• Plagiatus@lemmy.world
    link
    fedilink
    arrow-up
    106
    arrow-down
    3
    ·
    1 year ago

    I second the recommendation for Bitwarden.

    I switched over from Dashlane and never looked back. They even have a browser extension for mobile Firefox (the browser you should be using anyways) so it’s easy and convenient on all my devices.

    • johnthedoe@lemmy.ml
      link
      fedilink
      English
      arrow-up
      39
      arrow-down
      1
      ·
      1 year ago

      +1 for Bitwarden. There were growing pains at the start to move off of iCloud Keychain. Once done and being more proactive with managing passwords it’s so good and trustworthy

      • CluelessLemmyng@lemmy.sdf.org
        link
        fedilink
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        Agreed. Bitwarden has been fantastic. I just wish it was easier to swap between accounts on the browser extension. You can do it on desktop and mobile pretty easily.

        • Otter@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Manually putting what in?

          You can import from another service if that’s what you mean

        • johnthedoe@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          First time using it you export your password data and move it into BW. Then browser extension can help auto fill and detect new ones. It also has a password generator built in so that’s handy

          Phone app can integrate and auto fill. On iPhone I’m not sure it if can detect and save. But the few times I’ve needed to sign up on phone I manually input.

          I still use Firefox password and iCloud saves when prompted. Doesn’t hurt to have a backup I suppose.

        • SmoothLiquidation@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I spent some time when I migrated from just storing my passwords in Chrome. I went through and made sure all of them were strong, unique passwords. I set up categories for all of them. I set it up so I could share the right ones with the family and whatnot.

          Doing the raw import is easy, but it was a good time to make sure everything was in order.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      Is there a reason to use the mobile extension over the app itself? The app can input into other apps as well

      • SatyrSack@lemmy.one
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I have never even got the mobile extension to work. When I set it up and enter in my email and master password, the Captcha that is supposed go show up is missing entirely. There is just a blank space under the password field where the Captcha is supposed to have appeared.

        IMG_20230910_152738

  • thisisawayoflife@lemmy.world
    link
    fedilink
    arrow-up
    51
    ·
    1 year ago

    Been using KeePassXC (and before that, KeePassX) since I abandoned LastPass about a decade ago. The apps integrate with Nextcloud perfectly and at least for me, it’s a breeze. I use it for TOTP too, and I second the recommendation of a hardware token for an additional layer of security. There are some USBc options that work on phones (I’m using a pixel 7 pro).

      • Rootiest@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 year ago

        YubiKey works for me, both on desktop with KeePassXC and on Android with KeePassDX to the same DB

        • chockblock@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          I like the look of KeePassDX but I was bothered by the fact that I have to use the yubikey every single time to unlock the database, unlike keepass2android which allows me to store the yubikey credential with biometric lock until the phone restarts. Keepass2android is not as nice of an app but that feature was really required for me.

          • Rootiest@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            KeepPassXC can do this as well, but it does require the yubikey to be inserted every time you want to save a change to the database.

            Look under Settings -> Security -> Convenience -> Enable database quick unlock (Touch ID/Windows Hello)

            Using that I can quick-unlock my database using my laptop’s fingerprint scanner, just like how KeepPassDX works on Android.

            • chockblock@lemmy.world
              link
              fedilink
              arrow-up
              3
              ·
              1 year ago

              its not a huge issue on KeePassXC because I keep a yubikey nano plugged into my laptop, but for my phone, I haven’t been able to make this work reliably with KeePassDX. I’ll have to give it another go.

              • Rootiest@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Ah yeah you are right, it makes me tap my key every time I open the app.

                The biometrics seem to only replace the master password.

                I do wish it worked more like KeePassXC where the key is only needed to save the database after unlocking and confirming with fingerprint

      • chockblock@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It does require some configuration within yubikey manager. I did not find it straightforward but once set up its really reliable.

    • FlumPHP@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I’m curious about using the same store for passwords and TOTP. Technically if someone gets screwed to your database, they have both your factors, yes? But I guess it does thwart someone trying to brute force your password.

