What password manager do you recommend?

001100 010010@lemmy.dbzer0.com to Asklemmy@lemmy.ml – 370 points –

Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I'm done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I'll use Bitwarden. Thanks for recommendations! Now I don't need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I've forgotten my email password as well as a few other accounts I haven't logged into for a while. Damn, should've used a password manager earlier.

280

I'll say maybe Bitwarden checks all of that.

I love Bitwarden! The $10/yr subscription is totally worth it too.

Can someone sell me on the subscription? I don't mind paying for it because that's really cheap but I don't really understand what exactly it offers. I've been using the free version of Bitwarden for years now.

Illl be watching this too - I have bitwarden, managed - but I don't use a subscription currently.

I specifically pay them because the money I'm giving them is put (mostly) directly into open source client/server components that benefit everyone at the end of the day, not just myself or the company but "humanity" in general.

If Bitwarden (the org) disappeared tomorrow, we would all still have access to really high quality software that someone could continue to push forward/develop and I appreciate that confidence and trust that they put forward.

I personally got it for the reports of duplicated or leaked passwords to make it easier for me to find and update all of my old, bad passwords.

4 more...
4 more...

Agreed, I've been using it for about 6 years after moving from iOS to Android and its great, fits all the points required by OP.

I’m using it since doing the opposite and it works great on iOS. Not sure if it was different a while ago but you can set it as your auto fill password manager.

I was just relying on keychain whilst on iOS and made me realise after migration I needed something that was platform agnostic.

Yep I've been using it for a while and it's great. The Firefox extension is a bit broken tho, as it keeps asking to save passwords which are already saved and there's no way to turn it off.

Another +1 for bitwarden, been using it for years without sub but I could see it being worth it.

Also been using this for several years and can concur, simple, easy-to-use, never let me down.

Throwing in for Bitwarden. Works across all my devices and I’m only using the free version.

Bitwarden user here for years, it fits everything you’re asking for , OP

4 more...

Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don't.)

Its also a privacy friendly service which has passed multiple security audits from external entities

Bitwarden checks all the boxes. I've had great experience with it. https://bitwarden.com/

I will say, auto-fill on load is a bad idea. On desktop I keep my auto-fill bound to a key so it doesn't actually end up in fields it shouldn't be.

2FA is locked behind the $10/year premium if that's something you wanted, but beyond that the free plan has everything 99% of people will use. They do third party security audits, have public white papers, and is completely open source.

Email and TOTP 2FA options are available in the free version, YubiKey, FIDO2 and Duo options are only available in the 10$/year premium option.

I'm sure they meant TOTP 2FA for the accounts saved in Bitwarden, not for the Bitwarden login itself.

I've been curious about a Yubikey like option for a bit now. Would you recommend one and if so which type?

Get a Yubikey that supports Webauthn and FIDO2. It's the future of two-factor authentication on the web. At work we use the YubiKey 5C Nano, but I think the entire Yubikey 5 series supports Webauthn.

Bitwarden only autofills if the page's URL is the same as the account in your vault. So it actually helps you make sure that you aren't putting your info into a phishing site or something

although, I'm pretty sure autofill is disabled by default anyway?

Bitwarden only autofills if the page’s URL is the same as the account in your vault. So it actually helps you make sure that you aren’t putting your info into a phishing site or something

This is true, though wasn't my concern. My concern is that it (and other PW managers ofc) can sometimes fill in fields its not supposed to, and you end up accidentally including a username or password in a GET header.

although, I’m pretty sure autofill is disabled by default anyway?

Auto-fill on page-load is, yes.

Is there much benefit to having access to the 2FA option if I already use RAIVO for 2FA codes.

Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven't paid a single penny to them. Autofill is possible, on both android and web browser, although you'll have to set it up through an extension. Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.

it ticks all your requirements!

Bitwarden is great. If OP wants they can self host it via Vaultwarden which I’m using. It works perfectly.

