Password managers

Infidelus · 14 Jun 2021 at 19:46

Thanks, I did read that after posting. I still think the browser addon for KeepassXC has the edge though, unless I'm missing a trick somewhere. If you get to a website that Keepass knows about, it puts a key symbol next to the username so all you have to do is click that and it auto fills. No RMB -- submenu -- link, though it doesn't auto copy the TOTP without user input like Bitwarden.

If I wasn't already using Keepass, I'd probably go with Vaultwarden but I still don't think it offers anything that I don't already get, and I can carry Keepass around with me on a USB stick so there's no need to ever have it 'in the cloud'

MrRockliffe · 25 Jun 2021 at 09:20

I ended up subscribing to Dashlane - £4.40 a month with the family plan.

LastPass annoyed me that I couldn’t pay monthly, so they don’t get any money :mad:

Imported all my passwords and all good to go

Mark M · 13 Dec 2021 at 21:33

Bit of a thread revival but wondering what the best password manager is for a small team of 5? I use the Bitwarden free version personally but I think its an American company which my company credit card charges me a transaction fee for which royally narks me but will pay it if its the best/simplest option out there!

Lmg80 · 13 Dec 2021 at 21:36

Kaspersky

Phil2008 · 13 Dec 2021 at 23:15

MYKI is free and nothing gets stored online, so no registering is needed.
https://myki.com/

Deleted member 77746 · 14 Dec 2021 at 17:39

Mark M said:
Bit of a thread revival but wondering what the best password manager is for a small team of 5? I use the Bitwarden free version personally but I think its an American company which my company credit card charges me a transaction fee for which royally narks me but will pay it if its the best/simplest option out there!

Implement your own bitwarden server using vaultwarden.

HACO · 14 Dec 2021 at 17:51

Mark M said:
Bit of a thread revival but wondering what the best password manager is for a small team of 5? I use the Bitwarden free version personally but I think its an American company which my company credit card charges me a transaction fee for which royally narks me but will pay it if its the best/simplest option out there!

Do you have a cloud provider like AWS or GCP? If so, you can deploy the Bitwarden docker in AWS Fargate or GCP CloudRun, and don't worry about anything. You can have unlimited users and it will be very cheap.

Rainmaker · 14 Dec 2021 at 18:12

HACO said:
Do you have a cloud provider like AWS or GCP? If so, you can deploy the Bitwarden docker in AWS Fargate or GCP CloudRun, and don't worry about anything. You can have unlimited users and it will be very cheap.

I'd suggest Vaultwarden (formerly Bitwarden_RS) instead. It runs in Rust and on a single light database, taking up a few MB in a single Docker container, versus multi GB of space and RAM and several containers for the 'official' Bitwarden. Vaultwarden is fully FOSS and is basically just a rewrite of Bitwarden (and still uses their official apps at the front end).

HACO · 14 Dec 2021 at 18:21

Rainmaker said:
I'd suggest Vaultwarden (formerly Bitwarden_RS) instead. It runs in Rust and on a single light database, taking up a few MB in a single Docker container, versus multi GB of space and RAM and several containers for the 'official' Bitwarden. Vaultwarden is fully FOSS and is basically just a rewrite of Bitwarden (and still uses their official apps at the front end).

I went and checked our deployment and it was indeed Vaultwarden, I had forgotten!

Gangster · 24 Dec 2021 at 09:24

I've still not made a switch over to a password manager. My main concern is, if they (let's say Bitwarden), get hacked, then doesn't that mean an attacker will have full access to every single website that I use the password manager to log in to?

Not got the time to be setting it up as my own server (as I've read here). Literally looking for a password manager, because, like the OP, there are so many now and getting older!

I like the idea of one password/passphrase... but I am wondering if that can somehow be hacked and thus unlock the entire logins for everywhere I access.

Infidelus · 24 Dec 2021 at 09:37

KeePass / KeePassXC doesn't need a server set up (I'm sure there are probably others). It's a downloadable application that you just run locally on your PC. No account required to set up.

