I started digging into opensource password managers and found that they all suck major ball sack. I ended up picking nothing. My two runner-ups were bitwarden. It works on Linux, Android, whatever apple’s shit runs on, and even runs on PC’s with the OS that you usually delete first thing. But the major drawback is that I can’t trust it. It’s got a “premium” version, and that has always meant a slow steady spiral into “you must pay now that we have you by the balls” situation. Another drawback is that it’s centralized, kill the company and so go your passwords I suppose.
The other runner up is called liso. This one comes with two major drawbacks. One is that is browser only so far. The other one is that it doesn’t work on Linux yet. Such a shit shit option. Everything else out there wants you to pay for encryption.
I did end up learning about pass on Linux. It creates encrypted passwords and there’s some compatibility with guis and maybe available on Android??? Big question mark. I’ve tried nothing yet. My password list seems to grow daily.
So what’s your favorite one?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 16 users / day
- 110 users / week
- 168 users / month
- 331 users / 6 months
- 14 subscribers
- 2.02K Posts
- 9.2K Comments
- Modlog
Bitwarden is open source (server, plugin and app) and can be self-hosted so it’s not centralised in any way that matters.
Also, I think an honest freemium offering is the best way to do it - have those that are willing/able to pay subsidise those who aren’t. It doesn’t have to be a slippery slope, and that’s not exactly common in the open-source world. After all, you can just fork it and go your own way if you’re not happy. Also, running servers isn’t free, and being able to remunerate the devs a little is no small thing.
So, in summary, use Bitwarden. You can set up your own server and install the plugin/app yourself if you want.
Just this week LastPass was hacked. Not the password database I guess, but it really points out how silly the idea of holding everyone’s passwords in your server is.
GNOME Secrets on PC and KeepassDX on Android.
Keepass!
My favourite is Bitwarden. FOSS, privacy-respecting, secure and possible to self host: what more could you want?
text file with gpg encryption
Effectively the same (through
pass).Cannot go wrong with KeePass (including derivatives). Works on all my devices, no cloud nonsense, everything is local and I can use Unison and Syncthing to sync it all up.
Padloc might have what you want.
AGPL.
Unlimited devices.
Multiplatform.
KeePass XC/DC (keepass-cli most of the time) with Syncthing is amazing.
This is the direction I’m heading to for sure.
I do the same. It really is the best solution that’s fullly E2EE, and doesn’t require you to host a server.
They can’t compromise a server if you don’t even have one.
KeePass DX/XC. Offline, you can choose to sync database in any cloud way you want, create offline backups, does not matter.
Personal favorite: Bitwarden, It just works really well without issues and the free version is more than enough for a regular usage. And if you do NOT trust the company or you want the premium features without paying for them then you can self host it for yourself! Another great password manager is Keepass!
Reminder that Bitwarden is backed by Microsoft SQL Server even in self-hosted instances (you must use it as backend database service).
Vaultwarden is a re-implementation that allows you, between other features, to use FLOSS database servers instead.
I feel like Microsoft has too much power. With linked in, they know if you’re working, where and if you got connections. That company strives to rub me the wrong way in so many ways. But it’s cool that there is a floss version.
My worries are not focused in how much power that company has but the importance about digital rights, including software freedom between others.
Oh I agree. Reducing digital rights is Microsoft’s #1 priority.
KeeWeb
KeepassDX on Android. KeePassXC on Linux. Sync my password file via Syncthing on my local network.
This is working well. My only complaint is that android doesn’t allow Syncthing to write/update to the SD card. It can backup the SD card, but it cannot update a change to it. This is definitely Google’s fault. Whatever is going through their minds, it’s definitely not helping me as a user of memory cards.
This is me except I use GNOME’s Password/Secret manager on my PC
I don’t know how I ever lived without Syncthing honestly
gpgI would not recommend PGP/GPG for anything. There are a ton of reasons to ditch it and move to something better, for every single usecase.
Why?
There was a really good article about why
pgp/gpgis a pice of radioactive waste that should be avoided at all costs. Both the standard and the de facto implementation.Sadly I don’t have the link with me rn. Let me search it.
Edit: here’s the link https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
Also, use age & signify over pgp.
It’s not a good look for the blog author when they suggested using Signal and WhatsApp, proprietary but open-source apps.
Is
ageandsignifybattle tested?Signal is not propietary. And in terms of security the Signal protocol is the best with diferenre you can get out there.
Signal is validated over sms and uses a ton of Google APIs. I’ll pass.
Okey, I agree on the fact that their server and client may be far from perfect. But the only problem with their protocol is that it’s not decentralised.
https://dessalines.github.io/essays/why_not_signal.html#why-not-signal
SIgnal is just as bad as insecure western social medias.
Why do so many crypto bros favor Signal?I’ll ask this again: Is
ageandsignifybattle tested?Signal is far from being perfect. And I would love a decentralised (p2p/federated) chat protocol implementing the Signal protocol. At the time being their protocol is best, we may question their main server and some of their practices, but at the time being I couldn’t find anything better.
Hmmm… I don’t think so.
I’m not a cryptobro. :c
Their as not as old and extended as PGP but their are based on solid cryptography.
Great read! Thanks for sharing.