Reckomund me a password manager
-
I suppose I should use one of them, since I have passwords and stuff.
What's one that:
- I can use on multiple PCs
1a) possibly my phone - Isn't hosted by a shit-tastic company that will track me, sell my data, and then have shitty security so they'll just get breached and I'll lose all my passwords anyways.
If there's any way of NOT relying a third party who may just fuck off one day, that'd be fine.
Free or $$$ reccoooo's accepted
- I can use on multiple PCs
-
I've been happy with Keepass2. I use the same file on computers and my phone (Keepass2Android). It uses its own encrypted (local) database.
-
I use Bitwarden. It has a phone app as well as browser addons and desktop apps for multiple OSes, and I've never had any syncing issues. Free and also open source so you could even self-host it if you wanted to.
-
@boomzilla said in Reckomund me a password manager:
Keepass2
To add to this, KeePassXC is a better client than the "official" one, both as an application on its own, and for convenience such as built-in browser integration support (no need for a plugin like the official client needs).
-
1Password. They try to sell you on the SaaS version, but I stick to the standalone versions they also offer (desktop and mobile sold separately). I use Dropbox to sync my (encrypted) password library between devices.
-
@boomzilla said in Reckomund me a password manager:
I've been happy with Keepass2.
This is the only one I've used (because a job mandated it) and the usability was utter shit-crap, so I went back to my homebrew solution.
Lorne should add "is usable" to his list.
-
@blakeyrat said in Reckomund me a password manager:
This is the only one I've used (because a job mandated it) and the usability was utter shit-crap, so I went back to my homebrew solution.
I remember you saying this before and being unable to reproduce most of your issues.
-
@boomzilla said in Reckomund me a password manager:
most of your issues
He's got only one: it's open-sour
-
@boomzilla said in Reckomund me a password manager:
I've been happy with Keepass2. I use the same file on computers and my phone (Keepass2Android). It uses its own encrypted (local) database.
That's what I do too. I have mine in OneDrive (used to use DropBox, can't remember why I switched). Tho last time I tried, I remember not being able to edit in Keepass2Android.
Edit: I very specifically wanted something not managed by some online company. Lets just say my trust of online companies is ... low.
-
I do something similar by keeping password database files on some kind of online drive, although I tend to stick with Password Safe rather than KeePass. It has (third-party) ports on most operating systems (most of which I haven't tested, mind you) and since it doesn't store too much stuff other than text fields I liked it because it had a built-in compare-and-merge tool.
Admittedly it doesn't have all the features of KeePass, a somewhat dated interface, and a name that is hard to Google for but it's simple and it works.
-
I use Chrome's password manager with a custom encryption key that Google doesn't know.
-
I went from Keepass to
It's been very nice so far, does all the en/decryption client side, and has apps for mobile phones.
If you forget your pass phrase, you're hosed though.
-
I've been using KeePassX privately and GNU pass for work. Pass is great for teams as it uses git behind the scenes so you get distributed editing plus auditing—who changed what, when was it changed, what was it before. It also doesn't reinvent the wheel and simply uses gpg for encryption. One day when I feel less lazy I'll migrate the KeePass DB...
-
@m_adams said in Reckomund me a password manager:
If you forget your pass phrase, you're hosed though
That's why they invented post-it notes
-
@m_adams said in Reckomund me a password manager:
If you forget your pass phrase, you're hosed though.
I'm not too worried about that, although I'm worried about something happening to me and then my family not being able to get into stuff in there, which they might need to (this happened to my wife's aunt, who can't open her late husband's password manager and so couldn't get into certain accounts). So I have it in a safe and double sealed in envelopes.
-
@laoc said in Reckomund me a password manager:
Pass is great for teams as it uses git behind the scenes so you get distributed editing plus auditing—who changed what, when was it changed, what was it before.
Reading the official site I see nothing mentioned about that, at least not officially, is there a resource you can link to with instructions / any extra software? Or are you just cloning a repo and pushing changes or what?
-
@boomzilla said in Reckomund me a password manager:
I've been happy with Keepass2. I use the same file on computers and my phone (Keepass2Android). It uses its own encrypted (local) database.
