this post was submitted on 03 Aug 2022
51 points (98.1% liked)

Privacy

31783 readers
470 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I started digging into opensource password managers and found that they all suck major ball sack. I ended up picking nothing. My two runner-ups were bitwarden. It works on Linux, Android, whatever apple's shit runs on, and even runs on PC's with the OS that you usually delete first thing. But the major drawback is that I can't trust it. It's got a "premium" version, and that has always meant a slow steady spiral into "you must pay now that we have you by the balls" situation. Another drawback is that it's centralized, kill the company and so go your passwords I suppose.

The other runner up is called liso. This one comes with two major drawbacks. One is that is browser only so far. The other one is that it doesn't work on Linux yet. Such a shit shit option. Everything else out there wants you to pay for encryption.

I did end up learning about pass on Linux. It creates encrypted passwords and there's some compatibility with guis and maybe available on Android??? Big question mark. I've tried nothing yet. My password list seems to grow daily.

So what's your favorite one?

top 50 comments
sorted by: hot top controversial new old
[–] Echedenyan@lemmy.ml 24 points 2 years ago (1 children)

Reminder that Bitwarden is backed by Microsoft SQL Server even in self-hosted instances (you must use it as backend database service).

Vaultwarden is a re-implementation that allows you, between other features, to use FLOSS database servers instead.

[–] imgprojts@lemmy.ml 3 points 2 years ago (1 children)

I feel like Microsoft has too much power. With linked in, they know if you're working, where and if you got connections. That company strives to rub me the wrong way in so many ways. But it's cool that there is a floss version.

[–] Echedenyan@lemmy.ml 5 points 2 years ago (1 children)

My worries are not focused in how much power that company has but the importance about digital rights, including software freedom between others.

load more comments (1 replies)
[–] tmpod@lemmy.pt 23 points 2 years ago* (last edited 2 years ago) (1 children)

BitWarden,¹ it just works really really well everywhere. The app is pretty much the same on every platform (which is a good thing imo) and you also have a CLI in case you prefer (may also be useful in some sort of backup script, I suppose). I personally use the cloud service they provide, but you could very easily and cheaply get a vaultwarden² server up and running and be the total master of your passwords, using a $2.5/m VPS or something like that.


¹ https://bitwarden.com
² https://github.com/dani-garcia/vaultwarden


Edit: links
Edit: also, the premium Bitwarden plan doesn't mean that at all, imo. The plan can be very useful if you really need those features (sidenote: I advise ever using the TOTP thing, that's just putting all your eggs into one basket and defeating the purpose of 2FA), it's very cheap ($10/y iirc) and you can always export all your data with the CLI, setup a server and import that data.

[–] imgprojts@lemmy.ml 2 points 2 years ago (1 children)

But they limit password sharing to two people. It's weird. Why? Is that a really good feature? Will they just change policy and screw you over later?

[–] tmpod@lemmy.pt 13 points 2 years ago

It is a way to make some income out of an open-source project. If you want the convenience of their managed server, then you have to pay to access limitless orgs (the way to share secrets), otherwise you're limited to just a 2-person org. The family pack is quite accessible imo, at $40/y for a 6-person org.
Your other solution is, like I mentioned before, host your own server. vaultwarden supports orgs, like you can see in their feature list: https://github.com/dani-garcia/vaultwarden/wiki

BitWarden is really great and a good example of a successful FLOSS project. I get the overall "companies just want to screw you up", but one must not get completely blinded by it ;)

[–] Adda@lemmy.ml 21 points 2 years ago

I personally use Bitwarden as a cloud solution and KeePass (KeePassXC for desktop and KeePassDX for mobile phone) as a local solution (I sync KeePass password database with Syncthing across all my devices).

If you do not trust Bitwarden, you can always self-host your own Bitwarden server (I would use vaultwarden, an unofficial Bitwarden-compatible server written in Rust).

Alternatively, if you do not want your data to be stored on any server whatsoever, KeePass with decentralized synchronization between devices with Syncthing works really great for me.

I hope you find what you are looking for.

[–] stamp_irl@lemmy.ml 17 points 2 years ago (3 children)

As many said combination of KeePassXC on computer and KeePassXD on android. I sync file with syncthing. For security I have setup three word passphrase, made of words representing unique stuff that was on my desk at the time of creating file, words are connected with symbols not spaces. Even if someone gets my password database file, it will be useless for them.

KeePass has many adventages:

  • local file, no need for internet to check passwords
  • tested and trusted file format
  • compared to pass (other local solution) encrypts metadata
  • can store more then password: ssh keys, otp
  • tons of applications supporting file format - death of one doesn't mean anything
[–] cout@lemmy.ml 10 points 2 years ago* (last edited 2 years ago) (1 children)
[–] stamp_irl@lemmy.ml 4 points 2 years ago
[–] ree@lemmy.ml 7 points 2 years ago (1 children)

If you're using a centralised sync system keepass allow keyfiles.

I use passphrase + keyfile. And I don't sync the keyfile only copy it manually.

[–] stamp_irl@lemmy.ml 3 points 2 years ago (1 children)

Or you can use something like Yubikey as a second layer. Don't know if that works on mobile.

load more comments (1 replies)
[–] imgprojts@lemmy.ml 3 points 2 years ago (1 children)

Yes. I was actually reading about this one last night after I posted. I decided to give it a try. In a few minutes I got my Google passwords out and translated. Now I need to add my other ton of passwords.

[–] stamp_irl@lemmy.ml 4 points 2 years ago

There are importers for most of the password storage options. I would recommend separate database for import and then merging import db with your actual database, backing up everything before.

[–] obsolete29@lemmy.ml 14 points 2 years ago (2 children)

KeepassDX on Android. KeePassXC on Linux. Sync my password file via Syncthing on my local network.

[–] Tempo@lemmy.ml 4 points 2 years ago

This is me except I use GNOME's Password/Secret manager on my PC

I don't know how I ever lived without Syncthing honestly

load more comments (1 replies)
[–] SrEstegosaurio@lemmy.ml 12 points 2 years ago (2 children)

KeePass XC/DC (keepass-cli most of the time) with Syncthing is amazing.

  • Fully offline.
  • It can be sync inys your own local network.
  • Secure.
  • Powerfull. (it really has a TON of useful features)
  • Fully FLOSS.
  • Works on all platforms.
[–] dessalines@lemmy.ml 4 points 2 years ago (1 children)

I do the same. It really is the best solution that's fullly E2EE, and doesn't require you to host a server.

[–] SrEstegosaurio@lemmy.ml 3 points 2 years ago

They can't compromise a server if you don't even have one.

[–] imgprojts@lemmy.ml 3 points 2 years ago

This is the direction I'm heading to for sure.

[–] saud@lemmy.ml 9 points 2 years ago

I use pass. It has a really nice app and Firefox extension. Pass might not be the easiest to use, but it's made using tools that I use everyday(git & gpg) and that gives me a lot of confidence.

[–] hellfire103@lemmy.ml 9 points 2 years ago

My favourite is Bitwarden. FOSS, privacy-respecting, secure and possible to self host: what more could you want?

[–] Helix@feddit.de 8 points 2 years ago

KeePassXC for solo and Vaultwarden (Bitwarden clone in Rust) for teams.

[–] beyond@linkage.ds8.zone 8 points 2 years ago

Cannot go wrong with KeePass (including derivatives). Works on all my devices, no cloud nonsense, everything is local and I can use Unison and Syncthing to sync it all up.

[–] Fissionami@lemmygrad.ml 7 points 2 years ago

Personal favorite: Bitwarden, It just works really well without issues and the free version is more than enough for a regular usage. And if you do NOT trust the company or you want the premium features without paying for them then you can self host it for yourself! Another great password manager is Keepass!

[–] enebe@lemmy.ml 7 points 2 years ago

KeePassDX (Android) + Syncthing to keep the file synchronized between devices.

I don't usually open the file on PC, but there are clients for all platforms

[–] noodlejetski@lemmy.ml 7 points 2 years ago

the major drawback is that I can’t trust it. It’s got a “premium” version, and that has always meant a slow steady spiral into “you must pay now that we have you by the balls” situation. Another drawback is that it’s centralized, kill the company and so go your passwords I suppose.

you can self-host Bitwarden if you want.

