Just wondered what people are using for their password management.
I’m currently using 1Password on a family subscription for both password management and 2FA (and then Authy for the 1Password 2FA). But I’m seeing a lot more posters — particularly since joining Lemmy — championing BitWarden (either cloud or self hosted) and Raivo OTP as a cheaper, almost-as-functional alternative.
So is it worth the switch? Will I lose out on anything by doing so?
I’m currently running BitWarden with a free account to see if I can live with it. But I must admit, 1Password is a staple app for me and one that I would say is priceless to my workflow and setup.
Just interested in your thoughts and trying to stimulate conversation!
Bitwarden is open source (https://github.com/bitwarden) and was audited by privacytools.io, so I’m in team bitwarden !
It is perfectly integrated with all my devices and browsers, and it’s free to use.
Jup bitwarden is pretty awesome! I use a self hosted vaultwarden. You can link it with the bitwarden browser extensions.
If to choose it will be Keepass 🙂
Same. I even self-host it now, no getting caught up in massive data breaches for me!
I feel way more comfortable with having this one file than relying on some cloud-someone-computer thing. And experience is smooth thanks to Syncthing.
Been using Bitwarden for some time. Really like it.
Question for you since you mentioned how it’s integrated with all your devices. I currently do not use a PW manager (I know, shame on me). Let’s say I get bitwarden, do I need to go back and change every password on every website to the bitwarden-generated password?
It just seems like I’m “In too deep” in a way where it’ll be a pain in the ass to set up.
If you have stored your credentials in your browser, you can export them to Bitwarden. It’s fairly easy and will save you a lot of time.
The point of using Bitwarden (or any password manager) is that you have no idea what your password is. From a security pov you « should » update your credentials but no need to rush, one step a time 👍🏼
I started using bitwarden half a year ago and this is what I did. But once again moved, I Figured it worth nothing if I have weak and shared passwords across apps and sites. so eagrly I changed all the password on accounts that hold my financing details (bank, google, PayPal, etc…) and then lazily, every time I had to go to a site like lemmy for instance I changed it on the way
When I switched to bitwarden I updated my password to a more secure (bitwarden-generated) password each time I logged into a site and stored it on bitwarden. Painless. That’s how I got better passwords across the board and incrementally moved over to bitwarden.
Are you forced to? No. Should you anyway? Yes. I did what @else@lemmy.fmhy.ml said: just change them when you login. That way it doesn’t feel like a grand undertaking, and you still end up with extremely secure passwords that you don’t have to remember.
Also, i recommend generating your master password. If my senior mom staring down the barrel of alzheimers can remember a 12-digit string of random characters (after emptying out all the space wasted by a few dozen passwords), you can too
I felt the same as you. Here’s how I managed to deal with my piles of accounts: get BitWarden set up, and pick a few main accounts to enter in and generate new passwords for. Delete your login data and cookies from your browser, then add accounts to BitWarden and generate new passwords as you come to need them. That way it’s one at a time not all at once. Made it manageable for me! (BitWarden even prompts you if you’d like to save a login if it’s never seen it before)
You can just add your current passwords to bitwarden, no need to change any passwords if you don’t want. It actually takes less effort than you might think. Just add your username and password each time you need to login to something and everything will be added pretty quickly.
Y no one mention self hosted valutwarden
FYI privacytools[.]io has long been commandeered by the BDFL who apparently accepts—how do i put this impartially?—financial incentives for supporting specific software.
Privacyguides.org is the version maintained by the original privacytools team that have been doing the lion’s share of the work since 2019
There’s a huge drama between privacytools and privacyguide, I’m not sure anyone here can tell what happened internally after reading both side of the story.
Yes privacy tools accept sponsoring but it should be transparent about it ? It was the case before, I’m not using the site anymore so idk if things have changed in a bad way I’m sorry I promoted it.
+1 for Bitwarden, have used it for years. In general, always go open source, especially for privacy / security tools.
Bruh that site doesn’t do the audits themselves and if they did I would steer clear of anything they say they audited, look at all the sponsored suggestions, who would trust a site with those on it
Odd seeing so many people prefer Bitwarden specifically for the polish and UI. Those are the reasons I chose 1Password. Both work! Both are actually pretty good solutions. But after using Bitwarden for quite a while for work, I set up 1Pass for my personal stuff. It’s just nicer and easier to manage, imo, even as a tech savvy user.
And this is why I love places like Lemmy. Balanced, different opinions 🙂
I personally have no issues with 1Password (except that v8 is Electron), but just tempted to try the alternatives given how strong a following Bitwarden appears to have.
Either way… it’s good to have options.
For sure. I set my father up on Bitwarden because he gets a lot more out of the free tier, and it’s hard enough to convince him he needs a password manager, let alone one that costs anything, lol.
This is also my experience with Bitwarden and 1Password.
