thank you.

I don’t know if Firefox’s is safe but I use and love KeePassXC:

https://keepassxc.org/

deleted by creator

Lancaban
link
fedilink
51Y

Bitwarden open Source independently audited. Many good things.

Deanne
link
fedilink
131Y

it’s pretty safe but bitwarden is much better

Well it’s better than Chrome’s if you don’t sync to your account, however I’d recommend you local password manager such as keepass

Broswer != password manager. Will this notion please fucking die

LUHG
link
fedilink
381Y

Just bitwarden is all that’s needed to be said. Ohh, and yubikey

I use Bitwarden and, though all the features are very nice (self hosted Vaultwarden), the clients are really bad. The autofill is super inconsistent on Android. The app takes 20s+ to load on my Pixel 3a. You can’t trigger a sync from the quick autofill menu, you have to open the full app. The “desktop app” is just an embedded browser. I really want to like it, but it doesn’t make it easy.

LUHG
link
fedilink
11Y

I agree with most of your points although the android app is fast for me. The autofill isn’t great I must stress.

The windows app and autofill need an overhaul.

Not sure what you mean about no autofill on android, it definitely pops up on login fields for me and quickly lets me login with biometrics and then gives me my account. I only ever need to open up the app when I need to force it to sync if I’d just added a login on a different device and it hasn’t synced yet.

The Firefox add-on works great, and I’ve never really needed more than that and the website. On Android I have a 3a too and not noticed this issue.

IMO yes. It’s stored encrypted on their sync service, and you can additionally encrypt it locally too by setting a master password in FF settings.

Didn’t notice any mention that you can actually self host Firefox’s browser sync service yourself. Personally haven’t tried, but IIRC there’s setup docs on Mozilla’s github

I self hosted the sync service for awhile, but I think its broken now.

callyral
link
fedilink
201Y

I personally switched from it to Keepass, it is cross-platform, open-source and pretty secure. It doesn’t come with cloud support, but I guess you could just put the file in some sort of cloud storage you trust. It also supports one-time authentication codes!

@1984@lemmy.today
link
fedilink
4
edit-2
1Y

The big downside of this is when you need to log in to some web site when being away from your computer.

Then you have to transfer your entire database to some other computer and make sure it’s deleted afterwards in a secure way. Much more risky than using Bitwarden I believe.

I guess you can skip the deletion part if you trust there is no way to decrypt the db file in the future.

Rootiest
link
fedilink
11Y

On the rare occasion I need that, I just run KeePassDX Portable from a flash drive.

But really it’s a bit risky to use any password manager on a device you don’t control.

At least my KeePass database is secured with my YubiKey so it’s not likely anyone will get in if they do stumble onto my DB file.

feugnis
link
fedilink
21Y

I tried keepass but then switched to vaultwarden.

I’ve been using keepass for years. I use syncthing to keep the copy of the db on my phone and laptop and backup synced.

nicman24
link
fedilink
12
edit-2
1Y

Mozilla is one of the like 3 companies (thought the foundation is non profit) that I would trust my encrypted data with

520
link
fedilink
101Y

Keepass has what you’re looking for. Free, totally cross platform, no cloud unless you wanna put the database file on cloud storage, and can be very secure.

Or KeepassXC

520
link
fedilink
-1
edit-2
1Y

Context: KeepassXC is the Linux/macOS port of Keepass. Although it is handled by a different team, it isn’t significantly different from the Windows app.

This is just bad information.

It’s also on windows and yes it has more features like totp compared to keepass. It’s much more actively developed and has been audited.

520
link
fedilink
2
edit-2
1Y

It’s also on windows and yes it has more features like totp compared to keepass.

Technically true, but the main focus is being on more platforms than just Windows. From their site:

Why KeePassXC instead of KeePass?

KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft’s .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won’t get the native look and feel which you are used to.

KeePassXC, on the other hand, is developed in C++ and runs natively on Linux, macOS and Windows giving you the best-possible platform integration.

Also, vanilla Keepass has totp.

Does it without a plug-in now?

520
link
fedilink
21Y

Got it on my windows box, vanilla install. The function is a bit out-of-the-way but it’s there

If baffles me one is as tech enthousiast to be on the privacy Lemmy; but has never heard of a password manager.

On topic: Bitwarden is the way, like others have mentioned before me. It has delivered on all my needs for a manager for a couple of years now.

People learn new stuff all the time bro, no need to be a dick.

I wholeheartedly agree and support that. Hence my recommendation for Bitwarden. Somehow you lemmies can’t appreciate my sincere bafflement, constructive discussion everyone; it’s you who is the dick. Keep them downvotes coming and have a nice day.

The Firefox password manager can be secured with a master password that encrypts everything in your browser password store. Believe it’s pretty secure if you set this password otherwise it’s almost akin to having passwords stored in plain text.

+1 for bitwarden

It’s encrypted over Firefox Sync though, regardless of if you set a master password.

The master password is only needed if you don’t have complete physical security (or your machine is hacked)

Curious if OP was more interested in how secure the Sync feature is vs the manager itself. Sync requires trusting that Mozilla aren’t the bad guys.

Only if you have sync for passwords enabled though.

It only uses Sync if you set up a Mozilla account. If you prefer not to do that, you can still set a Primary Password and the passwords will remain local on your machine, encrypted: https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords

I use enpass because you can choose where to store your pass db. Also, proton released their own password manager

pjhenry1216
link
fedilink
21Y

I’ve used both Enpass and Proton. Enpass is a bit more feature-ful, mainly because Proton Pass is new. I switched away from Enpass as I didn’t like that they basically had me pay for it three times, even though the first one was a lifetime license. But I needed my passwords. Finally decided to put in the effort to move away from them as their constant begging to subscribe was annoying. So switched to Proton since I already subscribe to the plan that includes Pass.

Proton is working on expanding features and have added a few in the short while I’ve had it. I’d suggest Bitwarden over Enpass personally, particularly if you want features Proton Pass doesn’t offer yet (like no desktop or web app yet, but they are working on both, so until then, I need to use a browser extension)

I might see myself switching to proton pass from Bitwarden in the future, but a deal breaker for me is the lack of emergency contacts to give acces to your vault if the shit has hit the fan.

pjhenry1216
link
fedilink
21Y

They are working on password sharing, but it’s not here yet (I remember reading it in an email not too long ago that mentioned all the things on the horizon in the coming year if I recall, so it might not be super soon, but “soon”). So it might be a fit for you in the future, but for now I’d suggest sticking with Bitwarden (or some other app that meets your requirements).

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog