Password Manager Linux - Opinion

#13

Keepass, lastpass, bitwarden ive used. There all good. keepass and bitwarden are open source.

#14

I use KeePassX both on my pc and mobile.

1 Like
#15

Anything written to store your passwords has got to be the most popular thing to screw with. I’m sure Blackhat has a whole series of lectures on how to screw with any or all of these programs. I say make up a text file and then add a twist just in case someone finds it.
Like

Facebook *Except you know this is really for the thing down 4 not Facebook
Login: Zimrod Jones
PW: aMx4gtqp-& could be your password except you know you (A simple example)
are going to type the letter to the right of these keys in the opposite case
B,C%HYW{+7 or make it more difficult.

Oh and use GRC.COM to generate some truly random stuff and make the passwords long. Then remember that non of the password crap every lasted long on WinDoze and now we have cracked WiFi routers that use WAP2 and since NSA has a copy of everything ever sent and there are cameras at all the intersections become very very paranoid…

I say communicate using only Morse Code… 3 dits 4 dits 2 dits Dah! Signal corp Signal Corp Rah Rah Rah!

#16

Greetings all… If folks are open to input after all these months, I have been using keepass under Linux (Fedora/CentOS), Win7 and even have it on my Galaxy S6 for 10+ years now. I would highly recommend it, I have only had three complaints about it and the derivatives are:

  1. KeePass itself either checks for updates and pops up an obnoxious dialog (with no way to say ignore this version), or it does not check for updates at all. Really should consider filing an RFE to get it to add the ignore version option, as well as to say “Just show me a little flag in the UI when there is an update”.
  2. Having to convert from .kdbx to .kdb for keepassdroid was a PITA.
  3. Keepassdroid keeps getting messed up with my previous database location on my S6, and I have to select the file explicitly each time. Not sure if that is a problem with the S6 or keepassdroid, and have not had any time to diagnose it.

As for security… there is no such thing as perfect security. But since it uses AES or Twofish for encryption, and has gotten ChaCha20… if someone obtained a copy of by .kdbx file, they are going to have to work a fair deal, and my use of random passwords will not make it any easier. And it sure beats using openssl or some other utility to say “give me a random password with these constraints.”

#17

Hm. I still use Text files and gpg…

#18

FYI, at the time of me writing this KeePassX was in the lead. You should be aware that it has been superseded by KeePassXC, which is arguably better:

1 Like
#19

I ran across this recently that looks interesting. It seems like a nice hybrid of keepassX and lastpass. It’s open source and you can self host your ‘cloud’.

https://bitwarden.com/

What do you all think?

1 Like
#20

One more vote for lastpass

#21

Interesting - I’ll have to give this a try …

#22

I’m an avid user of LastPass at present, but have been considering zx2c4’s Pass as an alternative, not really being sure what LastPass are otherwise up to…!

Intrigued by this bitwarden option though.

#23

I’ve been using it for about a day or two @veremit. It’s a bit less intuitive then lastpass. LastPass has the tendency to ‘just work’ I don’t need to tell it that i updated my password it just knows and all i need to do is confirm.

bitwarden seems to be a bit more manual to get passwords in and autocomplete is less convenient, but the idea of self hosting is intriguing. (Though I haven’t used that feature yet)

#24

Bitwarden is quite good. The apps all work quite well and the developer is pretty responsive to questions. It’s also up for an audit soon which will put it on a list of only a small number of password managers to have done so.

#25

KeepassX seems to work very well.

#26

My issue with keepass is the availability of the data on multiple devices and merging DBs used to be a pain at least. Definitely the best option though for the paranoid penguin.

2 Likes
#27

None of those! Bitwarden is where it’s at… I freaking love it… I’m a former Keepass user of several years and as soon as I seen Bitwarden I dropped it like a hot potato.

2 Likes
#28

Oh wow!
I had no idea that Bitwarden exists!
It’s like a free and selfhostedd variant of LastPass.
It’s amazing!

I’m in the process of switching to it now, as soon as I get it running on my server.

The mobile app works great and the plugins for browsers also seem to work well.

2 Likes
#29

Yup, exactly! I’d like to thank the Brave browser for introducing me to it. I stumbled upon it because it was one of the only 5 plugins they used to have. (That changed now that they switched to a chromium core)

#30

I have fully switched from LastPass to Bitwarden.
Their self-hosting package was a bit too bloated for my purposes, so I went with the alternative bitwarden_rs package that is written in Rust.
It takes almost no ressources and yet offers all the services I need.
It’s also fully compatible with the official Bitwarden apps, so you don’t even notice the difference.
And I can sleep well, knowing that someone has to hack my server explicitly to get my passwords.

#31

@BrainWash Can you add Bitwarden to the vote table? If not don’t worry, I just think it sucks that the best one isn’t even on the list :stuck_out_tongue:

#32

It won’t allow a change to the poll after the first 5 minutes.