this post was submitted on 14 Jul 2024

41 points (97.7% liked)

Privacy

30829 readers

1278 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

RFC: Cross Platform Password Manager (lemmy.radio)

submitted 1 month ago by vk6flab@lemmy.radio to c/privacy@lemmy.ml

25 comments fedilink hide all child comments

How are you storing passwords and 2FA keys that proliferate across every conceivable online service these days?

What made you choose that solution and have you considered what would happen in life altering situations like, hardware failure, theft, fire, divorce, death?

If you're using an online solution, has it been hacked and how did that impact you?

all 26 comments

sorted by: hot top controversial new old

[–] thayer@lemmy.ca 40 points 1 month ago* (last edited 1 month ago) (3 children)

KeePass, and more specifically the KeePassXC (desktop) and KeePassDX (Android) ports.

My wife and I have shared a single KeePass database for about 15 years now and I couldn't imagine switching to anything else.

My reasons have remained the same over the years:

Free and open source
Offline (but supports cloud sync)
Lightweight
Cross platform
Supports autofill

I would never entrust the management of my credentials to a 3rd party online service. They're an easy target (it's only a matter of when, not if they are breached), and they could go out of business at any time.

We don't use cloud storage for anything these days, but we keep the KP database (and many other things) synced across more than 7 devices using SyncThing, another amazing FOSS project.

[–] TCB13@lemmy.world 6 points 1 month ago

Same setup as yours, runs really well.

[–] DetachablePianist@lemmy.ml 6 points 1 month ago

+1 for KeePassXC

[–] chip@feddit.rocks 3 points 1 month ago (1 children)

Piggybacking on the comment. I also use syncthing to sync my keepass containers. Have you encountered duplication of database files (e.g. filename-sync-conflict-*), and if so, how have you solved them? I simply merge the files through KeepassXC when it happens.

[–] thayer@lemmy.ca 4 points 1 month ago* (last edited 1 month ago)

That used to happen to us before we started using SyncThing (and before we had data plans on our phones).

By the time we migrated to it, we had a home server running 24/7 and this ensured that at least one device in the chain was always online, had the latest version of the database, and pushed it to other devices as they came online. Our phones also have data plans now, so things generally sync in realtime which helps avoid issues.

If you don't have at least one always-online device, I think the next easiest way to avoid sync conflicts is to modify the database from one designated device. That way even if a conflict does arise, you'll know which device is always correct.

For resolving the conflicts, I would open both databases, sort by modified, and review the latest changes in each.

[–] derbolle@lemmy.world 34 points 1 month ago (3 children)

bitwarden/vaultwarden. currently the best experience for me. and youncan self host it

[–] subtext@lemmy.world 11 points 1 month ago

And it is wife / parent / grandparent approved in my household!

It’s good enough that once I taught my mom to use it, she then went and taught my grandma and now we’ve got the whole fam on a family plan. It’s seriously so good.

[–] tmpod@lemmy.pt 6 points 1 month ago (2 children)

BitWarden is really good. Has (nearly*) everything I want, works well across all platforms and the free plan is very featurefull. Even though I don't really use any of the premium features, I still pay for the plan, to help fund development, it's only 10€ a year.

I say nearly because I'd love to have some form of autocomplete in Linux Wayland, outside of the browser extension. I believe one of KeePass apps does this (but only for X?)

[–] mat@linux.community 2 points 1 month ago (1 children)

You can kinda get autofill via a program called rofi-rbw on Wayland desktops (using wtype), but I found at least on Hyprland it often misses the field or the start of the password. I'd like to see a more consistent solution but definitely not via the official Electron app...

[–] tmpod@lemmy.pt 3 points 1 month ago (1 children)

Another commenter said goldwarden implements that through the Remote Desktop XDG Portal, which only GNOME and KDE support at the moment (wlroots doesn't implement it yet).

[–] chevy9294@monero.town 1 points 1 month ago

This seems great, I'll defenetly try it out.

[–] trevor@lemmy.blahaj.zone 2 points 1 month ago (1 children)

If you use GNOME or KDE, check out https://github.com/quexten/goldwarden.

[–] tmpod@lemmy.pt 2 points 1 month ago

Oooh, that looks very neat, thank you!

[–] jet@hackertalks.com 3 points 1 month ago* (last edited 1 month ago) (1 children)

Seconded, plus hardware keys with passkeys disabled. Depending on your threat model, you might want your hardware keys to be a second factor, not a replacement for all the other factors. Passkeys do not fit into my threat model, as they are implemented as identity and password replacements rather than supplements

Bitwarden has an emergency contact who can access a vault after 2 weeks if you don't deny it.

https://github.com/cyphar/paperback is great for a printed analog option as well. You could put your vault key into a multi paper printout, distributed amongst trusted people, so you need a quorum of them to get your secrets if you're gone. Or get access to the family Google photos library, or whatever

[–] mike_wooskey@lemmy.thewooskeys.com 4 points 1 month ago

Thirded. I self-host it (actually the Vaultwarden fork) and use it on desktop browsers, as a desktop app, and as and Android app (F-Droid). I also store secure notes in it (e.g. end of life instructions for my partner). Very powerful and versatile, and AFAICT, secure.

[–] autonomoususer@lemmy.world 19 points 1 month ago* (last edited 1 month ago)

KeePassXC/DX + Syncthing

Libre software
No service as a software subtitute
Decentralised

Theft/death - full disk encryption
Hardware fails/fire - decentralised

[–] thepiguy@lemmy.ml 12 points 1 month ago

I use KeePassXC. I have shared the keys with someone I trust in person in case of death. I sync by manually copying the database between my devices.

[–] jqubed@lemmy.world 7 points 1 month ago (2 children)

No one seems to be mentioning separate 2FA/TOTP apps. Is everyone running those through their password manager as well? That seems risky?

[–] chevy9294@monero.town 1 points 1 month ago

I'm using Nitrokey for 2FA if I can otherwise I use Aegis for TOTP.

[–] communism@lemmy.ml 6 points 1 month ago

Also KeePassXC, like others in the thread. If I lose my db most things have a "forgot password" option, or if it's something like an encryption passphrase then I've either got important data backed up, I remember and type the passphrase manually, or the data stored is not vital anyway so if I lose access to it that's fine. If someone else gets my db they'll have to decrypt it first so I'm not too worried, though obviously if I found out that happened I'd still change all my most important passwords just to be safe. Tbh I have few devices and switch between them infrequently enough that I just manually copy the db onto an encrypted USB drive to transfer it between devices and update it.

[–] Asudox@lemmy.world 5 points 1 month ago (1 children)

Bitwarden. I do like KeePass, but I am having problems with syncing it across devices. I know Syncthing exists but let's say I add two passwords in two devices. Both of them don't have the other one's new password entry and that causes problems. Instead using online synchronization is much more convenient. Which is why I self host bitwarden.

[–] thayer@lemmy.ca 2 points 1 month ago* (last edited 1 month ago)

See my follow-up post elsewhere here. Sounds like you might not have an always-online device to keep others always synced, and/or the devices you're using to add entries aren't online when you do. Might consider using a designated device for database modifications.

[–] makeasnek@lemmy.ml 4 points 1 month ago* (last edited 1 month ago)

For passwords: Keepassxc (local) and bitwarden (cloud) are great. Keepassxc can be put into a syncthing folder for multi-device access.

For crypto: get that shit in a multi-sig wallet ASAP. You don't want to be one compromised key away from losing it.

[–] shortwavesurfer@lemmy.zip 3 points 1 month ago

I store my password manager on USB keys and have several in different locations and a schedule for backing them up.

[–] xnx@slrpnk.net -1 points 1 month ago

Protonpass. Better ui than bitwarden and i trust the company’s security