185

Just wondered what people are using for their password management.

I’m currently using 1Password on a family subscription for both password management and 2FA (and then Authy for the 1Password 2FA). But I’m seeing a lot more posters — particularly since joining Lemmy — championing BitWarden (either cloud or self hosted) and Raivo OTP as a cheaper, almost-as-functional alternative.

So is it worth the switch? Will I lose out on anything by doing so?

I’m currently running BitWarden with a free account to see if I can live with it. But I must admit, 1Password is a staple app for me and one that I would say is priceless to my workflow and setup.

Just interested in your thoughts and trying to stimulate conversation!

top 50 comments
sorted by: hot top controversial new old
[-] flurry@lemmy.world 105 points 1 year ago* (last edited 1 year ago)

Bitwarden is open source (https://github.com/bitwarden) and was audited by privacytools.io, so I’m in team bitwarden !

It is perfectly integrated with all my devices and browsers, and it’s free to use.

[-] protput@lemmy.world 14 points 1 year ago

Jup bitwarden is pretty awesome! I use a self hosted vaultwarden. You can link it with the bitwarden browser extensions.

[-] FarLine99@lemm.ee 10 points 1 year ago

If to choose it will be Keepass 🙂

load more comments (2 replies)
[-] beckie_lane@lemm.ee 9 points 1 year ago

Been using Bitwarden for some time. Really like it.

[-] Auduras@lemmy.world 4 points 1 year ago

Question for you since you mentioned how it's integrated with all your devices. I currently do not use a PW manager (I know, shame on me). Let's say I get bitwarden, do I need to go back and change every password on every website to the bitwarden-generated password?

It just seems like I'm "In too deep" in a way where it'll be a pain in the ass to set up.

[-] flurry@lemmy.world 7 points 1 year ago

If you have stored your credentials in your browser, you can export them to Bitwarden. It’s fairly easy and will save you a lot of time.

The point of using Bitwarden (or any password manager) is that you have no idea what your password is. From a security pov you « should » update your credentials but no need to rush, one step a time 👍🏼

load more comments (1 replies)
[-] else@lemmy.fmhy.ml 5 points 1 year ago

When I switched to bitwarden I updated my password to a more secure (bitwarden-generated) password each time I logged into a site and stored it on bitwarden. Painless. That's how I got better passwords across the board and incrementally moved over to bitwarden.

load more comments (3 replies)
[-] BaumGeist@lemmy.ml 4 points 1 year ago

FYI privacytools[.]io has long been commandeered by the BDFL who apparently accepts—how do i put this impartially?—financial incentives for supporting specific software.

Privacyguides.org is the version maintained by the original privacytools team that have been doing the lion's share of the work since 2019

load more comments (1 replies)
load more comments (3 replies)
[-] HollowNotion@lemmy.world 36 points 1 year ago

Odd seeing so many people prefer Bitwarden specifically for the polish and UI. Those are the reasons I chose 1Password. Both work! Both are actually pretty good solutions. But after using Bitwarden for quite a while for work, I set up 1Pass for my personal stuff. It's just nicer and easier to manage, imo, even as a tech savvy user.

[-] schmurnan@lemmy.world 13 points 1 year ago

And this is why I love places like Lemmy. Balanced, different opinions 🙂

I personally have no issues with 1Password (except that v8 is Electron), but just tempted to try the alternatives given how strong a following Bitwarden appears to have.

Either way… it’s good to have options.

load more comments (1 replies)
[-] meldrik@lemmy.wtf 9 points 1 year ago

This is also my experience with Bitwarden and 1Password.

I used Bitwarden for a long time and even selfhosted it, but it just didn’t feel that polished, especially on the phone. Then I tried 1Password and everything just works seamlessly.

In the end, I think it’s just a matter of taste.

load more comments (1 replies)
[-] LunchEnjoyer@lemmy.world 17 points 1 year ago

Ive used both, Bitwarden feels more mature plus it's open source. But 1Password is probably more user friendly for less tech savvy people.

[-] schmurnan@lemmy.world 7 points 1 year ago

Thanks. I’m tech savvy so that’s not a problem. Just always used 1Password based on recommendations. More than happy to go open source, and 1Password 8 feels like a step backwards from 1Password 7.

[-] sennmood@lemmy.world 6 points 1 year ago

Just out of curiosity, why exactly is it a step back? I've heard this comment several times but, having only used 1Password 8 (which I quite like), I have nothing to compare it to.

[-] schmurnan@lemmy.world 5 points 1 year ago

Because it’s now an Electron app on macOS and — in my personal view — Electron apps suck. Much prefer native apps.

Functionality-wise it’s the same, but just doesn’t feel as nice to use, if that makes sense.

[-] invisibit@infosec.pub 5 points 1 year ago

Bitwarden’s desktop app is also electron, just a heads up

load more comments (2 replies)
[-] sennmood@lemmy.world 4 points 1 year ago

Fair enough, to each their own. I understand why electron apps might not be everyone's cup of tea, but I think some really do work very well (VSCode is the standout).

