this post was submitted on 02 Mar 2024
312 points (96.7% liked)

Privacy

31975 readers
671 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to...

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 153 points 8 months ago (5 children)
[–] [email protected] 42 points 8 months ago (5 children)

and/or Vaultwarden as a selfhosted alternative.

[–] [email protected] 38 points 8 months ago (4 children)

Vaultwarden is a great piece of self hosted server software, which meshes with Bitwarden software perfectly. And for people who can't self host, IMO Bitwarden gives you more than enough bang for your buck with their own hosting plans.

It's one of the few examples of software being open source and ethically making money regardless. (For comparison, Standard Notes has tried pretty hard to make sure non-paying users have an inferior experience even if they self-host literally everything.)

[–] [email protected] 11 points 8 months ago

<$1/mo for bitwarden hosted premium is a no brainer for me

[–] [email protected] 7 points 8 months ago (1 children)

I was really disappointed about standard notes' plans. Took me forever to get everything set up to self host, only to find I couldn't even use markdown unless I bought a license? Silly.

load more comments (1 replies)
[–] [email protected] 5 points 8 months ago (2 children)

I'm excited that the bitwarden phone apps are getting a brand new native version for ios and Android soon.

load more comments (2 replies)
load more comments (1 replies)
load more comments (4 replies)
load more comments (4 replies)
[–] [email protected] 82 points 8 months ago (2 children)

Is Keepass there? Good. Upvote.

[–] [email protected] 59 points 8 months ago (4 children)

Prefer KeepassXC but let's be honest, the best password manager is the only you actually use and keep using.

[–] [email protected] 29 points 8 months ago (1 children)

And that doesn’t get hacked!

load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 8 points 8 months ago

I would only use KeepassXC

[–] [email protected] 62 points 8 months ago (3 children)

+1 For KeepassXC, I use it in combination with syncthing to have my passwords available on all devices.

[–] [email protected] 12 points 8 months ago (1 children)

Nextcloud syncs my KeepassXC safe.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 52 points 8 months ago (1 children)

Still using KeepassXC on desktop and laptop and KeePassDX on mobile.

[–] [email protected] 5 points 8 months ago (2 children)

This is exactly my setup. How did you know? LOL.

[–] [email protected] 14 points 8 months ago (1 children)

File synchronized with Syncthing? :)

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 46 points 8 months ago* (last edited 8 months ago) (4 children)

I use Bitwarden for passwords. Just works so well.

KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago) (3 children)

Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don't need to phone home to access passwords.

load more comments (3 replies)
load more comments (3 replies)
[–] [email protected] 33 points 8 months ago (3 children)

I like ProtonPass. It’s nice.

[–] [email protected] 11 points 8 months ago

And they are really moving quickly with development. I feel like we're getting new features monthly

[–] [email protected] 7 points 8 months ago

Same. The UI is pretty good and modern, they support TOPT and cards as well and the development is being done at a good pace.

load more comments (1 replies)
[–] [email protected] 27 points 8 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 23 points 8 months ago (1 children)

Keepass + Syncthing is a great combination.

[–] [email protected] 9 points 8 months ago (3 children)

And with Syncthing's Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.

load more comments (3 replies)
[–] [email protected] 22 points 8 months ago (1 children)
[–] [email protected] 7 points 8 months ago (1 children)

And I do keepassdx on Android, with a (phone-specific) database synced with syncthing


P.S. syncthing is fantastic: I hope more people consider hosting discovery servers and especially relays

load more comments (1 replies)
[–] [email protected] 18 points 8 months ago (1 children)

I use keepass with my database on onedrive.

Then i connect every device to said onedrive account, copy the private key manually on each device that i need to use.

I secure my databse with said private key + a passphrase.

Might not be the best setup, but i feel like with passphrase+key i am secure enough to have the db file in the cloud.

[–] [email protected] 7 points 8 months ago

you could encrypt onedrive with cryptomator

[–] [email protected] 15 points 8 months ago

If you are into the command line, pass is also neat. You can even have your keys in a git repo and access it with a FOSS Android app (requires some dedication to set it up). It's very useful to feed passwords to scripts without hardcoding them in the source.