I pay just because I love them and it's under 1$ a month

I would love to, but I'm a bit tight with cash atm. I've been meaning to pay the 10-11 quid a year plan just to support them. They've given so much to me and I haven't given anything back :(

*Sees post. Guess I should make sure someone has said Bitwarden.

*Checks comments. Hmm, Bitwarden, Bitwarden, another Bitwarden.

*Good. I don’t need to reply.

I'd say https://keepassxc.org/ covers all of your needs except the "Can be accessed via a browser" (Autofill works fine with a browser plugin)

KeepassXC with a browser plugin on the desktop and Keepass2Android on the smartphone. The password files are synced over my self-hosted Nextcloud and backed up to OneDrive. I couldn't be happier with this setup.

Happy KeepassXC User reporting and there actually is a browser plugin that works flawlessly.

I too use keys as you do

How is the OSX and iOS support for Keepass nowadays? Are there desktop and browser clients for OSX, and what’s the autofill situation like?

Keepass was the first password manager I used and I really liked it, but I had to switch when I started using Apple devices for work a few years back, and the lack of platform support there was a nonstarter.

Strongbox for ios works with keepass formats.

is the browser plugin safe to use? it kinda seems fishy

I would be happier with KeePass if the Android situation wasn't so bad. The most reliable app still uses UI elements from goddamn Froyo and the more sleek, modern, auto fill aware app can't deal with cloud sync to save its life. I hate it here.

I use KeepassDX on Android and it feels alright

KeepassDX is the modern one I'm referring to. Because of the whole Android 11 SAF/scoped storage issue, syncing to databases and clouds that use DocumentsUI (the special folders you see when your Files manager window opens) fails all the time. I've repeatedly lost data due to KDX not properly saving or syncing, causing file conflicts and the passwords I literally just saved to vanish the next time I unlock the database.

The developer's response is that it's everyone else's fault that their apps' SAF implementation is bad, not KDX.

I absolutely cannot recommend using it.

What are you using for sync? I use Nextcloud and haven't had any sync issues.

I've had it fail with most SAF locations I tried after Android 11, especially pCloud. After the database locks and KDX leaves the RAM, it often cannot find the database it literally just saved, and will often just generate a merge conflict to the location it attempted to save. As a result, after you unlock once, it can no longer unlock the database and you have to bring up DocumentsUI again.

You know, I did have this problem like a year ago. Except, it was a problem with saving the database. I don't know what happened but haven't faced it in a long time now.

I use it all the time and sync it between devices without problems...

One more point on Bitwarden - when the top password managers were being hacked/exploited, Bitwarden was keen to fix what appeared to be vulnerabilities in an extremely timely manner. I don't remember where I read the article but it still fared best out of all the other managers out there.

It may have been ars technica, I don't remember.

Bitwarden, bonus points if you self host it. I use the Vaultwarden variation.

This is one of the few things I don't want to selfhost, at least right now. If I fuck something up with Vaultwarden or the PC it runs on, I lose access to EVERYTHING all at once. I'd rather offload that risk to Bitwarden's official server.

As long as you are using it on multiple devices you are ok. If the server goes down the app still works. So absolute worst case scenario, you can just export your vaults from your phone, then sign up for Bitwarden and import it.

I periodically take proactive exports every few months and put them on an external hard drive still though.

Backups is the keyword. I run Vaultwarden on my internal network, the data gets backed up to an external hard drive, borgbase and another remote machine using borg backup. I also stored the passphrases for these backups in a KeePass database (that is backed up elsewhere). I don't think I need to worry about data loss. Plus - if the Server is not reachable the synced devices should still have access to the passwords.

Guess I'm gonna have to give bitwarden a go, I've used LastPass for years but their quality of service and value for money has plummeted.

