Objective: Secure & private password management, prevent anyone from stealing your passwords.
Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open
Option 2: Use ProtonPass or similar solution like Bitwarden
Option 3: Host a solution like Vaultwarden
Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills
Bitwarden for me. My password manager is not just for me, it’s also a crucial component of my family life so if something happened to me I want my next of kin to be able to access it
For that it needs to be an easy to access solution.
Same, I’m all for complicated things that only I know how to use but the keys to the kingdom shouldn’t be one of those when there are laypeople relying on me.
I still have to figure out how to let those people in when needed, I’m thinking writing the master password and the backup code on a paper that lives in a drawer, maybe in a “break in case of emergency” box, etc.
Curious what’s the best way to mitigate the wrong person getting that, but I think if you have to worry about someone breaking in your house who is also looking for that info, then you have a different threat profile to consider, and the above calculus doesn’t apply.
Bitwarden offer the option to set up an emergency contact.
You choose someone to be an emergency contact, it means that if they want they can request access to view your passwords.
When they send a request you receive several emails to warn you and after X (you can choose the amount) days if you don’t do anything they get access to your account.
I used to self host Bitwarden, but didn’t want the hassle of securing it and updating it properly and consistently. So I just pay $10 for bitwarden premium and I get to support the company.
I’m very happy with self-hosted Vaultwarden.
I did option 1 for a number of years but now I’m doing option 3 off a proxmox container and some cloud scripted backup. So far so good.
We just started doing option 3 at work and just keep it behind the firewall. It is going well so far.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System Git Popular version control system, primarily for code IP Internet Protocol NAS Network-Attached Storage SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
7 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.
[Thread #173 for this sub, first seen 28th Sep 2023, 18:45] [FAQ] [Full list] [Contact] [Source code]
Vaultwarden behind mutual tls and reverse proxy and https://github.com/oguzhane/bitwarden-mobile until https://github.com/bitwarden/mobile/pull/2629 is merged
But honestly all services you mentioned are worthy.
Anything that fits your needs imao
Option 4: levy existing tools such as gpg and git using something like pass. That way, you are keeping things simple but it requires more technical knowledge. Depending on your threat model, you may want to invest in a hardware security key such as a yubikey which works well with both gpg and ssh.
Why use tools not meant for password management, when alternative tools explicitly meant for password management, which have similar levels of security, work just fine?
You’re essentially saying “instead of driving down the road, I like to ride my bike with rollerblades.”
It is just how I prefer to do my computing. I tend to live on the command line and pipe programs together to get complex behavior. If you don’t like that, then my approach is not for you and that’s fine. As for your analogy, I see it more as “instead of driving down the road in a car, I like to put my own car together using prefabs”.
Option 2, because once you start thinking about the ways your stuff could be stolen (“threat modelling”) you’ll see that realistically it’s the easiest option.
