- Bitwarden (audit results)
- KeePassXC (audit results)
Neither is better as they offer different things. Both are audited by third parties.
KeePassXC
Why specifically KeePassXC instead of KeePass?
Lack of 3rd party audit. Only KeePass 1.x was audited independently.
Less support for KP on Linux. Needs Mono to run. More importantly, AFAIK, it won’t interface with a browser extension (on Linux). So KP is more Windows oriented.
I use Bitwarden and recommended it to all my friends and family. It’s e2ee and you can have them on all your devices, it has autofill, password generators, and username generators. It’s pretty neat.
I also have some friends who use keepassxc. There are mobile clients out there for it as well but it’s meant as a completely offline password storage.
Keepass files can be synced via Cloud Storage. I keep mine in my Nextcloud account.
1000% bitwarden. LastPass gets breached too often and have bait and switched users that were using the free version. Jump ship if you’re using them, export them and import into bitwarden.
deleted by creator
Mostly business customers https://bitwarden.com/products/business/
It’s a freemium model.
There is a feature limited free version. Then a full featured version people pay for.
In this case, there’s also a business version with per-user billing.
I pay for premium and it’s nice to be able to use TOTP.
I use Bitwarden for passwords, but I think Proton Pass is an honorable mention. It’s possibly more secure, but still new.
Bitwarden just added support for Argon2id which makes brute forcing (which is impossible at the moment) even harder compared to PBKDF2.
Harder than impossible. Now that’s a feature!
Harder in a sense that it costs even more resources per try, but current tech is not capable of brute forcing either.
Bitwarden with YubiKey
Use bitwarden but never heard of YubiKey. Quick search on google gave me nothing. What is it?
I use it as my 2nd facor authentication.
Keepass
Depends on your definition of secure.
A pen and paper can’t be hacked
Just thinking out loud. If your paper record is actually QR codes, then you could scan them into your device as you need them. So you wouldn’t have to type some long, complicated sequence by hand.
Something to keep in mind is that security isn’t just about preventing attackers from accessing it. If that was the only criteria, then the most secure thing would be a flash drive buried in concrete.
Security is also about accessibility.
To that point, I believe the best password manager is subjective. That being said, I’m going to throw out a recommendation for 1Password. If you use it right, it balances security with convenience really well.
Any known password manager is a target.
If you have a Linux PC you can create a partition encrypted with LUKS and save the passwords in txt files. Even this solutions has a small risk because when you open a file it might end up in the cache. But it is still safer than Keepass.
Downside. It might take a little bit more than few clicks to access to your passwords. But I suspect that the concern over too many clicks is inflated by the big corporations looking to dumb down their users.
The most secure thing to do would be to host your own server. You can do this with Bitwarden. Remember though that if you lose your server, you lose your passwords. You can also just use Bitwarden and their cloud service. It’s free and open source.
The most secure thing to do would be to host your own server.
That is assuming that you believe you are more secure than say Bitwarden the company, especially if you are hosting publicly.
Availability is really important too when literally all your passwords are in there
Not using one. Anything and everything that is connected to the internet in any way what-so-ever has at the very least some level of insecurity and vulnerability.
KeepassXC should be secure enough, you can even use a hardware key.
But make sure to use version 2.54 or newer.
google keep but dont label ur passwords so the hackers cant use them (and neither can u)
