How are you storing passwords and 2FA keys that proliferate across every conceivable online service these days?
What made you choose that solution and have you considered what would happen in life altering situations like, hardware failure, theft, fire, divorce, death?
If you’re using an online solution, has it been hacked and how did that impact you?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
bitwarden/vaultwarden. currently the best experience for me. and youncan self host it
BitWarden is really good. Has (nearly*) everything I want, works well across all platforms and the free plan is very featurefull. Even though I don’t really use any of the premium features, I still pay for the plan, to help fund development, it’s only 10€ a year.
You can kinda get autofill via a program called rofi-rbw on Wayland desktops (using wtype), but I found at least on Hyprland it often misses the field or the start of the password. I’d like to see a more consistent solution but definitely not via the official Electron app…
Another commenter said goldwarden implements that through the Remote Desktop XDG Portal, which only GNOME and KDE support at the moment (wlroots doesn’t implement it yet).
This seems great, I’ll defenetly try it out.
If you use GNOME or KDE, check out https://github.com/quexten/goldwarden.
Oooh, that looks very neat, thank you!
And it is wife / parent / grandparent approved in my household!
It’s good enough that once I taught my mom to use it, she then went and taught my grandma and now we’ve got the whole fam on a family plan. It’s seriously so good.
Seconded, plus hardware keys with passkeys disabled. Depending on your threat model, you might want your hardware keys to be a second factor, not a replacement for all the other factors. Passkeys do not fit into my threat model, as they are implemented as identity and password replacements rather than supplements
Bitwarden has an emergency contact who can access a vault after 2 weeks if you don’t deny it.
https://github.com/cyphar/paperback is great for a printed analog option as well. You could put your vault key into a multi paper printout, distributed amongst trusted people, so you need a quorum of them to get your secrets if you’re gone. Or get access to the family Google photos library, or whatever
Thirded. I self-host it (actually the Vaultwarden fork) and use it on desktop browsers, as a desktop app, and as and Android app (F-Droid). I also store secure notes in it (e.g. end of life instructions for my partner). Very powerful and versatile, and AFAICT, secure.