I used LastPass up until they re-started charging for multiple devices. I was happy to pay LastPass back in like 2013 when they used to charge for multiple devices, but when they decided to bring that charge back in 2022 (or whatever year it was) they were charging an obscenely high amount for it, and frankly the UX wasn't good enough to justify that price. On Android, more often than not I was having to go into the app to copy/paste it, because the native integration just wasn't working.

With Bitwarden I'm back to free, and it works so much better anyway. I never looked back.

is there a straightforward way to migrate? thanks in advance 🙏

Been using Bitwarden for a long time. Secure, easy to use and never had any problems with it.

Brah I've seen so many of these post asking what password manager people use and the comments filled with bitwarden replies.. it could just be lots of people really interested in password managers use Lemmy or bitwarden is astroturfing. One of these seems more likely

Non self-hosted: Bitwarden

Self-hosted: Keepass

Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that's not a problem for you then it's a great choice.

Bitwarden supports self hosting doesn't it? There's an option in the UI to specify server

Yup, you can selfhost bitwarden and use your own private server to sync between devices.

the name is vaultwarden. a reimplementation of bitwarden i think in rust. you can use it with all bitwarden-clients.

One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren't you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don't know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

You sound like me. I used KeePass for many years. AutoType rules. That said it wasn't as slick as other password managers for browser credentials. I moved my home stuff to Bitwarden and use KeePass for work. I honestly could never give up AutoType for work. Typing credentials into other applications is so handy and one majority of other password managers lack, including Bitwarden.

It's more to setup, but I have my keepass auto sync across several devices using OneDrive. Each device has a local copy of the database that is synced with the cloud version using triggers.

This is what I used to do. Although KeePass is better these days in that it will recognise when a database has changed and ask you if you want to synchronise the changes. KeePassXC will even reload the database when it detects changes.

Keepass is

  • open source and free
  • just uses a file, so you can sync it wherever/however you want
  • has a browser plugin with autofill if you're into that
  • is supported on all platforms
  • database lives in an encrypted file that you put wherever you choose

For syncing I use Syncthing. It's open-source as well and syncs two/multiple devices without the need for cloud-storage

Another vote for Bitwarden just in case anyone needed one more comment to get them to use it.

I use bitwarden but it can be quite annoying to use sometimes. Feel like I have to type my master password every 5 minutes and it won't even prompt me to enter it for a site I have a login on, have to dig into the menu and find it

On my desktop browser I have it set to relock only when I close the browser. So I only have to enter my master password the first time.

I have an Android phone and an iPhone and have bitwarden enabled on both and set to auto lock after 15 minutes. Very rarely do I run into and instance where bitwarden won't be able to auto populate everything on either device and I have biometrics set up to unlock my vault. When it doesn't I have to go searching but imo it's a minor inconvenience because it very rarely happens.

If you mean that when you are using the auto entry feature your account isn't showing up to populate the field without searching then you need to save the URI to the password so that bitwarden knows what account goes with that site. Just hit the auto fill and save button and it will automatically add that URI for you so you don't have to search next time.

I've got all that setup and biometrics work great. The problem is sometimes bitwarden just won't prompt in the first place, sometimes it works sometimes it doesn't, sometimes I have to wait a bit for it to realise

Ah yeah, I run into that sometimes but in my experience its pretty rare that it won't pop up. Sometimes just closing the app, from recent apps, and reopening will get it to trigger. I always assumed it had something to do with the apps save state when I closed it since it generally happens on my banking apps that automatically log me out. It's one thing I like about iOS is that when you are logging into something there is the little key button to open up iCloud keychain and Bitwarden so you don't have to let it do it automatically.

Bitwarden, self hosted.

+1 for Bitwarden here. One day I will go down the self-hosted route.

I have the server, just dont trust myself enough to cut the cord from BW servers.

Yeah, there's a lot to be said for letting the hosting be done by people who know what they're doing.

3 more...
3 more...
10 more...

Bitwarden is the exact app you just described. I use it. It's great.

I don't want to self host

IMO Keepass is not for you then. Bitwarden all day

But you can sync your database across devices using Syncthing or a cloud storage like MEGA.

Keepass + Syncthing is great, works also on phones.

Plus one for BitWarden for a great low price/free option that’s open source.

1Password if you have a few extra bucks to spend. I find the look and feel to be worth the money despite not being open source.

I agree on this one. I used Bitwarden first - but now I'm on 1Password for both work and personal use.

KeePass all day. Completely open sourced and free.

I use

KeePassium on iOS

KeePassiumXC on desktop

Keepass2Android (no net) on Android.

All synced via Nextcloud but you can sync via sync thing as well if you don’t want to self cloud host.

I've been using KeePass since the dawn of time. There are now other good options too, but I haven't seen any compelling reason to switch. It does everything I need both securely and well.

Last year I tried (and paid) 1Password.
For the past 6 months I'm using Bitwarden and it's really good. I find 1Password's UI better but if we consider the cost it's better to stay with Bitwarden.

1Password isn’t open source, is it? I use it and I’m super happy with it though. I don’t mind paying a bit for good security. I do wish it was OSS though.

No I don't think it is. I was super happy too but I decided to give Bitwarden a fair try and it's really good too. I only miss the 2FA codes that 1Password filled automatically but I'm using Aegis now since I had some worries about having one app with both the passwords and 2fa codes.

Bitwarden can auto copy the 2FA code so you just hit ctrl+v

Not in the free version unless I'm mistaken

I have also really enjoyed 1password, I also subscribe to Fastmail and the easy to make “masked emails” gives me additional peace of mind and makes that practice of unique or throwaway emails much easier to implement.

Bitwarden, Psono, Proton Pass. 1Password is not open source but they’re amazing too and most secure because of a layer of protection

Ooh wow, Proton also made a passmanager? I'm going to have a look, I kinda like that company.

I've had a good experience with 1Password, but I would absolutely look at the others if I was starting from scratch now.

One I wouldn't recommend is LessPass. It is kind of clever, but it relies on doing a hash of a set of values (master key + site + username + counter) and then producing a password from the hash based on some password specifications. Neat, but that's a lot to remember.

because of a layer of protection

What does this mean? It's very vague :D

1Password is secured with secret key on top of your master password, adds another level of security. many other password manager, Bitwarden etc are reliant on the strength of your master password

KeePass for me synced to whatever cloud you want. I use DropBox and the Android client has an option for that to save you work

I tried bitwarden and others and finally just settled on the firefox password manager. It does everything I need.

firefox

For me the firefox password manager is totally fine : I know where the encrypted file is and I can manually back it up and copy to an other computer ($HOME/.mozilla/firefox/[profile folder]/key4.db + logins.json). You can decrypt yourself the file easily too.

I use Firefox as well. My uneducated concern. I once installed Chrome on my PC for something specific. During the install, it asked if I would like to import my saved logins from Firefox. I thought: "let's see". In fact, it unencrypted the file, and loaded all my passwords. So, my thought is, of someone was to gain access to that file, how hard would it really be to unencrypted it? If chrome can do it as part of their wizard.

Again, feel free to educate me, but that's my concern

I assume it would only be (properly) encrypted if you set a master password in firefox?

If chrome could bypass the master password, that would be concerning.

My only gripe is having to insert my password every 15min (afaik it's either that or having all your accessible by anyone using your computer). That and the fact that they discontinued the password manager they had on Android. This is what made me move to bitwarden.

they discontinued the password manager they had on Android

I use it on Android Firefox every day, it syncs my passwords to all my linked firefox instances.

Ah, I was using Firefox Lockwise, which was discontinued, but I see that Firefox itself can act as a password manager now?

After 2 years of ignoring the fact that I use a duplicate password in over 100 places, and that password has officially been in breaches, I finally came to terms with the fact that it was time to find a password manager and generate unique passwords. I didn't do a ton of research and ended up with bitwarden. If I opened this thread to see a bunch of people ragging on bitwarden I was prepared to be VERY upset.

