Objective: Secure & private password management, prevent anyone from stealing your passwords.
Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open
Option 2: Use ProtonPass or similar solution like Bitwarden
Option 3: Host a solution like Vaultwarden
Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills
Keepass on phone, desktop and tablet. Sync serverless via Syncthing.
- completely private
- always available when needed
- no dependency on services which may go away
- all open source software
- maximum security
Check out tailscale (or headscale)
It lets you connect those devices without necessarily sending all data through your home network when you are remote. (Though that is an option along with many other great features like ssh authentication)
It also uses WireGuard for the backend which is more secure and efficient than openvpn.
Keepass + syncthing.
Don’t let your vault go unencrypted through the cloud.
Your vault is always encrypted very securly except when in RAM. There is no security concern with uploading it directly to the cloud.
It’s encrypted at rest with a passphrase. Syncthing encrypts it at transit with a random key.
There is a huge difference on the security of those.
Keepass allows you to use a passphrase in combination with a randomly generated keyfile. You only need to copy the keyfiles to your devices once (not via cloud services, obviously). Your actual database can then be synchronized via any cloud provider of your choice (hell, you could even upload it publicly for everyone to see) and it would still be secure.
I use option 1 with Syncthing for a distributed cloud solution
I’m very happy with self-hosted Vaultwarden.
Keepass fIle in my own nextcloud instances, synced to my phone so I can also use keepass2android. This way if something happens I at least have another copy of it, beyond my backup system.
