Hi.. Are you using the extension on safari? My safari extension stops working after quitting safari and I need to re-enable it manually from safari preferences :(
@Robert Maclean I hope it doesn't and that they collapse and fail. Short-sighted profiteering. I'll gladly pay for a good service, but not when that service degrades so badly it's embarrassing. I figured $40 a year for a family plan supporting 4 people, with the option to have a family folder to share, was a pretty good deal, but we spend so much time now nursing logins on Android that they should pay us. Oh, for the Halcyon days of 2014 LastPass.
@@mritunjaymusale Making their video cards shitty (banning vm usage for consumer cards and the mining bs for example) is not step 3, that's just believing they are at step 3. And it only works temporarily during massive shortages. Or are you talking about a service i am currently not aware of? I mean that's still a dick move but still 2.5 at best.
@@fgregerfeaxcwfeffece Maybe true for Nvidia but I believe Apple is already at step 3. And by the time you get to step 3 you have already become unsustainable. So in step 3 you continuously exploit with no room for respite.
@@adblockturnedoff4515 Well, that's why i never opposed it on apple. They absolutely are doing it. Thankfully they have no real monopoly (Well, i am biased i can barely see use for their "product"). Just one of the heaviest vendor lock-ins imaginable.
@@fgregerfeaxcwfeffece They have very real monopoly on their platform, but I see what you mean. They do create good products that work well with each other and are intuitive to use. But their business practices and the way they treat their customers is horrible. They blindly chase after profits and clout. Not a single shred of human emotion. The whole phrase that even the biggest of companies are run by humans doesn't apply to them. Sad.
@@adblockturnedoff4515 It's easier to have everything work when only whitelisted test cases work to begin with. And that's why i see apple as barely having a product. With this high price and this low functionality that's simply not a good ratio. I actually had this conversation with a co worker just about 2 years ago: A: Oh Linux is so hard! B: Why did you use it? A: Because what i tried was impossible with everything else. B: See why this comparison is a bit unfair then because you basically equated impossible with "easy" or at least not as hard for the other side? A: Okay, valid point.. Or in other words it's easy to never fail if you never do anything hard. Just avoid everything hard and never fail. Sounds good until you look at all the missed opportunities. But i get it. Loss aversion psychology just leads you down that fallacy. That's just a known and well documented flaw in human psychology. We value loss harder then missed opportunity but in reality they are exactly equal. Money shows this very clearly. It doesn't matter if you lose 500 currency units or not gain 500 currency units. The result is you being short 500 as opposed to the alternative. That also leads to the next common apple fallacy: They retain value! Not really, if "A" buys a 1200$ iPhone and resells it after 2 years for 800$ "A" lost 400$. Meanwhile "B bought a 200$ used One+ use it 2 years and drops it in the old phones drawer. (Of course it lasts longer, but i don't see the point in further beating a dead horse. Besides, the point was the 2 years period, so anything after that doesn't count no matter how much it goes in my favor. ) "B" saved 200$ compared to the great value retainer if if "B" just threw the phone into a river. Or in other words after 2 years "B" is already 200$ ahead (even if the phone lost ALL value) if we are talking monetary gain. Not a good start i would say. Now the common point would be: it's unfair to compare bought new to used etc. But the value retaining argument is usually used in against exactly buying cheaper. I simply see impossible as a straight fail. So Apple products have to many fails to be considered. Biggest one: it's either locked or unsafe. And on a business evaluation of a product you compare everything to other options at the same price and i don't see apple winning on single metric by that standard. But i am open to change my mind. So go on, tell me what's great. Only concrete use cases no marketing bullshit like "intuitive". Nothing is intuitive. there is no such thing as common sense. You only know what you learned. The only thing that comes to my mind is a very narrow by its nature and my main contra argument: Limited software lowers administration cost. They are glorified v-techs or gaming consoles, not computers. I define computer as a general purpose device. Apple products are distinctly not that. So i frankly can't see how the treatment is not part of the service. Sounds like plain old fin dom to me. And i don't kink shame.
@@minespeed2009 Any idea what causes prices to be so high at least compared to the US? I would hazard a guess of politics but I'm sure there's more to it because you pay literally 4-5x as much. That's not a ~30% tax.
@@minespeed2009 In Sweden a few years ago when the environmental party came into power in a coalition government, a tax was introduced on solar power production that you use yourself (if you sold it you did not have to pay the fee, but instead some other fees, at least then you did a small profit). They had to back down and remove the tax for small scale production (home size, but a few larger apartment buildings would still have to pay) after public “outrage”.
This has aged amazingly well. Thank you, Wendell! I just spent the last six hours changing passwords, tying up some loose strings as far as 2FA is concerned, as well as migrating everything off Lastpass to something hosted on my home server. Should have done this years ago, but the recent data breach scared me enough to get the ball rolling.
Wendell: "I don't want this to get technical or take too long" Me: "Sounds good. I guess I'm going to need my calculator, some paper, Visual Studio Code Editor and plenty of water to stay hydrated."
Jumping from Lastpass to Keepass has been on my backlog for... probably a decade now, but this recent move forced me to make the jump. I've started on Dashlane, migrated to Lastpass, and considered Bitwarden... but ultimately the objective was to go Keepass synching stuff on my own. I have to say, there are reasons not to do it... go for something like Bitwarden instead for instance. But I'm insisting... because ultimately, I don't wanna rely on someone else's server/service, so as good a time as ever I guess. The general problem with Keepass is the general problem with several other FOSS software, which I also have highly adopted in recent years - it's fine for me, but if I'm gonna put it for someone else to use, like say, my mom who is in a permanent tech illiterate state, it starts getting harder. But even for me, the decisions are taking longer than I'd like. Problem is, there are too many options, not that much material for research, and videos like this one are not that numerous, so it ends up not covering specific cases like mine. For desktop it was kinda easy. Original Keepass is kind outdated but fine, KeepassXC is more modern with newer features, so there you go. I still ran into some weird problem though. Not sure why, but Keepass XC was refusing to import a Lastpass CSV file inside an already created database... it keeps trying to create a new database instead. So I had to do it via standard Keepass, and then open the database via KeepassXC. Perhaps because I'm trying to create a new database with a keyfile, not sure what's the issue. On Android, things got worse. I tested KeePassDX, AuthPass, TinyKeepass and am currently using Keepass2Android... all of them have something that doesn't work, works weirdly, or is kinda messed up somehow. I think TinyKeepass doesn't support key files, KeePassDX I couldn't find a way of using biometrics alone do unlock the thing (requirement for my mom), AuthPass wouldn't accept my master password no matter how many times I tried for some reason. Keepass2Android is older and has a bit less friendly UI, but seems to be working... I just didn't fully test it yet to tell. But the general problem is the same - compared to Lastpass, all these versions of Keepass seems to be generally more difficult for someone like my mom to use. You have bugs here and there, the interface is kinda convoluted and complicated, and you end up having to go through this familiar path of trying and testing things out... I'm also trying to sync the database through my Synology NAS, future plans to build a server running NextCloud for it. I'm not sure what's the ideal way to do it. I'm using a mix of DS Drive for Android and PC, or an older app called DS cloud for Android, and trying to sync things up that way. For me personally anything should work fine, but for my mom it has to be seamless and under the hood. No weird glitches, need for constant confirmation, reliant on configuration, and whatnot. Just not sure if this will work out ok because I'm not sure how these apps deal with file conflicts and simultaneous usage. Of course, the best thing about it is that when I manage to make it work for us, no more fears of a service cutting off features and ramping up prices out of nowhere. Going the same route for Google Photos... for now, it's Synology Moments, and when I can get back home and build my own servers, it'll be NextCloud. Depending on how it goes, how easy to use the interfaces are, I might just keep the Synology for family usage, and reserve NextCloud for my personal stuff...
I've been using KeepassXC along with NextCloud. Been working great. I also use key files to make it harder to crack the encrypted database. The only issue is the firefox plugin can be flaky at times but still works fine most of the time.
@@Darkk6969 Thats good, love keepassxc. I have not used plugins, I generally use the portable version from a usb thumbdrive. I have 300 random keyfile documents on the same drive and turn off so it won't remember it along with a password---great for Linux as well, same DB files. Another great thing about keepass is it works on many "locked down" corporate computers without admin having to authorize it (good luck with that)
Yeah, keepass is ok, but the browser/mobile integration is about on par or better than lastpass with bitwarden, also confused why Wendell said it was harder to setup? I mean if you can follow terminal instructions on how to setup docker then btiwarden_rs is really easy and thanks to ngnix proxy manager, forwarding that to a domain is also really easy these days.
