroll or search for this mess. But I think that's on me.
Would be better if the app has a "add to new folder" prior to saving passwords.
Password manager-less life with notebooks and reused passwords is life in the stone age. If you or anyone you know isn't using one, get on bitwarden.
Everyone knows why password manageras are absolutely essential, but here's an often neglected perk: I can list every site I ever signed up to. Wanna delete some old accounts? "Did you sign up to X yet?" Simples.
+1 for BitWarden. Tried LastPass, 1Password, but ultimately settled on BitWarden because of how well it integrates with multiple platforms e.g. MacOS. It also allows sharing TOTP which is not a great idea in general but is sometimes required - e.g. my kids’ school requires it but only allows one “parent” account that my wife and I share.
I love bitwarden as well. I don't do this myself but I believe you can host your own server to store you're passwords as well if that matters
Bitwarden is really great imo.
bitwarden is the first thing i install on any device and every fresh install
Bitwarden is the best! I actually started with one of the more popular ones, Dashlane, and the thing I found most annoying about it was the boxes and stuff that would always pop up anytime I clicked on a text field. Bitwarden never puts a box on the middle of the screen.
It's free, open source, use it on your phone, mac, PC, browser extension for Firefox. It's the best.
Huge fan of Bitwarden as well.
I love that you can assign a shortcut for autofill. I found the automatic autofill a bit too trigger happy and the shortcut solves that since it'll only autofill when I know there's actually a username/password box on the page. It also works perfectly with websites that ask for the username and password at seperate times (google, Microsoft, etc).
I'm in the Bitwarden camp. There is no other way for me to have complex/secure passwords and remember them for my gazillion accounts.
The android app is really good for autofill too
Everyone should be using a password manager. Every service should have a different password (and some service should have several passwords) and it's impossible for the average person to keep track of all of those. Every time I hear about someone losing control of an account it's because they were using the same password as another service.
I recommend:
Your mileage may very with some of the proprietary platforms. However my job uses 1 Password and it seems to be fairly safe.
Vaultwarden is a selfhostable bitwarden implementation where all the features are free. (Some are not implemented, though)
KeePassXC here. Locally encrypted, Locally stored, cloud backup of an encrypted file, synced with SyncThing to mobile devices. I will never trust nor recommend a cloud based manager with all the breaches.
This is the way.
Same! I've got a script that runs weekly to back mine up in 5 different places including a synching folder. No surprises, no losses, and no need to trust anyone else ever with my entire password db.
Yeah, KeePassXC + SyncThing all day every day. Can't in good conscience trust someone else with my sensitive data, even if I encrypt it before it gets to their servers. My database is keys-to-the-kingdom level shit.
I used to use KeePassXC and it does work wonders. However now I self-host Vaultwarden on my Raspberry Pi 4 NAS. The app on Android is Bitwarden, and you can then update the server to point towards the self hosted Vaultwarden server. In my Google Keyboard, I then have the password entries show up in apps and webpages
For those interested in self hosting, here's a good community: https://lemmy.world/c/selfhosted
Bitwarden is the best.
Specificly VaultWarden. Gives you all the premium features of Bitwarden for free!
I like to support devs who makes great products, excellent ones like bitwarden. Otherwise they will go away and we will be left with big tech products only. Because I don't think people like to make excellent products and still don't see a dime in their pocket.
I like to support devs, too - But I don't like being forced into paying for access to features already present in software that is running on my own hardware. The code is already on my machine, I should be able to run it.
That's my biggest complaint about Bitwarden - I want to share passwords with my wife, and they want to charge me money for that even when I host it myself.
Totally agree, bitwarden is the best, can be selfhosted, free, their approach to community needs makes it worth donating.
Yes, do it! Now! It’s the safest way, but only by choosing the right and trusted ones. Examples:
You're not giving Bitwarden much credit here. It's really great.
I will die on the Bitwarden hill. Go Bitwarden!
Any reason to use the original Keepass over KeepassXC? Also, tip for anyone using Keepass or KeepassXC: there's an Android app called KeepassDX that supports the keepass database format, so you can keep your passwords synchronized between your computer and phone by simply syncing the database file with Syncthing. No third-party server required!
The whole database is encrypted. Just put it on Google Drive or similar and it will be synced automatically.
Also I don't see Keepass(XC) as difficult or geeky.
Bitwarden fan over here. Been using it for a month and I have just 1 complaint; can't sign into the Android app. Signing in with my mobile browser works though. No idea why the app is being fussy. I'll contact them about it when I stop being lazy.
If you haven't already, you could try resetting the app's storage before trying again. It won't prevent the bug for others but it could get it working for you!
This is what I switched to after the Lastpass debacle.
Bitwarden is just fantastic, it works so well. After migrating from LastPass years ago to BW I haven't looked back once and have encouraged friends to switch over as well.
Genuinely supprised how much better BW works right of the bat.
Yes, Bitwarden is the way to go
In general, password managers are a must-have in today's world. The question is not if you should have one, but which one and why.
As a Software Engineer very conscious about security and privacy, but also with a high practicality sense, I'd say you should opt for whatever you feel more comfortable.
If you don't want to manage anything, then 1password, BitWarden, LastPass or any of those might be right for you. If you are more of the kind to tinker with everything, then you can have your own OwnCloud/NextCloud and use KeePassXC.
I particularly used the later setup, but NextCloud was too much to handle for me, and settled with KeePassXC + Dropbox.
You do you, but use a password manager.
You can roll your own with bitwarden too.
Another vouch for bitwarden, its free and has everything I need. Been using it for at least 5 years.
There are so many responses for Bitwarden that I am suspicious. Is it just that popular, or is this some sort of astroturfing? I didn't think Lemmy was popular enough to attract that, but who knows.
It's open source so lemmy users would naturally gravitate to it.
Been using it for years since LastPass' fiasco, no regret.
It is just easy to use and no issue.
But hey this comes from me random internet user talking to you another random internet user. If that's called astroturfing then we all do that around here.
It probably is that popular among this crowd. There's options to self-host your own Bitwarden instance IIRC.
I've started migrating away from LastPass and am using Bitwarden for new projects personally. LastPass is way better than nothing, but I wouldn't recommend LastPass over Bitwarden these days.
I use bitwarden - I like it a lot plus you can self-host if you don't want to trust a third party
Keepass, from here to eternity
Yes, so long as we're using passwords- I like Keepass because it doesn't have a browser integration or exploit pathways if any one of my passwords is out there on some host that gets compromised
I expect that pretty soon we'll be moving on to using passkeys instead of passwords I'll reevaluate how I keep my auth keys and passwords when that day comes
Bitwarden. Integrates extremely well on Android and on my PC in Firefox.
My opinion is that they are a godsend, and it baffles me why neither Apple nor Google have a proper client for this...
Thankfully Bitwarden exists.
I wouldn't trust either of them with my passwords.
I absolutely love Bitwarden. They've never been hacked (to my knowledge). Are super transparent. Answer support tickets extremely quickly and it only costs $1 a month to use 2FA. The extension and app are super fast, extremely well made as far as user-experience goes and I have never had a problem with them.
Tried Keepass, KeepassXC, 1password, Nordpass, et cetera. Bitwarden does it all better imo and fits my use-case perfectly.
2FA is still available in the free tier, it's just limited to TOTP and email code based 2FA. The paid teirs unlock additional methods like FIDO2 and yubikey protocols. Even if you don't use the advanced 2FA methods or any of the other benefits, it's still good to throw them a little money to keep them running.
I think what OP is talking about is the ability to generate TOTPs, which requires a paid plan.
One of the best decisions - software wise - I made was to switch from Lastpass to Bitwarden. Never going back!
I use keepass synced with internxt. Works so so , but internxt will hopefully improve
Keepass, synced between devices with Syncthing
Another vote for Keepass and clones
Best solution I think, at least you know where the vault is stored unlike cloud services.
At this point NOT using a password manager is absolutely insane from a security perspective. Password managers not only make your life easier, but if you use them correctly, you can setup each service with its own dedicated and complex password. Good luck doing that without one!
absolutely. My average password is something like "!^knqopLy4qiVa@2msZ8nLxjjz". while it can be occasionally annoying copying it to something new (for example, when i log into my VR headset after factory resetting it), its more than worth it for security.
Bitwarden is fine with me, but a company needs to earn my trust before I let them have that kind of information. Most companies out there just aren't trustworthy enough to hand that kind of data to.
Bitwarden for sure. I use it to store passwords, of course. But also to generate stronger passwords than I can make up myself. I also like the secure notes and emergency contact functions.
KeePass. Hands down the most secure one if you set it up right
That's the way. KeePass is great!
Yes, it's awesome. We have a new community on here dedicated to KeePass. Come check it out at [!keepass@lemmy.world]
That reads like "keep ass" FYI. Maybe consider camelcasing so it's clear.
Lemmy won't allow that, unfortunately
Absolutely for every single login. Makes life so much easier once you're dedicated to doing it.
Trust no one. Not because you're paranoid, but because you don't need to.
Trust no one and just use KeePassXC.
So you trust the KeePassXC developers. Im also using KeePassXC, but saying "trust no one" is BS. Except you audited the code yourself, which I doubt.
KeePass, and backup it on luks containers.
Here for keepass aw well. It might not havethee convenience of having it hosted somewhere eweily accessible. But 2smalls files are easy to store on my phone and nas.
I have been using BitWarden, and it's pretty good, but I'm shifting over to Keepass now, syncing the database with syncthing. Means I don't have to trust they won't be breached, but it is definitely a bit more of a faff to get set up. For anyone unsure, I would definitely recommend a managed service like BitWarden though. I got my sister on it, who would probably have a single password for everything otherwise, and she got the hang of it super quick.
