Objective: Secure & private password management, prevent anyone from stealing your passwords.
Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open
Option 2: Use ProtonPass or similar solution like Bitwarden
Option 3: Host a solution like Vaultwarden
Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills
Keepass on phone, desktop and tablet. Sync serverless via Syncthing.
- completely private
- always available when needed
- no dependency on services which may go away
- all open source software
- maximum security
Yup. Same system here. I really like it.
I use option 1 with Syncthing for a distributed cloud solution
Same, works like a charm!
Ditto, but with Resilio Sync.
Keepass + syncthing.
Don’t let your vauld to unencrypted through the cloud.
Your vault is always encrypted very securly except when in RAM. There is no security concern with uploading it directly to the cloud.
I’m very happy with self-hosted Vaultwarden.
Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged
But honestly all services you mentioned are worthy.
Anything that fits your needs imao
That PR might be a while…
https://github.com/bitwarden/mobile/pull/2629#issuecomment-1731457466Considering that android is going to prevent users from importing a CA
Edit:
Wait, I think I have my wires crossed.
I think android is removing the ability for apps to install certs.
The user has to manually install a cert, and then select it in the appEdit again:
Yeh, this is what I was thinking of:
https://httptoolkit.com/blog/android-14-breaks-system-certificate-installation/But, thinking about it now, I doubt it will actually affect the feature
Using let’s encrypt is a lot easier to deal with on the client side than modifying CAs, although the initial set up of the server can be a pain in the ass if you’re new to it.
I’ve used Option 1 with my Nextcloud and it works perfectly. Other options seem more apropriate when you need scale, many user each with their own vault.
Stupid me, didnt even remember using nextcloud instead of commercial clouds. I like it
I use and prefer option one, but take it a step further in that I host my own cloud service. I used to use Dropbox for years, but we got divorced.
Option 1, KeePassXC plus SyncThing, done. Works amazing on all my devices.
Bitwarden+vaultwarden, harden the chosen VPS, set SSH to use keys only, then setup fail2ban for webserver and ssh Also consider putting ffsync on it as well for extra browser benefits.
Remember to back that up, and test the back at intervals to make sure they work
Not watertight ofcourse but I love that the bitwarden clients keep a local copy so if the server ever goes down youve still got access just no sync.
goes without saying.
I like this one as well, technically more challenging though
Keepass fIle in my own nextcloud instances, synced to my phone so I can also use keepass2android. This way if something happens I at least have another copy of it, beyond my backup system.
Option 2. It’s the most robust. You’ll never lose it (provided you have the redundancy), you can use it offline, you can transfer it using a USB pen, it’s available in all platforms, including web. I’ve been using this for 8+ years, on my phone, desktop, laptop, company computer, etc. I store it on a personal cloud (and on each machine, of course, by syncing).
I use keepassXC and sync across my devices with nextcloud and VPN to my home network with wire guard and this setup has never failed me.
I’ve toyed around with passbolt, and I really want to try because it just looks cool to me, but I keep having trouble with it playing nice with my reverse proxy.
My personal preference is hosting it myself on my own server and using a VPN to get to it. It gives me peace of mind because I’m not a big enough target for someone to try that hard to get my passwords and I’m not exposed to bitwarden or dashlane getting breached.
Keepassxc + syncthing to phone in read only mode and to other machine. So 3 copies on different machine, while one of them is on me
Option 2: 1Password
Option 1
Bitwarden for me. My password manager is not just for me, it’s also a crucial component of my family life so if something happened to me I want my next of kin to be able to access it
For that it needs to be an easy to access solution.
Same, I’m all for complicated things that only I know how to use but the keys to the kingdom shouldn’t be one of those when there are laypeople relying on me.
I still have to figure out how to let those people in when needed, I’m thinking writing the master password and the backup code on a paper that lives in a drawer, maybe in a “break in case of emergency” box, etc.
Curious what’s the best way to mitigate the wrong person getting that, but I think if you have to worry about someone breaking in your house who is also looking for that info, then you have a different threat profile to consider, and the above calculus doesn’t apply.
Bitwarden offer the option to set up an emergency contact.
You choose someone to be an emergency contact, it means that if they want they can request access to view your passwords.
When they send a request you receive several emails to warn you and after X (you can choose the amount) days if you don’t do anything they get access to your account.
