Objective: Secure & private password management, prevent anyone from stealing your passwords.
Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open
Option 2: Use ProtonPass or similar solution like Bitwarden
Option 3: Host a solution like Vaultwarden
Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills
I’d never store my passwords in the cloud.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System Git Popular version control system, primarily for code IP Internet Protocol NAS Network-Attached Storage SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
7 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.
[Thread #173 for this sub, first seen 28th Sep 2023, 18:45] [FAQ] [Full list] [Contact] [Source code]
I do 3 and have encrypted backups to Dropbox so I can easy restore/spin up a cloud server if I need to
Yep but use Microsoft.
I use option 1 with Syncthing for a distributed cloud solution
Ditto, but with Resilio Sync.
Same, works like a charm!
Bitwarden+vaultwarden, harden the chosen VPS, set SSH to use keys only, then setup fail2ban for webserver and ssh Also consider putting ffsync on it as well for extra browser benefits.
I like this one as well, technically more challenging though
Remember to back that up, and test the back at intervals to make sure they work
Not watertight ofcourse but I love that the bitwarden clients keep a local copy so if the server ever goes down youve still got access just no sync.
goes without saying.
I’m very happy with self-hosted Vaultwarden.
I like Enpass. $25 lifetime sub via Stack social. Does the trick. If they ever pull the rug out on lifetime folks, I would go to Bitwarden.
I ended up scoring a free lifetime membership years ago, but is their stuff open source? I never fully trusted it, so I didn’t end up using it for anything
Enpass uses the open source library sqlcipher (which is an sqlite fork with encryption). So while Enpass as a whole is not fully open source, you can still exfiltrate your passwords with open source tools, should they ever vanish or radically change their business model. You can then use for example enpass-cli.
That gives me enough confidence to trust in Enpass, since they can’t easily hold my data hostage.
It’s not open source, so that’s an easy deal breaker for some. Considering the vaults are encrypted and Enpass itself stores nothing on their servers, I’ve been okay with it. The vaults just exist on my phone and wherever I’ve chosen to back it up (OneDrive, GDrive, Nextcloud, NAS, etc).
Option 2: 1Password
Why not Keepass on a webdav server? Both Keepass on the computer and Keepass2Android can open the file directly. If you save it on one it will merge the changes in any other copies you have open.
I never understood how storing your password in an unified storage is better than just remembering it yourself
Pease be satire! 😐
Because humans are generally unable to remember passwords varied enough to be secure.
I do keypassXC and Syncthing. It’s cross platform with only a couple bucks needed for lifetime access to all all necessary features depending on platform. Besides I use Syncthing for a bunch of other stuff as well, so it fits right into my flow. I’m considering moving to a command line tool simply called Pass, and still syncing with Syncthing, but I’ve yet to pull the trigger on that switch yet.
I also do keepassxc, dx on Android, and syncthing to keep them updated. What is it you paid for?
I’m both an iOS and Android user for various reasons. There is a free KeePass front end for iOS, but I paid a one time lifetime license for one that was a little more feature rich. That and the only version of Syncthing for iOS requires a like $4 purchase to allow you to sync folders outside of its default location, which was a pretty necessary feature for me.
I choose keepassXC stored locally
Keepass fIle in my own nextcloud instances, synced to my phone so I can also use keepass2android. This way if something happens I at least have another copy of it, beyond my backup system.
I do the same, but synced to Dropbox from computers and phone.
I have the Proton password manager as well but not sure yet if I’ll do a full swap over.
that’s actually exactly how I have my setup. I just use syncthing to keep everything dynamically backed up as I add passwords. my main login password is memorized and not written down anywhere so I think I’m good
Vaultwarden. And take regular back ups. I don’t trust my passwords to be safe anywhere other than my own servers. The chances of my server being hacked is very less.
I’ve been happy with Keeper
Same. Zero knowledge is good enough for me tho I may eat them words.
Realistically, I only see 3 risks using Keeper: my device has malware which lets them grab my passwords from my clipboard as I copy them, malware that lets them take control of my device after I’ve unlocked my password manager, or if the cloud storage is completely wiped out in some freak accident.
1 and 2 are risks for anyone using any password manager. And 3 is extremely unlikely since they use AWS for storage wirh multi-zone and multi-region redundancy, and certainly much more reliable than self hosting.
The risk of actually having your passwords cracked, even if the cloud data is leaked, is practically 0 as long as you have a decent complexity and length master password and 2FA enabled. And the risk is just as low with a MITM attack or other network based interceptors because of the ZK architecture (as you mentioned) and high encryption used.
Anyone promoting other password managers as more secure either aren’t considering the risks to data loss due to self hosting or are buying too much into their password manager’s marketing. I think it’s totally reasonable to prefer other options due to feature support or subscription price though. A couple of features that Keeper had that made me choose it were:
- Ability to create Records which allows me to store anything including files. This allows me to upload sensitive records like tax returns or other documents you’d traditionally keep in a safe or filing cabinet.
- Family plan that makes it easy for me to share passwords with people on my plan (great for things like streaming services). This brought the price to a reasonable level.
There might be other password managers now that support these features, as I haven’t kept up with them. I subscribed to Keeper about 6 years ago and haven’t had a reason to switch. I’m open to suggestions if people know of other managers with better features.