KeePassXC / KeePassDX with Syncthing!
I do the same, works pretty well as long as you aren't editing both files at once. Make sure to enable versioning in-case of an erroneous change or deletion 😊
Bitwarden has literally changed my life.
A password manager is an absolute must, in my opinion! I use Bitwarden and love it.
KeePass synced across all devices with NextCloud. All the advantages of commercial password managers, but free and on your own network.
KeePassXC is the only password manager i trust, and the only place I'd store actually important passwords
I am also using 1Password since ages. Using a password manager is a great investment into your security. There are so many data leaks and reusing passwords is bad practice and will create headaches.
I am looking for alternatives though, since 1Password is getting worse.
1Password is an expense I cringe at every year. After trying several others, though,I settled on its expensive-but-simple option. The biggest advantage is that my family uses it - wife, daughter, parents, in-laws - on my family account. We have several shared vaults for passwords which affect subsets from in-laws sharing critical financial passwords with her, my parents with me, to my daughter and I teaming up on Starbucks and Panera.
The best part is that it’s simple enough for our octogenarian parents to use, and I help set it all up and got their emergency recovery kits created, filled out, and stored in their safety deposit boxes. As long as I can keep them using it I’ll keep paying for it.
Absolutley. You should absolutely use a password manager.
Personally, I use keepass synced via google drive with a yubikey to authenticate.
But, I'm happy if someone is just using the password manager at all.
Been using Bitwarden since 2017, I think.
I love it! I did use other password managers, but I ended up retaining Zoho Vault and KeePass. Zoho for work credentials while KeePass for archive and backup purposes.
One more vote for Bitwarden over here. I use the paid version, which is really cheap and because it supports the development. Been using it for almost 5 years and it's the absolute best.
Bitwarden all day, every day. Awesome stuff.
Just started using bitwarden maybe 3 months after I noticed an uptick in unwarranted 2FA requests, possibly the best decision I've made. Getting used to it took a little while, being used to builtin auto fill features from browsers, etc. But after getting the hang of it, logging in has become a breeze, same with credit cards.
KeepassXC
If you don’t use one, then what the hell are you doing?
Also, Bitwarden. Selfhosted
Using a password manager was a game changer for me and I recommend it to everyone. I use both Bitwarden and 1Password. I find Bitwarden to run better on Android and 1Password better on iOS. But both are the best password managers in my opinion.
100% recommend. It was a way easier switch than I expected, and I feel much more secure now.
I use Bitwarden.
I just use
123passwordfor all of my passwords, so I don't need one.notates username in case i need an account somewhere but am too lazy to create one
I use bitwarden. I like it a lot, especially because I like to switch between operating systems and web browsers. It works really well for my use case and I do recommend it to friends and family.
Using Bitwarden for some time now, the Android app doesn't always detect the login fields so i prefer 1Password, but Bitwarden is free.
Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.
To add to this, I use a self-hosted version of bitwarden. My favourite feature so far would be being able to fill TOTP seamlessly for websites that has TOTP added as 2FA.
The moment I select an account to autofill on any device and login, the TOTP is automatically copied to the clipboard.
It feels seamless as hell to use the auto-generated TOTPs compared to diving in to emails, checking texts, bringing up google authenticator, etc. I can't go back.
Not using a password manager (be it digital or simply a paper notebook) is just asking for a breach or getting hacked.
No one can remember the amount and complexity of passwords that are needed to live a secure digital live.
Every service/account you register for years now and couldn't live without it. I've set up a paper notebook for my mother and that works too.
But reusing passwords or using too short or insecure passwords is the number one reason why people get hacked or stuff gets leaked and stolen.
As a side note: a secure password doesn't have to include weird characters. Just make it long. Everything with 32 chars of letters and numbers or longer will be super secure for a while. And because your password manager takes of it, you don't even notice.
This thread inspired me to take a look at Bitwarden. It's so much better than what I was using that I switched instantly.
LastPass to BitWarden here. Instant and dramatic improvement
I use Bitwarden, and pay for their premium services. I really like it, it helps me keep track of all of my accounts, I'm able to keep all of my individual account passwords secure and unique, and I'm able to autofill my login credentials on all of my devices.
Yes and yes. I can't imagine NOT using one.
I begin to use KeePass and without any browser plugin.
I would NEVER allow to store my password on an online service
I pay for 1password. Previously I used KeePass and kept the database in my Dropbox folder. I would definitely recommend the 1password family plan. My wife forgot her password and I was able to unlock her account without her losing everything.
Absolutely necessary to have and use. KeePass offline works well for me. Clouds are for rain!
Use KeePass, sync the passwords with your preferred service (I use Dropbox), then use another method to transfer and save a key file to use together with your master password.
