Password manager

Gabby · April 19, 2023, 7:01am

Hello!
Could you please recommend a password manager? I want to find a reliable application to store all my passwords. If it is possible to access it from a smartphone, that would be great.
Which one do you use?

TimHolus · April 19, 2023, 7:25am

modzilla · April 19, 2023, 7:36am

I’m a big fan of Bitwarden/Vaultwarden. It runs on anything, can be swlfhosted on a pi zero and has a very broad featureset. They even do regular audits so it’s pretty safe to use. Their free tier is also pretty good and premium membership is cheap.

regulareel · April 19, 2023, 8:33am

Both the above recommendation is good. I would prioritize KeePassXC especially if you have a way to back up the password database file sync yourself.

For convenience and cloud availability, the free tier of Bitwarden should be more than enough.

Damage · April 19, 2023, 12:52pm

For ease of use, Bitwarden - and $10 per year is a steal with 2FA and some storage/share options. I find it works well across all my devices. You can self host later as well if you want.

KeePassXC is well regarded - I believe KeePass is no longer maintained, so just check you get the right one!

TimHolus · April 19, 2023, 3:04pm

KeePass 2.53.1 released 2023-01-09 14:29.

KeePass 1.41 released 2023-01-02 14:47.

Damage · April 19, 2023, 3:22pm

@TimHolus - I stand corrected. And apologies, I got confused with keepassX. But that does mean it is still important to check it is the right one given such similar names to avoid confusion like mine…

TimHolus · April 19, 2023, 3:50pm

It’s always worth double-checking and thinking twice.

Gabby · April 20, 2023, 10:27am

Thank you very much for your help!

maximal · April 24, 2023, 7:37pm

Been using passbolt recently. It´s ment more for teams, but it´s simple enough that that isn´t really an issue. I´m currently using the cloud version (it´s $9 a month). Bit expensive maybe as far as password managers go. Even though I prefer not to self host it currently the ability to do so is one of the reasons I´m not that opposed to paying that price for it. If you self host it it´s completely free. You do get 3 users for those $9 and additional users would cost $3 per user.

It has browser extensions for all noteable browsers (except safari), mobile apps for android/ios and a cli client (if you need credentials in scripts). You can also directly use the go module the cli client is based on for more complex stuff. No native desktop apps currently. By default nothing is shared, but you can choose to share passwords with other users in the same “org”.

aLilBabyOtter · April 24, 2023, 11:09pm

Bitwarden.

sy5tem · April 25, 2023, 1:27pm

i switched to bitwarden a long time ago… its not perfect but close…

what i love about the company is that they are testing their security every year at least.

so i feel more confident that we will not get a surprise leak/hack like other password manager did in the past.

just my 10cents opinion.

thank you

DigitalMan · April 25, 2023, 6:08pm

I’ve been using 1Password for a long time and have been very happy with it. They have apps for everything, so you can access it from Linux, Windows, iOS, Android, etc.

ucav117 · April 25, 2023, 7:40pm

Been paying for Bitwarden for the last year and have been very happy. Semi-open source and like @sy5tem said they undergo regular security audits.

multiyogibear · April 25, 2023, 8:47pm

Pen and paper, and I am being serious

kush · April 25, 2023, 8:52pm

Someone did this for their Department of Homeland Security account. Literally a letterpad with pages and pages each page had a password and they’d cross off the password when it expired and add a new line on the same page.

Never understood the rationale behind requiring users to change their passwords frequently.

ucav117 · April 25, 2023, 9:15pm

It was because the NSA advised it up until about 3-5 years ago when they did a study that found it made no appreciable difference in security while reducing usability and also creating more attack vectors because people would write their passwords on a sticky note and put it on their monitor because they couldn’t remember it since it had to be rotated every 90 days or whatever.

ChrisA · April 28, 2023, 7:02am

I like bitwarden, especially the fingerprint security on a phone. I didn’t need the paid for version, but paid anyway as the service is worth supporting.

ucav117 · April 28, 2023, 6:44pm

I use the ability to upload files and pictures as a backup for important data that doesn’t change. I have my Birth certificate, pictures of my ID’s and Passports, etc backed up there. I encrypt them using my yubikeys and gpg --encrypt so that even though they are out of my control it would take the NSA and a quantum computer to get into them.

sy5tem · May 3, 2023, 11:01pm

hehe its quite inexpensive right

i think they only locked 2FA ability is under paid license, which is neet to have

10$ per year is nothing… and when a company makes money they can pay staff and take care of their software.

and today free software is riddled with “lets snif user and sell his data”