It’s been a long time since I switched to 1Password, but I used to use keepass. I’m not sure whether keepass has a browser extension, but otherwise (if I recall) it checks your other boxes.

1Password is great, even though it’s not open source, and you get to a spot in life where $3/mo is feasible.

Vault warden. (Implements bitwarden).

Works with bitwarden apps / browser plugins. Locally hosted. Rust.

Keepass all the way. Checks all the boxes. Access via browser: If you have a Nextcloud instance, theres a NC-Addon to open kdbx files in the browser.

re: Bitwarden I tried it and it wasn't sufficient for me. Is it now possible to also store and generate TOTPs? Can you store SSH keys and retrieve them directly from the password storage?

You definitely do not want to generate TOTPs in your password manager. That makes it a single point of failure in the event of a breach.

As stated by keepassxc: yes to in the same database results in a single point of failure but the easy and good solution is to store them in a separate database. Definitely more secure that stuff like some authenticator app on the same phone where the otps are used

You're right, good point! I'm going to separate the OTPs out of the DB right now. Thanks!

Definitely Bitwarden, but there‘s also a new product from Proton called Proton Pass. It works similarly to Bitwarden, but a few features are still missing.

There’s only two real choices imo.

Bitwarden or Keepass (KeePassXC for desktop, you’ll need one of many app choices for your phone).

Keepass you would sync to your own cloud provider and use a key file for protection.

Bitwarden is the obvious answer that fits all your criteria.

Why are these the only real choices? What makes the others not real?

Only ones I trust that are open sourced and have some kind of audit.

Don't closed ones like 1Password also have audits? But I guess it's a personal philosophy.

Sure. But I wouldn’t trust closed source software for passwords. Personal decision.

What are thr benefits of KeePassXC over the regular "original" application?

I use Linux and flatpaks so XC is the obvious choice for me - much nicer to use across platforms that aren’t a windows and only one available as a flatpak. Nicer interface. Supports TOTP codes (all I use it for, Bitwarden for passwords). More active development.

I use KeePassium on iOS with the same vault.

Currently using bitwarden. Moved over from LastPass. Free and works on browser plus mobile. Like it so far.

Bitwarden would be a good fit for what you are looking for, especially the cross-platform aspect. Keepass-derived solutions typically require trusting multiple developers, whereas Bitwarden is developed and maintained by a single team.

Thanks for this! I have been using iCloud Keychain for a while and was generally satisfied. However, it wasn’t until I recently switched from desktop Safari to Arc that I considered a third party password manager, but was stuck in decision paralysis.

Given the overwhelming responses in this post, BitWarden it is!

Since you don't want to selfhost anyway just use the one built-in to your browser. Nowadays you can set up synch with a password

Terrible idea. Never use your browser to save passwords. Way too easy to hack.

I am pretty sure you can provide reliable sources that are not one blog article by one individual telling their opinion.

If it's really "way too easy to hack" there should be plenty of souces.

I've been using Google's password manager mainly for convenience but had been looking to switch for a while, this thread made up my mind to switch to Bitwarden!

Made the same switch in October last year. Glad I made the switch. My work phone is an iphone and I don't generally use personal things on there but I do sometimes and being able to just login to bitwarden and sign into all my stuff is great. At first the switch sucks because my god did I personally have so many accounts but as you go it gets easier and easier. I recommend it to everyone and generally just get weird looks lol

protonpass for sure.

Bitwarden is great, but it's way too easy to lock yourself out of it if it's your first pw manager ever.

What would you suggest to first time users so they avoid being locked out?

You could get creative with a premium account "A" where you can designate another person/account "B"(can be free account) with emergency access after a waiting period.

When B requests access it'll send an email where A can approve/deny access immediately; or if you're completely locked out, B will be granted access after the waiting period that you can set passes.

