WingNews logo WingNews GitHub [2]
top | item 35845612

Ask HN: What is the best password manager available today?

30 points| dijondreams | 2 years ago | reply

I am afraid of a private company being responsible for my passwords but also not confident in my own ability to manage any sort of password manager across all my devices. What do people do?

72 comments

order
[+] mikece|2 years ago|reply
For cloud-synched across devices: BitWarden.

For maximum security (no cloud sync): KeePassXC

In both cases an essential feature applies: if you forget your master password you've lost access to your password database.

[+] autoexec|2 years ago|reply
I've used KeePass for ages and every time another password manager comes up in the headlines it's only ever made me feel more confident about that decision. Zero games, no cloud/other party to be dependent on, and I have total freedom to implement whatever backup/sync methods work best for my situation.
[+] DreamFlasher|2 years ago|reply
You could sync the KeePassXC database with Syncthing, to have e2e encrypted sync across devices, fully open source and without servers.
[+] bhu1st|2 years ago|reply
I feel safe using KeePass. Its hotkey auto-fills most of the time. You can regularly sync/backup the database to cloud.
[+] hayst4ck|2 years ago|reply
KeePass seems to sync via a preferred cloud provider fine.
[+] number6|2 years ago|reply
Use Vaultwarden and self host the backend
[+] palata|2 years ago|reply
This ^
[+] doodlesdev|2 years ago|reply
So, please define best, because it depends on what you're looking for. A list of the options I know and would personally recommend:

Bitwarden (optionally with self-hosted Vaultwarden) - Best UX for the FOSS options, syncs all your devices, overall just pretty good.

   Website: https://bitwarden.com/
   Vaultwarden: https://github.com/dani-garcia/vaultwarden
KeepassXC (optionally synced with syncthing or your cloud provider of choice) - Portable, no need to host a server to keep the database, offline-first. Database format is standardized, and other password managers support the database format.

   Desktop: https://keepassxc.org/
   Android: https://www.keepassdx.com/
   iOS: https://strongboxsafe.com/
   Syncthing: https://syncthing.net/
pass, if you're always on the terminal. (optionally synced with syncthing or any cloud provider). Or you can go with gopass, which uses the same database format, has better support for multiple users/stores, and enables git versioning by default. There are GUI and mobile clients available that are compatible with this database format.

   pass: https://www.passwordstore.org/
   gopass: https://www.gopass.pw/
These are the main ones I would recommend you take a look at for the most common use-cases. I can't recommend anything that doesn't provide FOSS clients or that can't be self-hosted, so some decent options UX-wise were excluded. You really have to see what you want out of the password manager to choose one. Keep in mind that for both pass and keepass there are multiple clients that are compatible with the database format, that affords you with more portability, options, and the possibility of having native clients.
[+] xarope|2 years ago|reply
I'd echo what others say, KeePassXC on local storage, which you can then sync across devices either with syncthing, dropbox etc.

However, I have just started exploring using vaultwarden (a rust rewrite of bitwarden, which is self-hosted).

[+] DreamFlasher|2 years ago|reply
I am very happy with my vaultwarden setup, but if you don't run your own server, you don't want to, KeePassXC + syncthing is probably the best you can do.
[+] zmmmmm|2 years ago|reply
Unix pass [0]

[0] https://www.passwordstore.org/

[+] zmmmmm|2 years ago|reply
Fwiw, the biggest downside of it is multiple user functionality.

It's doable, but you have to import the public gpg key of everybody who needs to access the secrets. Effectively, every secret ends up encrypted with the public key of every user who needs access - not sure how scalable it would be if you have more than a small team of people accessing it this way.

[+] zdragnar|2 years ago|reply
I love it on Linux, but has anyone else had it perform really poorly on macos? Last time I had a MacBook, it wasnt even close to the instantaneous speed of pass on Linux- more like seconds for every command.
[+] Costanzilla|2 years ago|reply
Back when 1password, 90% sure it was that, had no Linux client I was searching for a solution to store passwords and settled for Enpass.

I sync via WebDAV on my Synology NAS and I’m not really worried to lose anything since every synced device has a full copy of the data.

Thought about switching to 1password a few months back since we’re using it at work and the client is better but they don’t have an Enpass import. It supports some kind of CSV transfer but I don’t want to pay for a bunch of, worst case scenario, not really perfectly structured data so I decided to stick with what I have.