      • thisisawayoflife@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Adding a hardware key, like Nitrokey, would be an additional level of safety there. I would not use the database without some kind of additional key (something you know and something you physically have).

        If there’s something nefarious that has user access, you’ve already lost in that regard.

          • rinze@infosec.pub
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            This is what I do: I have 3 KeepassXC databases (regular passwords, “security” questions, TOTP tokens) each with a different password.

      • Amju Wolf@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Technically you do lose the second factor, but nowadays 2FA is often mandatory or they force some crap like SMS/email verification onto you. If you are aware of the risk then it isn’t a huge deal.

        Though you might want to consider not using it at least for the most important stuff like banking (here you don’t even have an option; banks have their own 2FA apps that you have to use) and primary/recovery email.

  • downpunxx@kbin.social
    link
    fedilink
    arrow-up
    51
    ·
    1 year ago

    when lastpass screwed around with it’s free tier offering, i switched to bitwarden and haven’t felt any reason to use or even try anything else, it’s rock solid

  • mub@lemmy.ml
    link
    fedilink
    arrow-up
    36
    arrow-down
    1
    ·
    1 year ago

    Bitwarden - does everything, and is free. You can even setup a shared vault so 2 people can have access to shared stuff like online shopping and streaming sites. Takes a bit of admin work but it is not hard.

    • Resolved3874@lemdro.id
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Sadly that second but requires the other person to care enough to make an account and not just text you when they need the password 😂

      • Rev3rze@lemdit.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Just send a photograph of your screen showing the requested password of 25 random characters so they have to type it out. Guaranteed their next question will be where they sign up for an account.

        • Resolved3874@lemdro.id
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          lol that’s generally what I do. Sometimes I’m nice enough to copy and paste. We don’t share a lot of accounts so it’s not a huge issue.

    • 80386SX@lemmy.ml
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      I too like to keep my pet Donkey to myself. I love it. 🙂

      Also KeePassXC – KeePassDX + Nextcloud + (encrypted container dropbox backup)

      • Kwa@derpzilla.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Why the need to encrypt on Dropbox? Shouldn’t KeePass be secured enough by itself?

    • glacier@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      1 year ago

      Possibly because it is not open source and doesn’t have anything to offer that the other recommendations do not.

      • Sigma_@lemmy.world
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        Ya I think so. These are always tech articles and Foss software is always a big feature.

        But 1password has on going audits and a sane ui and mobile apps that pass the boomer-parent test. Canadian company too which is nice given the US centric tech world.

        • Fritzer09@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I use it because I share an account with my parents, so I can manage their stuff. My fathers old local Pw-Manager was a mess.

      • Klystron@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Fastmail integration for masked emails! If you already have an email provider you like then yeah not much to offer. But if you’re like me a few years ago and was looking to get off of chromes password manager and gmail, then 1password and fastmail is a nice combo.

        • timespace@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          Bitwarden has integration with Fastmail, as well as for many other alias services (anon addy, SimpleLogin, etc). They also just added support for selfhosted anon addy, and are working on adding support for self hosted SimpleLogin.

    • navi
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      It’s in their honorable mentions.

      Have no source available clients is the author’s main nit pick.

    • timespace@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Former 1password user, current Bitwarden user. Jumped ship when 1password dicked local vaults. Never been happier.

      And it’s a FUCKLOAD cheaper. 1password is very overpriced.

      • jackoid@lemm.ee
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        Bitwarden is practically free. You can pay for some extra features but all the core features and unlimited passwords storage works. Nobody should pay for a password manager.

    • haulyard@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Same. We’ve been using it for about a decade I think. One vault for my wife and I to share. Hosted on their end in case all our self hosted stuff takes a crap our passwords are still available. Been considering looking at bitwarden but haven’t had the time.

    • jetsetdorito@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I’ve been thinking about trying it… I like Windows Hello integration which seems to easily break in Bitwarden

  • Omega_Jimes@lemmy.ca
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    1 year ago

    I use KeePass and keep it synced with self hosting Nextcloud. I get the appeal of bitwarden, but I’m really trying to get off other people’s computers.

  • Landor Dragen@lemmy.ml
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    Bitwarden. Tried Proton Pass but ultimately stuck with Bitwarden.

    It has been my password manager of choice for quite some time and I didn’t see any reason to change.

  • Polar@lemmy.ca
    link
    fedilink
    arrow-up
    24
    arrow-down
    3
    ·
    edit-2
    1 year ago

    Proton Pass pisses me off. Proton is such a money grubbing company that takes FOREVER to release stuff.

    I pay $120 per year for ProtonMail, and they want me to pay $180 to unlock the full Proton Pass. $60 per year, for something that BitWarden does for only $12 per year.

    Not to mention you’ll be waiting years for apps to come out. They’re such a fragmented company. The Android remake is already so far past the estimated release date it’s sad. Proton Drive Windows app finally came out, but fuck Mac and Linux users, I guess.

    BitWarden is available for Windows, Linux, Mac, 9 browsers, iOS, Android, and CLI. - Premium is $1/month.

    ProtonPass is available for iOS, Android, and 4 browsers. - Premium is $5/month.

    Can’t wait for Proton to release a few more half baked services with outdated apps and a promise to update them in a year, but then 3 years later there’s still radio silence. Perhaps use your paid services money for developing in a timely manner? Holy shit.

      • lckdscl [they/them]@whiskers.bim.boats
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        Also why would someone who want enhanced privacy put all their eggs in the basket by trapping themself in Proton’s ecosystem. Compartmentalize is important, and it ends up being cheaper too. Proton’s pricing is cutthroat.

    • evilviper@beehaw.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Can’t say I share your sentiment. I’ve been quite happy with their rate of progress over the years and the applications they offer. I’ve been using them since they only offered mail and haven’t ever had any issues. I’d rather them take their time to do things right then try to release new things at a frantic pass. While they might not have all the bells and whistles, for the average user I think they provide more than enough value.

      Also, your pricing is just completely wrong and off base. Pass by itself is $5/month ONLY if you pay per month. If you pay for 1 year worth it’s $4 a month and $3 month if you pay for 2 years. And that’s only if you for some reason only want to pay for proton pass.

      Likewise, if you’re paying $120 year for protonmail then you’re most likely on the proton unlimited bundle for $10 per month paying for 1 years worth at a time. In that case you already have access to proton pass (and in fact all of their proton apps and premium features), so I’m not sure why you think you need to pay again for proton pass.

      While I agree the proton pass pricing (even at 2 years) is high compared to similar companies, getting the proton unlimited subscription OTOH is (IMO) great value for money: the mail, password, & vpn are all great. The drive seems pretty good and useful but isn’t something I normally use anyways, and the calendar is the weakest of their offerings (and also something I normally don’t use anyways).

      edit: I should also note, you don’t have to pay for any of their services. You could get by just using the free versions of everything if you didn’t need the extra bells and whistles offered for paying customers.

      • Polar@lemmy.ca
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Can’t say I share your sentiment. I’ve been quite happy with their rate of progress over the years and the applications they offer. I’ve been using them since they only offered mail and haven’t ever had any issues. I’d rather them take their time to do things right then try to release new things at a frantic pass. While they might not have all the bells and whistles, for the average user I think they provide more than enough value.

        They redesigned their Android app and missed the promised deadline TWICE and took 2 YEARS to release it. Now they’re working on the Android remake, to add threaded view, to finally catch up to year 2023. Already missed the deadline once.

        Also, your pricing is just completely wrong and off base. Pass by itself is $5/month ONLY if you pay per month. If you pay for 1 year worth it’s $4 a month and $3 month if you pay for 2 years. And that’s only if you for some reason only want to pay for proton pass.

        It’s $5 when I add it onto my Mail Plus for 12 months. Not sure what country you’re from, but it’s $5 in my country.