HACO · 24 Dec 2021 at 11:04

Gangster said:
I've still not made a switch over to a password manager. My main concern is, if they (let's say Bitwarden), get hacked, then doesn't that mean an attacker will have full access to every single website that I use the password manager to log in to?

No. The raw passwords are never sent to Bitwarden's servers. They are encrypted locally and then go to the server. So even if all their data is compromised, the attackers will only see encrypted information. Since Bitwarden is open sourced (and security audited as well), you can be sure that this is the case.

LastPass was hacked a few years ago, no user password was hacked or compromised as attackers couldn't decrypt the data without user master passwords.

Gangster said:
I like the idea of one password/passphrase... but I am wondering if that can somehow be hacked and thus unlock the entire logins for everywhere I access.

That's why password managers are great. You memorise one password, that gives you access to all unique ones.

Mark M · 24 Dec 2021 at 22:52

HACO said:
No. The raw passwords are never sent to Bitwarden's servers. They are encrypted locally and then go to the server. So even if all their data is compromised, the attackers will only see encrypted information. Since Bitwarden is open sourced (and security audited as well), you can be sure that this is the case.

So how does that work for Bitwarden when syncd over multiple devices. I have it installed as a browser extension on my work pc, home pc and an app on my phone but if nothing is stored on the server then how can it be used on multiple devices?

Semple · 24 Dec 2021 at 23:00

Mark M said:
So how does that work for Bitwarden when syncd over multiple devices. I have it installed as a browser extension on my work pc, home pc and an app on my phone but if nothing is stored on the server then how can it be used on multiple devices?

He said it was encrypted locally, not stored locally. So basically it's encrypted before it's sent to bitwardens servers. If bitwarden were to look at the data, it would effectively be gibberish. It's not understandable to them without decrypting it.

Hence if it ever was compromised, as long as your master password is nice and secure, they'd never be able to decrypt the data.

uvarvu · 2 Apr 2022 at 08:26

@Feek @ChrisD. This is pretty good!

https://www.linkedin.com/posts/vancityreynolds_football-requires-good-defense-and-a-light-activity-6912793042747895808-1Ip1?utm_source=linkedin_share&utm_medium=ios_app

He’s right as well. Found 1Password to very intuitive and it’a really polished.

ChrisD. · 2 Apr 2022 at 09:15

Still on 1 Password, no issues with it really.

HACO · 2 Apr 2022 at 09:44

uvarvu said:
@Feek @ChrisD. This is pretty good!

https://www.linkedin.com/posts/vanc...?utm_source=linkedin_share&utm_medium=ios_app

He’s right as well. Found 1Password to very intuitive and it’a really polished.

Funny ad. 1Password is also one of the more secure ones, while it's not open source, it's been regularly security audited and they don't find any fundamental security issues.

Deleted member 77746 · 2 Apr 2022 at 09:51

Tell you what you can't beat vaultwarden been free, as long as you host it somewhere it's bloody fantastic. One of the best working products without problems I've ever used in my life.

All my passwords are between 32 and 64 chars. For the last 2 years I have never needed to remember a password ever.

HACO · 2 Apr 2022 at 09:57

Bouton Aide said:
Tell you what you can't beat vaultwarden been free, as long as you host it somewhere it's bloody fantastic. One of the best working products without problems I've ever used in my life.

All my passwords are between 32 and 64 chars. For the last 2 years I have never needed to remember a password ever.

Vaultwarden is going to cost you something in time and/or money (hosting, setup, maintenance, etc). Most people will be fine with a vanilla Bitwarden account and don't need to bother with self-hosting. We do Vaultwarden for business but I just use a Bitwarden account personally.

Deleted member 77746 · 2 Apr 2022 at 10:02

HACO said:
Vaultwarden is going to cost you something in time and/or money (hosting, setup, maintenance, etc). Most people will be fine with a vanilla Bitwarden account and don't need to bother with self-hosting. We do Vaultwarden for business but I just use a Bitwarden account personally.

Not if you get it free.