The Best Password Managers in 2024
2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to...
https://blog.thenewoil.org/the-best-password-managers-in-2024Open linkView original on lemmy.zip308
Comments119
BitWarden
and/or Vaultwarden as a selfhosted alternative.
<$1/mo for bitwarden hosted premium is a no brainer for me
I was really disappointed about standard notes' plans. Took me forever to get everything set up to self host, only to find I couldn't even use markdown unless I bought a license? Silly.
I'm excited that the bitwarden phone apps are getting a brand new native version for ios and Android soon.
the current version is not native?
No, its built on a Microsoft framework, that MS has decided to change recently. That's why its sluggish and they can't add features like passkeys to the current client apps.
Standard notes is very unethical. They want you to pay for open source software even if you self host. Very scummy.
Tried, and not a fan of. The organizing features are kind of not what I expected. Sticking to KeepassXC for now.
I actually thought the organization stuff is pretty good, coming from keepassxc myself. The way we have it set up is that each of the members of our family all have VW accounts, and we have a common organization shared among us for stuff we all use (e.g. home devices). It's all in one installation, so it's pretty convenient. I don't think I can do the same as easily with keepass.
That being said, keepass is a really solid piece of software. I'd recommend it myself.
I'm curious, what features is it lacking that you want to see?
First is the organizing feature. It doesn't let me to have sub folders which I need to categorize items.
Second is the TAN management to store my MFA backup codes. A feature the original Keepass have but KeepassXC doesn't. You can use notes to mimic but it doesn't auto expire after use, i.e. more manual work.
Bitwarden + aegis for everything possible.
Authelia or authentik for self hosted stuff.
Something tells me they'll enshitiffy too. It would make me uneasy storing all my passwords with a for profit corp, on their servers.
They've already open-sourced all the best parts, and there are independent OSS projects based on that. If BE fucks with their user base, they'd be messing with their livelihood.
pass.
Is Keepass there? Good. Upvote.
Prefer KeepassXC but let's be honest, the best password manager is the only you actually use and keep using.
And that doesn’t get hacked!
Everything gets hacked given enough time. Just not everyone says they were hacked or realised they were.
Why? Keepass has lots of plugins and XC doesn't, right?
KeepassXC looks better IMO. Also I like that hardware keys work without plugins. Personally I still use KeePass for one feature that XC doesn't offer.
I like KeePassXC because it's written in C and is thus cross platform, while KeePass is written in C# and relies on Windows UI libraries. You can run KeePass on Linux (and I did without usability issue for years) but it will look god awful.
I won't knock plugins, everyone has weird use cases, but I don't know what people need KeePass to do that it doesn't already do out of the box. I've certainly never felt the need for any.
I would only use KeepassXC
+1 For KeepassXC, I use it in combination with syncthing to have my passwords available on all devices.
Nextcloud syncs my KeepassXC safe.
Syncthing for me, but Nextcloud has its advantages too.
Been using that same setup and very happy with it.
Same for me
Still using KeepassXC on desktop and laptop and KeePassDX on mobile.
This is exactly my setup. How did you know? LOL.
File synchronized with Syncthing? :)
I've thought about it, but for now at least I just use a USB flash drive to keep the file synchronized.
I could say I know because i'm an elite haxxor but it would be a lie. I'm not even at script kiddie level.
I use Bitwarden for passwords. Just works so well.
KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.
Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don't need to phone home to access passwords.
I do it exactly like that, except that im connected via vpn most of the time, since my pihole is also located in my lan
Exactly my setup
My setup
@bluetoque @ebits21 Because then every account is only as secure as your Bitwarden account. It become a single point of failure/vulnerability.
Yep, I think keeping TOTP codes in the same place as passwords defeats their purpose (no longer a second factor).
Less convenient but more secure.
I like ProtonPass. It’s nice.
And they are really moving quickly with development. I feel like we're getting new features monthly
Same. The UI is pretty good and modern, they support TOPT and cards as well and the development is being done at a good pace.
My only complaint is the lack of passkey support. I just want to store my password and passkeys in one place.
https://keepassxc.org/
For Keepass users: KeepassXC can read your keepass file just fine, but KeepassXC can also run on Linux, whereas Keepass runs only on Windows.
Keepass + Syncthing is a great combination.
And with Syncthing's Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
the file is already encrypted so you aren't getting much more security
I also sync other stuff, so it's useful anyway.
And it hides file names and sizes by splitting things up, which puts one extra layer of difficulty for someone trying to find my passwords file to target. I have a much stronger password on the syncthing directory than my normal type-each-time password to open keepassxc.
KeepassXC & Syncthing
And I do keepassdx on Android, with a (phone-specific) database synced with syncthing
P.S. syncthing is fantastic: I hope more people consider hosting discovery servers and especially relays
Syncthing is so good!
I use keepass with my database on onedrive.
Then i connect every device to said onedrive account, copy the private key manually on each device that i need to use.
I secure my databse with said private key + a passphrase.
Might not be the best setup, but i feel like with passphrase+key i am secure enough to have the db file in the cloud.
you could encrypt onedrive with cryptomator
KeepassXC, Passbolt
KeePass for me. I keep my encrypted vault in my 2 factor encrypted gdrive. Get the best of both worlds. No traditional cloud that's a target for hackers and I have passes I can share across devices.
KeePassXC my beloved
I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!
I love Dashlane, someone tell me why it’s bad.
I know they recently published the code for their clients, so that's a plus. But I can't find any independent audits for their architecture or clients.
While all mentioned options does have independent audits done.
Aslo more expensive than Bitwarden for example, should u want to pay for premium.
Dashlane’s app experience across platforms was hit and miss for me. 1Password has been much better.
No mention of Enpass? Stores more than just passwords, can be synced locally over wifi or in the cloud without using Enpass servers.
It's not open source and they haven't had a security audit in a while AFAIK, I used to use it too but migrated to Proton Pass for these reasons https://discussion.enpass.io/index.php?/topic/404-security-audit/page/6/
Been using Enpass for something like a decade and it's been perfect. One time licenses can be found on stacksocial, I think.
I've been using Proton Pass since it launched and I think it's really really good.
Positives:
Negatives:
Microsoft Excel file
Post-it notes on the monitor.
Under the keyboard for added security.
That's terrible practice
But during game time, best possible choice.
No, I'm pretty sure it is very much not
Yeah they should be using Office 365 or Google drive.
How about a password manager
Technically Excel and 365 and Google sheets can be a password manager.
My point is shouldn't be used as a password manager
OneNote page
😱
Pass (Password Store)
No love for Nextcloud Passwords or Passman? Both have plugins for Nextcloud and have Android Apps.
Pretty much in general for me now. I gave it an honest go for six years but there were at least four instances where a server upgrade required nontrivial intervention to bring it back.
Syncthing + Keepass[DX] has been solid for me.
Which one was that Passman or Nextcloud? I've run two instance of Nextcloud Password and one of Passman, for about the same time, with no issues.
Other people do seam to have issues running Nextcloud in general, but I've never had anything but PHP version stuff that is easier fixed. I love Nextcloud!
Yes! Been using it for a long time now! Never had any (major) issues!
Snap! 😃
Can someone explain what those password managers are doing better than Firefox?
I guess a bunch of things, as they are specialized apps:
As a personal addition, I would say that I simply want the cornerstone of my online security to be a product for a company that is specialized in doing that. I have no idea how much effort goes into the password manager from Mozilla, for example.
Yep, I know and it's very convenient. I discovered recently that bitwarden also has integration, but requires manually provisioning an API key. Not as convenient but quite nice as well.
I'm answering your comment but I'm grateful for those who have answered. You basically have more extensive needs that I have, which makes sense.
On my side:
I need to enter passwords in lots of places that aren't a browser.
If Firefox's password keeper meets your needs, then I would endorse using that, for sure.
(I use KeepassXC)
I use the notes section alot. I can store all kinds of related info. For example on sites that still use a username to login, I can put the email I used to sign up in the notes section.
I'll also do security questions answers here. Using a pasphrase generator for those is good. No one is going to check if your first dog's name really was "consoling-roving-activator-earflap" and no one can find it on your over sharing grandma's Facebook.
I'll also attach any license keys/relevant files for software, now those stay encrypted and backed up with the database instead of in a random folder of text files.
In addition to what the others have said, with those other password managers you dont have to do much if you decide to change browsers some day.
I thought I read somewhere that the build in browser password saves are not very secure.
This was maybe 5 years ago so i am guessing they have improved it?
My favorites:
1Password supports passkeys btw. With aliases via Fastmail.
1Password technically does have aliases too but it requires a fastmail.com subscription. I use it and it works quite well though.
Ah, I suppose it's TOTP/HOTP or HMAC challenge.
I am waiting for FIDO2 to work between keepassxc and yubikey. 🥳
Vaultwarden
I get a good reason to stay away from lastpass is their dealing with getting hacked. Valid. However, bitching about not getting to use all the paid features as a free user is ridiculous.
In a vacuum, maybe. But there is a difference between adding new features to a paid plan and removing features from a free plan.
I don't know if this is still the case, but we trialled LastPass enterprise around 10 years ago. They didn't have an API. They had no intention of ever introducing an API. So, the script could spin up a database, but couldn't store a break-glass su user into the vault without actually giving it to a human, first. Some enterprise solution. 🙄
I've been using 1Password for about a year now and like it a lot
Any options on StrongBox? It seems like a good option but they don’t quite have the reputation that others have, despite being around since 2017.
Strongbox is great, but expensive. I settled on KeePassium instead mostly based on cost.
It’s only $20 a year or $80 for life. I feel like that’s a fair price to support the developers.
It’s not unfair, but for my use case there are cheaper or free alternatives that work really well.
And I’m Canadian so it’s a bit more than that dollar wise.
That’s a fair point.
StrongBox is just a client that uses keepass databases. I think it integrates well when using Apple devices and you can still use your databases on other platforms.
Ah thanks. Ya it’s Apple only but I like how it doesn’t sync to a central server but will still sync between your devices across your local network. Seems to minimize a lot of attack surface.
I have used 1Password with the annual plan for years across various browsers and operating systems and have found it to be perfect for everything I need. I will definitely take a look at Proton though.
Buttercup Foss is not mention and is a nice alternative
Any reason why Keeper isn't on the list? Is it bad?
Same. So far it's doing the job but I wonder if there's some reason I should switch to one of these others?
We use it at work and im pretty happy with it.
I use Passy because I like the purple UI lmao
I'd also put Passbolt on the list, it's not that well known, but it's really great. I selfhost it on my home server and I'm very happy with it.
Avira PWM it is for me