@@vgamesx1 That was confusing. I assumed he meant that the official Bitwarden self-hosted install was too difficult, as opposed to bitwarden_rs which is fairly easy but is an unofficial 3rd party effort.
I have been considering doing the same, if it's as simple as just running a docker container and proxying traffic to it, I just might do that. I've been lazy with my password management stuff, so I probably should do better than I am rn.
I’m switching to bitwarden as well. I was happy to pay for LastPass as a way of supporting them and maintaining for the free users, but not really into the idea of eventually losing access (if I can’t use it in both my phone and desktop it isn’t useful) to an important piece of software if times are though financially.
Same, i've used lastpass for years, back when they were 12 bucks a year i paid that without issue. but then they made the free tier and the pay tier essentially identical, so i went free, now theyre basically ripping me off. They also make it seem like you get that cheaper discounted rate as 'grandfathered deal', nah its not, its just for 1 year and then you're bumped up to 36 (or likely more i'd bet) after the first year. sorry logmein not worth it.
@@gigatigga Same here, used free LastPass for a couple of years, then payed the 12$/month until it became free. Moved to Bitwarden a few months ago since I would rather have a open source/source available product for this. I happily pay the 10$/year for Yubikey access.
@@gigatigga Lastpass was the first 'free' service that I ever paid for just because I wanted to make sure it stayed a functional company. Never used any of the premium features. When it went to $36 I dropped the payments because while its a useful service its not $36 a year useful and I never used any premium features to begin with. Switched to Bitwarden 2 or 3 years ago now.
I use my phone and Mac interchangeably, and since i'm on "Free" the only way to use password on my iOS device is type it in by hand... I wouldn't mind paying for Premium if only security was better handled (without breaches).. but to me, it doesn't justify paying for something hackers already know about. I'm gonna try Bitwarden,
And Germany. (Where the price for electricity has gone up 100% in recent years) ... 2002 it was 16 €cent/kWh. 2021 it is 32 €cent/kWh (32 €cent are 0.39$)
@@murphy7801 I think my comment was pretty straight forward. We had an increase in our electricity. It was 4% form 2020 to 2021. Honestly, that doesn't sound too bad comparing with other countries in the comments. I'm sorry that other Brazilians are venting in the internet, our government is very controversial.
Trying to create a value where there is none or trying to press water out of a stone is what is ruining many products and companies. A company that offers something like password manager shouldn't be expected to make YOY gains until the end of time.
There should be some free quality password managers just there are with antivirus. Security hacks affect everyone. We need public health for the internet.
I've been using LP for the last 8 years or so. Switched to Bitwarden instantly last week and did the same with my parents this weekend. Keypass looked great as well but ease of use is much more important b.c. I gotta set up the whole family. Very happy with Bitwarden so far, I like that that it's all a bit more rudimentary looking than LP while having better useability imo
I meant to migrate away from Lastpass when I saw this video when you first released it. Sadly, work got in the way and procrastination. How did that bite me on the butt. Migrating now, changing all the passwords and notifying clients who may also have been affected. This video made a handy reference and giving it my clients saved me a lot of time.
1 year after, a pair of breaches shows that LOTS of things are stored UN-encrypted by LastPass. I'm so glad I have used synced KeePass for years, even long before this video was published.
You should have heeded Wendell's warning. LastPass has been fully compromised. I'm going to self host to keep my stuff secure. (Although my current manager is physical and the only plane of attack is breaking into my house, bypassing the dogs, and finding my password book.)
I'm old school, I have a note book with really long passwords written in pencil. Some of the passwords characters are different than how they are written.
Totally fine. Providing your passwords are essentially diceware. It's all about identifying your threat model and a notepad and pen works great for some.
You're surprised someone isn't as hysterical as you? Vishur, what is your threat model? My parents for example live in a nice community, crime is low, they've long since retired. Their password books are stored in a fire rated (and water rated) document lockbox situated next to their main PC along with other pieces of important information and their passwords are diceware. Now, if they wanted synchronisation across devices I'd consider getting them up to speed with bitwarden, but they're happy with their current system, they understand it. If I start talking about kdbx's and dropbox, etc their eyes will glaze over and I'll lose them, right now however with their little dice and crib sheet and their books my parents are considerably better off than when they used the name of our first pet for everything. Now lets take a look at your tin foil hat approach - it all sounds splendid, until... "algorithms". You see, unless you're a mathematics whizz, or a computer, well the issue with it is that given enough public breaches, your algorithm becomes a recognisable pattern. What once was "super secure" has now compromised every single password you ever generated using said algorithm.
