Objective: Secure & private password management, prevent anyone from stealing your passwords.

Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open

Option 2: Use ProtonPass or similar solution like Bitwarden

Option 3: Host a solution like Vaultwarden

Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills

  • BastingChemina@slrpnk.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Bitwarden for me. My password manager is not just for me, it’s also a crucial component of my family life so if something happened to me I want my next of kin to be able to access it

    For that it needs to be an easy to access solution.

    • danieldigital@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Same, I’m all for complicated things that only I know how to use but the keys to the kingdom shouldn’t be one of those when there are laypeople relying on me.

      I still have to figure out how to let those people in when needed, I’m thinking writing the master password and the backup code on a paper that lives in a drawer, maybe in a “break in case of emergency” box, etc.

      Curious what’s the best way to mitigate the wrong person getting that, but I think if you have to worry about someone breaking in your house who is also looking for that info, then you have a different threat profile to consider, and the above calculus doesn’t apply.

      • BastingChemina@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Bitwarden offer the option to set up an emergency contact.

        You choose someone to be an emergency contact, it means that if they want they can request access to view your passwords.

        When they send a request you receive several emails to warn you and after X (you can choose the amount) days if you don’t do anything they get access to your account.

  • 👁️👄👁️@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I used to self host Bitwarden, but didn’t want the hassle of securing it and updating it properly and consistently. So I just pay $10 for bitwarden premium and I get to support the company.

  • Boring@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I use keepassXC and sync across my devices with nextcloud and VPN to my home network with wire guard and this setup has never failed me.

    I’ve toyed around with passbolt, and I really want to try because it just looks cool to me, but I keep having trouble with it playing nice with my reverse proxy.

    My personal preference is hosting it myself on my own server and using a VPN to get to it. It gives me peace of mind because I’m not a big enough target for someone to try that hard to get my passwords and I’m not exposed to bitwarden or dashlane getting breached.

    • Mio@feddit.nu
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Keepassxc + syncthing to phone in read only mode and to other machine. So 3 copies on different machine, while one of them is on me

  • UninvestedCuriosity@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I did option 1 for a number of years but now I’m doing option 3 off a proxmox container and some cloud scripted backup. So far so good.

    We just started doing option 3 at work and just keep it behind the firewall. It is going well so far.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    Git Popular version control system, primarily for code
    IP Internet Protocol
    NAS Network-Attached Storage
    SSH Secure Shell for remote terminal access
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    7 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

    [Thread #173 for this sub, first seen 28th Sep 2023, 18:45] [FAQ] [Full list] [Contact] [Source code]

  • Shayeta@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I’ve used Option 1 with my Nextcloud and it works perfectly. Other options seem more apropriate when you need scale, many user each with their own vault.

  • TechieDamien@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Option 4: levy existing tools such as gpg and git using something like pass. That way, you are keeping things simple but it requires more technical knowledge. Depending on your threat model, you may want to invest in a hardware security key such as a yubikey which works well with both gpg and ssh.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Why use tools not meant for password management, when alternative tools explicitly meant for password management, which have similar levels of security, work just fine?

      You’re essentially saying “instead of driving down the road, I like to ride my bike with rollerblades.”

      • TechieDamien@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It is just how I prefer to do my computing. I tend to live on the command line and pipe programs together to get complex behavior. If you don’t like that, then my approach is not for you and that’s fine. As for your analogy, I see it more as “instead of driving down the road in a car, I like to put my own car together using prefabs”.

  • 0xD@infosec.pub
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    Option 2, because once you start thinking about the ways your stuff could be stolen (“threat modelling”) you’ll see that realistically it’s the easiest option.