B can either be another person you trust, or it could just be a written backup that can be locked somewhere safe but not accessed on a daily basis.

If you want, after designation you can cancel premium and the emergency access will still be active, you just cannot add/edit who has access.

Same way experienced users would prevent that.

Write down your password and recovery codes in multiple safe places.

That's a bit of a hassle. For me at least.

That's why I suggested protonpass. You can mess up but as long as you don't forget your pw you are fine.

Make sure you absolutely know your master password or put a hint as there's no way to ever reset or recover that password if you forget it

For important things Keepass (which I sync in Onedrive). For casual things whatever the browser offers... or some random long password and password reset ._.

Been using 1Password since 2010. I tried Bitwarden a few years ago just because of the price. In theory it ticks all boxes but it was a pain to use. I does not flow like 1P, some things did not work the way I expected and it looks like shit. Don't ask for details because I forgot. So I switched back. The new design of 1Password made it a little worse but it's still great and the integration into iOS and macOS is amazing.

1Password has some nice features (like it reads QR codes off the page and automatically handles 2FA for you, which is clever, but not necessarily the "2" in "2FA" you were hoping for) but it also has a lot of weird UI decisions that make it confusing to use, especially in a shared company environment.

It is a lot better than it was before though, now it's cross-platform (it used to be exclusively AppleSuperiorityComplexWare), but it's still not open source.

I like the Password for Nextcloud app. I self-host mine, but I think there might be Nextcloud instances that you can access. It is encrypted, and has an app for smartphones.

As others say, Bitwarden checks all of those boxes, and KeepassXC technically doesn't fit the "not self hosted" requirement, but you can store your database file in any cloud storage you want.

Bitwarden. Either selfhosted or the official

I use a mixture of Bitwarden and KeepassXC.

BW for most uses KP for things I only want local copies of ^^

If you're going through all your site's changing passwords maybe take a look at http://simplelogin.io to also hide your email address. Some sites block you, which is ridiculous, but for the majority of sites it's a good idea.

What's people's thoughts on Dashlane?

I've used it for a few years (paid family plan) and it works pretty well. I have no reason to try to switch to something else, at least for now. Password sharing is handy, and the Android mobile app is nice and integrates nicely into Gboard. It'll remember apps and autofill those as well.

That said I've been messing around with Proton Pass, since I'm paying for Proton Mail and other services. Seems pretty decent but I haven't tried the Android app much.

I used it for a while. It was okay but I got frustrated with some of the UI on Desktop. It struggled to recognize a lot of website password forms so I had to do a lot of manual login entry (even if it was copy paste it was still a pain). I really liked having a desktop app that didn't require a browser but they stopped supporting it, which was the last thing I was staying for so I dropped it for Keeper, then One Password.

With all that said, it's one of few pm tools that made it super easy to share passwords securely (more than keeper or Onepassword) , and it was pretty seamless to share logins for household stuff like Netflix and our mortgage servicer. My husband hated using though since he had his own system that preferred using, but used dashlane for things we shared.

I've been using keepass for 10+ years now. I store it on a USB that is only connected to the internet when I plug it in.

If you’re comfortable around *nix stuff: pass. Open source, free forever, you can “host” it with Github private repo.

Love pass. Been using it for years. Although I'm not sure how you would get it to form fill and stuff, but I don't need all that.

It has browser extension for Firefox and Chrome, iOS and Android app. On Mac it can even unlock the master password with touch id.

Personally the android app could be a lot better, although I’m not sure if it’s the app problem or just how Android handles password input from another app that needs fixing.

Bitwarden is fantastic, been using it for a long time now withour complaints.

Selfhosted or not, you can also make keepassxc portable with a usb drive.

Here is a old thread from redit explaining how to do it:

Dude.... KeepassXC has portables for linux, there is no need to mess with wine or mono. As long as you have both portable versions of KeepassXC, you will not have a problem. You can totally have your database sync between OSs.