Don’t trust bitwarden unless you selfhost.
KeePass with Keepass2Android on my phone with the vault synced via Dropbox. Use biometrics to access both apps. I also use Secure Password Generator on Firefox to get passwords + several options in KeePass (readable passphrase, diceware, etc.)
I used KeePass for years. Now I switched to BitWarden since it's open source and audited.
Been using bitwarden for a couple years now and love it. The autofill was always super inconsistent on Chrome but works great for me on Firefox.
I switched from LastPass to Bitwarden. I think they're great, being able to use a strong bespoke password for every service along with one nuclear missile arming grade password plus 2FA for the manager itself.
bitwarden. Using it 4 years extremely happy. Did you know they allow creating a password up to 128 characters
I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.
Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.
I’ve been using passwords manager since a few years, but I switched to Bitwarden around Christmas last year after the data breach from LastPass. It’s so much safer than storing them in the browser or on one service that’s not available elsewhere
it simply is not plausable to remember so many complex passwords and services. i use bitwarden and i just need to remember one password, that's it. can not recommend it enough.
I switched to bitwarden after LastPass changed their offering and I'm glad I did because LastPass has had a number of security breaches since then!
I don't even know most of my passwords at this point!
Keepassxc works great with nextcloud sync
Bitwarden
LastPass -> Enpass -> BitWarden
Tried KeePass (on Windows), 1Password and pass before settling with BitWarden.
I use Bitwarden. Used to use Last pass, but that got crappy a while back.
Currently I use Bitwarden on both my phone and my pc, but I'm looking into self hosting it with vaultwarden. This gives you access to premium features (such as TOTP support, for which I currently use Aegis Authenticator). It also gives you full control over your data.
Password managers are a requirement for me these days. With how many breaches occur daily that we might not even know about you probably want a password that hasn't been reversed or used before. For me I don't know what I'd do without Bitwarden. I previously used LastPass until they added some restrictions and I figured out that Bitwarden was opensource. I don't currently run my own instance of it but easily could, keeping my passwords off other peoples computers.
I personally use keepass and only sync my database between devices with either syncthing or a flash drive
As others have said, bitwarden. I've also heard good things about roboform.
I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you've got the knowledge to do so.
Of course, if you're self hosting it make sure you have a solid backup strategy for your vault.
I self host a Bitwarden instance.
They are a must in this day and age.
KeepassXC on desktop with browser plugin, KeePassDX on android I find it less confusing to use than Keepass2Android.
It is only a bit difficult to setup sync, but you can use syncthing, or drive and it works nicely.
Lots of love for Bitwarden in this thread; I’d also like to pitch in with 1Password. It’s got a great UX and I even got my mom on board.
Used to use Lastpass since ~2013; really glad I switched last year. Lastpass has turned to absolute shit.
You should really use a password manager so you always have a secure and different password for each site
I recommend KeePass if you want to save your password locally
Or if you want something cloud based then I recommend Bitwarden You can even host your own instance
KeePassXC is awesome, used it for years. Works great with browser plugin, secure. Sync with Syncthing across all computers and devices.
I like the simplicity of password-store. It's just a simple wrapper around a text editor, gpg, and git that allows you to make an encrypted, version controlled password repository that you can sync between devices using GitHub/Gitlab/etc. It also doesn't lock you in to any app since the passwords are just stored in gpg-encrypted files.
Started out with lastpass many years ago, until it was bought by logmein. Have been using Bitwarden since.
I think the best quote on PW Managers was "Password Managers are the vegetables of the internet. We all know they're good for us, but a lot of people are still content with the equivalent of password junk food".
Password managers are great, and the time i have to spend unlocking Bitwarden to autofill my password, is about the same time that it would take me to type out a password on my own. AND my passwords are exponentially more secure!
Since switching everything over to bitwarden I never have to recover a password. I used to do it everytime I used a less common service
KeePass is the perfect tool for me ! The cybersecurity practice at work also use it,
switched from LastPass to Bitwarden and I couldn't look left or right
So many answers for Bitwarden but I too will agree. It's my go-to ever since I've found out about it, I don't know any of my passwords apart from my Bitwarden vault master password tbh.
1Password family account for my partner and I. Super handy to have a shared vault for household things.
Yep, 1Password for the win. The private and shared vaults are nice, and the built-in “haveibeenpwned” checker is a great feature. Only improvement I can think of is a username generator, but not a totally random one like Bitwarden’s.
Speaking of…I’m thinking of switching to Bitwarden because their paid tier is dirt cheap and I love open source.
Keepassxc for storage/backup and then I let the browser save the passwords I use. I like this setup.
Been using KeePass for years since I couldn't keep track of every single random passphrase I have. And yes, I recommend it highly.
I use KeePass (more specifically KeePassXC). I manually copy my password files around like a caveman but I don't mind. At least my kdbx files are not accessible easily.