Seconded. You can then stick the database on whatever online storage thing you happen to use.
-
@onyx said in Reckomund me a password manager:
@laoc said in Reckomund me a password manager:
Pass is great for teams as it uses git behind the scenes so you get distributed editing plus auditing—who changed what, when was it changed, what was it before.
Reading the official site I see nothing mentioned about that, at least not officially, is there a resource you can link to with instructions / any extra software? Or are you just cloning a repo and pushing changes or what?
No idea why it's not mentioned there, it's covered in the manpage though. Basically you call it as
pass git <command>
and it just passes through the commands to git while making sure you're working on the right directory, and when you change your password store, it calls git for you and makes a commit with a brief description what was done. No bells and whistles but very reliable, and all the usual stuff you know about git anyway applies 1:1.
-
@boomzilla said in Reckomund me a password manager:
I'm worried about something happening to me and then my family not being able to get into stuff in there
That's a good point, I never thought of that! I can imagine how painful it might be...
So I have it in a safe and double sealed in envelopes.
Why do you need a double seal? If you're gone, one or two seal isn't going to change anything, and if someone steals the information, you'll see it as easily with one seal as with two. The only reason I can see is to hide what the envelope contains (so blank sealed envelope that contains the explanation of what's in it + another sealed envelope), but if someone opens your safe, they're not going to care that much about what's written on envelopes before opening them.
-
@boomzilla said in Reckomund me a password manager:
although I'm worried about something happening to me and then my family not being able to get into stuff in there
I use a key file instead of the password, so I guess I could just distribute that in some way...
-
@remi said in Reckomund me a password manager:
@boomzilla said in Reckomund me a password manager:
I'm worried about something happening to me and then my family not being able to get into stuff in there
That's a good point, I never thought of that! I can imagine how painful it might be...
So I have it in a safe and double sealed in envelopes.
Why do you need a double seal? If you're gone, one or two seal isn't going to change anything, and if someone steals the information, you'll see it as easily with one seal as with two. The only reason I can see is to hide what the envelope contains (so blank sealed envelope that contains the explanation of what's in it + another sealed envelope), but if someone opens your safe, they're not going to care that much about what's written on envelopes before opening them.
Eh...mostly to foil the idly curious (i.e., my wife or kids, if they happen upon it). The inner envelope has a more stern warning.
-
@boomzilla said in Reckomund me a password manager:
Eh...mostly to foil the idly curious (i.e., my wife or kids, if they happen upon it). The inner envelope has a more stern warning.
Oh, I see. Makes sense. Plus, I guess and if you're into that, it always gives a nice feeling to make things "properly". Did you use a nice wax seal as well, just for the fun of it? (I probably would, if I were to do that...)
-
@remi said in Reckomund me a password manager:
Did you use a nice wax seal as well, just for the fun of it?
Hmm...I may have to dig it out now...
-
@boomzilla Plus, you already know what the design of the seal should be:
-
@boomzilla There's unofficial ports for other platforms, too. I use Mini KeePass for the iPhone, don't think it's open source but it's free.
@blakeyrat said in Reckomund me a password manager:
This is the only one I've used (because a job mandated it) and the usability was utter shit-crap, so I went back to my homebrew solution.
Any reason why you say that, or what your homebrew solution does better? I've not personally had any complaints so far.
-
@remi said in Reckomund me a password manager:
@boomzilla Plus, you already know what the design of the seal should be:
I approve of this message.
-
@boomzilla said in Reckomund me a password manager:
The inner envelope has a more stern warning.
-
Does anybody have an opinion on Enpass?
https://www.enpass.io/apps/windowspc/
It's free for desktop, $10 for mobile.
-
@blakeyrat It looks like it uses the right algorithms for its database encryption so I can't immediately see any red flags. I never used it though.
-
@topspin said in Reckomund me a password manager:
Any reason why you say that, or what your homebrew solution does better? I've not personally had any complaints so far.
To be fair, blakey probably hasn't had any complaints with his homebrew solution either.