I used Bitwarden for a long time and even selfhosted it, but it just didn’t feel that polished, especially on the phone. Then I tried 1Password and everything just works seamlessly.
In the end, I think it’s just a matter of taste.
Same for me. Self hosted bitwarden, wanted to love it, didn’t love it.
Went to 1Pass family and we ain’t moving.
Another vote for Bitwarden
I do think 1Password is a bit more polished than Bitwarden, and auto-fills more reliably for me (depending on the website, of course). I use 1Password for work, but choose Bitwarden for personal use because I value an open-source solution that I COULD self-host if I wanted to. I don’t self-host, because I’m lazy, but I COULD if I wanted to. It’s also a very cheap family plan compared to 1Password, I’m still trying to convince all my old people to use a damn password manager! But one could argue that using 1Password’s more polished interface instead of Bitwarden might make my life easier…
Haha I hear you re: the old people. My parents use a notepad, and they scribble out old passwords and write down the new ones. It’s beyond archaic. And my dad has dementia which is just a recipe for disaster.
I’ve added them to my 1Password family and setup a separate vault for them to use, and I have a few of their key passwords shared with my vault in case they lock themselves out of important accounts.
But I’m sure if I did decide to switch to Bitwarden I could move them over pretty easily.
Right, that’s the beauty of using a GOOD password manager, whether it’s Bitwarden or 1Password. They both make it relatively easy to export and import all your passwords.
My mom took to it pretty easily, but then again, someone changed her Amazon password and it took ages for her to convince Amazon to unlock her account, so she was pretty motivated to take steps to prevent something like that from happening again.
Yeah that’s my experience as well, it takes an event like that to scare them into taking password management seriously. I guess I’ll just have to wait until my various olds have all been hacked or had their identities stolen, and THEN maybe they’ll let me sign them up for Bitwarden. Eyeroll.
I bought my wife and I the family plan for 1password. The incident for me that got her to start using it was when her phone died. She couldn’t remember her Gmail password and was only currently logged in on her phone. She couldn’t remember her backup email passwords either. Somehow we were able to unlock her email with mine with a 72 hour delay or something crazy. It took so much effort to not be like “I told you so” but she pretty much told herself the same thing lol. Since then she uses it and loves it.
Yup. “It’s too much work to do preventative stuff” followed by “No one could have predicted this”.
A tale as old as time.
I haven’t had a problem with auto fill. Especially once you regularly use their default ctrl+shift+L to autofill. It may also be worth noting that some custom fields, if you make the name the exact same as the field, it will include that in the autofill. One of the sites I use has a company ID, and it autofills that too.
Ive used both, Bitwarden feels more mature plus it’s open source. But 1Password is probably more user friendly for less tech savvy people.
Thanks. I’m tech savvy so that’s not a problem. Just always used 1Password based on recommendations. More than happy to go open source, and 1Password 8 feels like a step backwards from 1Password 7.
Just out of curiosity, why exactly is it a step back? I’ve heard this comment several times but, having only used 1Password 8 (which I quite like), I have nothing to compare it to.
Because it’s now an Electron app on macOS and — in my personal view — Electron apps suck. Much prefer native apps.
Functionality-wise it’s the same, but just doesn’t feel as nice to use, if that makes sense.
Bitwarden’s desktop app is also electron, just a heads up
Good to know, thanks!
If it helps, I’ve been using Bitwarden since 2019 and never installed the desktop app. Can’t imagine what you’d need it for.
Fair enough, to each their own. I understand why electron apps might not be everyone’s cup of tea, but I think some really do work very well (VSCode is the standout).
Now you may have me there. Visual Studio Code is certainly an exception, I’d be willing to admit.
What’s the problem with Electron apps?
It’s personal preference of course. This article may explain it better than I ever could (might not be the best source, was just a quick DDG search).
I’ve never understood those problems. I’m not saying they don’t exist, I haven’t investigated it or anything lol, but I don’t see why individual non-electron programs have less overhead than individual electron programs when the argument is that multiple would-be electron apps could share one browser instance because multiple non-electron apps also don’t share anything.
Also I don’t see how not using a chromium base would make programs better about having massive 1 GB directories of various temp files.
What am I missing? Because clearly those problems exist.
I can’t say I fully understand the ins and outs of it because, like you, I’ve never looked into it in any great detail.
I’ve used VS Code for a while and I remember seeing a post on Reddit about how good it is “for an Electron app”, which raised my interest. I then saw more and more complaints about Electron apps, mainly around how they consume a lot of resource and ultimately crash peoples machines, resulting in data loss.
Don’t get me wrong, I see the benefits of Electron apps — they’re easy to deploy across multiple OSes which makes things a lot easier for developers. But I guess as a macOS user, I do love a native app for its look and feel and user experience. Not knocking that on all Electron apps, it’s just a preference.
I agree that 1password 8 is a step backwards when they switched to electron from native app on Mac. I’m still sticking on 1password 7 because of that.
