Password managers are one of those tools that people don't tend to swap around because it can be a real pain. I have hundreds of credentials and going through the process of setting up new passwords is something I don't have time for, and only consider when my password manager has an outage. Like today.
We set up our password manager years ago and now I'm wondering if it's time to switch to something else. What are your suggestions?
Below are two open source password managers I'm looking into:
buttercup
/
buttercup-desktop
🔑 Cross-Platform Passwords & Secrets Vault
Buttercup Desktop
Buttercup for Desktop - Mac, Linux and Windows
²
About
Buttercup is a free, open-source and cross-platform password manager, built on NodeJS with Typescript. It uses strong industry-standard encryption to protect your passwords and credentials (among other data you store in Buttercup vaults) at rest, within vault files (.bcup). Vaults can be loaded from and saved to a number of sources, such as the local filesystem, Dropbox, Google Drive or any WebDAV-enabled service (like ownCloud or Nextcloud ¹).
Why you need a password manager
Password management is a crucial tool when you have any online presence. It's vital that all of your accounts online use strong and unique passwords so that they're much more difficult to break in to. Even if one of your accounts are breached, having unique passwords means that the likelihood of the attacker gaining further access to your…
The Bitwarden Server project contains the APIs, database, and other core infrastructure items needed for the "backend" of all bitwarden client applications.
The server project is written in C# using .NET Core with ASP.NET Core. The database is written in T-SQL/SQL Server. The codebase can be developed, built, run, and deployed cross-platform on Windows, macOS, and Linux distributions.
Developer Documentation
Please refer to the Server Setup Guide in the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.
Deploy
You can deploy Bitwarden using Docker containers on Windows, macOS, and Linux distributions. Use the provided PowerShell and Bash scripts to get started quickly. Find all of the Bitwarden images on Docker Hub.
Full documentation for deploying Bitwarden with Docker can be found in our help center at: https://help.bitwarden.com/article/install-on-premise/
Requirements
- Docker
- Docker Compose (already included with some Docker installations)
…
Oldest comments (130)
MyKi - non-cloud password manager and on-demand authenticator
Pass is also kinda cool (passwordstore.org/). Synchronized via git. Minimalist Unix philosophy & design.
Thanks - that's my TIL for the day!
I can't compare/contrast, but I've been using BitWarden for over a year and have no complaints. Importing from LastPass was a breeze and I was able to set up my YubiKey for 2FA in maybe five minutes. The mobile app is performant and consistent with the browser plugin. I tell everyone who will listen to use it.
What happens if you lose the YubiKey? How do you backup it up?
This is what keeps me from using YubiKey as a single 2FA token and having an alternative 2FA method like cell phone kind of defeats the whole purpose :/
I do have it backed up by cell phone 2FA. I see what you're saying, but I don't feel that undermines the advantages. I have my YK attached to my car keys - if I lose those, I've got all kinds of problems.
But me and my GF have each a YubiKey. On lastpass you can set a backup YubiKey, so I can use hers, in case my own are gone. In addition, you can print a list of OTP and use that.
Dont know what BitWarden offers, tho.
That's great to know! I believe BW lets you do this too, though I'm not positive. I know it offers the printable OTP list - they're very similar products, really.
Importing from LastPass may be what gets me to switch over much sooner.
I am very happy with LastPass
Do you use it on Android?
Last I remembered, it wasn't working well (buggy Auto fill), and so I disabled it completely and used Google's native AutoFill and only drop into LastPass when it's not saved in my Google also.
Curious if you experienced similar things at all?
Sometimes, yes. I then have to go to the app and copy paste manually
I use it on Android. It used to get disabled a lot so I had to keep re-enabling it but that seems to have fixed itself since I updated my Android to Oreo.
Oh... Good to know. Now if LG would only update my phone from 7.0...
I love LastPass as well. Except for this morning, the outage is driving me nuts!
status.lastpass.com/
yep, this is a problem with any services. The only solution I know is to have an offline password manager with multiple copies of the db, and sync it with devices through dropbox or something like that. But then what about handy browser extensions..
Buttercup actually allows you to sync via Dropbox, so you can host your vault file there and let DB do the sync'ing, and Buttercup has clients to allow you access to these sync'ed credentials on all major platforms (including within Chrome+Firefox using an extension). Disclaimer: I'm the author.
Neat! I'll have to look into that now. I'm currently a very happy LastPass user (though not for work, so I actually got by without knowing about the outage). But that does sound like an interesting solution.
This is where I would recommend Bitwarden, works well offline with synced data and once online syncs with my desktop app as browser addon, but the only problem I had was when i imported all of my browser passwords and disabled auto save within Chrome and Firefox, Bitwarden has become a bit slow ever since but its normal to be slow when you've got nearly 8K logins including yours and other peoples
Reading comments and thinking to try something else, maybe there are better solutions.