[–] sproid@lemmy.ml 6 points 2 years ago

Another drawback is that it’s centralized, kill the company and so go your passwords I suppose.

You supposed wrong. If for some reason their servers are unavailable you still have local access but lose sync. Enough for exporting and using another service if necessary. Still you should create a backup once in a while.

But the major drawback is that I can’t trust it. It’s got a “premium” version, and that has always meant a slow steady spiral into “you must pay now that we have you by the balls” situation.

So you have a beef with paying for services? or believe you deserve a premium quality software/service for free? If you don't want to pay then chose a choice that..

suck major ball sack..

Also some people already recommended Keepass but it weird you didn't mention it since is usually the first result for FLOSS. That one seems to fit your requirements.

[–] SudoDnfDashY@lemmy.ml 5 points 2 years ago
[–] kevincox@lemmy.ml 5 points 2 years ago (3 children)

To be honest I mostly use Firefox Sync. It is quite good and well integrated but only does the very basics.

For more advanced stuff I use pass. It is nice because it is infinitely flexible and can store binary data if needed.

load more comments (3 replies)
[–] yourliftingfriend@mander.xyz 5 points 2 years ago

Bitwarden, personally. Like others are saying, it works well and despite having a paid plan, it's not required at all, and you can still export all your data if they ever decided to paywall it or something.

[–] quasimagia@feddit.it 5 points 2 years ago (1 children)

I used Keepass but I dropped it because I had difficulties with sync using ftp servers on linux clients (I think it's a mono bug) - now I use Devol's Bitwarden instance and I'm satisfied, but I'm planning to install a little vaultwarden instanse on my RaspberryPi

[–] Helix@feddit.de 4 points 2 years ago (1 children)

KeePassXC can be synced via Syncthing and works very well that way.

load more comments (1 replies)
[–] DJalexTheGameDev@lemmy.world 4 points 1 year ago (1 children)

I personally use KeePassXC, it's FOSS and even has an extension for browsers. For Android there is KeePassDX.

load more comments (1 replies)
[–] Deebster@beehaw.org 4 points 1 year ago

Bitwarden is open source (server, plugin and app) and can be self-hosted so it's not centralised in any way that matters.

Also, I think an honest freemium offering is the best way to do it - have those that are willing/able to pay subsidise those who aren't. It doesn't have to be a slippery slope, and that's not exactly common in the open-source world. After all, you can just fork it and go your own way if you're not happy. Also, running servers isn't free, and being able to remunerate the devs a little is no small thing.

So, in summary, use Bitwarden. You can set up your own server and install the plugin/app yourself if you want.

[–] Mugmoor@lemmy.dbzer0.com 4 points 1 year ago* (last edited 1 year ago)

I used to use KeePassXC, it works fantastic. After a few too many friends and family members started asking me about internet safety due to getting their accounts compromised, I spun up a Vaultwarden instance for us to share.

[–] arthur@lemmy.ml 4 points 2 years ago

I've been using kpcli/KeePassDX + SyncThing for years now.

[–] MediaActivist@lemmy.ml 4 points 2 years ago
[–] cameraandsickle@lemmygrad.ml 4 points 2 years ago

I only ever used Bitwarden after I switched from Dashlane and I couldn't be happier. The Android app is incredible, it's got a great browser extension and it syncs for free. If you don't trust them to store your passwords on the cloud I understand that but I wouldn't know what alternative to recommend.

[–] Demigodrick@lemmy.zip 3 points 1 year ago

Self hosted bitwarden (vaultwarden). I think vaultwarden has the paid for features too (or some of them) but I don't use them so I'm not sure.

[–] iortega@lemmy.eus 3 points 2 years ago* (last edited 2 years ago)

I'm just happy using pass. I made several scripts to create new passwords and get usernames and passwords. I may end up using a GUI some day though, but not yet. And if I have more contents on encrypted files, I just use pass from the command line. I like having everything on git and the repository itself on a USB stick. Although I'm currently curious at Himitsu. If I have time I might try it.

[–] kir0ul@lemmy.ml 3 points 2 years ago (2 children)
load more comments (2 replies)
[–] cout@lemmy.ml 3 points 2 years ago

PyTenPass and KeePassXC.

load more comments
view more: next ›