Edit: when thinking of switching I was a little nitpicky. I’m pretty happy with Enpass everything considered. 1p client is just even better but with the give them your data and your money thing, which I’m not necessarily fond of

[+] zapatos|2 years ago|reply
Enpass is like Keepass but with a better UX. Which is exactly what I wanted, and it hasn’t let me down on iOS + Linux, synced via Dropbox.
[+] egamirorrim|2 years ago|reply
Yes! Enpass is great, and I love that I can back it up to my own cloud instead of being forced into one cloud like with 1password
[+] billy_bitchtits|2 years ago|reply
1password
[+] CharlesW|2 years ago|reply
1Password is the best password manager I've used, and the family plan works great and is reasonably priced ($60/year). Unlike many folks who are cloud-averse, I prefer a cross-platform solution that syncs to the cloud, and I'm comfortable with their security model (https://support.1password.com/1password-security/).

It's worth noting that they really fubared the 1Password 8 transition and I was very irritated that they had me looking at alternatives. However, they gradually fixed the problems and missing features and now I'm 100% satisfied with it again.

[+] atmosx|2 years ago|reply
This. Hands down.

The downside is that is cloud based.

[+] version_five|2 years ago|reply
I have to agree. Been using it ~5 years with no issues. There may be application specific reasons some other manager is better, but for an easy to use and seemingly solid product, I'd recommend 1password.
[+] 0x008|2 years ago|reply
1password has a great UI imo. and they now support ssh keys as well (albeit a bit strangely, but at least they do).
[+] tdsanchez|2 years ago|reply
I came here to say this.

I've used 1password for 16 years and it is SOLID.

[+] xupybd|2 years ago|reply
I use KeePass. I sync with Dropbox. I've not found a solution that competes on simplicity and ease of use.
[+] margoguryan|2 years ago|reply
Dashlane has never failed me once since 2017. I even got my family to do the family plan. It rocks.
[+] doublerebel|2 years ago|reply
Since 2014 for me, through multiple startups. Easiest way to maintain personal passwords and still allow role-based management by any business I am managing or working with, in the same program and login.
[+] prezjordan|2 years ago|reply
Only one that reliably auto-fills and saves generated passwords for me.
[+] arepublicadoceu|2 years ago|reply
For all the people recommending keepassxc and are also iOS users, how do you deal with the lack of reproducibility of iOS apps?

Even “opensource” apps such as strongbox and keepassium have no way of asserting that whatever code they publish on GitHub is the same that I’m installing through the AppStore.

Am I just overly paranoid?

This is the main hindrance for me to using KeePassXC everywhere. If I’m going to blindly trust anyone I prefer to trust apple keychain.

[+] blitz|2 years ago|reply
Self-hosted Bitwarden via Vaultwarden
[+] archi42|2 years ago|reply
I was in the same boat as op: Didn't want to care about sync at all and use it on all my devices. Didn't want to rely on a third party. Vaultwarden solved that for me.

Like all services I self-host for personal use, it's only accessible via VPN.

[+] JenrHywy|2 years ago|reply
Bitwarden is also quite family friendly, both in that it's easy to use and you can share passwords with other people.
[+] Hamuko|2 years ago|reply
I use Secrets (https://outercorner.com/secrets-mac/) which syncs via iCloud. Definitely not perfect, especially if you're not heavily within the Apple ecosystem, but at least it's native and doesn't require a subscription.
[+] evantbyrne|2 years ago|reply
Do you have to pay separately for the mac and ios versions?
[+] connordoner|2 years ago|reply
Is there a compelling reason to use this over iCloud Keychain?
[+] alanfranz|2 years ago|reply
Bitwarden can be self hosted. KeePass* you can sync with a separate service (eg Dropbox).
[+] monlockandkey|2 years ago|reply
Keeweb.info

Kepass kdb file compatible but can access through browser interface. Backup kdb file to cloud storage.

Don't like bitwarden. Keeping your encrypted password file in Google drive is much better and portable than self hosting on your own server.

[+] aborsy|2 years ago|reply
The most secure option is probably Password Store with a PGP key on Yubikey, in my view.

There is also Passage, which is a similar offering, but I have problems with Yubikey PIV PIN caching (and prefer CV25519 to NIST curves).

[+] egamirorrim|2 years ago|reply
Enpass ftw, clients for all platforms, browser extensions and lets me backup to my own NAS/Dropbox/Gdrive
[+] jiveturkey|2 years ago|reply
define best. most secure? most usable? most portable? most other?