I also use LastPass and I like it!
Currently on the premium subscription (bought through a makeuseof deal) and I can say the android app improved over time.
Sometimes there are apps or views where LastPass can't manage to show the configured overlay with autofill but they made a handy tile for the notification bar to trigger the LastPass autofill dialog manually so this isn't painful anymore.
Did you know that LastPass has been hacked completely at least twice?
Ok, I'm migrating tonight.
Take "hacked completely at least twice" with a pinch of salt.
Unsure about twice but here is an official post by LastPass themselves.
From my experience, I'd recommend BitWarden as the free version will suffice on Android/iOS will suffice for most people along with proper sync between desktop / mobile apps along with being quite user-friendly.
Yes, but can't decrypt anything.
I'm quite happy with KeePassXC.
Ooh, movement in the KeePass world - I might move across from KeePass2 myself :)
I was really happy when it came out! I'd had to buy MacPass to get a good kdbx-compatible password manager on OSX (nothing against it as a product but I prefer open source), and the less said about dealing with the Mono version on Linux the better.
Amusingly I use the mono version on Linux the most, then KeePassDroid on my phone. I even re-wrote Andrew Schofield's excellent HIBP plugin in so it would work on Linux/mono despite that not having TLS1.2+ support :)
github.com/phlash/keepass_hibp
I use KeePassXC too, with it's browser plugin. And KeePass2Android on mobile. And very happy with that couple!
I love KeyPass2Android, glad I switched from KeePassDroid which just lagged behind feature-wise.
KeePass has a nice chrome extension too, though initial setup is a minor pain.
Which one do you use? I was using CKP - KeePass integration for Chrome, but it doesn't work since I started to use KeepassXC instead of the original (and mono-built) keepass
I use chromeIPass with the original Keepass app. I hadn't heard of KeepassXC before but it seems to be popular on here so maybe I should give it a go
I've been using KeePassX for a few years, but have been looking at shifting to Bitwarden for a little more ease of use on my phone. I think when I make the move to Bitwarden I'm going to go the self-hosted route though.
I've switched from Lastpass to Bitwarden because it wasn't working on Firefox (which I also switched out of to something else). Bitwarden is so much smoother and less intrusive on the browser. I also like it a lot that Bitwarden is open-sourced.
I am also thinking about the switch, one for the open-source nature of BitWarden, and second I think LastPass was just bought over by LogMeIn, heard that it was a rather dodgy company.
Anyway, couple questions - how much hassle was it? How does it perform on mobile? (Android Auto fill etc)
Not OP, but I made the same transition and IIRC it was as close to a one-click operation as you can reasonably get. AutoFill has not failed me yet on Android.
Cool man! That's exactly how it went down, it was one click for me!
I'm going to be trying out BitWarden for a bit.
Part of me says if LastPass isn't breaking, there's no need to change. The other part says open-source :p
That's more or less how it happened for me, yeah
Bitwarden has ties into the new Android autofill stuff, which makes it super smooth to use on Android. I believe it has the same for iOS.
The switch was super fast. Would recommend! Yes auto fill works very well but you might need to manually enable it
I'm a LastPass user, I'll definitely consider the switch!
Switched to Bitwarden Premium, my LastPass Premium expires in a month anyway :D
I'll decide then which one to keep.
Let me know what you decide on!
I'd never heard of it, but it looks interesting.
I am very happy with LastPass too, even though there are some rumors about not-that-security-oriented-architecture
Big fan of keepassxc.org/
This one also handles 2FA Time-based One-time Password TOTP.
Use it every day, it also can sync across any device, has browser integrations, and is open source.
I've been using KeepassXC across Windows, Mac OS X and Linux for probably 3 years now. Never knew there was also a TOTP feature hidden in it! That's so awesome!
Yessir I use it for AWS daily!
Yeah, and it now supports autofill on Android, which makes it so so much more useful to me.
Not open source to my knowledge, though, which may be a dealbreaker to people around these parts. But it's very user-friendly and syncs fantastically so I have it on all of my devices, including my work computer to maintain a local copy of all my work credentials (we got switched to monthly password changes, so fuck remembering that).
I absolutely love Bitwarden - the OS option is great. It has all the features I need and works really well on Android/Mac/Linux.
DashLane! It's cross-platform (Mac, Windows, Linux, Android, iOS), plus there's a browser plugin. It can generate new passwords and hold secure notes and things.
I heard a lot of things about KeyPassX but I never tried it.
Why not? Do you use something else?
It seems to be a good option
LastPass is a very powerful password manager, I highly recommend it. But the autofill functionality is somewhat buggy (especially on Android).
LastPass is also amazing!
Some comments may only be visible to logged-in visitors. Sign in to view all comments.