pull down to refresh

On the topic of password management, what are your recommendations as far as the tools there are out there (password managers, hardware keys, etc.)? And what would you say are the best practices (both phone and pc)?
A bit of a broad topic on purpose as I am not sure exactly where I am going with this, but I know I want to do more research and gather more information. If you have good resources on this, please do share.
Cheers
I use KeePass and Bitwarden. Self hosted. On all platforms and synced on all devices, from my own NAS.
reply
Second that. KeePass and you can chose your client
reply
Keepass + syncthing
reply
Dashlane: A password manager that includes a password generator, security alerts, and built-in VPN service. It also allows you to share passwords with trusted parties and it offers a free version and a paid version with more features.
Keeper: A password manager that includes a password generator, two-factor authentication, and encryption. It also allows you to share passwords with trusted parties and it offers a free version and a paid version with more features.
Bitwarden: An open-source password manager that allows you to store and generate unique, complex passwords for all of your online accounts. It also includes a password generator and two-factor authentication.

Hardware Keys: These are physical devices, such as a USB key or a smart card, that can be used in combination with a password to provide an extra layer of security. They typically use two-factor authentication, which requires both the password and the physical key to access an account. Examples include Yubikey, Google Titan and Feitian.
Biometric authentication: This is a technology that uses your biological traits, such as fingerprints, face recognition, or voice recognition, to identify you. This technology is built into most modern smartphones and computers and can be used as a second factor of authentication.

Use a password manager: A password manager is a tool that securely stores and generates unique, complex passwords for all of your online accounts. This way, you only need to remember one master password.
Use two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security by requiring a second form of verification, such as a fingerprint or a one-time code sent to your phone, in addition to your password.
Avoid reusing passwords: Do not use the same password for multiple accounts. If one account is compromised, attackers can use the same credentials to gain access to your other accounts.
Regularly change passwords: Regularly change your passwords, especially for important accounts like financial or email.
Be aware of phishing: Be cautious of clicking on links or entering personal information in emails or on websites that you are not familiar with.
Keep your software and devices updated: Keep your software, including your browser and operating system, updated to ensure that you have the latest security patches and features.
reply
Awesome, thank you for the write-up!
reply
Good question. I'm interested in getting some input also. I use a fairly lesser known password manager, not open source code, and I'm nervous that it will be the next hack victim.
I can't wait until bitcoin puts an end to all this password crap.
reply
I've been using Bitwarden for a while. The good thing is that their official server and clients (for desktop and mobile) are open-source.
I am actually running an alternative implementation of the server: https://github.com/dani-garcia/vaultwarden that is less resource-intensive and implements most of the official API: https://github.com/dani-garcia/vaultwarden/wiki#supported-features
Even when running your own server, you can still use the official clients (browser extensions or mobile apps), so you don't have to worry about all the different client implementations in the wild.
reply
I second bitwarden. Been using it for a while. Been great and really helps out.
reply
Thanks!
What are the tradeoffs of using official clients (browser extensions or mobile apps)?
reply
I don't see any, especially since their code is open-source: https://github.com/bitwarden
reply
KeePass. Self hosted. Automatic backups to external HD. Manual backups to usb drive.
reply
Bitwarden
reply
https://www.passwordstore.org/ Terminal only encrypted by gpg key backed up by a local git repo that you can push anywhere you like. No centralised service to honeypot you
reply
do you have a way to auto-complete on web browser and to access to your pwd on your phone with this method?
reply
No. It can write to paste buffer with a flag, so the browser workflow is cmd-tab based. I didn't try to solve for the phone
reply
KeePass + Syncthing
reply
Bitwarden, self-hosted (vaultwarden). I strongly recommend it.
reply
I am the old guy that just remembers passwords. I do have cloaked for generating throwaways though.
reply
Accounts.txt works for me
reply
If you are a command-line enthusiast, check out gopass. Really nice, and uses git to sync across machines.
reply
Used and payed for Bitwarden. But i found it too complicated to self-host IMO.
The best and simplest solution is a combination of KeePass+Syncthing. Both free, and available for desktop and mobile.
reply
Self-host bitwarden/vaultwarden
reply
JESUS CHRIST DON'T USE A PASSWORD MANAGER TO STORE YOUR SEED PHRASE!
Pen and paper only.
reply
Who said we are storing our seed phrase in password managers?
reply
It's implied when you post a password manager ad on a Bitcoin message board.
reply
reply
And denial is a river in Egypt.
reply
I prefer steel
reply