I used to use BitWarden but switched to 1Password about a year ago once I decided to buy a business account for my department at work (which gives every user a free family account)
1Password is fantastic. It stores more than passwords, it's fine tuned to do that, but really can be used to store anything securely. The dev team uses it to share secure .env variables and API keys for example.
One of the best features though is the ability to share secured links to VIEW passwords outside of your network. When a coworker asks me to share an account password I don't just copy and paste the username and password over email. I click share in 1Password and shoot them a link that only they can view (using email 2fa). I can also make more open links to shared credentials that expire (or until I expire those links myself).
The phone app works great and once you get it set up on one device it's easy to configure it on others.
I've used LastPass in the past but now I use bitwarden, gets the job done
I can't imagine not having a password manager. I even got my mom to switch to bitwarden. I'm not sure if I just don't know how to do it, but the only thing I wish I could do with bitwarden is share a password with another bitwarden user.
You can share passwords with another user for free on bitwarden.
They have family plan if you need more than that and corporate organization tier for even more options.
You can. Look at the organizations features. For basic use I think it's only like one other person, paid opens this up more if you need it.
My goto is KeePass. Does everything I need. I like the use of hotkeys and the ability to have complete control over how the autotype works. Plus if you have a fingerprint scanner (phone or laptop or something) you can use autotype with that too. And the program is completely free.
Bitwarden, open-source, free, and awesome!!!!!
My mom would use the same password for everything or she would mix it up a little tiny bit.
Her passwords were like.
Rainbow2002! rainbow2003 RAINBOW!!!
It was a different word from rainbow, but that's just an example.
I got her using two factor with Google with a really good password and she's using the built-in Google password manager. Now all of her passwords are 20+ random strings instead of a single word with different numbers at the end.
I think that's a much better system than what she was using before.
I also use Bitwarden. I would recommend it to anyone who can benefit from a cloud-based password manager because the basic functionality is free and the more advanced features (premium, family) are very affordable.
Using Bitwarden safely will make your digital life safer, but it will most likely be more complicated than it is now. You will need to:
You can think about increasing your safety/convenience step by step by keeping a book of password (which can be lost, so has to be kept secure and probably make backup) with
I don't know if this totally credible or not, but I found news that KeepassXC receives positive audit from independent security consultant. Very rare to happen in pass manager apps..
I got this news from Linux Magazine first as I remembered, so I think this is credible and best alternative solution for us to use KeepassXC than other (never heard other apps has been audits by independent security firms / consultants like this).
I love using 1Password!
I use KeePassXC and synchronise it with syncthing. This allows me to keep it off devices I have no control over (OneDrive servers) and also allows me to have per device version history.
this is the way
Use KeePass!! It's an opensource, offline if you'd like, password manager that doesn't trust any third party servers to manage your sensitive information. https://keepass.info/
Well, shit. I don't use a password manager but now I feel like I should lol. Gonna check out bitwarden I guess.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
Been using this for years. Hosted via ssh on my server in a ovh data center. Fingerprint access and every single account with a random password.
Yes, 100%... In fact, I often do recommend it to others. Personally I use Bitwarden (paid account even) but I've also recommended 1pass to apple only users because it fits well in that ecosystem.
You can use them to generate a different password for each and every login. And it's really just random letters, number and special characters. That one site gets compromised? They can't then use those credentials to login anywhere else.
You don't have to remember those passwords. Passwords that are easy to remember are probably found in dictionary attacks. You know what's not?
Wt2Pwi#$a@Nzeq7*8UwSJ7sTsMKdC!HSGZZ7JnzCtxhfCfFCiXP&FD!yM!c^$DisSR@2(which I just generated with bitwarden)2-factor auth is also really easy with most password managers and makes logging in with 2-factor auth easy. I hit one hotkey to fill in the web form with my username/password, hit enter to login and then it auto-copies my TOTP code so I can just paste it and go. Super secure but super easy.
You go to a phishing site? Guess what, a good password manager will store the url and if it doesn't match, that should be your first red flag. If I end up at g00gle.com instead of google.com, it won't show as having a login available.
1Password since forever. Can’t imagine having to type passwords or remember them.
Have been using 1password for about 5 years now and have not have a single problem. I really like the integration with browsers and the iOS app. I am keen on testing protons though since I use the VPN and email.
In the same boat. Love 1pass, and excited to use Proton's as I use all the other apps in their environment. There is a lot that is missing from proton's but its new and a work in progress so we will see!
Bitwarden by a mile.
I've used password managers for as long as I've used the internet. I find it absolutely essential.
If you're not currently using one, it's likely that as the number of your login credentials increase, bad habits will increase. So it's probably better to use a password manager any way.
If you're using good, separate password, saving logins in the browser might work for you too. In that case I'd suggest you read up on the security your browser provides, ability to sync, migrate etc.
Been using Bitwarden for years now. It's one of the first apps I install on every new device or browser.
1Password for years, never had any issues.
I'm not going to say whether it's the best or not because I have not compared, but I have used Keepass2Android for years which seemlessly integrates with my cloud storage and key files (stored offline), has useful randomized password generation, and is overall unobtrusive
Butwarden. Always Bitwarden. Just like almost everyone else in here it seems like.
My nickname in HS was Buttwarden.
Keepass2 as well. Probably can't go wrong with either one!
Switched from LastPass to 1Password after their ridiculous security breaches and haven't looked back. 1Password also kindly gave me the first year free after sending them my LP invoice.
I prefer a password with pronounceable content of nonsense words, separated by dashes, with some numbers and symbols in there somewhere. Such as: tostog-Meenish-flurbit-dalsag-3023# . It's long enough to be very secure, and easy to transcribe if I have to type it. None of the words are in a dictionary. I keep a big list in a note on my desktop, and peel'em off as needed, finally keeping the utilized PWs in Enpass.
After using one for like 8 years I really don't know how people have the time/energy to make up and remember all their own passwords
I've used Dashlane for a few years now and I can't say there are any issues with it at all.
I used to just use a list stored in Google Keep, "encrypted" in such a way that only I knew what the passwords were. That got really old.
I love Dashlane.. it has always treated me well.
I absolutely use one and regret I didn't use one earlier. I remember so often how I had to reset my passwords for different sites. Now every password I super complex because I don't have to remember it.
Does a sheet of paper count as a password manager?
Not as a secure one at least.
If you are not using a password manager you are doing it wrong.
Started with LastPass many years ago - but has changed to 1Password just last week.
Bitwarden and Dashlane were close contenders, but I found that 1Password's sharing feature was better in my usage scenarios.
it is has become so much easier to manage my password after I started to use bitwarden it is just convenient
It’s 1Password for me. Looks good, works good and is available for every platform that I use.
For work I use KeepasXC and Bitwarden+Vaultwarden as well.
Using a sheet of paper right now, am in the process of switching to a self-written password manager. It uses Vigenere encryption using a key that is not saved anywhere (that I have to remember) and saves to a .dat file. Should I use my own tool or a service?
So happy I got 1Password set up and it has treated me right during the years I’ve used it. I wish my parents had such a thing. They have all the passwords written on a sheet of paper that sits under the keyboard. Like the digital version of car keys up in the visor.
Keepass + Syncthing awesome combination
Used last pass for years until they decided no account sync for free users now I use bitwarden which I find is fantastic.
I've been a KeePass user for over a decade and it's always been good to me, especially when using Box and OneDrive to sync it between devices. The ecosystem is great with enough plugins and support to make it fit your use case on any modern OS.
Can't recommend it enough. Especially over other options that are offered by a commercial company (LastPass for example). Not only because you're intently placing your trust in them to not expose your data and keep it secure, but also because you're giving them a lot of leverage to turn around and hold your passwords for ransom at some point in the future (when they IPO for instance, as a popular example) or lock you out after they fold for whatever reason.
I haven't heard anyone mention Google password manager, which is the one I started using recently. I assume very few people trust it because... Google?
I use pen and paper... yup.
Been using the keepass format with varying applications for about 14 years. I used to host it in SVN repo for that sweet sweet cloud access! Not that smart im retrospec.. I feel like you shouldnt trust your passwords to the cloud, especially if their thing is password management. Last pass for example is under constant battery from attackers.
I personally moved to Bitwarden from 1Password due to the cost, and I believe for an average user, Bitwarden is definitely the way to go as it is very value-friendly (at $10 USD/year), and it is open-sourced unlike many other proprietary password managers. 1Password may get more features, however it being $3.99 USD/month, many users don't need the extra security features and I strongly believe that common sense is the best security for any user.
Keepass. Keepass2Android - can sync via cloud, I have my password file synced via OneDrive.
Been using this system for years now, works pretty flawlessly and keeps me in control of my password database. You can even self-host the database if you don't want to use a cloud storage provider
I use 1Password because I got my wife to use it. The paid plan is worth it just for the fact that she also uses it. If it was just myself, I would probably self-host Bitwarden.
We had a scare when my wife's phone died. Like, just totally dead and no way to get data off. She was not logged into her Google account anywhere else at the moment and didn't remember her password. We were able to do some sort of recovery through my email (I wasn't listed as a backup) but with a crazy delay, like 48 hours. I guess they have some way to see we have sent emails to each other that look personal.
Since then she has been using 1password with me. It's a little rough around the edges at times but it works great. The rough parts are parts that I didn't have at all in KeePass so it is still a net positive.
I couldn't live without one these days. I personally use Bitwarden. I have tried most of the other manager suggested in this thread. They each their own benefits. I would recommend one of the hosted services for most people (1password, Bitwarden, not LastPass). I came to prefer Bitwarden for their combination of features and openness. I have self hosted it in the past, but these days just use their hosted service.
There are a lot of side benefits to using one besides just remembering your usernames and passwords for you too.
Not lastpass because of their data breach?
I use keepass and host the files "myself", means in my clouds, keepass droid is a nice adfree app, I just like to have control over my passwords after I read some articles about password "safes". It's a bit effort to setup, but since then works perfectly.
I don't but I should even though my threat level is zero.
But then isn't a single point of failure a problem? I guess we use these to make life easier with strong passwords, but what if the cloud with sync gets leaked, or someone keylogs my pass manager then I lose all passwords not just those incidentally affected by a leak or hack?
KeePass. Putting your passwords on someone else's webserver is just asking for trouble.
I used Bitwarden, I just signed up for pro last month. I like that it’s cross platform and there’s a web app too I believe.
Started with LastPass, used it for 10 years. Switched to Bitwarden a while ago, would never go back.
I've used bitwarden for awhile now and even got my wife on it. I love it and it's simple to use.
What are my thoughts on a password manager?
I think it’s both a good thing, and a crutch. I feel the fact that most services are rendered unusable without an account is sad, and with the 100’s of accounts one is expected to have a password manager is sadly needed if you can’t memorize a password or can make passwords with a consistent pass phrase.
Do I use one?
Nope, I have a password system which is good enough for most accounts that’s always more than 7 character long and unique for each account without being lost to me. The only time it has failed as when my work decided to have us change our passwords every quarter, and I ran out of password ideas.
Im using KeepassXC and sync it with Nextcloud
Using a password manager to keep your passwords safe is a good practice. I’m still a bit hesitant to use the cloud based options. Even though all is encrypted. I use KeePass and OneSafe. Currently looking into the new password manager from Proton to investigate whether that is a good and practical one to use.
Yes. I’m in the free KeePass ecosystem. Self hosted via iCloud and backed up to Proton Drive.
KeePass2Android no net on my Android.
Keepassium on my iPhone.
And KeepassDX on my desktop.
Bitwarden's browser extension is great, which is something I can not say about their mobile app which is slow and not very user friendly. It does, however, make my passwords safer since I tend to use random ones.
Using Bitwarden for password manager, Aegis for 2fa, been working great for me so far.
Is it bad that I just love built-in Chrome/Google auto-fill manager? Is this not safe? Autosync to Android does it for me + the fact that i can auto-generate and save/fill passwords seamlessly without having to switch between apps
I use KeepassDX, one of the variants of Keepass. I don't know if it's any better or worse than the other variants but it has worked well for me so far.
The advantage is you are hosting your own password database so you aren't reliant on some cloud platform that inevitably gets hacked.
I just completed a study of Enterprise password management and move my company from LastPass to BitWarden.
1password was a close second.
Bitwarden is great and I don't know how I could live without it anymore.
I use keepass 2 with a self hosted nas for the main flle .
Yep, would totally recommend using one. I started with KeePassXC but switched to BitWarden later coz of simple convenience (sync and all that jazz).
i am happy since years with 1password
I can't imagine not using a password manager. I am a long-time user of 1Password and have been very happy with the service and apps. I recommend it to everyone. Worth every penny and then some IMO.
I use 1password. I heard that Apple uses 1password internally. I figure their IT guys are more expert than me, a random internet dude. So I chose 1password. Works great on desktop, mobile, and even Linux. Family plan is a good deal. You can even share passwords between users for common things like bank accounts, etc, between family members.
KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.
Any security researcher worth there salt says to use one .Not sure what the question is. Bitwarden and 1pass are general good recommendations.
I kinda don’t trust em tbh.
I use the paid version of bitwarden and would recommend it to anyone who can afford the subscription and two yubikeys.
I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.
I'm probably going to get grilled for this but I've Been using Firefox's Saved passwords, I really don't need anything better.
I started using Bitwarden a few years ago, and I will never turn back. Passwords available across all my devices (android app, chrome extensions etc). You can also sign up with them (they have free which is pretty limited and a paid version) or you can selfhost.
I run it selfhosted, so I don't pay and don't have any limitations.
They have received a huge influx of users recently from
1passwordLastpass after that breach.KeePass user here for.....a long-ass time. Won't use anything else. Official KeePass 2.x on my computers, and KeePass2Android on my phone. The database is synced to my Google Drive, and a strong passphrase plus a key file keeps it nice and secure.
Keepass with syncthing is GOAT
I use Bitwarden with some trepidation. I keep hoping that eventually Proton Pass morphs into something that seems even more secure but right now it's pretty basic.
Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.
Bitwarden's best warden.
They are totally necessary - if you don't use the same passwords across the internet I mean.