        Likewise, if you’re paying $120 year for protonmail then you’re most likely on the proton unlimited bundle for $10 per month paying for 1 years worth at a time. In that case you already have access to proton pass (and in fact all of their proton apps and premium features), so I’m not sure why you think you need to pay again for proton pass.

        Again, I am on Proton Plus. The second highest tier. The next tier is Proton Business, and it doesn’t go higher than that. I need more than 3 measely custom domains, so instead of ProtonMail offering the ability to pay for just more custom domains, they nickel and dime you and force you to pay for the business account. Like I said in my initial comment, they are money grubbing.

        edit: I should also note, you don’t have to pay for any of their services. You could get by just using the free versions of everything if you didn’t need the extra bells and whistles offered for paying customers.

        Except the features BitWarden hides behind a $1/month subscription, Proton locks behind a $5/month subscription. So unless I want to switch from BitWarden to ProtonPass and LOSE features, then yes, I do.

        • evilviper@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Looking at their website I still can’t figure out what plan you are on while still needing to pay for proton pass. The only plan I see that matches your $120/year (USD, I’m from the US) comment and matches your “more than 3 custom email domains” is the proton business tier which is $13-10/month depending on the number of months you purchase in advance. And in all cases you once again get access to all other proton apps and their premium services for free. Sounds like maybe you’re on some legacy plan and would benefit (probably save money?) by going onto one of their new pricing structures? Not sure because I got upgraded to an unlimited plan for free back in the day (since i started when they only offered email) and so I’m still grandfathered in to a better price than is currently possible that includes everything.

          It’s unfortunate their android app seems to be 2nd class to their iOS offerings; sadly that’s fairly commonplace, especially with small teams on tight budgets. I imagine that’s also why their proton pass pricing is so expensive.

          But once again, I don’t see a need to slander and lie about a company that by all accounts is trying to actually do something about the privacy nightmare that the internet has become.

          • Polar@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            I thought I made it clear? I was on the Proton Mail Essentials ($9.55) and was required to go to Proton Business ($15) to unlock Proton Pass Plus.

            An over $5 increase.

            But once again, I don’t see a need to slander and lie about a company that by all accounts is trying to actually do something about the privacy nightmare that the internet has become.

            Please tell me where I lied? Thanks.

            • evilviper@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              As far as I can tell there is no mail essentials plan that costs $9.55 (talking USD/EUR/CHF which is all I can see). The absolute worst case scenario is $7.99/month per month (Business being $12.99). Furthermore, considering you are on the essentials plan it would seem like you’d save way more money using the individual plan (or family plan unless you have a large number of employees/users?). I suppose it’s possible you are on some grandfathered plan that is more expensive because you have more custom domains (I seem to maybe remember that being possible back in the day?). But then I think that also would have applied to the individual plan, so again I’m not quite sure why you are on a business plan when all of your comments seem to imply you’re an individual?

              And honestly the crux of the issue is you made poor-faith arguments from the very start. You called them a money grubbing company and tried to pass yourself off as a regular user who’s paying all this money and then having to get charged more. When in fact, for 99% of users your situation isn’t applicable at all; and in fact you are on a weird, old, business plan (to which you’d probably save money switching to a new business regular plan [for $12.99 - $9.99] which supports up to 10 custom email domains + all premium proton services).

              And looking into proton pass, it seems like the majority of the cost is because of the email alias service that comes with it. Bitwarden doesn’t in fact provide that (though they do support integration of it) and a quick look at other providers that only provide custom emails it shows similar monthly fees (still less than proton pass to be fair).

              So to me, it seems like a bit of unwarranted slander and lies (though I suppose, again, you could be on an old grandfathered plan; but it still doesn’t explain how the “next step up” is $15) because of some beef you have against them.

              • Polar@lemmy.ca
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                As far as I can tell there is no mail essentials plan that costs $9.55 (talking USD/EUR/CHF which is all I can see).

