I am afraid of a private company being responsible for my passwords but also not confident in my own ability to manage any sort of password manager across all my devices. What do people do?
I've used KeePass for ages and every time another password manager comes up in the headlines it's only ever made me feel more confident about that decision. Zero games, no cloud/other party to be dependent on, and I have total freedom to implement whatever backup/sync methods work best for my situation.
KeePass is not KeePassXC. The former is written in .NET, the latter in C++; numerous open source audits have shown that KeePassXC is far and away more secure than KeePass. Not to mention that cross-platform performance for KeePassXC is superior.
You can sync a KeePassXC database using a provider like Google Drive/iCloud/Dropbox/etc but that's not a feature of KeePassXC, it's you doing semi-manual cloud synch.
KeepassXC (optionally synced with syncthing or your cloud provider of choice) - Portable, no need to host a server to keep the database, offline-first. Database format is standardized, and other password managers support the database format.
pass, if you're always on the terminal. (optionally synced with syncthing or any cloud provider). Or you can go with gopass, which uses the same database format, has better support for multiple users/stores, and enables git versioning by default. There are GUI and mobile clients available that are compatible with this database format.
These are the main ones I would recommend you take a look at for the most common use-cases. I can't recommend anything that doesn't provide FOSS clients or that can't be self-hosted, so some decent options UX-wise were excluded. You really have to see what you want out of the password manager to choose one. Keep in mind that for both pass and keepass there are multiple clients that are compatible with the database format, that affords you with more portability, options, and the possibility of having native clients.
I am very happy with my vaultwarden setup, but if you don't run your own server, you don't want to, KeePassXC + syncthing is probably the best you can do.
Fwiw, the biggest downside of it is multiple user functionality.
It's doable, but you have to import the public gpg key of everybody who needs to access the secrets. Effectively, every secret ends up encrypted with the public key of every user who needs access - not sure how scalable it would be if you have more than a small team of people accessing it this way.
I love it on Linux, but has anyone else had it perform really poorly on macos? Last time I had a MacBook, it wasnt even close to the instantaneous speed of pass on Linux- more like seconds for every command.
I use it intensively on Mac and not had that problem.
Since it interfaces with GPG I would suspect something to do with how your gpg configuration is set up (is it trying to talk to a gpg-agent or possibly a pin-entry program that is timing out or something like that). Intrinsically what it does is completely trivial in terms of compute etc.
Back when 1password, 90% sure it was that, had no Linux client I was searching for a solution to store passwords and settled for Enpass.
I sync via WebDAV on my Synology NAS and I’m not really worried to lose anything since every synced device has a full copy of the data.
Thought about switching to 1password a few months back since we’re using it at work and the client is better but they don’t have an Enpass import. It supports some kind of CSV transfer but I don’t want to pay for a bunch of, worst case scenario, not really perfectly structured data so I decided to stick with what I have.
Edit: when thinking of switching I was a little nitpicky. I’m pretty happy with Enpass everything considered. 1p client is just even better but with the give them your data and your money thing, which I’m not necessarily fond of
1Password is the best password manager I've used, and the family plan works great and is reasonably priced ($60/year). Unlike many folks who are cloud-averse, I prefer a cross-platform solution that syncs to the cloud, and I'm comfortable with their security model (https://support.1password.com/1password-security/).
It's worth noting that they really fubared the 1Password 8 transition and I was very irritated that they had me looking at alternatives. However, they gradually fixed the problems and missing features and now I'm 100% satisfied with it again.
> “It's worth noting that they really fubared the 1Password 8 transition”
I’d never use 1Password again. While the software may be good when you try it, I’m sure they will ruin it at a later date. That was my experience. The company earned my enmity.
1Password is making choices for the business at the cost of security. Sucking people's password vaults into their cloud is very not cool. Additionally removing the local vault only option is another business first decision.
It's only a matter of time before 1Password has a real security problem because the business forces at 1Password appear to be much stronger than the engineering forces.
I have to agree. Been using it ~5 years with no issues. There may be application specific reasons some other manager is better, but for an easy to use and seemingly solid product, I'd recommend 1password.
Readit News
For maximum security (no cloud sync): KeePassXC
In both cases an essential feature applies: if you forget your master password you've lost access to your password database.
Dead Comment
Bitwarden (optionally with self-hosted Vaultwarden) - Best UX for the FOSS options, syncs all your devices, overall just pretty good.
KeepassXC (optionally synced with syncthing or your cloud provider of choice) - Portable, no need to host a server to keep the database, offline-first. Database format is standardized, and other password managers support the database format. pass, if you're always on the terminal. (optionally synced with syncthing or any cloud provider). Or you can go with gopass, which uses the same database format, has better support for multiple users/stores, and enables git versioning by default. There are GUI and mobile clients available that are compatible with this database format. These are the main ones I would recommend you take a look at for the most common use-cases. I can't recommend anything that doesn't provide FOSS clients or that can't be self-hosted, so some decent options UX-wise were excluded. You really have to see what you want out of the password manager to choose one. Keep in mind that for both pass and keepass there are multiple clients that are compatible with the database format, that affords you with more portability, options, and the possibility of having native clients.However, I have just started exploring using vaultwarden (a rust rewrite of bitwarden, which is self-hosted).
[0] https://www.passwordstore.org/
It's doable, but you have to import the public gpg key of everybody who needs to access the secrets. Effectively, every secret ends up encrypted with the public key of every user who needs access - not sure how scalable it would be if you have more than a small team of people accessing it this way.
https://www.gopass.pw/
It has first-class support for multiple stores and it's 100% compatible with pass databases.
Since it interfaces with GPG I would suspect something to do with how your gpg configuration is set up (is it trying to talk to a gpg-agent or possibly a pin-entry program that is timing out or something like that). Intrinsically what it does is completely trivial in terms of compute etc.
I sync via WebDAV on my Synology NAS and I’m not really worried to lose anything since every synced device has a full copy of the data.
Thought about switching to 1password a few months back since we’re using it at work and the client is better but they don’t have an Enpass import. It supports some kind of CSV transfer but I don’t want to pay for a bunch of, worst case scenario, not really perfectly structured data so I decided to stick with what I have.
Edit: when thinking of switching I was a little nitpicky. I’m pretty happy with Enpass everything considered. 1p client is just even better but with the give them your data and your money thing, which I’m not necessarily fond of
"no-nonsense, ad-free, tracker-free, and cloud-free manner. Free and open source."
Pair with Syncthing to go across devices.
It's worth noting that they really fubared the 1Password 8 transition and I was very irritated that they had me looking at alternatives. However, they gradually fixed the problems and missing features and now I'm 100% satisfied with it again.
I’d never use 1Password again. While the software may be good when you try it, I’m sure they will ruin it at a later date. That was my experience. The company earned my enmity.
The downside is that is cloud based.
It's only a matter of time before 1Password has a real security problem because the business forces at 1Password appear to be much stronger than the engineering forces.
I've used 1password for 16 years and it is SOLID.