I like KeePassXC because it’s written in C and is thus cross platform, while KeePass is written in C# and relies on Windows UI libraries. You can run KeePass on Linux (and I did without usability issue for years) but it will look god awful.
I won’t knock plugins, everyone has weird use cases, but I don’t know what people need KeePass to do that it doesn’t already do out of the box. I’ve certainly never felt the need for any.
First is the organizing feature. It doesn’t let me to have sub folders which I need to categorize items.
Second is the TAN management to store my MFA backup codes. A feature the original Keepass have but KeepassXC doesn’t. You can use notes to mimic but it doesn’t auto expire after use, i.e. more manual work.
I actually thought the organization stuff is pretty good, coming from keepassxc myself. The way we have it set up is that each of the members of our family all have VW accounts, and we have a common organization shared among us for stuff we all use (e.g. home devices). It’s all in one installation, so it’s pretty convenient. I don’t think I can do the same as easily with keepass.
That being said, keepass is a really solid piece of software. I’d recommend it myself.
Vaultwarden is a great piece of self hosted server software, which meshes with Bitwarden software perfectly. And for people who can’t self host, IMO Bitwarden gives you more than enough bang for your buck with their own hosting plans.
It’s one of the few examples of software being open source and ethically making money regardless. (For comparison, Standard Notes has tried pretty hard to make sure non-paying users have an inferior experience even if they self-host literally everything.)
No, its built on a Microsoft framework, that MS has decided to change recently. That’s why its sluggish and they can’t add features like passkeys to the current client apps.
I was really disappointed about standard notes’ plans. Took me forever to get everything set up to self host, only to find I couldn’t even use markdown unless I bought a license? Silly.
Yeah, the value of buying a hosted service should be the fact you don’t have to worry about hosting it yourself. Not a tiny piece of Javascript that was grabbed from a third party developer anyway.
I can see what they’re trying to do, but the experience leaves a really bad taste in my mouth.
They’ve already open-sourced all the best parts, and there are independent OSS projects based on that. If BE fucks with their user base, they’d be messing with their livelihood.
StrongBox is just a client that uses keepass databases. I think it integrates well when using Apple devices and you can still use your databases on other platforms.
Ah thanks. Ya it’s Apple only but I like how it doesn’t sync to a central server but will still sync between your devices across your local network. Seems to minimize a lot of attack surface.
And with Syncthing’s Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
And it hides file names and sizes by splitting things up, which puts one extra layer of difficulty for someone trying to find my passwords file to target. I have a much stronger password on the syncthing directory than my normal type-each-time password to open keepassxc.
Indeed I have 1Password (was the best proprietary) and I’m switching to Proton Pass. This year they lacked features but their integration of their Simple login email aliases is game changer
I get a good reason to stay away from lastpass is their dealing with getting hacked. Valid. However, bitching about not getting to use all the paid features as a free user is ridiculous.
I don’t know if this is still the case, but we trialled LastPass enterprise around 10 years ago. They didn’t have an API. They had no intention of ever introducing an API. So, the script could spin up a database, but couldn’t store a break-glass su user into the vault without actually giving it to a human, first. Some enterprise solution. 🙄
I use Bitwarden for passwords. Just works so well.
KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.
Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don’t need to phone home to access passwords.
If you are into the command line, pass is also neat. You can even have your keys in a git repo and access it with a FOSS Android app (requires some dedication to set it up). It’s very useful to feed passwords to scripts without hardcoding them in the source.
I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!
Add comment