this post was submitted on 09 Sep 2023
243 points (95.8% liked)

Privacy

31609 readers
135 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] Plagiatus 123 points 1 year ago (2 children)

I second the recommendation for Bitwarden.

I switched over from Dashlane and never looked back. They even have a browser extension for mobile Firefox (the browser you should be using anyways) so it's easy and convenient on all my devices.

[–] [email protected] 41 points 1 year ago (5 children)

+1 for Bitwarden. There were growing pains at the start to move off of iCloud Keychain. Once done and being more proactive with managing passwords it’s so good and trustworthy

[–] [email protected] 14 points 1 year ago

Agreed. Bitwarden has been fantastic. I just wish it was easier to swap between accounts on the browser extension. You can do it on desktop and mobile pretty easily.

load more comments (4 replies)
[–] [email protected] 14 points 1 year ago (6 children)

Is there a reason to use the mobile extension over the app itself? The app can input into other apps as well

load more comments (6 replies)
[–] thisisawayoflife 58 points 1 year ago (7 children)

Been using KeePassXC (and before that, KeePassX) since I abandoned LastPass about a decade ago. The apps integrate with Nextcloud perfectly and at least for me, it's a breeze. I use it for TOTP too, and I second the recommendation of a hardware token for an additional layer of security. There are some USBc options that work on phones (I'm using a pixel 7 pro).

[–] [email protected] 16 points 1 year ago

yup, no need to pay for a password manager. and far more secure.

[–] jelloeater85 5 points 1 year ago (5 children)

I never got YubiKey to work on desktop with it. Key files seem to work good enough and easy to manage.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (4 children)

YubiKey works for me, both on desktop with KeePassXC and on Android with KeePassDX to the same DB

load more comments (4 replies)
[–] chockblock 4 points 1 year ago

It does require some configuration within yubikey manager. I did not find it straightforward but once set up its really reliable.

load more comments (3 replies)
load more comments (5 replies)
[–] [email protected] 51 points 1 year ago (3 children)

when lastpass screwed around with it's free tier offering, i switched to bitwarden and haven't felt any reason to use or even try anything else, it's rock solid

[–] Bye 7 points 1 year ago

Same. Been very happy. Great iOS integration.

load more comments (2 replies)
[–] SuddenlyBlowGreen 46 points 1 year ago

+1 for BitWarden.

Plus, it's ridiculously easy to self-host with VaultWarden.

[–] [email protected] 38 points 1 year ago

Bitwarden gang

[–] [email protected] 37 points 1 year ago (1 children)

Bitwarden - does everything, and is free. You can even setup a shared vault so 2 people can have access to shared stuff like online shopping and streaming sites. Takes a bit of admin work but it is not hard.

[–] [email protected] 8 points 1 year ago (2 children)

Sadly that second but requires the other person to care enough to make an account and not just text you when they need the password 😂

load more comments (2 replies)
[–] [email protected] 35 points 1 year ago

Bitwarden, Been using it since 2021

[–] [email protected] 28 points 1 year ago* (last edited 1 year ago) (16 children)

Proton Pass pisses me off. Proton is such a money grubbing company that takes FOREVER to release stuff.

I pay $120 per year for ProtonMail, and they want me to pay $180 to unlock the full Proton Pass. $60 per year, for something that BitWarden does for only $12 per year.

Not to mention you'll be waiting years for apps to come out. They're such a fragmented company. The Android remake is already so far past the estimated release date it's sad. Proton Drive Windows app finally came out, but fuck Mac and Linux users, I guess.

BitWarden is available for Windows, Linux, Mac, 9 browsers, iOS, Android, and CLI. - Premium is $1/month.

ProtonPass is available for iOS, Android, and 4 browsers. - Premium is $5/month.

Can't wait for Proton to release a few more half baked services with outdated apps and a promise to update them in a year, but then 3 years later there's still radio silence. Perhaps use your paid services money for developing in a timely manner? Holy shit.

load more comments (16 replies)
[–] [email protected] 25 points 1 year ago (7 children)

Wow, so 1Password is not recommended anymore? How come? I’ve been using them for years.

[–] [email protected] 16 points 1 year ago* (last edited 1 year ago) (2 children)

Possibly because it is not open source and doesn't have anything to offer that the other recommendations do not.

[–] Sigma_ 19 points 1 year ago (1 children)

Ya I think so. These are always tech articles and Foss software is always a big feature.

But 1password has on going audits and a sane ui and mobile apps that pass the boomer-parent test. Canadian company too which is nice given the US centric tech world.