[-] schmurnan@lemmy.world 4 points 1 year ago

Now you may have me there. Visual Studio Code is certainly an exception, I’d be willing to admit.

load more comments (4 replies)
load more comments (2 replies)
[-] filister@lemmy.world 16 points 1 year ago

Another vote for Bitwarden

[-] SkaveRat@discuss.tchncs.de 16 points 1 year ago

Bitwarden.

I used to have 1PW, but their browser plugin just completely stopped working for me (and a lot of others).

Then I switched to BW. It has so much better UI, plugins and apps. Oh and it's cheaper.

And if you want, you can host it yourself

[-] PeachMan@lemmy.one 16 points 1 year ago

I do think 1Password is a bit more polished than Bitwarden, and auto-fills more reliably for me (depending on the website, of course). I use 1Password for work, but choose Bitwarden for personal use because I value an open-source solution that I COULD self-host if I wanted to. I don't self-host, because I'm lazy, but I COULD if I wanted to. It's also a very cheap family plan compared to 1Password, I'm still trying to convince all my old people to use a damn password manager! But one could argue that using 1Password's more polished interface instead of Bitwarden might make my life easier....

[-] schmurnan@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

Haha I hear you re: the old people. My parents use a notepad, and they scribble out old passwords and write down the new ones. It’s beyond archaic. And my dad has dementia which is just a recipe for disaster.

I’ve added them to my 1Password family and setup a separate vault for them to use, and I have a few of their key passwords shared with my vault in case they lock themselves out of important accounts.

But I’m sure if I did decide to switch to Bitwarden I could move them over pretty easily.

[-] PeachMan@lemmy.one 4 points 1 year ago

Right, that's the beauty of using a GOOD password manager, whether it's Bitwarden or 1Password. They both make it relatively easy to export and import all your passwords.

load more comments (4 replies)
load more comments (1 replies)
[-] DrTautology@lemmy.world 13 points 1 year ago

KeePass is great. Has all the features I want and then some. Everything is stored locally, you can encrypt with password and private keys and it even has the ability to sync dabases on a on a home server. I use it on windows and android. Since 99% of the time I make password updates on my phone I'll just sftp the database file to my server and then use it to sync with my windows machine next time I'm on it.

load more comments (3 replies)
[-] iesou@lemm.ee 13 points 1 year ago

I recommend KeePass, used it for years, open source, not hosted, can use a key file for added security and works well with nextcloud, drive, Dropbox, etc

[-] key@lemmy.keychat.org 5 points 1 year ago

KeePass is the way. Keep all these newfangled web services away from my passwords. And there's plenty of different open source projects available that all works with the KeePass format.

load more comments (1 replies)
[-] bighi@lemmy.world 12 points 1 year ago* (last edited 1 year ago)

1Password is way better, but it's more expensive and not open source.

Bitwarden is, like most open source apps, jankier than 1Password. Not as mature. But people that care a lot about their software being open source will use it because it's the best open source option we have at the moment.

None of them is a bad app.

load more comments (4 replies)
[-] bloodninja@lemmy.world 12 points 1 year ago* (last edited 1 year ago)

If your workflow is how you like it I would stay.

Vaultwarden might be worth looking into when you have time or want to set it up to check it out. Self-hosted Bitwarden compatible server written in Rust. Lets you store OTP for free which is a convenience I enjoy.

load more comments (1 replies)
[-] Aielman15@lemmy.world 11 points 1 year ago

I've used BitWarden for a few years now and I really like it. I've set it up on both my PC and phone browsers, and it does its job well. Never paid anything for it, the free tier is generous enough for casual users like me.

It being open source sold it for me.

[-] EraNet@lemmy.world 10 points 1 year ago

Another vote for Bitwarden

[-] nekusoul@lemmy.nekusoul.de 10 points 1 year ago* (last edited 1 year ago)

I'm using a combination of KeePassXC on Windows/Linux, KeePass2Android and Syncthing for database synchronization, plus a Yubikey for 2FA. Granted, it's not a setup I'd recommend towards non-tech people, but it would take a lot before I'd switch:

  • Works completely local, so I never have to worry about being locked out for any reason.
  • Despite that, I still get the benefits of online synchronization through Syncthing.
  • KeePassXC has by far the most powerful autotype functionality, which is a big timesaver since I often need to type passwords into non-browser windows.

The last point in particular was a dealbreaker when trying out Bitwarden/Vaultwarden a few years ago.

load more comments (3 replies)
[-] Ender2k@kbin.social 9 points 1 year ago

@schmurnan

I'm a HUGE 1Password fan--and have been for years. It is always the very first app I install on any device. Paid for every upgrade since v4 when I discovered it.

I was sceptical of the switch to Electron, but it's just the front end. The backend is written in Rust and performance has been great. It's not native, but that's a current trend right now...

