2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to...

2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to…

I’d also put Passbolt on the list, it’s not that well known, but it’s really great. I selfhost it on my home server and I’m very happy with it.

I have used 1Password with the annual plan for years across various browsers and operating systems and have found it to be perfect for everything I need. I will definitely take a look at Proton though.

chris
link
fedilink
110M

I use Passy because I like the purple UI lmao

My favorites:

  • Proton Pass
    • Pros: Aliases, Proton integration
    • Cons: No passkeys (yet), native desktop apps in beta
  • 1Password
    • Pros: SHH agent integration!
    • Cons: Least open
  • Bitwarden
    • Pros: Most open, self hosting option
    • Cons: least polished user experience

1Password supports passkeys btw. With aliases via Fastmail.

Proton Pass Pros: Aliases,

1Password technically does have aliases too but it requires a fastmail.com subscription. I use it and it works quite well though.

removed by mod

I’ve been using Proton Pass since it launched and I think it’s really really good.

Positives:

  • Nice integration with both desktop and mobile
  • Integrated in the proton suite, which I was already using
  • Allows you to generate an email alias for each login automatically. Websites will never have your real email and you can easily generate a new alias if one has been compromised
  • Supports 2 factor authentication via TOTP, works really well

Negatives:

  • No passkey support yet
  • Free version only supports like 5 email alias

Buttercup Foss is not mention and is a nice alternative

I use keepass with my database on onedrive.

Then i connect every device to said onedrive account, copy the private key manually on each device that i need to use.

I secure my databse with said private key + a passphrase.

Might not be the best setup, but i feel like with passphrase+key i am secure enough to have the db file in the cloud.

you could encrypt onedrive with cryptomator

KeePass for me. I keep my encrypted vault in my 2 factor encrypted gdrive. Get the best of both worlds. No traditional cloud that’s a target for hackers and I have passes I can share across devices.

No love for Nextcloud Passwords or Passman? Both have plugins for Nextcloud and have Android Apps.

Yes! Been using it for a long time now! Never had any (major) issues!

Snap! 😃

No love for Nextcloud

Pretty much in general for me now. I gave it an honest go for six years but there were at least four instances where a server upgrade required nontrivial intervention to bring it back.

Syncthing + Keepass[DX] has been solid for me.

Which one was that Passman or Nextcloud? I’ve run two instance of Nextcloud Password and one of Passman, for about the same time, with no issues.

Other people do seam to have issues running Nextcloud in general, but I’ve never had anything but PHP version stuff that is easier fixed. I love Nextcloud!

No mention of Enpass? Stores more than just passwords, can be synced locally over wifi or in the cloud without using Enpass servers.

Pietro395
link
fedilink
610M

It’s not open source and they haven’t had a security audit in a while AFAIK, I used to use it too but migrated to Proton Pass for these reasons https://discussion.enpass.io/index.php?/topic/404-security-audit/page/6/

Been using Enpass for something like a decade and it’s been perfect. One time licenses can be found on stacksocial, I think.

Any reason why Keeper isn’t on the list? Is it bad?

Same. So far it’s doing the job but I wonder if there’s some reason I should switch to one of these others?

We use it at work and im pretty happy with it.

assplode
link
fedilink
210M

I’ve been using 1Password for about a year now and like it a lot

Can someone explain what those password managers are doing better than Firefox?

In addition to what the others have said, with those other password managers you dont have to do much if you decide to change browsers some day.

I thought I read somewhere that the build in browser password saves are not very secure.

This was maybe 5 years ago so i am guessing they have improved it?

(I use KeepassXC)

I use the notes section alot. I can store all kinds of related info. For example on sites that still use a username to login, I can put the email I used to sign up in the notes section.

I’ll also do security questions answers here. Using a pasphrase generator for those is good. No one is going to check if your first dog’s name really was “consoling-roving-activator-earflap” and no one can find it on your over sharing grandma’s Facebook.

I’ll also attach any license keys/relevant files for software, now those stay encrypted and backed up with the database instead of in a random folder of text files.

deleted by creator

I guess a bunch of things, as they are specialized apps:

  • proper auth. I think with Firefox you can have a password, but a password manager will have multiple options for 2fa including security keys, and on phone fingerprint unlock etc. In general, password managers are more resistant to malicious users gaining access to your device.
  • store all kinds of stuff. Not everything happens in the browser, and it’s just convenient to have an app just for credentials. Many password managers allow to store and autofill credit cards too, for example.
  • on the fly generation of aliases. Password managers have external integrations. For example proton and bitwarden can integrate with simplelogin.io to generate email aliases when you choose to generate a new username.
  • org-like features. Password managers can be also convenient for sharing with family (for example). I do manage a bitwardes organization used by all my immediate family, which means I can share credentials easily with any of them. Besides the sharing I can also ensure my (not tech savvy mom) won’t lock herself out (emergency breakglass access configurable) and technically enforce policies on password strength etc.
  • as banal as it is, self-managing. I like to run my own services and running my own password manager with my own backups gives me peace of mind.
  • another perhaps obvious point. More compatibility? I can use my password manager on whatever device, whatever browser. For some, it might not change anything, but it’s a convenient feature.

As a personal addition, I would say that I simply want the cornerstone of my online security to be a product for a company that is specialized in doing that. I have no idea how much effort goes into the password manager from Mozilla, for example.

I’m answering your comment but I’m grateful for those who have answered. You basically have more extensive needs that I have, which makes sense.

On my side:

  • I’m not planning on leaving Firefox any time soon but the migration seems straightforward
  • The security is sufficient for me: master password on the desktop, fingerprint on my phone
  • To be noted: Firefox is my default password manager for all my android apps. Its scope extends beyond web browsing

deleted by creator

Yep, I know and it’s very convenient. I discovered recently that bitwarden also has integration, but requires manually provisioning an API key. Not as convenient but quite nice as well.

I need to enter passwords in lots of places that aren’t a browser.

If Firefox’s password keeper meets your needs, then I would endorse using that, for sure.

Still using KeepassXC on desktop and laptop and KeePassDX on mobile.

This is exactly my setup. How did you know? LOL.

File synchronized with Syncthing? :)

I’ve thought about it, but for now at least I just use a USB flash drive to keep the file synchronized.

I could say I know because i’m an elite haxxor but it would be a lie. I’m not even at script kiddie level.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog