Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I’m done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I’ll use Bitwarden. Thanks for recommendations! Now I don’t need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I’ve forgotten my email password as well as a few other accounts I haven’t logged into for a while. Damn, should’ve used a password manager earlier.

    • flashgnash@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I use bitwarden but it can be quite annoying to use sometimes. Feel like I have to type my master password every 5 minutes and it won’t even prompt me to enter it for a site I have a login on, have to dig into the menu and find it

      • Trapping5341@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        On my desktop browser I have it set to relock only when I close the browser. So I only have to enter my master password the first time.

        I have an Android phone and an iPhone and have bitwarden enabled on both and set to auto lock after 15 minutes. Very rarely do I run into and instance where bitwarden won’t be able to auto populate everything on either device and I have biometrics set up to unlock my vault. When it doesn’t I have to go searching but imo it’s a minor inconvenience because it very rarely happens.

        If you mean that when you are using the auto entry feature your account isn’t showing up to populate the field without searching then you need to save the URI to the password so that bitwarden knows what account goes with that site. Just hit the auto fill and save button and it will automatically add that URI for you so you don’t have to search next time.

        • flashgnash@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’ve got all that setup and biometrics work great. The problem is sometimes bitwarden just won’t prompt in the first place, sometimes it works sometimes it doesn’t, sometimes I have to wait a bit for it to realise

          • Trapping5341@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Ah yeah, I run into that sometimes but in my experience its pretty rare that it won’t pop up. Sometimes just closing the app, from recent apps, and reopening will get it to trigger. I always assumed it had something to do with the apps save state when I closed it since it generally happens on my banking apps that automatically log me out. It’s one thing I like about iOS is that when you are logging into something there is the little key button to open up iCloud keychain and Bitwarden so you don’t have to let it do it automatically.

  • DoctorWhookah@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    *Sees post. Guess I should make sure someone has said Bitwarden.

    *Checks comments. Hmm, Bitwarden, Bitwarden, another Bitwarden.

    *Good. I don’t need to reply.

  • techgearwhips@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    KeePass all day. Completely open sourced and free.

    I use

    KeePassium on iOS

    KeePassiumXC on desktop

    Keepass2Android (no net) on Android.

    All synced via Nextcloud but you can sync via sync thing as well if you don’t want to self cloud host.

  • mika@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Non self-hosted: Bitwarden

    Self-hosted: Keepass

    Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that’s not a problem for you then it’s a great choice.

    • kwelzel@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren’t you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

      Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don’t know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

    • flashgnash@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Bitwarden supports self hosting doesn’t it? There’s an option in the UI to specify server

      • Racle@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yup, you can selfhost bitwarden and use your own private server to sync between devices.

  • Ab_intra@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’ve been using keepass for 10+ years now. I store it on a USB that is only connected to the internet when I plug it in.

  • jrubal1462@mander.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    After 2 years of ignoring the fact that I use a duplicate password in over 100 places, and that password has officially been in breaches, I finally came to terms with the fact that it was time to find a password manager and generate unique passwords. I didn’t do a ton of research and ended up with bitwarden. If I opened this thread to see a bunch of people ragging on bitwarden I was prepared to be VERY upset.

    • anguo@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      My only gripe is having to insert my password every 15min (afaik it’s either that or having all your accessible by anyone using your computer). That and the fact that they discontinued the password manager they had on Android. This is what made me move to bitwarden.

    • Kajika@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      firefox

      For me the firefox password manager is totally fine : I know where the encrypted file is and I can manually back it up and copy to an other computer ($HOME/.mozilla/firefox/[profile folder]/key4.db + logins.json). You can decrypt yourself the file easily too.

      • bearfootbees@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I use Firefox as well. My uneducated concern. I once installed Chrome on my PC for something specific. During the install, it asked if I would like to import my saved logins from Firefox. I thought: “let’s see”. In fact, it unencrypted the file, and loaded all my passwords. So, my thought is, of someone was to gain access to that file, how hard would it really be to unencrypted it? If chrome can do it as part of their wizard.

        Again, feel free to educate me, but that’s my concern

  • onichama@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.