I would personally recommend KeepassXC foe PC and KeepassDX for Android phones, just having your Vault available locally is a lot better than relying on a server that can get a security breach in any moment, not to mention the Keepass’s Vaults are encrypted and no one can access them without the , key or physical key, with KeepassXC and KeepassDX, you only will need ONE password 😁
I get the thought, but your phone can also have a security breach at any moment, ESPECIALLY because normal user error is by far the weakest and most often exploited attack vector.
Bitwarden’s vaults are also encrypted with the option for even stronger argon2id encryption. Bitwarden themselves can’t access them or reset them. It is open source and most importantly, audited. KeypassXC has only had one audit ever. (Though that passed and I would also definitely recommend keypassXC, it is great software security-wise)
The database is stored, encrypted, once on their server and once to each device you sync to, so it is available locally.
Even if they had a security breach, by design the assailant couldn’t access your database any more than they could access your keypass database.
You can also self-host it which would bring it exactly to the level of keypassX variants as far as attack surface.
Not to mention with bitwarden, you will also only need one key. That is the whole point of a password manager.
“It is available locally and a lot better…” is simply untrue. They are both great options. Just whatever works best for the person. Bitwarden has a ton more QoL options and enterprise options, plus separate, shared password databases and such for families and companies. Again, just as secure.
I have a lot of experience with both. As a tech savvy user, I slightly prefer KeePass. Syncing between devices is slightly more painful, but I find it to be more reliable, and it doesn’t have the attack surface that Bitwarden does. (While encrypted, Bitwarden still really wants a web server and a local database connection.)
VaultWarden is probably better for those who can’t be bothered to move a file around and want direct browser integration. With KeePass when you need a password, you’ll make sure the username has focus and then alt+tab to KeePass and hit “autofill”. Some sites won’t take “username{tab}password{enter}” and you’ll have to customize the configuration.
VaultWarden is better at prompting you to add new passwords. I prefer the workflow that’s encouraged by KeePass, where you open the app first and use the app to open the URL. (You can do this in VaultWarden too, but it’s less obvious.)
On my case i use Syncthing-fork to have my database synchronized on my tablet and phone, you’ll be surprised how easy to use is, and doesn’t require a server 😄
While I personally use KeepassXC and Keepass2Android on mobile devices (as with KeepassDX there is no reliable way of syncing the database that I know of) to other less tech-inclined people I’d always recommend Bitwarden as it is much more suitable to most people’s usecases.
I would prefer being able to use KeepassDX on my mobile (I assume you meant that), but I got burnt trying to use that while syncing my database through my Nextcloud. KDX does not check for external changes before overwriting the database, and with background-sync being as unreliable as it is on android, I have lost a few passwords that way without noticing it.
I don’t even have a nextcloud, i just keep my database on a single folder sync across my tablet and phone, if you could set up the nextcloud to sync in rhat same folder you (theorically) would have no problems 🤔
I mean that’s what I had been doing. The issue was just that the background sync of the nextcloud app on android wasn’t reliable enough and KeepassDX had no mechanisms to check for external changes before overwriting
Then i can’t help you, Use whatever works and it’s trustworthy enough for you, just don’t be surprised and come crying if Bitwarden SOMEHOW gets a security breach.
@uzay Try Syncthing. If there is any conflict, syncthing keeps the conflicted file, and then keepass is able to merge them, so in the worst case some of your deleted passwords will come back, but you’ll never lose any.
Yeah, there are ways of fixing it after the fact, but that is too inconvenient and error-prone for me. I prefer if my Keepass app just makes sure my database is up to date before making any changes
What’s not simple about it, as a password manager?
Pop in the name/uri, pop in a username, pop in/generate a password
Bingo bango
Is there a level of complexity I’m missing, or alternatively is there a simpler approach?
Bitwarden an open source, simple password manager it does it’s job very well
I would personally recommend KeepassXC foe PC and KeepassDX for Android phones, just having your Vault available locally is a lot better than relying on a server that can get a security breach in any moment, not to mention the Keepass’s Vaults are encrypted and no one can access them without the , key or physical key, with KeepassXC and KeepassDX, you only will need ONE password 😁
I get the thought, but your phone can also have a security breach at any moment, ESPECIALLY because normal user error is by far the weakest and most often exploited attack vector.
Bitwarden’s vaults are also encrypted with the option for even stronger argon2id encryption. Bitwarden themselves can’t access them or reset them. It is open source and most importantly, audited. KeypassXC has only had one audit ever. (Though that passed and I would also definitely recommend keypassXC, it is great software security-wise)
The database is stored, encrypted, once on their server and once to each device you sync to, so it is available locally.
Even if they had a security breach, by design the assailant couldn’t access your database any more than they could access your keypass database.
You can also self-host it which would bring it exactly to the level of keypassX variants as far as attack surface.
Not to mention with bitwarden, you will also only need one key. That is the whole point of a password manager.
“It is available locally and a lot better…” is simply untrue. They are both great options. Just whatever works best for the person. Bitwarden has a ton more QoL options and enterprise options, plus separate, shared password databases and such for families and companies. Again, just as secure.
I have a lot of experience with both. As a tech savvy user, I slightly prefer KeePass. Syncing between devices is slightly more painful, but I find it to be more reliable, and it doesn’t have the attack surface that Bitwarden does. (While encrypted, Bitwarden still really wants a web server and a local database connection.)
VaultWarden is probably better for those who can’t be bothered to move a file around and want direct browser integration. With KeePass when you need a password, you’ll make sure the username has focus and then alt+tab to KeePass and hit “autofill”. Some sites won’t take “username{tab}password{enter}” and you’ll have to customize the configuration.
VaultWarden is better at prompting you to add new passwords. I prefer the workflow that’s encouraged by KeePass, where you open the app first and use the app to open the URL. (You can do this in VaultWarden too, but it’s less obvious.)
On my case i use Syncthing-fork to have my database synchronized on my tablet and phone, you’ll be surprised how easy to use is, and doesn’t require a server 😄
While I personally use KeepassXC and Keepass2Android on mobile devices (as with KeepassDX there is no reliable way of syncing the database that I know of) to other less tech-inclined people I’d always recommend Bitwarden as it is much more suitable to most people’s usecases.
I sync my database using syncthing, specifically syncthing-fork for android as i don’t currently have a PC 😄
Personally? KeepassXC is more user-friendly, i beleive Keepass2Android is more confusing
I would prefer being able to use KeepassDX on my mobile (I assume you meant that), but I got burnt trying to use that while syncing my database through my Nextcloud. KDX does not check for external changes before overwriting the database, and with background-sync being as unreliable as it is on android, I have lost a few passwords that way without noticing it.
I don’t even have a nextcloud, i just keep my database on a single folder sync across my tablet and phone, if you could set up the nextcloud to sync in rhat same folder you (theorically) would have no problems 🤔
I mean that’s what I had been doing. The issue was just that the background sync of the nextcloud app on android wasn’t reliable enough and KeepassDX had no mechanisms to check for external changes before overwriting
Then i can’t help you, Use whatever works and it’s trustworthy enough for you, just don’t be surprised and come crying if Bitwarden SOMEHOW gets a security breach.
I’m not using Bitwarden though. I have a Vaultwarden instance I was using for a while, but I was talking about KeepassDX vs Keepass2Android.
@uzay Try Syncthing. If there is any conflict, syncthing keeps the conflicted file, and then keepass is able to merge them, so in the worst case some of your deleted passwords will come back, but you’ll never lose any.
Yeah, there are ways of fixing it after the fact, but that is too inconvenient and error-prone for me. I prefer if my Keepass app just makes sure my database is up to date before making any changes
TIL BitWarden is open source.
Indeed, most people I know IRL still use the same passwords for everything.
@shinysquirrel @PumpkinDrama I’ve been using password-store for a while now and I love it. I have it synced on multiple device via a bare git repo
does its* job very well
VaultWarden if you want all the features without paying $40/year.
Otherwise Bitwarden will either allow you to self-host OR allow you to share passwords with one other person (using their server), but not both.
VaultWarden just unlocks all the features.
I don’t know about “simple”, but it’s very good. Been a happy user for many years
What’s not simple about it, as a password manager? Pop in the name/uri, pop in a username, pop in/generate a password Bingo bango Is there a level of complexity I’m missing, or alternatively is there a simpler approach?