[–] [email protected] 12 points 8 months ago

KeepassXC, Passbolt

[–] [email protected] 11 points 8 months ago

KeePass for me. I keep my encrypted vault in my 2 factor encrypted gdrive. Get the best of both worlds. No traditional cloud that's a target for hackers and I have passes I can share across devices.

[–] [email protected] 9 points 8 months ago

I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!

[–] [email protected] 9 points 8 months ago (2 children)

No mention of Enpass? Stores more than just passwords, can be synced locally over wifi or in the cloud without using Enpass servers.

[–] [email protected] 6 points 8 months ago

It's not open source and they haven't had a security audit in a while AFAIK, I used to use it too but migrated to Proton Pass for these reasons https://discussion.enpass.io/index.php?/topic/404-security-audit/page/6/

load more comments (1 replies)
[–] [email protected] 9 points 8 months ago

KeePassXC my beloved

[–] [email protected] 8 points 8 months ago (3 children)

I love Dashlane, someone tell me why it’s bad.

[–] [email protected] 11 points 8 months ago

I know they recently published the code for their clients, so that's a plus. But I can't find any independent audits for their architecture or clients.

While all mentioned options does have independent audits done.

load more comments (2 replies)
[–] [email protected] 7 points 8 months ago

I've been using Proton Pass since it launched and I think it's really really good.

Positives:

  • Nice integration with both desktop and mobile
  • Integrated in the proton suite, which I was already using
  • Allows you to generate an email alias for each login automatically. Websites will never have your real email and you can easily generate a new alias if one has been compromised
  • Supports 2 factor authentication via TOTP, works really well

Negatives:

  • No passkey support yet
  • Free version only supports like 5 email alias
[–] [email protected] 7 points 8 months ago (10 children)
[–] [email protected] 16 points 8 months ago (1 children)

Post-it notes on the monitor.

[–] [email protected] 5 points 8 months ago

Under the keyboard for added security.

load more comments (9 replies)
[–] [email protected] 7 points 8 months ago

Pass (Password Store)

[–] [email protected] 6 points 8 months ago (6 children)

Can someone explain what those password managers are doing better than Firefox?

[–] [email protected] 19 points 8 months ago (3 children)

I guess a bunch of things, as they are specialized apps:

  • proper auth. I think with Firefox you can have a password, but a password manager will have multiple options for 2fa including security keys, and on phone fingerprint unlock etc. In general, password managers are more resistant to malicious users gaining access to your device.
  • store all kinds of stuff. Not everything happens in the browser, and it's just convenient to have an app just for credentials. Many password managers allow to store and autofill credit cards too, for example.
  • on the fly generation of aliases. Password managers have external integrations. For example proton and bitwarden can integrate with simplelogin.io to generate email aliases when you choose to generate a new username.
  • org-like features. Password managers can be also convenient for sharing with family (for example). I do manage a bitwardes organization used by all my immediate family, which means I can share credentials easily with any of them. Besides the sharing I can also ensure my (not tech savvy mom) won't lock herself out (emergency breakglass access configurable) and technically enforce policies on password strength etc.
  • as banal as it is, self-managing. I like to run my own services and running my own password manager with my own backups gives me peace of mind.
  • another perhaps obvious point. More compatibility? I can use my password manager on whatever device, whatever browser. For some, it might not change anything, but it's a convenient feature.

As a personal addition, I would say that I simply want the cornerstone of my online security to be a product for a company that is specialized in doing that. I have no idea how much effort goes into the password manager from Mozilla, for example.

load more comments (3 replies)
[–] [email protected] 10 points 8 months ago

I need to enter passwords in lots of places that aren't a browser.

If Firefox's password keeper meets your needs, then I would endorse using that, for sure.

load more comments (4 replies)
[–] [email protected] 6 points 8 months ago (4 children)

No love for Nextcloud Passwords or Passman? Both have plugins for Nextcloud and have Android Apps.

load more comments (4 replies)
[–] [email protected] 5 points 8 months ago (2 children)

My favorites:

  • Proton Pass
    • Pros: Aliases, Proton integration
    • Cons: No passkeys (yet), native desktop apps in beta
  • 1Password
    • Pros: SHH agent integration!
    • Cons: Least open
  • Bitwarden
    • Pros: Most open, self hosting option
    • Cons: least polished user experience
load more comments (2 replies)
load more comments
view more: next ›