Objective: Secure & private password management, prevent anyone from stealing your passwords.

Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open

Option 2: Use ProtonPass or similar solution like Bitwarden

Option 3: Host a solution like Vaultwarden

Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills

  • @AA5B@lemmy.worldEnglish
    -12 years ago

    Apple keychain. Supposedly secure, extremely convenient, may be in the Cloud but not centralized - can’t lose everyone’s credentials at once.

    The plug-in for Windows works pretty well too, although I wonder if that puts my confidential data at more risk

  • @rmstyle@feddit.deEnglish
    32 years ago

    To improve security of option 1 you could use a keyfile, that is either only transferred manually to devices or stored at a second cloud provider.

  • @Decronym@lemmy.decronym.xyzBEnglish
    32 years ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    Git Popular version control system, primarily for code
    IP Internet Protocol
    NAS Network-Attached Storage
    SSH Secure Shell for remote terminal access
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    7 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

    [Thread #173 for this sub, first seen 28th Sep 2023, 18:45] [FAQ] [Full list] [Contact] [Source code]

  • @UninvestedCuriosity@lemmy.worldEnglish
    12 years ago

    I did option 1 for a number of years but now I’m doing option 3 off a proxmox container and some cloud scripted backup. So far so good.

    We just started doing option 3 at work and just keep it behind the firewall. It is going well so far.

  • ⓝⓞ🅞🅝🅔English
    92 years ago

    I use and prefer option one, but take it a step further in that I host my own cloud service. I used to use Dropbox for years, but we got divorced.

  • @TechieDamien@lemmy.mlEnglish
    72 years ago

    Option 4: levy existing tools such as gpg and git using something like pass. That way, you are keeping things simple but it requires more technical knowledge. Depending on your threat model, you may want to invest in a hardware security key such as a yubikey which works well with both gpg and ssh.

    • @KairuByte@lemmy.dbzer0.comEnglish
      42 years ago

      Why use tools not meant for password management, when alternative tools explicitly meant for password management, which have similar levels of security, work just fine?

      You’re essentially saying “instead of driving down the road, I like to ride my bike with rollerblades.”

      • @TechieDamien@lemmy.mlEnglish
        22 years ago

        It is just how I prefer to do my computing. I tend to live on the command line and pipe programs together to get complex behavior. If you don’t like that, then my approach is not for you and that’s fine. As for your analogy, I see it more as “instead of driving down the road in a car, I like to put my own car together using prefabs”.

      • bnjmnEnglish
        22 years ago

        I have a set up like this (age, passage, & git). Bitwarden’s browser integration works just fine, for the most part. The thing is, some of my passwords are not browser-based, and I spend large amounts of time in the terminal. Using a CLI-tool in this case lets me save a bit of time

          • bnjmnEnglish
            22 years ago

            Ah I didn’t know that! Thanks, will be checking it out for sure

  • @MajinBlayze@lemm.eeEnglish
    72 years ago

    I used option 1 (KeePass synced to Google Drive) for years. It’s nice that you know you have control of your passwords at all times, and as long as you can access your cloud storage account and can download a KeePass app, you can get your passwords. It works reasonably well most of the time, but I was consistently running into edge cases that weren’t as smooth as I’d have liked (mostly apps on Android)

    I switched to vaultwarden (option 3), and immediately fell in love with things mostly just working. However, since I was hosting it out of my house, I had a bit of a disaster recovery problem. If i had say a fire, I could easily lose all copies of my vault, which would be… suboptimal.

    After reviewing the options, I switched to straight bitwarden. I’ve been happy with the experience, and once I have disposable income, I plan to get pro long enough to have emergency contacts available so my family can still get important passwords in case of the worst.

    All options have their pros and cons, but IMO password storage is something that deserves to be given proper consideration.

  • @Sharp312@lemmy.oneEnglish
    42 years ago

    Option 2 would be your best bet. Great balance between security and convenience. Bitwarden is my go to because afaik it stores every detail encrypted (unlike mainstream PWs) and when you open your vault, the database gets transferred to your pc and is decrypted locally. Its essentially the same as option 1, just 1000x more convenient.

    Id only selfhost vaultwarden if you want bitwardens premium features, if you dont then youre maintaining a service which you wouldnt really need. Not to mention if you selfhost on a machine on your network, you have to deal with exposing that machine to the internet, not really worth it imo.

  • t0m5k1English
    62 years ago

    Bitwarden+vaultwarden, harden the chosen VPS, set SSH to use keys only, then setup fail2ban for webserver and ssh Also consider putting ffsync on it as well for extra browser benefits.

    • Matt The HorwoodEnglish
      32 years ago

      Remember to back that up, and test the back at intervals to make sure they work

      • @Opeth@lemm.eeEnglish
        72 years ago

        Not watertight ofcourse but I love that the bitwarden clients keep a local copy so if the server ever goes down youve still got access just no sync.

  • @Shayeta@feddit.deEnglish
    132 years ago

    I’ve used Option 1 with my Nextcloud and it works perfectly. Other options seem more apropriate when you need scale, many user each with their own vault.

  • MeaCulpa English
    32 years ago

    Option 1, with manual copying to mobile. I tried syncthing in the past but had problems with corrupted files

  • @BastingChemina@slrpnk.netEnglish
    62 years ago

    Bitwarden for me. My password manager is not just for me, it’s also a crucial component of my family life so if something happened to me I want my next of kin to be able to access it

    For that it needs to be an easy to access solution.

    • @danieldigital@lemmy.worldEnglish
      12 years ago

      Same, I’m all for complicated things that only I know how to use but the keys to the kingdom shouldn’t be one of those when there are laypeople relying on me.

      I still have to figure out how to let those people in when needed, I’m thinking writing the master password and the backup code on a paper that lives in a drawer, maybe in a “break in case of emergency” box, etc.

      Curious what’s the best way to mitigate the wrong person getting that, but I think if you have to worry about someone breaking in your house who is also looking for that info, then you have a different threat profile to consider, and the above calculus doesn’t apply.

      • @BastingChemina@slrpnk.netEnglish
        22 years ago

        Bitwarden offer the option to set up an emergency contact.

        You choose someone to be an emergency contact, it means that if they want they can request access to view your passwords.

        When they send a request you receive several emails to warn you and after X (you can choose the amount) days if you don’t do anything they get access to your account.