upvote

points

by kjuulh9 hours ago |
comments
upvoteby thewebguyd9 hours ago|
next
[-]
Keepass has been my go to since forever, highly recommend. I never jumped on the SaaS password manager train when they started coming out, always just kept it local. There were times I thought I was missing out on some convenience but I'm glad I never moved.

Depending on your threat model, you can even just keep the .kdbx in cloud storage somewhere and point your keepass client to that. I'd recommend using a keyfile in addition to your master password though so that if anyone does happen to get a hold of the database they can't just make brute force attempts against it.

reply
upvoteby l727 hours ago|
parent|
next
[-]
I’ve found being able to share passwords with my spouse very valuable which we couldn’t easily do with keepass. Also the syncing strategy on iOS is a disaster and corrupted my wife’s keepass db causing her to lose everything.
reply
upvoteby lanfeust65 hours ago|
parent|
prev|
[-]
Is there reasonably priced cloud storage for this use-case? Their offerings are usually for several gigs of data, a kdbx is minuscule
reply
upvoteby advisedwang9 hours ago|
prev|
next
[-]
keepass files + syncthing works very nicely for me.

For non technical people, I just recommend to use the browser built in password managers. traviso has a good writeup why: https://lock.cmpxchg8b.com/passmgrs.html

reply
upvoteby hannofcart3 hours ago|
parent|
next
[-]
I was doing this too until recently. The problem with this setup is more at Syncthing. More specifically, Syncthing Android app has seen some troubling changes in maintainers. The latest maintainer has a very sparse Github profile and an AI generated avatar, so I noped out of installing it right then.
reply
upvoteby 6 hours ago|
parent|
prev|
[-]
deleted
reply
upvoteby ngruhn3 hours ago|
prev|
next
[-]
Serious questions: what's wrong with just using Firefox built in password manager?
reply
upvoteby radley9 minutes ago|
parent|
next
[-]
If you only need to manage online passwords, only use Firefox, and aren't using an iOS device, then it's probably fine. But most people may also need to use native apps, other browsers, and iOS devices.
reply
upvoteby cryptos10 minutes ago|
parent|
prev|
[-]
It is limited to ... well ... Firefox! Sometimes you need passwords elsewehre. Besides that Firefox (or other browser password managers) doesn't support more advanced use cases like shared vaults.
reply
upvoteby ozten9 hours ago|
prev|
[-]
How were you screwed over by these products?
reply
upvoteby kjuulh9 hours ago|
parent|
[-]
Rug-pulls, security incidents, lost passwords, I also don't know if they've kept my passwords behind when i deleted my accounts. The risk of them having them is too high, so i had to swap all of them.
reply
upvoteby ozten6 hours ago|
parent|
[-]
Interesting! I've been a LastPass and then 1Password user since 2009ish.

I left LastPass because of UX paper-cuts, but I've never lost passwords on either of them.

Honestly, it's something I don't want to think about and just need it to work on mobile and desktop, so the switching friction is very high for me. I'm not going to shop around and try different password managers.

Is "rug pull" a cost thing? I'm generally frugal, but pay for a family plan and don't think twice.

reply