  • For Linux, just get the AppImage for the portable.
  • For Windows, get the Portable ZIP archive.
  • Shove them both into a USB, you have KeepassXC portable for both OSs on a stick.

Source: https://www.reddit.com/r/KeePass/comments/10i8joq/keepassxc_portable_on_windows_and_linux_or/-

Now I don't need to worry about forgetting passwords anymore

Only problem is now I don't know any of my passwords, apart from master password for BW. 🤣

Chances are that I don't really care about the account if I used @duck.com as a mail alias and a bitwarden password which is the only constellation where an account might be unrecoverable without BitWarden.

I self host bitwarden currently, but have been playing with the idea of using Vaultwarden instead, just haven’t gotten around to uprooting my working system.

pass would meet your requirements. It is a super simple implementation of a password manager levying PGP for encryption and git for syncing. You can therefore use any git server for syncing. There are browser extensions for autofill etc and scripts to import/export passwords etc.

Hummm am I the only one using 'pass' ?

What I don't like about pass is that every entry is visible in the file system. An attacker needs just a directory listing to know where I have accounts.

My brain. Comes up with the whackiest excuses for why this-and-that password would be a great choice and how easy it would be to remember, only to later explain to me rationally why it was the wrong choice and how I should've known I'd forget it. Then again, that's just extra security. If it's only stored in my internal memory and even I can't remember it, no one else is getting in for sure.

Used to love LastPass, then it charge expansive for pc and android multi device. I'm too looking for better pm.

I use LastPass because my company pays for it, I also export to all of my browsers because LastPass doesn't fill or save passwords right on some sites and the browser auto fill works better. Sometimes that means I have to search a bit for the right password for an account, but the system works and I haven't had a compromised password that was my fault in a long time since I use autogenerated passwords. As always 2FA the important accounts.

I just use my very smooth brain Although its not very relible

Yea my smooth brain almost forgot my lemmy password lol. Hard to remember passwords when constantly depressed.

How about your login name? Hopefully your string of binary means something to you so it's also memorable!

Shhh... It's the secret to time travel! Or at least 1/3 of it.

Edit: Spoilers: It's from ::: spoiler spoiler Futurama, Bender's Big Score, the time code printed on Fry's ass (yes, literally) :::

As long as it's not also your password in reverse!

No my password is not in reverse, it's in inverse. Hackers are so dumb, when I'm already playing 5d chess. 🤓

110011101101

Be sure to invert it twice, to be extra secure. 🔐

Online password manager GTFO never ever doing that.

I use password safe desinged by Bruce Schneier, it's legit AF, https://pwsafe.org/

Do you not need to sign in to your accounts from different devices? Not to mention autofill support is a big deal, hence why browser addons are so important. The other password managers are plenty secure, especially with 2fa and webauth which that app certainly is not going to have.

The convenience factor is not there but you probably sacrifice security for the conveniences. Browser add-on is something else that can get hacked.

What do you do for a living where you somehow don't need mobile autofill? Do you not leave the house?

I used do cyber security for a fortune 500, that's where I got exposed to that password manager. Now I don't work, stay at home dad aka house manager.

Why are online password manager bad? Sure, the risk is obviously higher than the offline one, but online password manager would be sufficient for most people. Convenient outweigh for like 99.99% of people. Even if there is a data breach, passwords' hashes are not easy to crack, even if you know the salt. The only way to crack it is that you reuse password. So, as long as you use strong enough master password, it'll most likely be fine.

Also, if you care about security, you'll also probably be using TOTP 2FA anyway. So unless, TOTP secret is leaked at the same time as your password, then you are fine.

I use Samsung notes. Save all my passwords in there, they're all different and strings of words with characters in them etc.

Then i lock the note with one secure password.

I'd switch to something like BitWarden.

Samsung has Samsung Pass for an actual password manager