this post was submitted on 11 Jul 2023
368 points (98.2% liked)

Asklemmy

43742 readers
1318 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I'm done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I'll use Bitwarden. Thanks for recommendations! Now I don't need to worry about forgetting passwords anymore. πŸ˜„

Edit 2: It seems I've forgotten my email password as well as a few other accounts I haven't logged into for a while. Damn, should've used a password manager earlier.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 31 points 1 year ago (4 children)

Non self-hosted: Bitwarden

Self-hosted: Keepass

Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that's not a problem for you then it's a great choice.

[–] [email protected] 7 points 1 year ago (2 children)

Bitwarden supports self hosting doesn't it? There's an option in the UI to specify server

[–] [email protected] 4 points 1 year ago

Yup, you can selfhost bitwarden and use your own private server to sync between devices.

[–] [email protected] 3 points 1 year ago

the name is vaultwarden. a reimplementation of bitwarden i think in rust. you can use it with all bitwarden-clients.

[–] [email protected] 3 points 1 year ago

One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren't you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don't know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

[–] [email protected] 2 points 1 year ago

You sound like me. I used KeePass for many years. AutoType rules. That said it wasn't as slick as other password managers for browser credentials. I moved my home stuff to Bitwarden and use KeePass for work. I honestly could never give up AutoType for work. Typing credentials into other applications is so handy and one majority of other password managers lack, including Bitwarden.

[–] [email protected] 1 points 1 year ago (1 children)

It's more to setup, but I have my keepass auto sync across several devices using OneDrive. Each device has a local copy of the database that is synced with the cloud version using triggers.

[–] [email protected] 2 points 1 year ago

This is what I used to do. Although KeePass is better these days in that it will recognise when a database has changed and ask you if you want to synchronise the changes. KeePassXC will even reload the database when it detects changes.