The inner circle so to speak
keepass > bitwarden
vpn providers should be reviewed regularly
email is inherintly insecure/non-private, self hosted is best
why do you prefer keepass to bitwarden? has it better privacy or is it just a personal preference because you like the UI more for example?
keepass is a different paradigm. it uses a locally encrypted file. many frontends for it (use keepassxc and keepassdx). dont have to rely on some 3rd party, even if they say they have e2ee. theres no better privacy (and security) for an app than not using it with the internet. im not too concerned about ui for pw manager personally, the less time i spend w it unlocked the better. only (slight) problem for me: multi device usage (i just copy the file onto my phone occasionally). general rule of thumb: if it can be selfhosted, it is best to.
i think bitwarden is the best one of its type, it comes down to your needs and threat model
I really like the cross device sync, even tho it’s a security risk of course. also, I don’t know anything about self hosting (might get into it when I got the time), so bitwarden might be the best pw manager for my requirements rn.
It’s possible to sync keepass using syncthing, i use it that way.
sorry i didnt mention but yeah like the other reply says u can absolutely sync, i just personally prefer not to
I use syncthing to sync my KeePass file, and I highly recommend it. Very easy to set up
Idk if anyone else mentioned this but bitwarden can be selfhosted.
good point!
Mainly cuz it doesn’t store your passwords on someone else’s computer.
You can selfhost bitwarden, there’s also vaultwarden, an open bitearden api implementation. You could host this on an internal-only server. But you also can sync your single password file with a lot devices and use keepass, I just find that a bit annoying. You also cannot share some passwords with your relatives easily that way.
its more user friendly. Just a file you have to have. You can encrypt that double and tripple on bitwarden nope.
Proton does all of this at once
You do also kind of put all your eggs in one basket so to speak though. I don’t have anything against Proton and the pricing makes sense if you value all their services and pay for Ultimate (though by my estimate, less sense if you are only looking for a smaller handful of services). However, if you go fully into Proton for everything, you’re placing your trust into an entire stack of services and it can end up a single point of failure.
However, if you go fully into Proton for everything, you’re placing your trust into an entire stack of services and it can end up a single point of failure.
Yeah, I know
The point is that Proton offers good service at a reasonable price, and for me that’s it, that’s perfectly fine
Had anyone heard of or tried buttercup? Any thoughts?
I was mulling around the idea of using KeePass but it seems to be too inconvenient. The pretty UI and cool name makes me want to try buttercup.
KeePass + Syncthing is pretty convenient.
Buttercup looks to be using AES-CBC with PBKDF2 and no authentication, but I only took a very brief look so I may have missed important details. That’s not secure if an attacker can alter the vault file, and PBKDF2 isn’t a great KDF to use. If you use this, you definitely need a 128-bit or higher entropy passphrase (10 Diceware words). You usually want that anyway, but using a weaker string for your master password will be less secure than you expect compared to something using a modern KDF.
Thanks for the insightful response. I’m gonna spend some time searching for all those terms you mentioned because much of it is stuff I’ve only heard in passing or never heard of at all. I’ll try to find what works well enough for me. Wish me luck!
tutanota is terrible though
Tutanota is one of the few good E-Mail services that i can think of, what’s so terrible about tutanota?
Tutanota is in Germany, which is part of the 14 Eyes global surveillance network. Protonmail is located in Switzerland, not currently part of any such intelligence agreements. Switz courts are also much less willing to approve search warrants.
The lock in and the lies. The first being your inability to read your emails in another client. Second is the lie that it’s secure when email is inherently not second. It’s making a false promise.
Oh and I forgot the new issue, being that you can’t zoom mail, which is infuriating.
Disclaimer: I pay for Tutanota and have for a few years. But I’m tired of it. Will switch to another season once K-9 becomes Thunderbird for Android
deleted by creator
As a US consumer, I can’t use a lot of these VPNs. When you dig into how local governments are trying to break encryption in many countries overseas it makes you slow to sign up for services. The worst case would be you use a service, get invested and a few weeks later new legislation you’re not following/in the know about gets passed and some of your data is now in some foreign governments jurisdiction more so than it was before.
It’s not that Germany or Sweden in particular do that today but I also haven’t quite looked into its bounds, if five-eyes alliance reaches them, etc. There is a lot you have to be cognizant of.
Also I like Bitwarden but Vaultwarden is the way to go; just make sure to donate/pay somehow for bitwarden if you use its clients.
What’s bottom right? Top is Bitwarden and Left is Mullvad VPN
Tutanota, an email service.
that’s Tutanota
tutanota, an email service
I love Mole, Shield and Road
Ah, the new pokemon game that just came out.
the mole creates the tunnel for the road, and the shield is for the travelers’ protection
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Removed by mod
bruh, i can’t be the only one confused why state farm’s drive safe app was being touted…
just a side note for everyone out there that uses bitwarden: you can reset your password with just your email. that means the admin can see your passwords. The only 3 upstream password managers that don’t have that “feature” are 1Password, lastpass and keypass (not counting gpg-based script in bash n friends). Lastpass is obviously a mediocre solution (too many breaches), keypass isn’t for everyone (UX). 1Password is a very solid solution and it has public security audits
I’ve got nothing with agilebits/1Password - i just use it after spending days researching (also I’m a former IT security engineer)
No you can’t reset your bitwarden master password with just an email. I invite you to try and let is know how it went.
If that were true that it wouldn’t be just a side note because it would render the whole Bitwarden product useless. It’d pretty much mean that they are not encrypting passwords at all, so even worse than infamous LastPass. But as the other comment pointed out, it’s pretty much not like that.
It’s so out of context it’s almost untrue.
Bitwarden can’t find or change your password, and their admins absolutely can’t see them either.
You’re talking about the “admin password reset” feature offered to organizations (and which doesn’t concern lambdas users at all), which must be explicitly activated and which allows admins not to see our password, but to trigger a password reset with notification to the user.
Once the password has been reset, all you have to do is change it, and nobody else has access to it.
For anyone still using Mullvad and wants port-forwarding, I recommend AzireVPN.
Good list! I use all of them too.
