Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I'm done dealing with passwords.
What password manager do you recommend?
Features I’m looking for
-Open Source
-Can be synced to cloud (I don’t want self host)
-Can be accessed via a browser
-Cross platform, the more platforms, the better
-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics
-Autofill for browser and apps
-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)
-Can export the passwords to a file
I never used a password manager before so sorry if I seem like a noob.
I know I could google it, but I want the lastest info, not some outdated reddit post.
Edit: Woah, those replies are fast. I think I'll use Bitwarden. Thanks for recommendations! Now I don't need to worry about forgetting passwords anymore. 😄
Edit 2: It seems I've forgotten my email password as well as a few other accounts I haven't logged into for a while. Damn, should've used a password manager earlier.
Bitwarden checks all the boxes. I've had great experience with it. https://bitwarden.com/
I will say, auto-fill on load is a bad idea. On desktop I keep my auto-fill bound to a key so it doesn't actually end up in fields it shouldn't be.
2FA is locked behind the $10/year premium if that's something you wanted, but beyond that the free plan has everything 99% of people will use. They do third party security audits, have public white papers, and is completely open source.
Yet another vote for Bitwarden.
I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.
Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven't paid a single penny to them. Autofill is possible, on both android and web browser, although you'll have to set it up through an extension.
Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.
One more point on Bitwarden - when the top password managers were being hacked/exploited, Bitwarden was keen to fix what appeared to be vulnerabilities in an extremely timely manner. I don't remember where I read the article but it still fared best out of all the other managers out there.
Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that's not a problem for you then it's a great choice.
I've been using KeePass since the dawn of time. There are now other good options too, but I haven't seen any compelling reason to switch. It does everything I need both securely and well.
Last year I tried (and paid) 1Password.
For the past 6 months I'm using Bitwarden and it's really good. I find 1Password's UI better but if we consider the cost it's better to stay with Bitwarden.
After 2 years of ignoring the fact that I use a duplicate password in over 100 places, and that password has officially been in breaches, I finally came to terms with the fact that it was time to find a password manager and generate unique passwords. I didn't do a ton of research and ended up with bitwarden. If I opened this thread to see a bunch of people ragging on bitwarden I was prepared to be VERY upset.
It’s been a long time since I switched to 1Password, but I used to use keepass. I’m not sure whether keepass has a browser extension, but otherwise (if I recall) it checks your other boxes.
1Password is great, even though it’s not open source, and you get to a spot in life where $3/mo is feasible.
Definitely Bitwarden, but there‘s also a new product from Proton called Proton Pass. It works similarly to Bitwarden, but a few features are still missing.
Keepass all the way. Checks all the boxes. Access via browser: If you have a Nextcloud instance, theres a NC-Addon to open kdbx files in the browser.
re: Bitwarden
I tried it and it wasn't sufficient for me. Is it now possible to also store and generate TOTPs? Can you store SSH keys and retrieve them directly from the password storage?
Bitwarden would be a good fit for what you are looking for, especially the cross-platform aspect. Keepass-derived solutions typically require trusting multiple developers, whereas Bitwarden is developed and maintained by a single team.
I've been using Google's password manager mainly for convenience but had been looking to switch for a while, this thread made up my mind to switch to Bitwarden!
Thanks for this! I have been using iCloud Keychain for a while and was generally satisfied. However, it wasn’t until I recently switched from desktop Safari to Arc that I considered a third party password manager, but was stuck in decision paralysis.
Given the overwhelming responses in this post, BitWarden it is!
I like the Password for Nextcloud app. I self-host mine, but I think there might be Nextcloud instances that you can access. It is encrypted, and has an app for smartphones.
For important things Keepass (which I sync in Onedrive).
For casual things whatever the browser offers... or some random long password and password reset ._.
Been using 1Password since 2010. I tried Bitwarden a few years ago just because of the price. In theory it ticks all boxes but it was a pain to use. I does not flow like 1P, some things did not work the way I expected and it looks like shit. Don't ask for details because I forgot. So I switched back. The new design of 1Password made it a little worse but it's still great and the integration into iOS and macOS is amazing.
As others say, Bitwarden checks all of those boxes, and KeepassXC technically doesn't fit the "not self hosted" requirement, but you can store your database file in any cloud storage you want.
If you're going through all your site's changing passwords maybe take a look at http://simplelogin.io to also hide your email address. Some sites block you, which is ridiculous, but for the majority of sites it's a good idea.
I self host bitwarden currently, but have been playing with the idea of using Vaultwarden instead, just haven’t gotten around to uprooting my working system.
pass would meet your requirements. It is a super simple implementation of a password manager levying PGP for encryption and git for syncing. You can therefore use any git server for syncing. There are browser extensions for autofill etc and scripts to import/export passwords etc.
My brain.
Comes up with the whackiest excuses for why this-and-that password would be a great choice and how easy it would be to remember, only to later explain to me rationally why it was the wrong choice and how I should've known I'd forget it.
Then again, that's just extra security. If it's only stored in my internal memory and even I can't remember it, no one else is getting in for sure.
Selfhosted or not, you can also make keepassxc portable with a usb drive.
Here is a old thread from redit explaining how to do it:
Dude.... KeepassXC has portables for linux, there is no need to mess with wine or mono. As long as you have both portable versions of KeepassXC, you will not have a problem. You can totally have your database sync between OSs.
For Linux, just get the AppImage for the portable.
For Windows, get the Portable ZIP archive.
Shove them both into a USB, you have KeepassXC portable for both OSs on a stick.
I use LastPass because my company pays for it, I also export to all of my browsers because LastPass doesn't fill or save passwords right on some sites and the browser auto fill works better. Sometimes that means I have to search a bit for the right password for an account, but the system works and I haven't had a compromised password that was my fault in a long time since I use autogenerated passwords. As always 2FA the important accounts.