What is your favorite password manager and why?

PM would say "Excel sheet protected with password", but I like LastPass

@FahadAlt What about Dashlane?

Lastpass ftw

Any one tried dashlane?

KeePass 2

KeePassXC
- Open source
- Cross platform
- Same DB format as KeePass
- etc.

Passwordstore is also a nice alternative but you do need to like the CLI.

@abdulmoniem Yes, but I wouldn't recommend it. It's a closed source online password manager. i.e. two things that should NEVER be in the same sentence.
If you really want to go for an online one, I would say to give Bitwarden a try. While it's not the most secure solution for obvious reasons, it was adjusted recently and seems okay.
Bonus: You can host your own instance to increase the security.

@Jilano So, since online password managers should use heavy encryption techniques .. I think it should be secure.

And also they provide multi platforms support (Desktop/mobile ..etc.)

I think this is a huge difference here vs the other free/open source projects?

@abdulmoniem "Should" here is the key word in your sentence. If you had to force a safe, would you rather try on the little one with €20 or the big one with €100,000?

It all falls down to what you want to trade between ease of use/better security.

PS: KeePassXC also has a mobile client if that's what you're afraid of.

@Jilano OK if I used KeePassXC .. what about team sharing?

I hereby expend this comment to express my approval and love for KeePassXC on PC(Linux, Mac, and windoze) and keepass2android for mobile.

@bahua Can we share passwords between teams? Can I generate passwords for each website and change them automatically?

@abdulmoniem

What about it? The KeePass databases I've seen in use by teams have always lived in a dedicated git repo. Is that what you mean?

@bahua I mean can I share it with my team .. we are working remotely not in a single place?

@abdulmoniem There is no such thing. It shouldn't be. You coukd always have a separated DB with only certain credentials, but it's a huge security flaw.

Recent laws like GDPR (in the EU of course), strongly suggest the adoption of a different login (to be able to know who "did" what) for anyone that needs to use a certain service, server, etc. While I know that it's a pain to start doing so, that doesn't mean it's not worth the hassle.

Edit: If you're just worried about synchronisation between devices, you can use any solution, from NextCloud to Syncthing, etc.

@abdulmoniem

You can easily set up a git repo for version control and file history of the database, you can just use a public cloud like Google, Dropbox, Asus, or whatever, or you can set up your own cloud with something like owncloud or nextcloud.

@Jilano In businesses it doesn't work like that. You buy an account which has a license and we need as a team to work using the same account. For example, Zoom for meetings. It provides you with only 1 host account on the basic plan. So, if you want to create a meeting without any limits, you will need to use that host account. So, it should be shared. And instead of sharing that on Slack for example, you use a password manager to do it for you in a secure way.

@bahua What is the database?

@abdulmoniem

For KeePass? Just a single file.

@bahua I see. So, it is not a full fledged product like the online one .. but it can be used for simpler scenarios to save a couple of bucks any way. Thanks.

@abdulmoniem

I'm not taking your meaning. It is a release-level product, under active development and far more mindful of security issues than any of the previously mentioned products.

@bahua I mean .. you will not have all the features of an online product like LastPass/DashLane .. etc.

If you compared the features and the security measures you will understand what I mean.

Open source is not always a good thing. I use both worlds as much as it fits my needs.

@abdulmoniem

You seem determined to claim KeePass is somehow inferior to commercial products-- products with a less than sterling commitment to security and privacy, which for me categorically rules them out. Fine for your aunt's iPhone, but not for real business doing real things.

Brain.exe

@bahua Well said.

@abdulmoniem You got enough arguments on the product. You are free to make whatever choice you want with it.

@Jilano Thanks and you clarified your opinion as well which is respected any how.

I hope I can get more answers on other products as well.

Enpass. Because it is cross platform (data saved on your cloud drive). Has a good password generator. Free on PC. 10$ for the Android premium version (Free version limited to 20 accounts.

An encrypted flash drive attached to my keys. Very small attack surface lol.

@CrashOverride Can you share more details on how to make this kind of flash?

@abdulmoniem You can buy them on Amazon. Its an Integral 256 bit AES encrypted flash drive. When you plug it in it appears as an executable CD. It has built in software so it only mounts it as a disk when you enter the password. Leaves no footprint so you can use it on any machine if you need to look up a password.

@CrashOverride Like Yubikey?

@abdulmoniem Difference is it still works like a normal flash drive so you can store whatever you want on it. I have a Yubikey as well. Its just a 2FA device.