How many accounts do you have on the web? I can count at least twenty accounts that I have and use from a variety of services. Keeping different usernames, emails (through alias) and passes in mind is no easy task, so a good password manager is absolutely needed.
People are recommending Bitwarden and I can't say it's bad, truly, it's a really secure and private alternative. Although, in my opinion, keeping a offline safe for your accounts is way better because only you have the absolute control over all the credentials. I use KeePassDX on my PC and phone, synced by Synching, and being loving it for some years still.
A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.
On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.
I honestly don't know how anyone manages without one these days. How would you even keep track of it all? Even if you go the 'same password for everything' route of horrible security, different websites have different requirements for both username and password. Wouldn't be able keep it all straight at all.
I personally use 1password, which is better than Lastpass for sure. Probably not as good as Bitwarden, but I'm too lazy to switch a second time.
Ive used 1password since almost the beginning. Cant say I have any complaints at all!
I've used 1Password for years. Works well on all my devices (MacBook and Samsung Galaxy phone). I'd absolutely recommend you use one.
Not only are they great for handling complex passwords, but a benefit I've not seen mentioned here is that they are a way of just keeping track of just how many sites and accounts you've registered with.
For example - You buy one product once from an online store, save a password so you can monitor the order status but never use that site again. Before I used 1Password I'd just have forgotten I'd even used that site. But now I can just look down my 1password account and see a whole list of all these passwords and accounts ive created. And there's loads. You forget just how many online accounts and passwords you have out there.
Loving vaultwarden. Easy to share with family for passwords, great browser extension.
I couldn't imagine not using a password manager anymore, so I'd certainly recommend it. At work we use 1Password, and I use NordPass privately. Both are great IMO.
Over the last 15 years or so I've moved from 1Password to LastPass to Bitwarden. I don't know how anyone manages without them.
I’d say they’re pretty much necessary so you can have unique, complex passwords.
I’m currently test driving Proton’s new password manager, I’ve been using 1Password for ages.
I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.
Having a password manager is incredibly useful when someone dies and you need access to their accounts. I think bitwarden and probably others lets you grant emergency access to someone, definitely leaving it in my will.
I can’t imagine life without one. So many bad password habits can be eliminated by using a password manager to generate a strong, unique password for every site you use, and devoting your limited password-remembering powers to one decent master password. (Or better yet, secure your password manager further using other forms of authentication.)
It’s not just for helping you (and your less technically inclined friends and family) remember and use strong, unique passwords, though. Since a password manager only recognizes the real web address that any given password was designated to, it won’t be fooled by a scam website using a similar-looking name to a legitimate one. While this doesn’t eliminate the risk of falling for a scam, every little bit helps, no matter how skilled you are at cybersecurity.
I use Bitwarden, which I’ve been using ever since Lastpass started limiting you to using a single device class (mobile or desktop) for free accounts. It integrates with both Firefox and Chromium-based browsers and with the password manager features in smartphones. Their free account is nice, but I went with the paid option so that I could keep and use 2FA passcodes within Bitwarden itself. There have been several debates between doing it like this versus using a separate authenticator app, but I feel like it’s both very secure and really, really convenient. It encourages me to use increased security on every website that supports it.
Another vote for Bitwarden!
Just moved from bitwarden to proton pass, so far so good. Would recommend keepass, bitwarden,1password but definitely not lastpass.
Yes, it saves on the odd site I use once a year and trying to have to remember that.
I’ve been using Bitwarden for years and also use the Apple password manager on my phone and iPad so I have a copy in case something happens.
I also keep some less sensitive work passwords on chrome because I don’t want to open Bitwarden at work.
It's a must.
Went LastPass (avoid) -> 1Password -> Bitwarden. Pretty happy with BW, as it has reasonable integrations on Android. Prior to that, i was using a UNIX tool called "pass", which used GPG and allow some degree of organization. I still use it for some stuff.
Self custody is something you need to keep in practice. I use keepassXC everywhere.
They should be a hard requirement to anyone that wants to access the internet by now. Although the ones built-in to the operating system such as Gnome keyring, Kwallet, Windows Credential Manager and Apple Keychain are OK, the third party ones are 100% better.
Personally I use KeepassXC and just have it synced across different devices via Syncthing. While I also keep weekly backup copies (without the Key file) on Mega with it zipped and password protected.
Using no password manager and a different password for every account would be the most secure option but most people (including me) would be too lazy for that. Instead I used to use the same password everywhere, which is obviously very unsafe. I then switched to Bitwarden, where I can just generate a secure password for each account and I can access them all with one password. I still need to remember only one password but it's a lot more secure than using the same one everywhere.
1password family user here. I cringe nowadays when people still try to remember their passwords and accounts and say they have a "good" system. It's a necessity nowadays. Sounds like the consensus favorite around here is Bitwarden. Anyone wanna tell why they prefer it over 1password? Is it because it's self-hostable?