this post was submitted on 11 Jul 2023
0 points (NaN% liked)

Asklemmy

43336 readers
819 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
0
What password manager do you recommend? (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by 001100010010@lemmy.dbzer0.com to c/asklemmy@lemmy.ml
11 comments fedilink hide all child comments
 

Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I'm done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I'll use Bitwarden. Thanks for recommendations! Now I don't need to worry about forgetting passwords anymore. πŸ˜„

Edit 2: It seems I've forgotten my email password as well as a few other accounts I haven't logged into for a while. Damn, should've used a password manager earlier.

top 11 comments
sorted by: hot top controversial new old
[–] miikaroo@lemmy.ml 0 points 1 year ago (1 children)

Non self-hosted: Bitwarden

Self-hosted: Keepass

Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that's not a problem for you then it's a great choice.

[–] kwelzel@feddit.de 0 points 1 year ago

One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren't you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don't know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

[–] Version@feddit.de 0 points 1 year ago

Definitely Bitwarden, but thereβ€˜s also a new product from Proton called Proton Pass. It works similarly to Bitwarden, but a few features are still missing.

[–] onichama@feddit.de 0 points 1 year ago

Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

[–] SecretPancake@feddit.de 0 points 1 year ago

Been using 1Password since 2010. I tried Bitwarden a few years ago just because of the price. In theory it ticks all boxes but it was a pain to use. I does not flow like 1P, some things did not work the way I expected and it looks like shit. Don't ask for details because I forgot. So I switched back. The new design of 1Password made it a little worse but it's still great and the integration into iOS and macOS is amazing.

[–] Gleddified@lemmy.ca 0 points 1 year ago (1 children)

I don't want to self host

IMO Keepass is not for you then. Bitwarden all day

[–] Candid_Technology_66@lemmy.ml 0 points 1 year ago (1 children)

But you can sync your database across devices using Syncthing or a cloud storage like MEGA.

[–] Magnetar@feddit.de 0 points 1 year ago

Keepass + Syncthing is great, works also on phones.

[–] foxinabox@lemmy.ml 0 points 1 year ago (2 children)

I'd say https://keepassxc.org/ covers all of your needs except the "Can be accessed via a browser" (Autofill works fine with a browser plugin)

[–] Hubi@feddit.de 0 points 1 year ago* (last edited 1 year ago)

KeepassXC with a browser plugin on the desktop and Keepass2Android on the smartphone. The password files are synced over my self-hosted Nextcloud and backed up to OneDrive. I couldn't be happier with this setup.

[–] Kekzkrieger@feddit.de 0 points 1 year ago

is the browser plugin safe to use? it kinda seems fishy