Security Software Which password manager is the best?

Status
Not open for further replies.
Something to keep a lookout for in the future ?
 
I was using lastpass free until they limited it to one device
Now using Dashlane found to be better for me for the following reasons:
  • Better Autiofills than Lastpass especially on Android Apps
  • They offer Indian pricing which is affordable, you need to buy from Google Play store and can use web version afterwards
  • Also give Hotspot Shield VPN premium with its plan
 
Last edited:
I was using the LastPass free version but finally deleted my account after they got hacked twice last year . Now, wondering if I should consider anything at all but memorizing passwords is a hassle.
 
Bitwarden all the way and there is the added advantage of being able to self-host your own server if you are paranoid. Although it's free, I pay $10 yearly to support these guys and get the ability to store TOTPs. If you want something local KeePass is great (although sync is easy to configure with cloud sync). If you don't have a plethora of accounts/passwords to save firefox's default vault is kinda OK too. BTW we switched to BitWarden at work too (sometime in 2021).
 
Bitwarden all the way and there is the added advantage of being able to self-host your own server if you are paranoid. Although it's free, I pay $10 yearly to support these guys and get the ability to store TOTPs. If you want something local KeePass is great (although sync is easy to configure with cloud sync). If you don't have a plethora of accounts/passwords to save firefox's default vault is kinda OK too. BTW we switched to BitWarden at work too
I have just started using Bitwarden extension on Firefox. One thing that is putting me off is that everytime I want it to save a new password from a new website, it asks me for the Master password. Only after, I type in the master password does it try and save the new password. This is a tedious process because in LastPass it simply asked if I want to save the password to the vault and would save it or reject it based on my 'yes' or 'no'. No re-typing of master password each an every time to access the vault. Anyone else find the same issue?
 
KeePassXC on Windows/Linux/MacOS and KeePassDX on Android. There is strongbox and KeePassium for iOS. All can read / write to common KeePass File Format. You can sync file via syncthing if you want to stay local or usb or your preferred cloud if you are comfortable.

Avoid cloud based password managers including Bitwarden. Self hosting Bitwarden in a locked virtual machine adds more complexity to your setup. KeePassXC handles WinHello/TouchID much better than Bitwarden and no other password manager matches auto type functionality of KeePass. You don't need a browser extension to login. It adds more risk.
 
KeePassXC on Windows/Linux/MacOS and KeePassDX on Android. There is strongbox and KeePassium for iOS. All can read / write to common KeePass File Format. You can sync file via syncthing if you want to stay local or usb or your preferred cloud if you are comfortable.

Avoid cloud based password managers including Bitwarden. Self hosting Bitwarden in a locked virtual machine adds more complexity to your setup. KeePassXC handles WinHello/TouchID much better than Bitwarden and no other password manager matches auto type functionality of KeePass. You don't need a browser extension to login. It adds more risk.
No arguments on KeePass, but yeah cloud-based password managers are not what they used to be, Bitwarden is verifiably secure and is audited by security firms due to it being open source, though I wouldn't trust a proprietary cloud-based password manager like LastPass. I have been a proponent (and user) of KeePass myself but damn Bitwarden makes life easier, and yeah it doesn't compromise your security in any way, less attack surface area, and doesn't rely on security by obscurity. Good ol' crypto (not that crypto) and mathematics at work.
If anyone is worried about their credentials getting leaked, yeah let it leak doesn't matter that's Pentagon-grade encryption at work.
 
No arguments on KeePass, but yeah cloud-based password managers are not what they used to be, Bitwarden is verifiably secure and is audited by security firms due to it being open source, though I wouldn't trust a proprietary cloud-based password manager like LastPass. I have been a proponent (and user) of KeePass myself but damn Bitwarden makes life easier, and yeah it doesn't compromise your security in any way, less attack surface area, and doesn't rely on security by obscurity. Good ol' crypto (not that crypto) and mathematics at work.
If anyone is worried about their credentials getting leaked, yeah let it leak doesn't matter that's Pentagon-grade encryption at work.
Fair enough. But I find Bitwarden inferior compared to KeePassXC. I put my keepass file on my personal onedrive. So it's easily accessible to all my devices. KeePassXC winhello integration is awesome. I use fingerprint reader on all my devices to authenticate. Bitwarden WinHello integration is not reliable and requires me to have desktop Bitwarden app + the extensions. KeePass autotype allows me to enter my credentials anywhere including through rdp sessions with the sequence I want. I also store important files in my keepass files which I can preview/edit and close. Unlike Bitwarden where you need to download the whole file. I don't need to use any browser extension all thanks to auto type of KeePass. Browser extensions add more attack surface and also helps in getting you fingerprinted on the web (privacy).
 
  • Like
Reactions: dvader
Fair enough. But I find Bitwarden inferior compared to KeePassXC. I put my keepass file on my personal onedrive. So it's easily accessible to all my devices. KeePassXC winhello integration is awesome. I use fingerprint reader on all my devices to authenticate. Bitwarden WinHello integration is not reliable and requires me to have desktop Bitwarden app + the extensions. KeePass autotype allows me to enter my credentials anywhere including through rdp sessions with the sequence I want. I also store important files in my keepass files which I can preview/edit and close. Unlike Bitwarden where you need to download the whole file. I don't need to use any browser extension all thanks to auto type of KeePass. Browser extensions add more attack surface and also helps in getting you fingerprinted on the web (privacy).
I have never used WinHello, thanks for pointing it out. The reason I had to switch from KeePass was inferior Linux support (auto-type is not supported on Wayland). But yeah it's pretty seamless on Windows. But you can't go wrong with either, the bottom line is everyone should be using a good password manager :)

Also, to my security-conscious bros, head over to https://www.privacytools.io/ to find out private/secure/open-source alternatives to your daily tools.
 
  • Like
Reactions: TinTinSnowy
@dvader What do you think of https://www.privacyguides.org/ ? It came out of PTIO when the original owner took his domain back or something? Both projects are independent now. I found some recommendations of PTIO questionable like their top recommended password manager seems to be NordPass.

Thanks for pointing this out, It almost slipped my mind. To anyone reading this please follow privacyguides.org wherever you can and ignore any/all commercial/proprietary tools on PTIO. DO NOT GO with NordPass, LastPass, <PayMeMoney>Pass, etc, and above all ask your peers before making a switch.
 
  • Like
Reactions: TinTinSnowy

Well whatever side you are on (bug or feature) I would recommend against sharing access to your password manager/windows account. However I do see a point in sharing it with your spouse or significant other in case of emergencies.

@Married Members of TE, do you share access to your password manager/desktop with your spouse/parents for emergencies?
 
Status
Not open for further replies.