I know they recently published the code for their clients, so that’s a plus. But I can’t find any independent audits for their architecture or clients.
While all mentioned options does have independent audits done.
I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!
If you are into the command line, pass is also neat. You can even have your keys in a git repo and access it with a FOSS Android app (requires some dedication to set it up). It’s very useful to feed passwords to scripts without hardcoding them in the source.
I use Bitwarden for passwords. Just works so well.
KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.
Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don’t need to phone home to access passwords.
I get a good reason to stay away from lastpass is their dealing with getting hacked. Valid. However, bitching about not getting to use all the paid features as a free user is ridiculous.
I don’t know if this is still the case, but we trialled LastPass enterprise around 10 years ago. They didn’t have an API. They had no intention of ever introducing an API. So, the script could spin up a database, but couldn’t store a break-glass su user into the vault without actually giving it to a human, first. Some enterprise solution. 🙄
Indeed I have 1Password (was the best proprietary) and I’m switching to Proton Pass. This year they lacked features but their integration of their Simple login email aliases is game changer
And with Syncthing’s Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
And it hides file names and sizes by splitting things up, which puts one extra layer of difficulty for someone trying to find my passwords file to target. I have a much stronger password on the syncthing directory than my normal type-each-time password to open keepassxc.
StrongBox is just a client that uses keepass databases. I think it integrates well when using Apple devices and you can still use your databases on other platforms.
Ah thanks. Ya it’s Apple only but I like how it doesn’t sync to a central server but will still sync between your devices across your local network. Seems to minimize a lot of attack surface.
Add comment