I dont agree with many things apple does at all, and I also think their password manager has flaws like revealing usernames without authentification.
It is pretty handy though, to have a file where the entries are stored unencrypted, and if the password manager detects an entry it prompts to decrypt exactly that field, maybe with a fingerprint.
KeepassDX needs to run in the background and be completely unlocked to even detect apps or password fields.
Do you know any existing app that can do this?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.4K Comments
- Modlog
The recently released Proton Pass is also open-source and audited, keeps all the entries (including metadata) encrypted, and has a nice UI on mobile.
Also, for little money gain unlimited mail aliases (and the desktop UI is also nice :) )
it’s worth mentioning that protonpass unlocks biometrical on mobile devices and the browser-plugins support 6-digit pin codes.
deleted by creator
removed by mod
Think its for mobile since they mentioned keepassdx
Yes I already use these. On Linux I use Kwallet, store my huge random Keepass password in there and unlock the Keepass database by fetching that password using a shortcut.
But still, then the password storage is open. Not as elegant as an on-demand password requester, especially on Android
Kinda confused, you want a password manager that stores entries unencrypted but when you need them, the manager encrypts the entry and then prompts you for authetication to autofill the entry? That seems kinda dumb but if its just for convenience to not input your masterpassword everytime, keepassdx allows biometric unlocking. Think it’ll take as much time as what you described without potentially exposing any unencrypted entry info
Edit: Before someone jumps at my throat, security wise using biometrics is also kinda a no no but I understand not everyone has the same threat model so go for it if you want
If I understand it correctly, the passwords are stored encrypted, but not the additional data, like website-URLs and app-names. This way the password manager only needs to temporarily decrypt a specific password when it’s needed for auto-fill. In regards to the passwords that’s probably a bit safer than keeping all the data and the passwords unencrypted in memory. But the cost is that all the other data is stored unencrypted.
100%
Ohh thats kinda interesting I didnt know this. I appreciate the info
Bitwarden if you want it in the cloud, Keepass if you want it on the device. I’d recommend PrivacyGuides.org’s recommendations this time. They are rather careful as to what they recommend, still doesn’t mean they always get it right.
What do you think about PrivacyTools.io? Are they on the same level as PrivacyGuides.org?
Taken straight from the privacytools.io subreddit description. This will tell you more.
Privacytools.io does seem to be quite outdated currently. There are other good sources out there however.
KeePassDX + Syncthing is the best solution.
Use that but its not about that topic. Its about storing unencrypted metadata (or usinh android Keystore for example) and having autofill work always even if the database is locked, and its quickly unlocked just for that entry
I don’t think any password managers that don’t have that feature currently are likely to implement this feature after the beating that LastPass took in the press about it:
LastPass breach is worse than you think because URLs were unencrypted
Maybe an app might be able to cache the metadata locally but I don’t think it would be something people expect to be unprotected at this point.
I like this solution but it’s not really entry level
You can also self-host Bitwarden using Vaultwarden.
You can also run Bitwarden proper locally but unless you really know how to run and maintain a web server I wouldn’t recommend this.
The official docker image uses a lot more resources than the vaultwarden container, but it allows significantly more than 100 users. If it’s just for yourself and your family I suggest just going with Vaultwarden.
Why would any private person need this?
You don’t. I meant to say that only large organizations need the official Bitwarden docker setup, but I did not communicate that clearly enough.
Yes, but that is still cloud based. Keepass is local
Well, only if you host it in the cloud. Not if you host it at home, for example.
I think what they meant is that one option uses network connectivity while the other functions entirely offline
No, I did mean cloud based. Thank you anyways
Which would make it hardly accessible outside of your home. Still not locally saved as well. And imho if he is not sure which password manager he should choose, he should maybe not self host just yet.
Bitwarden keeps a local encrypted copy of the database and only connects to the server for synchronisation.
I am aware. Why are you telling me this?
Maybe because it seems you claim self-hosting bit warden is cloud only and that self-hosted is not accessible outside the house?
Note: I do not recommending self-hosting bitwarden