• glans [it/its]@hexbear.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    13 hours ago

    It depends who you are. A fuller question would probably yield a more relevant answer. The 2 contenders from the comments are Bitwarden and Keepass*.

    Summary: Most people should start with hosted bitwarden. Use that to import your old passwords from any browser or ad hoc storage method, and get into the habit of using the password manager. As you get comfortable, you will have a better context from which to understand any unmet needs. If you want to try to keepass* on top, it’s not too hard.

    Telling someone new to password managers to go straight to Keepass* is like telling someone who interested in getting a bike that they have to build their own fixed gear and immediately launching into a speech about how the dish of the wheel will be while truing it.

    Both

    • FLOSS
    • You can more or less move between them. they don’t work exactly the same so could be some complexities.
    • pretty decent security overall as long as you use them properly

    Bitwarden

    • remotely hostd or you can you can run it yourself if you are that kind of nerd
    • hosted is free or very low cost
    • you are mostly limited to their suite of tools such as apps, browser extensions etc; not a lot of 3rd party stuff going on
    • has sync via app/extensions without having to download and unlock your entire database on every device-- for example a work/public computer.
    • has some organizational features like being able to share credentials with other people; handy if a family/work situation
    • You will be able to use your own experience to show people around you they can use a password manager
    • There is a business in charge of this project, which is good because it gets regular attention including security audits, but bad because the needs of business customers often et priority
    • I believe there is/was some issues with components/upstream code being non-libre

    KeePass*

    • No hosting, no sync included
    • It is a file you must keep track of. If you want to share your credential database on your phone and your computer, you need to figure out how to do that.
    • Options: Syncthing, webdav (eg nextcloud), ?dropbox, ?google drive — whatever you choose it must be reliable and available 100% of the time on every device you might need your passwords on. And not just a web interface. You will need a live synced file on every device on which you might need to make changes. And you must install or have a portable application that can decrypt and make use of the file on each device. You must have the ability to manage your chosen syncing across platforms and environments. Including any and all problems that could arise.
    • It is a much larger ecosystem of tools so more options to find something you like to use.
    • I don’t think there are any/many businesses involved and the development is more community-oriented
    • Whatever you get working is unlikely to be suitable for anyone else you know who isn’t already a giant nerd

    Bitwarden.