                Here’s when you learn other countries exist. I am Canadian. I don’t talk in USD, EUR, or CHF. I talk in CAD. My payment provider doesn’t tell me I paid “X USD”, it tells me I paid “X CAD”.

                I suppose it’s possible you are on some grandfathered plan that is more expensive because you have more custom domains (I seem to maybe remember that being possible back in the day?).

                I am not, but you’re correct about Proton offering to add more custom domains without having to change to a whole new tier. Another perfect example of how they nickel and dime. They realized they could squeeze more money by forcing people who need more than 3 custom domains to upgrade to a higher tier, than just to pay for the few extra domains.

                You called them a money grubbing company and tried to pass yourself off as a regular user who’s paying all this money and then having to get charged more.

                Again, they are money grubbing, because they removed the ability to customize your plan, and force tier changes.

                When in fact, for 99% of users your situation isn’t applicable at all; and in fact you are on a weird, old, business plan (to which you’d probably save money switching to a new business regular plan [for $12.99 - $9.99] which supports up to 10 custom email domains + all premium proton services).

                I am NOT on an old business plan. I am on THE business plan for $15. Again, not everyone uses USD, EUR, or CHF.

                $12.99 USD = $17.65 CAD.

                And looking into proton pass, it seems like the majority of the cost is because of the email alias service that comes with it. Bitwarden doesn’t in fact provide that (though they do support integration of it) and a quick look at other providers that only provide custom emails it shows similar monthly fees (still less than proton pass to be fair).

                Since Proton loves tiers, offer a more expensive tier for the email alias. They should offer a tier similar to BitWarden with similar pricing, and then offer a higher tier for the email alias, something most people don’t care about.

                So to me, it seems like a bit of unwarranted slander and lies (though I suppose, again, you could be on an old grandfathered plan; but it still doesn’t explain how the “next step up” is $15) because of some beef you have against them.

                For the third time. Other countries exist. I know it’s a crazy concept, but it’s true. I didn’t slander anyone, thanks.

                • lckdscl [they/them]@whiskers.bim.boats
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  edit-2
                  1 year ago

                  Sigh…Seems like every time Proton gets criticized, their fanboys always ensure to let you know that you’re somehow wrong. I don’t know how they managed to get recommended by so many people considering they provide unaffordable services for everyone not on a high income. I would try to migrate if I were you, they’re pumping new features constantly despite their users wanting bugfixes and improvements to existing ones to gain more and more ecosystem users. It’s a dark pattern. Look at Google and Apple.

                  “Oh, what about the free-tier?” It’s a joke having to use their own clients when powerful open-source ones exist. “Oh, but it’s because of the encryption that’s protecting you!” I know how to use PGP, thanks. Plus, it only works if you’re sending to other Proton accounts, and guess what? I don’t even have control over my own key pair! (Edit: and when migrating away, I can’t even bulk export my emails!)

                  Even the comments made by me and Dsklnsadog got vibe-based downvoted because they can’t even bother to come up with a response on why our opinions were wrong. I’m glad I stopped using their services before I sent them any money.

        • Amju Wolf@pawb.social
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Have you considered using just the 3 domains with Proton and hosting the rest yourself? Assuming you have some more important/primary mail domains than others.

          • Polar@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I was already hosting them, but it’s not worth it. I’ve been looking into switching to one of the other privacy focused alternatives that provide the ability to pay per domain, so you can add more without having to jump up tiers and pay for crap you don’t want.

    • jaegernut@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I agree with the fragmented part. Even their apps have different unlock interfaces, like they’re each made by a different company

    • no surprises@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Proton is such a money grubbing company

      Well, you can get all that for free from Google.

      • Polar@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Not the point.

        Paying for something is great. Not allowing paying customers to add a simple service without having to upgrade to the next tier, forcing them to buy shit they don’t want, is scummy.

    • Motzart@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      OK, I understand some of those words. I have a nas and I want to self host with docker. I have read a little but its confusing. Do you have any links that explain the whole process? Especially the reverse proxy and making your containers available outside your lan? Thanks