What is the best open-source password manager out there?
Should we use password managers built into browsers like Firefox or Chrome?
Or should we use dedicated applications like Bitwarden?
What do you use and why? Please comment below.
What are the pros and cons of different applications?
Should we write our own script to manage passwords?
Or should we store them in offline files?
Oldest comments (48)
Using pass + git + yubikey
passwordstore.org/
I made my own password manager
Check it out at main.d3qwkjcxzk7m67.amplifyapp.com/
Fork and make your own on github.com/GeoBrodas/aws-password-...
Check out the whole blog I made
dev.to/geobrodas/secure-password-m...
This is awesome
What about this ? Use Vercel for hosting and env as your passwords.
When you join a company you probably have to use whatever they give you access to.
For personal stuff, I use Bitwarden. I think I was turned on to it from a thread here a couple of years ago, actually.
I used to use LastPass, and Bitwarden is mostly a copy of their UI, so the transition was simple. It's free software though.
You can roll your own if you want, it's no different from hiding passwords in a notebook under your bed - it's not like you're writing a crypt library and telling other people to use it or anything.
Other things I've done include keeping text files GPGd in whatever cloud storage I had at the time.
I literally did the same thing. Good decision I think though now that lastpass has gotten greedy about allowing you to only use the app on either your phone or computer but not both.
It's not really greedy when it's a service and product they're supplying without a cost attached.
After having used it personally for years, 1Password is also a great fit for teams. I have shared vaults with the people I work with and can even provide guess access to individuals for short projects at no additional charge.
Besides unique and long passwords, 1P also handles 2FA perfectly well. Not only for your personal accounts, but also the accounts in shared vaults. So even the shared login credentials benefit from OTP, on your phone and laptop.
1password started as Mac-only so when I used the 1password interface the first time I actually had to search online for how to do things. It's not particularly intuitive, but once you learn how to do things it's ok. We use it at work, but I'm not a fan of using proprietary solutions for things like this and don't particularly understand why people want to pay for it, either.
The same reason people want to pay for any other type of software: it brings them value.
Ok, without getting too reductionist, I don't particularly understand what value it brings them.
Which is fine. You might be using something that I don’t see any value in, and that’s fine too. I’m a 1Password user myself and it brings me value. I’m not here to sell you on that product 😄
They are though. They exist because people are prepared to pay for their product instead of using a free software product, so there must presumably be things people like about it that aren't in other apps.
More importantly, and something I forgot to mention, is that the question is explicitly about open source software, and 1password isn't that.
KeePassXC for PC and KeePassDX for android. Sync with dropbox, Google drive, etc.
After using 1Password for a year, which works okay but costs money and doesn't have a proper Linux desktop app (you have to use a browser plugin instead, which feels weird), I am now using the exact same combination (KeePassXC on Linux, KeePassDX on Android). Both are really good software and I am pretty sure I won't switch to anything else. Synchronization across devices is a drawback, though. It's not built in (you store a password DB file locally). But as you said - there are different solutions for that. I am currently using SyncThing. Feels like a bit of an overhead just for syncing passwords, but works. And the local DB file has a strong encryption with a good master password, so I feel safe storing it wherever I want, even in unencrypted backups.
EDIT: LPT: I set a Shortcut on my desktop for
Ctrl + .to open KeePassXC (the same 1Password uses for it's browser plugin, I got used to it) - it gives a very smooth workflow. KeePassXC is a great recommendation IMO.Hi
I'm using LastPass for the last few years and enjoy it a lot:
I think they managed to simplify features with minimum impact on security; at least this is what I'm hoping for :)
Keepassxc
google chrome/edge just works fine
I really love to use Firefox Lockwise, as it can keep logins and passwords from browser and apps.