I feel the same. I therefore use Bitwarden myself(not selfhosted as I don’t trust myself to host important things quite yet), and control 1Password for the rest of the fam.
Bitwarden.
I used to have 1PW, but their browser plugin just completely stopped working for me (and a lot of others).
Then I switched to BW. It has so much better UI, plugins and apps. Oh and it’s cheaper.
And if you want, you can host it yourself
I recommend KeePass, used it for years, open source, not hosted, can use a key file for added security and works well with nextcloud, drive, Dropbox, etc
KeePass is the way. Keep all these newfangled web services away from my passwords. And there’s plenty of different open source projects available that all works with the KeePass format.
Keepass XC + syncthing. doesn’t have to touch the cloud at all. It’s what I do, though I have investigated Vaultwarden for work. But no real SSO / AD integration with it is potentially a deal-breaker. Though I get that it’s probably complicated to add.
If your workflow is how you like it I would stay.
Vaultwarden might be worth looking into when you have time or want to set it up to check it out. Self-hosted Bitwarden compatible server written in Rust. Lets you store OTP for free which is a convenience I enjoy.
Will definitely look into Vaultwarden. Always looking for containers I can add to my stack!
KeePass is great. Has all the features I want and then some. Everything is stored locally, you can encrypt with password and private keys and it even has the ability to sync dabases on a on a home server. I use it on windows and android. Since 99% of the time I make password updates on my phone I’ll just sftp the database file to my server and then use it to sync with my windows machine next time I’m on it.
What’s the advantage of sftp over something like synching to automatically keep it updated on all your devices?
Well I own and manage the server for one thing, so it makes sense for me. Considering the sensitivity of this I try to keep as much of it as possible under my direct control. I only have three devices that I need all of my passwords on, and with KeePass you just click the drop-down and select the sync option when you need to update. I have an sftp client on my phone and will just upload the database whenever I need to. There is an auto syncing option on the client, but I don’t use it. It’s definitely not the most convenient option out there, but good security is rarely convenient.
I also use KeePass. Been using it for 2-3 years now. No complaints. Like you said, it has all the features I need and then some.
I’ve used BitWarden for a few years now and I really like it. I’ve set it up on both my PC and phone browsers, and it does its job well. Never paid anything for it, the free tier is generous enough for casual users like me.
It being open source sold it for me.
Another vote for Bitwarden
1Password is way better, but it’s more expensive and not open source.
Bitwarden is, like most open source apps, jankier than 1Password. Not as mature. But people that care a lot about their software being open source will use it because it’s the best open source option we have at the moment.
None of them is a bad app.
“Way better” is an exaggeration in my mind. It may have a few nicer things here and there, but name one thing 1Pass can do that Bitwarden can’t? It certainly has a different UI, but I definitely preferred this over my former LastPass account.
This “what can one do that the other can’t” is never a good argument. Specially against someone that was talking about quality.
A horse and a 2023 Lamborghini can do the same things, transport-wise. But that doesn’t mean that the quality is the same.
More expensive and closed source
vs
free or cheaper subscription, can even be self hosted and open source
I’ll pick the later
Yes, each one with their choices. I have the income to pay for better quality, so I use 1Password. But you can’t go wrong with any of those two.
I’m a HUGE 1Password fan–and have been for years. It is always the very first app I install on any device. Paid for every upgrade since v4 when I discovered it.
I was sceptical of the switch to Electron, but it’s just the front end. The backend is written in Rust and performance has been great. It’s not native, but that’s a current trend right now…
I was even sold on the subscription model, and now manage a family account for my wife and kids.
I’m using a combination of KeePassXC on Windows/Linux, KeePass2Android and Syncthing for database synchronization, plus a Yubikey for 2FA. Granted, it’s not a setup I’d recommend towards non-tech people, but it would take a lot before I’d switch:
- Works completely local, so I never have to worry about being locked out for any reason.
- Despite that, I still get the benefits of online synchronization through Syncthing.
- KeePassXC has by far the most powerful autotype functionality, which is a big timesaver since I often need to type passwords into non-browser windows.
The last point in particular was a dealbreaker when trying out Bitwarden/Vaultwarden a few years ago.
Sounds like a pretty sweet setup to be fair. I’m completely Apple so couldn’t replicate that entirely.
But from the feedback so far I’m leaning towards either Bitwarden or Vaultwarden for password management. And for OTP, guess I could use Authy or Raivo, but probably the latter.
Bitwarden and vaultwarden do support storing OTP. I guess there is some security in separating the services though if that’s what your going for.
Wasn’t necessarily going for separation of services, just haven’t used Bitwarden long enough to figure it all out yet. I’ve literally imported my 1Password vault and that’s it. I need to spend a bit more time messing around with it.
Another vote for Bitwarden. I love it and recommend it to everyone.