[HN Gopher] Ask HN: What is the best password manager available ...
___________________________________________________________________
Ask HN: What is the best password manager available today?
I am afraid of a private company being responsible for my passwords
but also not confident in my own ability to manage any sort of
password manager across all my devices. What do people do?
Author : dijondreams
Score : 16 points
Date : 2023-05-06 21:45 UTC (1 hours ago)
| mikece wrote:
| For cloud-synched across devices: BitWarden.
|
| For maximum security (no cloud sync): KeePassXC
|
| In both cases an essential feature applies: if you forget your
| master password you've lost access to your password database.
| palata wrote:
| This ^
| autoexec wrote:
| I've used KeePass for ages and every time another password
| manager comes up in the headlines it's only ever made me feel
| more confident about that decision. Zero games, no cloud/other
| party to be dependent on, and I have total freedom to implement
| whatever backup/sync methods work best for my situation.
| mikece wrote:
| KeePass is not KeePassXC. The former is written in .NET, the
| latter in C++; numerous open source audits have shown that
| KeePassXC is far and away more secure than KeePass. Not to
| mention that cross-platform performance for KeePassXC is
| superior.
| hayst4ck wrote:
| KeePass seems to sync via a preferred cloud provider fine.
| mikece wrote:
| You can sync a KeePassXC database using a provider like
| Google Drive/iCloud/Dropbox/etc but that's not a feature of
| KeePassXC, it's you doing semi-manual cloud synch.
| zmmmmm wrote:
| Unix pass [0]
|
| [0] https://www.passwordstore.org/
| zdragnar wrote:
| I love it on Linux, but has anyone else had it perform really
| poorly on macos? Last time I had a MacBook, it wasnt even close
| to the instantaneous speed of pass on Linux- more like seconds
| for every command.
| zmmmmm wrote:
| I use it intensively on Mac and not had that problem.
|
| Since it interfaces with GPG I would suspect something to do
| with how your gpg configuration is set up (is it trying to
| talk to a gpg-agent or possibly a pin-entry program that is
| timing out or something like that). Intrinsically what it
| does is completely trivial in terms of compute etc.
| zmmmmm wrote:
| Fwiw, the biggest downside of it is multiple user
| functionality.
|
| It's doable, but you have to import the public gpg key of
| everybody who needs to access the secrets. Effectively, every
| secret ends up encrypted with the public key of every user who
| needs access - not sure how scalable it would be if you have
| more than a small team of people accessing it this way.
| billy_bitchtits wrote:
| 1password
| atmosx wrote:
| This. Hands down.
|
| The downside is that is cloud based.
| hayst4ck wrote:
| 1Password is making choices for the business at the cost of
| security. Sucking people's password vaults into their cloud
| is very not cool. Additionally removing the local vault only
| option is another business first decision.
|
| It's only a matter of time before 1Password has a real
| security problem because the business forces at 1Password
| appear to be much stronger than the engineering forces.
| teaearlgraycold wrote:
| To be fair to 1p, they've got a great track record with
| cloud security.
| mixtur2021 wrote:
| 1Password is E2E encrypted no with decryption/encryption
| happening only at the edge? If the cloud storage is
| compromised, that doesn't mean the attacker can read the
| passwords?
| hayst4ck wrote:
| If 1Password controls the storage _and_ the access, that
| is a different architecture than 1password controlling
| the access but not the storage.
|
| They gave me the choice, and then they took it away so
| they could make more money.
| abbadadda wrote:
| Thoughts on SafeInCloud? I just opt not to sync to the cloud.
| xupybd wrote:
| I use KeePass. I sync with Dropbox. I've not found a solution
| that competes on simplicity and ease of use.
| alanfranz wrote:
| Bitwarden can be self hosted. KeePass* you can sync with a
| separate service (eg Dropbox).
| Hamuko wrote:
| I use Secrets (https://outercorner.com/secrets-mac/) which syncs
| via iCloud. Definitely not perfect, especially if you're not
| heavily within the Apple ecosystem, but at least it's native and
| doesn't require a subscription.
| kennywinker wrote:
| +1 for secrets. Simple, works.
| transpute wrote:
| Codebook on iOS/macOS with local sync, almost 20 years old, indie
| dev, https://news.ycombinator.com/item?id=35804714
| thealchemistdev wrote:
| https://keepassxc.org/
|
| "no-nonsense, ad-free, tracker-free, and cloud-free manner. Free
| and open source."
|
| Pair with Syncthing to go across devices.
| jiveturkey wrote:
| define best. most secure? most usable? most portable? most other?
| blitz wrote:
| Self-hosted Bitwarden via Vaultwarden
| spicyusername wrote:
| KeepassXC synced with Google Drive.
| [deleted]
| xarope wrote:
| I'd echo what others say, KeePassXC on local storage, which you
| can then sync across devices either with syncthing, dropbox etc.
|
| However, I have just started exploring using vaultwarden (a rust
| rewrite of bitwarden, which is self-hosted).
___________________________________________________________________
(page generated 2023-05-06 23:01 UTC)