45
votes
What is you preferred password manager?
I use Lastpass at work but don't have experience with any others. Last time I looked into it Lastpass and Keepass were the only two viable options if I recall (though my memory isn't the most reliable thing). A few quick searches seem to indicate that the market has opened up a bit since then. I'd like to use something open source with Linux, Windows, and Android clients. So, what's your preferred password manager and why?
I started with LastPass, but was part of the exodus when LogMeIn acquired them. 1Password was good, but was lacking support for Linux. I tried KeepassXC for a time, but I ran into syncing issues
Bitwarden to the rescue! Its a browser extension, so its perfect for those of us who jump between operating systems. The experience between each is identical, yadda yadda yadda, and I love it. Also, the mobile apps are excellent.
I believe there's a completely self-hosted version coming down the pipe, but I could be wrong about that. I found BitBetter, but I haven't tried it out yet.
I just checked and Bitwarden is all FOSS. Not only do they use GPL, but they use AGPL for their backend code. I might actually use it since self-hosting is an option.
+1 for bitwarden! btw you can already host bitwarden yourself
Thanks for the recommendation! I checked it out today and being able to share with a 'company' looks like it may work for the limited sharing I need. This may be what I end up running with.
Just as an FYI, 1Password has now come out with linux support via their browser extensions for Chrome and Firefox. I'm using it now and it works great -- seamlessly integrates with their desktop apps.
Does that also work with the standalone license, or only their subscription?
I've stuck it out with LastPass and they're still as great as ever.
Same. I have lastpass on my phone and all browsers, works great. Took me a while to get everything set up properly, but it's all good now.
yeah, bitwarden rocks. that's what i've used for a few months now and it just works. i use the hosted service. the android app works well too.
I was part of the exodus as well, will have to check out Bitwarden.
KeepassXC, backed up twice locally and once to Google Drive. Development is more active than that of the other Keepass variants, and the browser extension works quite well.
Nice! I've been using KeePass2 for years because I was too lazy to port my database over to something else. I never really used the browser integration because setting up that weird http proxy always seemed like more hassle than it was worth.
But KeepassXC and the browser extension worked like a charm!
HTTP-Connector has been deprecated (at least in KeepassXC). It's really insecure.
More info on this: the replacement and deprecation is from KeePassXC 2.3 onwards, which was released at the end of February this year, and which has landed in Fedora 27 and 28.
The new system is detailed here: https://keepassxc.org/docs/keepassxc-browser-migration/
Keepass with regular backups .
I use Keypass sync'd to Google Drive across all my devices, so I don't even need to remember to backup - I use access it straight from the Google Drive location.
Bitwarden. Open source, fast, has all the features I need. I previously used Lastpass, but I got tired of their bloated apps and had security and privacy concerns.
I stay far away from online password managers (keeping all my passwords in one place is already a risk, I think putting that online in any capacity is way too risky). I use KeePassXC on Linux and KeepassDroid on Android, and use Syncthing to sync my database locally across all my devices.
pass
It's extremely simple! I also utilize QtPass for the nice GUI.
There's an Android app on F-Droid that uses pass, but I never got it to work correctly on my device.
Seconding
pass100%: it's simple, you can backup / sync the.password-storewherever you want ( I've got a copy on bitbucket and one on my private git server + typical backup for my gpg keys ). No nonsense, no trying to auto-log me in based on BS rules with URLs, no messing with other apps, no leaks via browser extensions, just nobrain simple: exactly what I want out of a password manager.And for mobile, I try to stay logged-out as much as possible anyway.
Pass is great. I didn't have any issues with the f-droid app, just installed it and synced. What did you have trouble with?
Your question made me realized I worded my issue pretty poorly. The main function of the app was working fine. It's been a while so i'm a little hazy on the specifics, but it was the pop-over feature or whatever that I could never get working. I was hoping when I browsed a site that required a login via my bowser, I could easily sign in via a pop up dialog of some sorts and not have to open up pass, copy the pass, switch apps, then paste.
I use lastpass for the most part, its just easy to set up and use everywhere. I've also heavily used pass in the past, and love its implementation on plain PGP encryption. Between that and keybase its simple to share passwords with someone, and I can embed whatever extra data I want in the encrypted files
Yep. I have credit card numbers, bank accounts, socials, all kinds of stuff stored in mine still
I just want a better Android app
Pass for me, backed by a simple git repository for sharing between devices.
I personally prefer to use KeePassXC on the desktop combined with Keepass2Android for my various Android devices.
KeePass2, using the desktop client via Mono on my Linux box and Keepass2Android on my phone; the database is synced to Google Drive (if the NSA wants my passwords, they can just as easily get them from me). I use the Url in title Chrome extension and KeePass' autotype rather than a specific KeePass plugin to isolate my passwords from the browser process (and also because I couldn't find a decent KeePass browser plugin…)
I assume you have used the first KeePass. If so, what do you think about KeePass2 in comparison to KeePass? Is it worth switching?
I don't think I ever really used KeePass 1.x, since it doesn't run particularly well on Linux. OTOH, KeePass2 supports database compression, custom fields, custom entry icons, and database synchronisation, none of which are supported by 1.x AFAIK. Sync is especially important for me because I don't reopen my database on my laptop very often, so it's useful to get a warning on save if I'm about to overwrite changes I made on my phone, and so far it's always been able to automatically merge them too.
I use LastPass. My favorite feature is being able to view reused passwords, automatically reset passwords (good in case an account was compromised), and auto-generate passwords. Haven't tried 1Pass or KeePass but I have tried RememBear and boy it's autofill feature on mobile is trash compared to LastPass.
1Password, been a customer for years. The family plan now is amazing value. On all platforms for five people. Great support too.
