11

What's a good password manager for Linux?

A few (optional) conditions (in order of preference):
1. It's free
2. It supports ssh, gpg, etc.
3. It has a GUI (a nice one with gtk/qt support)
4. It's (properly) secure
5. It has FIDO U2FA support (i.e. supports physical security keys like Yubikey or Solo)
6. It has a browser extension
7. It's compatible/non-conflicting with gnome-keyring

Comments
  • 11
    Keepassxc: all except gpg
  • 0
    @stop ...

    That's definitely an important on tho, but I'll definitely have a look.
  • 1
    @chabad360 for gpg i use kleopatra and the shell
  • 1
    tag me once you settle on bitwarden
  • 0
    @JoshBent what can't it do? (From my list)
  • 3
    No GUI but pass is awesome
  • 0
    @taigrr I've heard about it, but a there's a reason why having a GUI is close the the top... But I can probably live without it...
  • 1
    @chabad360 all your passwords are stored in a directory structure. One file per password. You can probably use your file explorer as the GUI.
  • 0
    @taigrr good point.
  • 0
    I personally use a combination of keepass and pass. I need the android support of keepass, and the ability to use pass inside a shell script is super awesome.
  • 0
    @chabad360
    doesn't have 2, that's it. (though there's secure notes you can use for that)
  • 2
    I've been using keepass for longer than you fucks have been alive. I cannot live without it.
  • 0
    @taigrr Turns out there is a pass frontend for android, just make a private git repo (yes its free on Github now, or use Gitlab) and boom!
  • 1
    @taigrr There are GUI for pass: https://www.passwordstore.org/
    Check the list of compatible clients.

    Otherwise, I would also recommend KeePassXC if you have to use it a lot on different OSes.

    @JoshBent Are you hosting your own instance of Bitwarden?
  • 1
    In terms of making Stallman happy:

    Pass > Keepass > Lastpass/1Pass/Dashlane/etc

    In terms of comfort, you do the same you always do for open source and security -- You reverse the above list. You trade openness and/or security for comfort.

    Of course there's all kinds of browser integrations and scripts for pass/keepass to make it more comfortable, but you largely have to tie it together yourself and even then it's a bit more effort to use than Lastpass.

    I personally use both Pass & Lastpass.

    I also use Keybase quite a lot, for encrypted git/kbfs & managing pass across multiple devices. This helps:

    http://blog.alltherunning.com/2018/...

    But even then, I've found that installing the Lastpass app is simpler on Android than getting a terminal + pass + kbfs to work... I'm kind of hoping for this to become an official thing:

    https://github.com/keybase/client/...

    Until then, sorry Stallman, for making you cry.
  • 1
    @Jilano yes, with the most paranoid setup I could have, with hard updates nearly daily, I encrypt the dB myself too for backups, have failover etc.
  • 0
    @bittersweet don't use last pass, out of the ones you've called for only 1pass would be considerable because of their amazing security model, but otherwise bitwarden, because it's less ass designed, allows up to 128 chars password, not like 1pass with just 72 or so, has ugly border radius everywhere mixed with weird default rendered elements, their UX for password generating is also awkward compared to bitwarden.

    The difference security wise is that 1pass uses a local generated secret key that never gets communicated back ever, so if you lose that, you lose access to all encrypted elements too, that's why they tell you to print it out.

    Bitwarden on the other hand does not use RSA keypairs with secret key XORd master password with PBKDF2 like 1pass, but it is secure enough by using master password, salt/pepper, PBKDF2 and AES.
Add Comment