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago (1 children)

Fastmail integration for masked emails! If you already have an email provider you like then yeah not much to offer. But if you're like me a few years ago and was looking to get off of chromes password manager and gmail, then 1password and fastmail is a nice combo.

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago (1 children)

Former 1password user, current Bitwarden user. Jumped ship when 1password dicked local vaults. Never been happier.

And it’s a FUCKLOAD cheaper. 1password is very overpriced.

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago (1 children)

It's in their honorable mentions.

Have no source available clients is the author's main nit pick.

[–] Belazor 5 points 1 year ago

Which personally I think does a disservice to their readers. If their article ends up high in search results for “best password manager 2023” for whatever reason, most people aren’t going to care if there’s a source available client or not.

Dash lane and 1Password might not have source available clients but they likely have better UI/UX than these more open source alternatives that are made for people with technical expertise.

[–] haulyard 5 points 1 year ago

Same. We’ve been using it for about a decade I think. One vault for my wife and I to share. Hosted on their end in case all our self hosted stuff takes a crap our passwords are still available. Been considering looking at bitwarden but haven’t had the time.

load more comments (3 replies)
[–] [email protected] 24 points 1 year ago
[–] [email protected] 23 points 1 year ago (5 children)

I use KeePass and keep it synced with self hosting Nextcloud. I get the appeal of bitwarden, but I'm really trying to get off other people's computers.

[–] [email protected] 17 points 1 year ago (2 children)

You can host Bitwarden. It's open source. I do it myself.

load more comments (2 replies)
[–] [email protected] 6 points 1 year ago

Bitwarden with the self hosted vaultwarden server then, that way you get the nice bitwarden experience, apps, browser plugins, but all hosted on your own hardware. I run my vaultwarden server on my synology.

load more comments (3 replies)
[–] [email protected] 21 points 1 year ago

Bitwarden. Tried Proton Pass but ultimately stuck with Bitwarden.

It has been my password manager of choice for quite some time and I didn't see any reason to change.

[–] Linus_Torvalds 10 points 1 year ago

While I find a discussion about password managers great, I found the article to be underwhelming.

[–] thantik 8 points 1 year ago* (last edited 1 year ago) (2 children)

I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It's barely-secure, but the data is not accessible except when I'm updating it. It's similar to the mooltipass but all the passwords are stored on eeprom.

Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.

Honestly, I'd love to just simply be able to afford a mooltipass though. :(

This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/

And I usually generate the passwords with an online tool so that I'm never using the same password twice.

[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (2 children)

Why not keepass and its editors and just keep the vault file on a flash drive?

[–] [email protected] 8 points 1 year ago

Exactly. Plus, if you're a windows user, you can keep the portable version of KeePass on the drive as well.

[–] [email protected] 5 points 1 year ago (1 children)

Not OP but this is exactly what I do and it works great

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 8 points 1 year ago (3 children)

GNU Pass, has been the best one so far. Set up your own git to sync it to all devices.

load more comments (3 replies)
[–] [email protected] 8 points 1 year ago (4 children)

15 years ago the common logic was the most likely way for a password to get stolen is by writing it down and leaving it in an accessible spot, and somebody stealing the password there.

I don't think that logic holds anymore, and with the LastPass breach I think that's proof you want to step away from the cloud not towards it. Imo the most secure way to store passwords is to generate multiple random codes, use a portion of each and then just write those down.

[–] Rouxibeau 8 points 1 year ago

15 years ago you had to worry about the people around you. Now you have billions of bots trying to force shit all the time.

load more comments (3 replies)
[–] [email protected] 7 points 1 year ago

Your homegrown script opening a gpg encrypted file in runtimedir in a text editor.

[–] [email protected] 7 points 1 year ago (1 children)

LastPass did not make the list, I am shocked, shocked, well ok not that shocked.

[–] [email protected] 8 points 1 year ago (1 children)

How are you shocked? LastPass is trash

load more comments (1 replies)
[–] [email protected] 7 points 1 year ago (1 children)

have being using Enpass for a long time, it’s really good, you can choose any cloud provider or host your vault yourself, subscription based payment or one time only

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

I am also using Enpass since a decade or so and never had the urge to switch to another provider. Everything works, you got all the features (TOTP, pawned password auto-checks, native apps and autofill, storage of other things than passwords; …) and pricing is still very reasonable.

It can be fully used offline too (with WiFi sync) or with any local storage or online cloud option.

I bought it one time back then but still pay the small subscription fee since I don’t want Enpass to go away.

load more comments (1 replies)
load more comments
view more: next ›