I’ve always hated the idea of using a subscription/cloud hosting for password management. I feel like I should have a LOT more control over that stuff and I don’t really want to hand all my keys over to a company.
All my secrets have been going in a highly encrypted archive with a long passphrase, but obviously that isn’t convenient on all devices. It’s been fine, I can open it on any computer but it’s not super quick. It does have the advantage of being able to put in multiple files, notes, private keys but it’s not ideal.
Anyway, finally found something that isn’t subscription, and has a similar philosophy - a highly encrypted archive file, and it’s open source and has heaps of clients including web browser plugins so it’s usable anywhere, and you can sync the vault with any file sync you like.
Thought you guys might appreciate the find, password managers have always been a bit of a catch 22 for me.
Note for android i found keepassxc the best app, and i’m using KeePassHelper browser plugin, and the KeePassXc desktop app as well as the free official one. Apps all seem to be cross platform.
Been a Keepass user for years and years. Absolutely top notch. There are plugins that can auto fill websites, that can open putty ssh sessions, basically everything you can imagine (or build).
Love KeePass. When LastPass enshittened, I went looking for something immune to enshittification. Best money I never spent
They didn’t use strong encryption by default, Something about not enough iterations of whatever algorithm they use.
They also got hacked (more than once) , which is roughly when they announced the encryption issue.
I feel like they got bought by a shitty company too, but that’s beyond me.
There have been reports that some of these vaults that were stolen have already been compromised, though not sure if there is any proof.
OK, it’s just not what enshitification means. I don’t like the term but if you’re using it wrong it’s just confusing.
Are there advantages to this over self hosting Vaultwarden?
I used to be a KeePass user, but moved away because I was ultimately syncing the database using OneDrive, which I felt at that point it was a cloud password manager, which I didn’t like for being open to the internet and entrusting the security of the company hosting it.
And yes, I moved to self hosted Vaultwarden with Tailscale and haven’t looked back.
For decent privacy oriented tool recommendations, here’s a list.
https://www.privacyguides.org/en/tools/
There was some drama about the webpages so I’ll link both to avoid angry users. Anyway, KeePassXC is on there, which it seems like it’s a fork of KeePass, you might want to check it out.
Mine is a 3-lines-script that gpg-decrypts to runtime-dir, opens editor, encrypts back, deletes in runtime-dir. Password done via zenity/yad.