The apps are a joy to use, too. Even their Windows app, which is a pleasant surprise.
iCloud Keychain because it's convenient and is already installed on my iPhone.
Same. It also syncs to my Macs. My favorite thing about it is that when I get a new device, I can just sign in on it and all my stuff is there right away, the browser fills it in and everything. Don’t have to install any extra apps or browser extensions.
I use Firefox' password manager. It might not be the best, but it works and does all I need.
Mozilla has a project that aims to improve the password manager eventually. It's called Lockbox.
Me too, sometimes I feel "unsafe" using it, but I didn't save the passwords for my email accounts, paypal, etc so at least I can't lose any money if someone hacks me.
It might be ironic but that's the reason I haven't tried any of the other password managers, they claim to be safe and I don't know if I can trust them ... Firefox's password manager makes no claims and I realize it's not safe.
Bitwarden does sound interesting though, I like that it's open source.
There's nothing unsafe about it if you use a master password. It's a bit inconvenient to use with the master password, though.
I prefer SafeInCloud. But I also share 1pass with my husband.
One day I'll convince you to make the switch...
LessPass. It's a stateless password "manager" with clients on all major platforms and the web. Rather than storing your passwords with them, or having to sync a password database on your own, it simply re-generates your password every time you need it.
This is very cool! I use LastPass and don't have any issues with it but having my password generated offline is appealing. My only concern being the cost of switching. Would I need to change all of my passwords to switch?
Just the ones you want to access through LessPass. If that's all of them, then yeah.
Brain. I have a system I use to make passwords (obviously not sharing) based on the website.
I use Keepass. I have it on Windows, and on Linux using Mono. The file lives on my Windows partition, and gets synced when I use it on Windows because the cloud syncing plugin I use needs more than just Mono. I also use Keepass2Android for whenever I need portable logins.
For Linux, I highly recommend giving KeePassXC a try. I had heard about it a few times before I decided to see what the fuss was about, and it's generally a nice quality-of-life upgrade, fixing things you didn't realise were annoying.
I'll have to look into that. It looks like KePassXC is also in the software center, so that should make trying it out pretty easy.
For group management—1password.
I've heard good things about keepass if you're solo.
LastPass made me struggle with an issue for nearly 6 weeks going back and forth with their customer service over an issue that should have taken a minute to fix. They never fixed the issue either. I eventually just walked and went to 1pass.
I use 1Password for solo management, and it’s pretty excellent. I mostly live in the Apple ecosystem and their Mac/iOS apps are top-notch, but I also have a Windows PC at the office, and I’m impressed with the quality of their most recent Windows app. And they have extensions for every browser under the sun (including Edge and Safari).
I’ve luckily never had to deal with their customer service, but I hear plenty of good things on that front too.
Granted, they aren’t the cheapest solution, but in this case you get what you pay for.
I’m lucky enough to use macOS on my personal machines and at work, so I use 1Password. Work also has Lastpass, but I prefer 1Password with Dropbox syncing. Never had any problems with 1Password and I’ve been using it for a good ~5+ years now. On macOS it supports Safari, Firefox, and Chrome pretty well (sometimes has issues if Chrome auto-updates, just requires relaunching Chrome in that case). They’re moving to a subscription model, which I understand and will probably grudgingly move to at some point. I think it’s still worth it for the peace of mind of never having to worry about my passwords, credentials, and other data/metadata that I want to keep encrypted and synced across my devices.
Anyone have any experience with Enpass?
I've tried it for a couple months, but moved to Keepass mostly because it's opensource and the android client. And that was when Enpass truly disappointed: at the time, it only exported to TXT where each entry span multiple lines with labels; I had to spend a lot of time making it parse-able for import elsewhere.
I’ve been using Dashlane, I have it for iOS and MacOS. Haven’t tried it on Windows at all though as I wasn’t using Windows until rather recently. But it’s been working great for me.
Same here. Dashlane all the way. I use it across all of my devices and tablets and love it.
Ever since LastPass was bought out by LogMeIn, they lost all trust/confidence from me as LogMeIn has some business tactics I don't agree with.
I use keepass in concert with dropbox to synchronize between devices. The desktop and android apps are both good in my opinion. I also occasionally use chrome's password manager for sites that constantly ask you to reenter your password.
I use Master Password, it uses your name plus your “Master Password” to create a key that generates passwords based on the domain you give it.
Absolutely no information is stored, it can be used offline, and the “algorithm” is completely open-source.
I use lastpass not because it’s the best but because it was (imo) the easiest one to set up for my parents to use and for me to manage. They had a google doc with all their bank, email, etc passwords and one day I just sat them down and went through account by account storing them. The peace of mind on my end is priceless.
Use lastpass, I loved it but right after the one year mark I couldn't log in and ended up losing all my passwords, still looking for a good replacement when I have time to transfer 300+ logins
I use Lastpass and I don't know what I am missing. If you switched from Lastpass to something else, then why?
I currently am using Keeweb running locally, with my database file synced across Dropbox. I am considering switching to Pass (The UNIX password manager) though, I'm just concerned with how good the equivalent mobile client will be. Keepass2Android is such a well thought out functional client for Keepass and I'm not sure whether I'm ready to give that up yet!
Something to consider about pass is that since each entry is its own file and it's not a single encrypted database, the name of each entry (generally the url, i think, since you want to open the right one based off url) is not hidden at all.
I use LastPass since I am pretty much stuck remembering the logins for me, my partner, my mother, work, and since I like trying out new web services, I also get stuck with a million logins for any and everything. Not to mention I have 2 accounts for some services because I have to separate my US and European billing infos, or get around geo restrictions.
I can't live without being able to easily use the login helpers iOS, OSX, Windows, and Android.