Anyone using Bitwarden? I've been using it for two years and I find it great. You can even host it on your own if you like. This year we started using it in our company as well.

My brain cause it can't be hacked

@Mitiko (Not for now), but it can easily get damaged/corrupted *shrugs*

I use pass. It stores passwords in individual files encrypted with your GPG key. Naming schemes are left to the user but I use filenames as usernames and directories as service names.

It works for me because I can store those files in gitolite on a pi, and then I can clone the repo on Linux, or on Android using the awesome git-enabled client app Password Store.

Because the passwords are just files, I can handle them in shell scripts and the like. Very cool.

And it's free software!

@rhodium Have you tried the Android client? (https://github.com/zeapo/...) If so, I would like to hear your feedback on it.

Considering today's life, I find it important to have my passwords with me, even when not at home.

@Jilano Hey, curious to know what were the issues with bitwarden ?

@creadom Personally, it's the "cloud" part that prevents me from using it, but it is a good alternative otherwise! An other thing that some peopel were worried about before (I don't know if it has changed since), was the fact that it was a "one developer" project. No matter how good one might be, you can't do everything at the same time.

Anyway, you can find the full audit report here if you're interested: https://blog.bitwarden.com/bitwarde...

@Jilano Yes, and I love it. As you say, it's really important these days to have access to these passwords on the go, and the Password Store app delivers that. I have it bound to a hardware button on my phone because I need regular access to it.

I have a couple of tiny usability niggles but overall it's been a dream experience.

@rhodium That much? Well, I'm glad to hear that, thank you!

I'll try to find some time to give it a go.

Notepad.

Everything else is for Noobs.

KeePassXC on desktop and KeePassDroid for smartphone(I don't mind the old looking UI, the notification username and password is a godsent), keeping them in sync through SyncThing. Needless to say I do no longer bother creating passwords on my own nor keep them in mind ... Except the master password for the keepass file

Qtpass
It's gpg secured, every pass is a file, which alliws distribution of single keys, which is jandy for shared credentials...
And it supports git

pen and paper

⚠️

I'm a 1Password man for sure

@HobbieJ I have seen articles about 1Password as well.

Have you tries LastPass or Dashlane?

Bitwarden. It's a good choice

@h4xx3r I use similar to yours except one more security layer, i.e. keyfile, in addition to password. Keyfile I manually maintain separately, not cloud synced.

@ajit555 I thought about it too, but that's an extra step that goes into bothersome. I like the simplicity and comfort u.u

@h4xx3r I keep all my passwords including banking n credit cards at one place, so worth extra efforts. I change the master keyfile every six month and password every month.

@abdulmoniem Yup! I used LastPass for two years, and 1Password was a breath of fresh air from a UI standpoint. Better fill in, less janky software, etc. As for Dashlane, I used it once, but I still prefer the overall form feel of 1Password. It's beautiful, yet functional.

@Jilano Alright thanks for that. I already read that report. I'm personally using it in a self-hosted manner, which is what drew me to Bitwarden in the first place.

I don't use any because of overhead.. I tried a few (dashlane, LastPass, ...) But none of them work really fine on all platforms I use. It's faster for me to mentally generate good but safe passwords that I can remember and type by myself and not by a third party tool relying on databases

passwords.txt

1Password. Their security policy is insane. Replaced Google Authenticator with 1Password's 2FA. I've tried LastPass and some other relatively new password manager (cannot remember the name), but 1Password just feels superior.

@abdulmoniem The thing is that with a closed source one, you can never be sure that the service/application does what it says it does.

In the context of a text editor or calculator, that might not be that big of an issue (for me it would be but for 'general people' it wouldn't, but when youre talking about extremely sensitive data, I'd call that a huge security risk which can easily be mitigated.

Take a look at BitWarden, fully open source and its an actively maintained (free + paid plans including the option of running your own instance) with excellent support for all platforms.

And @Jilano is right, yes.

@linuxxx I will take a look at it. Thanks.

@linuxxx https://bitwarden.com//...

@abdulmoniem Yes, what do you mean exactly? 😅

@linuxxx I mean if I used the hosted version of this software .. you think it will be secure?

@abdulmoniem Everything is always as secure as your weakest link.

By the way, the Bitwarden application uses Chromium and the server part requires Microsoft SQL. While it might not matter depending on your affinity to those technologies, it's still worth mentioning.

Notepad, its fast and convenient