@@iVGaur crime impossible fire impossible? No they don't live in a make believe world but they've addressed those things. It lives in a Fireproof safe. Is physical violence impossible in your world? Pretty sure you'd succomb to a few sledgehammer blows to your knee caps and reveal your algorithm under duress. Yet you don't seem so concerned about that. It depends, if you're a nobody like yourself then perhaps you're correct your threat model needn't be concerned with targeted attacks however if you're someone of at least moderate interest perhaps it should be. Notice you're demonstrating my point exactly, you're agreeing that it all depends on your threat model. Are my parents concerned about crime? Not really, but it's under lock and key anyway. Are my parents concerned about fire? Not really but it's in a fire proof safe anyway. Both of those risks are now mitigated. Yours however is still unanswered.
I've been a paying Lastpass customer for about a year now. I pay $48 a year for a Family Plan for four of us. Bitwarden is $40 per year. So while that's cheaper, the cost of switching (in time) makes me stay put for now. I realize that's a slippery slope that could have us get locked in for longer due to increasing amount of time required to switch as the password lists grow. I need the family plan because I've got grade-school kids that I'd like to have learn good password management habits. I'll see how things shake out for a bit - but this is good info to consider.
Must be a sign when this video came up on my recommended. I stuck with Lastpass despite the service changes last year, thought i could still work with the limitations which was still livable. But with the recent big hack, pretty much lost faith in them.
Been using BitwardenRS on my home server for about a year now. It is great! I use the browser plugins, desktop application, and phone app with fingerprint access, super convenient. I had exported all my passwords from Chrome password sync (yuck, I know), then I used bitwarden to help me set unique super secure passwords for all my websites. My next step is to develop a high availability strategy in the event my home internet takes a nap while I'm on vacation or something..
Bitwarden clients cache password file, so you can use your passwords even without Internet connection. This should be enough to survive a brief nap, but high availability is a good thing nevertheless.
@@VaKU. it might be an issue if you changed the password and the cached password is out of date. If you're running bitwardenrs you should be able to access your passwords even without internet since you can use the local IP to access the docker.
@@VaKU. I'm assuming running it on a local machine, not running on linode. You could run bitwardenrs on a raspberry pi if you wanted to. Really no reason pay for linode, when a you can get a raspberry pi for cheap and cost you very little to run. Should easily be under $1 of electricity every month unless power is very expensive in your area.
@@joemann7971 Thanks, I know that and have several RPis. I'm hosting BitwardenRS on my NAS. My earlier comment was an answer to @Chris Burnes on the point of "a high availability strategy in the event my home internet takes a nap while I'm on vacation". I think that cached passwords may be a reasonably sufficient solution for a brief periods, when server at home is without connectivity.
For a single user scenario I would agree, when you have 4 family members with shared folders and passwords, lastpass takes the cake for me. I can update a password and my wife doesn't even have to know, it will just sync to her account and work for her
3:37 the electric infrastructure in Texas collapsed due to own lack of foresight and maintenance. there's scarcity. let's drop some surprise $10,000+ charges to the user's electric bill.
It shouldn’t have come as a surprise. They signed up for wholesale rate plans. It’s a case of know what you’re signing up for. Not defending the electric companies. But people need to understand there’s a flip side to the ultra low bills they usually get.
Bitwarden sounds like the thing for me since Ive been wanting to get my parents to use a password manager, and they aren't technically inclined. I want to use the same service as them if only because then I would be familiar with the service and how it works if they ever have a problem. To many times they have called me about something I have never used or heard of before and always takes time quickly learning how to actually use whatever they are trying to use to fix the problem.
I was using Keepass/Dropbox and found that combination worked quite well. I’ve moved to Bitwarden as the integration is better, especially across multi-device/multi-platform
Isn't ChaCha20 only better than AES because it is faster? I can see that being good for some purposes but my AES password database decrypts so fast I don't notice it doing anything already.
Whatever alternate you choose, remember to keep a backup of your passwords just in case, you probably have a few hundred or so passwords and really don't want to lose them, so even if you don't plan on using Keepass it isn't a bad idea to import them anyway or if nothing else at least get veracrypt and encrypt your password export.
