from Hacker News

Ask HN: What is the best password manager available today?

by dijondreams on 5/6/23, 9:45 PM with 72 comments

I am afraid of a private company being responsible for my passwords but also not confident in my own ability to manage any sort of password manager across all my devices. What do people do?

  • by mikece on 5/6/23, 9:49 PM

    For cloud-synched across devices: BitWarden.

    For maximum security (no cloud sync): KeePassXC

    In both cases an essential feature applies: if you forget your master password you've lost access to your password database.

  • by doodlesdev on 5/6/23, 11:34 PM

    So, please define best, because it depends on what you're looking for. A list of the options I know and would personally recommend:

    Bitwarden (optionally with self-hosted Vaultwarden) - Best UX for the FOSS options, syncs all your devices, overall just pretty good.

       Website: https://bitwarden.com/
   Vaultwarden: https://github.com/dani-garcia/vaultwarden
    KeepassXC (optionally synced with syncthing or your cloud provider of choice) - Portable, no need to host a server to keep the database, offline-first. Database format is standardized, and other password managers support the database format.

       Desktop: https://keepassxc.org/
   Android: https://www.keepassdx.com/
   iOS: https://strongboxsafe.com/
   Syncthing: https://syncthing.net/
    pass, if you're always on the terminal. (optionally synced with syncthing or any cloud provider). Or you can go with gopass, which uses the same database format, has better support for multiple users/stores, and enables git versioning by default. There are GUI and mobile clients available that are compatible with this database format.

       pass: https://www.passwordstore.org/
   gopass: https://www.gopass.pw/
    These are the main ones I would recommend you take a look at for the most common use-cases. I can't recommend anything that doesn't provide FOSS clients or that can't be self-hosted, so some decent options UX-wise were excluded. You really have to see what you want out of the password manager to choose one. Keep in mind that for both pass and keepass there are multiple clients that are compatible with the database format, that affords you with more portability, options, and the possibility of having native clients.

  • by xarope on 5/6/23, 10:59 PM

    I'd echo what others say, KeePassXC on local storage, which you can then sync across devices either with syncthing, dropbox etc.

    However, I have just started exploring using vaultwarden (a rust rewrite of bitwarden, which is self-hosted).

  • by zmmmmm on 5/6/23, 10:34 PM

  • by Costanzilla on 5/6/23, 11:08 PM

    Back when 1password, 90% sure it was that, had no Linux client I was searching for a solution to store passwords and settled for Enpass.

    I sync via WebDAV on my Synology NAS and I’m not really worried to lose anything since every synced device has a full copy of the data.

    Thought about switching to 1password a few months back since we’re using it at work and the client is better but they don’t have an Enpass import. It supports some kind of CSV transfer but I don’t want to pay for a bunch of, worst case scenario, not really perfectly structured data so I decided to stick with what I have.

    Edit: when thinking of switching I was a little nitpicky. I’m pretty happy with Enpass everything considered. 1p client is just even better but with the give them your data and your money thing, which I’m not necessarily fond of

  • by thealchemistdev on 5/6/23, 10:51 PM

    https://keepassxc.org/

    "no-nonsense, ad-free, tracker-free, and cloud-free manner. Free and open source."

    Pair with Syncthing to go across devices.

  • by billy_bitchtits on 5/6/23, 9:56 PM

    1password

  • by xupybd on 5/6/23, 10:44 PM

    I use KeePass. I sync with Dropbox. I've not found a solution that competes on simplicity and ease of use.

  • by margoguryan on 5/6/23, 11:10 PM

    Dashlane has never failed me once since 2017. I even got my family to do the family plan. It rocks.

  • by VoodooJuJu on 5/6/23, 11:12 PM

    pass, the standard unix password manager: https://www.passwordstore.org/

  • by arepublicadoceu on 5/7/23, 12:38 AM

    For all the people recommending keepassxc and are also iOS users, how do you deal with the lack of reproducibility of iOS apps?

    Even “opensource” apps such as strongbox and keepassium have no way of asserting that whatever code they publish on GitHub is the same that I’m installing through the AppStore.

    Am I just overly paranoid?

    This is the main hindrance for me to using KeePassXC everywhere. If I’m going to blindly trust anyone I prefer to trust apple keychain.

  • by blitz on 5/6/23, 10:51 PM

    Self-hosted Bitwarden via Vaultwarden

  • by Hamuko on 5/6/23, 10:48 PM

    I use Secrets (https://outercorner.com/secrets-mac/) which syncs via iCloud. Definitely not perfect, especially if you're not heavily within the Apple ecosystem, but at least it's native and doesn't require a subscription.

  • by alanfranz on 5/6/23, 10:46 PM

    Bitwarden can be self hosted. KeePass* you can sync with a separate service (eg Dropbox).

  • by transpute on 5/6/23, 10:50 PM

    Codebook on iOS/macOS with local sync, almost 20 years old, indie dev, https://news.ycombinator.com/item?id=35804714

  • by monlockandkey on 5/6/23, 11:04 PM

    Keeweb.info

    Kepass kdb file compatible but can access through browser interface. Backup kdb file to cloud storage.

    Don't like bitwarden. Keeping your encrypted password file in Google drive is much better and portable than self hosting on your own server.

  • by rainytuesday on 5/7/23, 12:35 AM

    I like portable-secret which uses the built-in browser cryptographic functions, no external software.

    https://github.com/mprimi/portable-secret

  • by aborsy on 5/7/23, 10:39 AM

    The most secure option is probably Password Store with a PGP key on Yubikey, in my view.

    There is also Passage, which is a similar offering, but I have problems with Yubikey PIV PIN caching (and prefer CV25519 to NIST curves).

  • by egamirorrim on 5/7/23, 5:51 AM

    Enpass ftw, clients for all platforms, browser extensions and lets me backup to my own NAS/Dropbox/Gdrive

  • by jiveturkey on 5/6/23, 10:51 PM

    define best. most secure? most usable? most portable? most other?

  • by abbadadda on 5/6/23, 10:35 PM

    Thoughts on SafeInCloud? I just opt not to sync to the cloud.

  • by alexaholic on 5/6/23, 11:30 PM

    iOS/Safari

  • by spicyusername on 5/6/23, 10:54 PM

    KeepassXC synced with Google Drive.

  • by friend_and_foe on 5/7/23, 12:58 AM

    Keepass and syncthing.

  • by jmuncaster on 5/7/23, 5:16 AM

    1password no contest

  • by grapesurgeon on 5/6/23, 11:22 PM

    initially started with dashlane, but it was such a pain in the ass that i never used it. when i started getting my shit together security-wise, i signed up for bitwarden then hosted vaultwarden for a little while. i have keepassxc with syncthing a shot and im probably going to stick with this setup.

    i have very little confidence recommending anything other than bitwarden/vaultwarden or keepassxc