I was even sold on the subscription model, and now manage a family account for my wife and kids.

[-] Xeknos@lemmy.world 8 points 1 year ago

Another vote for Bitwarden. I love it and recommend it to everyone.

[-] dinckelman@lemmy.world 7 points 1 year ago

I've been subscribed to 1Password for around 8 years now, and don't intend to cancel it any time. It's super convenient, updated frequently, and seems to be audited independently to ensure security too. Just recently they've added a few features that make my life as a developer with multiple machines so much easier. OTP on every logged in device too, so I don't need to constantly migrate the horrible Authy setups, or whatever else people use

load more comments (1 replies)
[-] CaptObvious@lemmy.world 7 points 1 year ago

I use Bitwarden after trying out several recommended alternatives. It's what works best for me and my workflow (individual personal and work use). The browser extension is a lifesaver.

I remember trying 1Password and deciding against it for some reason, but I don't remember what. My overall impression now is that it was a fine product, but Bitwarden was a better fit. I'd say use whichever meets your needs.

[-] sturmblast@lemmy.world 7 points 1 year ago
[-] AsimovsRobot@lemmy.world 7 points 1 year ago

KeePass for me. I manage my own database, don't rely on clouds and etc.

[-] learn2swim@lemmy.world 7 points 1 year ago

Keepass, Keepass2Android and Syncthing to share between devices.

[-] iturnedintoanewt@lemmy.world 7 points 1 year ago
[-] DarraignTheSane@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

1Password is good from what I understand, but yes it's expensive compared to the competition. It just... is, and they don't mind because they're going primarily after enterprise business.

BitWarden is pretty much the leader in the field and has been for some time, not counting self-hosted only apps e.g. KeePass.

Not to mention, the Premium plan only costs $10/year or $1/month. I used the free version for sharing passwords with my SO for years until I wanted to start storing TOTP codes, which requires premium.

[-] OverfedRaccoon@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

Bitwarden with a free account here, and it does everything I need it to do (and more than I'd expect for free). Between the app on my phone and browser addons/extensions on PC, I honestly don't know what else I'd personally need from it (or any other password manager). Plus, it's open source.

[-] jonathan@lemmy.6px.eu 6 points 1 year ago

I self host a Bitwarden server fork called vaultwarden. It works with all the official Bitwarden apps and browser extensions and I am very happy with it. I never used 1password though so I cannot comment on any missing features.

[-] PlushySD@lemmy.world 6 points 1 year ago

Bitwarden anothe vote

[-] Im_Cool_I_Promise@lemmy.world 6 points 1 year ago

I've used both and they're both great. I didn't like the migration process for Bitwarden -> 1Password. I think I ended up downloading some python script to change the format of my Bitwarden export to a format 1Password could understand. I imagine the migration process is a lot better now since it's been about a year since I've done that.

Outside of that, I like the design of 1Password better, and it also tends to auto fill more reliably as well. iirc Bitwarden has auto fill as well, but it didn't work great for me, so I ended up copy pasting passwords instead. Not a huge deal, just something to keep in mind.

[-] schmurnan@lemmy.world 5 points 1 year ago

You’re all awesome. So much feedback for me to work with.

I’d say the vast majority are recommending Bitwarden (or Vaultwarden should I want to self host), with lots of shoutouts for 1Password as well. Honourable mentions for KeePass as well as a few others.

I’ll continue to run Bitwarden in parallel to 1Password for a little while longer to see if I prefer one over the other. I’ll definitely look into self hosting it as well, although I don’t currently have a domain name so would either have to get one or do the slightly more convoluted method of getting self-signed certificates.

Thanks all for taking the time to indulge me — very much appreciated.

[-] OutrageousUmpire@lemmy.world 5 points 1 year ago

I use Bitwarden and I’m planning on switching to self hosting Vaultwarden soon.

load more comments (1 replies)
[-] roguemetahuman@lemmy.world 5 points 1 year ago

Keepass > Bitwarden > 1Password

Full disclosure: I've never used 1Password so can't really comment on it compared with others, but I'm currently running a selfhosted Bitwarden re-implementation (vaultwarden) and am generally pretty happy with it. I've only ever used LastPass as a password manager before (aside from a seeding algo back in the day), and while I really don't like their business practices or security history, their extension has or at least had a bit better consistency on Firefox than Bitwarden does, at least with regards to detecting username/password fields and detecting when a new credential is being created and asking it to be saved automatically. That being said, it's something that I can live with considering it's free software. As far as I'm aware, in terms of features all the big players in that space are pretty evenly matched, though I do remember some advanced feature that 1Password offered over others; maybe related to privilege access management in enterprise.

I'm also part of the Vaultwarden crowd. I'll never trust something that isn't open source.

load more comments (5 replies)
load more comments
view more: next ›
this post was submitted on 18 Jul 2023
185 points (100.0% liked)

Technology

59430 readers
2570 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS