Are they really trustworthy? Will I have them around? How do they work?

  • PorkrollPosadist [he/him, they/them]
    ·
    edit-2
    3 years ago

    I use KeePassXC (paired with Syncthing for synchronization). It stores all your passwords in an encrypted file which can only be opened with your master password. Assuming you have a strong master password, this file can be sent around in unsafe places like e-mail or Dropbox. On Android I use KeePassDX. Most of the "KeePass" programs are compatible with each other.

      • Hortener [none/use name]
        ·
        edit-2
        3 years ago

        Syncthing

        That's just for computers. How do you keep a computer and a phone in sync?

        This is the problem I had with PasswordSafe. Two files.

    • layla
      ·
      edit-2
      3 years ago

      deleted by creator

    • Shrek
      ·
      edit-2
      3 years ago

      deleted by creator

    • wubblewobble [he/him]
      ·
      3 years ago

      Syncthing is probably the safest of all options, but if you want to trade a bit of paranoia for convenience, you can also sync your keepass database to a cloud provider of your choice. Then your pc doesnt have to be running to synchronize. As long as AES stays secure, even the cloud provider cannot decrypt it.

      For added security, you can encrypt your password database with a file in addition to the master password (and then manually transfer that file to your phone via wire once).

  • crime [she/her, any]
    ·
    3 years ago

    Bitwarden. Yes, very secure, but if you are extra tinfoil about it you can host a bit warden server yourself

      • invalidusernamelol [he/him]
        ·
        3 years ago

        Get yourself some server space in China and self host. China doesn't comply with US intelligence agencies, just kills their informants

        • ComradeBongwater [he/him]
          ·
          3 years ago

          Maybe for some sensitive stuff, but I'm not dealing with that kind of latency for something I access every few minutes. Makes more sense to setup encryption-at-rest on a home server if you have a stable-ish IP.

          • invalidusernamelol [he/him]
            ·
            3 years ago

            Latency doesn't really matter for a password manager though because you're only updating your blob like once ever 5 minutes.

  • 420clownpeen [they/them,any]
    ·
    3 years ago

    Bitwarden is good for most stuff, KeepassXC for things you may need to use without internet or don't want stored online period (for me it's mainly work things so nobody can get mad at me for having pws on a third party service or w/e).

    I will add that if you use a cloud-based manager like Bitwarden you should export and backup the passwords regularly to some kind of encrypted storage. I like Veracrypt volumes personally.

  • layla
    ·
    edit-2
    3 years ago

    They are trustworthy and you should use one. Here is an article that looks good for some background and how to use them:

    https://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/

    However I would urge you to use Bitwarden, not Dashline or the other programs they recommend:

    https://bitwarden.com/

    Bitwarden have apps for Android, iOS, Linux, macOS and Windows, and browser extentions for Firefox and Chrome, so you can get your passwords wherever. They also have a user guide you can check out if you want:

    https://bitwarden.com/help/getting-started/

  • neo [he/him]
    ·
    3 years ago

    Life really does get easier with a pw manager. I don't know most of my passwords anymore because I don't have to. They are all strong, unique, random, and readily accessible.

    I use KeepassXC and on my phone I have a backup with StrongBox for iOS.