Passwords in a notebook are arguably the most secure option. The notebook exists in exactly one place, behind locked doors, and cannot be leaked or hacked externally.
replyNotionally a password manager is more secure, but is there anything stopping Bitwarden from updating the app to silently send your master password up to the mothership and selling your unencrypted vault? Even supposing they stay open source and get caught, they will still have thousands of user's data ready to sell before the rug is pulled and the game collapses.
(And besides, where do you keep your recovery codes? If some cabinet or drawer in your house is safe enough for that, it's safe enough for your book of passwords.)
How did we as an industry go from "Passwords in notebooks are insecure, use a password manager" full circle back to "Password managers are insecure, write your passwords in notebooks"?
replyThere has always been more nuance. The notebook is basically air gapped, but since using it is painful, most will rely on shorter, simpler, passwords and reuse them. That practice is highly insecure and was even more problematic in the days before widespread 2FA on the more crucial online services. As a teen I could have had for instance blizzard get breached and collaterally lose all of my csgo skins.
replyKeepassXC is much better than older keepass clients. Syncthing runs quietly in the background. It's really not much harder to use that other password managers once you set it up
replyEhh.. much as I love syncthing, I wouldn't recommend it to nontechnical people. I mean, here the dad has android the mom iphone amd they want to sync a keepass file? Maybe with a browser addon on a desktop as well? And the most popular third party android app is discontinued (I use the nerdily named syncthing-fork) and the ios apps i never managed to get to work for my family (maybe sushitrain works now?). But if you live close to parents I guess it can work. This kind of software can be good for social cohesion and less isolation =P
replyI use keepass and have for years and I wanted to switch from using google drive to something more self hosted so I tried sync-thing. I have been a C and C++ developer for over 40 years and I found it one of the most obtuse things I have ever tried. I'll have to get back to it. :) It's still running but somehow never syncs a single file between the desktop and the linux server. I don't think the android client can run on a modern pixel phone anyway anymore due to security constraints.
replySyncthing-fork is running perfectly fine on my Pixel 9. The web interface is definitely better than the default app interface, it's a shame they even bothered with that app interface.
replyAll you have to do is exchange "keys" with the two machines you want to sync and then it's mostly set and forget
I switched from KeepassXC and KeepassDX to Vaultwarden, primarily to make it easier to get family members to transition to using password managers.
reply