This should be part of the business of building computers. From smart phones to desktops should come secure otherwise these programs seem based of the old mafia style “protection” rackets
I prefer keeping my passwords on a local level and not online. Yes I'm aware that things can be encrypted before they are sent and what not. Just keeping things offline that you don't want others to know is just a better way to be sure if you ask me. I don't have to worry about an encryption being broken or a databreach among other things. The only real downside is that I don't have the convenience of a quick one password login, and I'm more than OK with that.
I’ve been using DataVault for years and all data lies at the local level. You have to manually sync between devices. But it’s one password for the program across all devices. You can’t fix what isn’t broken.
Thanks for this video Wendell. I always come back to you when I'm doing security spring cleaning. Been using Lastpass for a few years and with their recent change I wanted to double check what the options out there are. Just switched to Bitwarden!
I use the Bitwarden docker image and haven't had any issues but I do dread the day when something goes wrong. It's a total blackbox. Maybe remind folks to enable backups on their Linode instance if they're going to host all their passwords on it..
It's just a single SQlite database and bitwarden-rs source code is open source -- I would not consider that a total blackbox. But yeah, people should definitely back up their database regardless.
@@at0m113 Nah I'm talking about this one: bitwarden.com/help/article/install-on-premise/ I think Wendell mentioned it before talking about bitwarden-rs. It spins up 12 containers and installation/updates are all managed via a script. I've never had a problem with it but tbh I wouldn't even know where to begin if an update failed.
For me, the main draw of lastpass is the auto-fill, and the fact I can easily use it on my phone as well. So many times I need to randomly sign in to something on my phone, I'd like to have it work there. I'll check out Keepass, as it seems like the synchronization could already be easy enough, but a lot of these open source tools feel like patchwork to me; How do I have file synchronization that automatically works every time? Where does a browser extension come in to it? What if my phone updates and 'messes' with something? I'm the layman that Lastpass was meant for, and if there are any similar solutions, please inform me.
I switched to Bitwarden and the autofill on smartphones works very well, was super easy to switch from Lastpass to Bitwarden, when it comes to password security I'm not super serious like Wendell, but I wanted a working service, so Bitwarden is it now.
I actually prefer using keybinds to autofill (bitwarden) and I've had no problems with autofill on phone using bitwarden, personally I haven't had any issues that would make me feel like bitwarden is patchwork if anything I'd say dashlane (what I used before bitwarden) made me feel that way more, if keepass doesn't work well for you I'd recommend checking out bitwarden.
There are Android and iOS apps that support KeePass files. Use what ever synchronization service to get your kdbx to your phone and the apps plug into the OS’s password auto fill for easy use. Synchronization is as easy as storing your kdbx file in your drop box folder or any other equivalent service. You could even use something open source like syncthing. For desktop KeePassXC does have browser integration but you also need the app running I think.
Dude. This information made my month. Encryptr just end-of-lifed and I thought they shut down permanently leaving me without all my passwords or keys for crypto. They turned the servers back on this weekend for people to migrate their data off, and Bitwarden was super easy to setup and migrate to. Great video!
I saw the news about LastPass when it first came out, and I kid you not I had 3 accounts migrated over to Bitwarden within 15 minutes. It was so easy and I'd been looking for an excuse to ditch LastPass and this was the final straw.
Let's try again: Use KeePass + rclone, dont use any of the commercial products, they are all honeypot. You dont control the app, you dont control the remote rest data == you dont control your passwords.
not your keys not your stuff. is there dumb version than manages everything from the boot of the computer and no need to do much after copying the seed phrase?
Bitwarden. Just self-host it. All this keepass + cloud storage service + syncing between devices is bandaids around a crap solution. Host your own bitwarden setup and call it quits. Done.
Personally use keepass + Kee + rsync mostly. Kee is pretty good as a browser extension and allows for far better domain fine tuning than lastpass ever could. At work, we do use Lastpass on a company level as at the time I chose it, it was a good option for sharing passwords between people (yes we are single account freeloading on software that charges per account).
The biggest features that made LastPass so good are the browser extensions and the mobile application. If Bitwarden can match those (especially the iOS app making use of the system password auto fill) then I would definitely consider switching
Be warned. When self-hosted, Bitwarden's data directory stores a PLAINTEXT list of what sites you visit (as well as your email address, and your recovery question)
@My Name Is Donk And I Love To Honk I use Bitwarden. But I have disabled the cache in every app, including the core, secure erased the unavoidable detritus, and wrote a watchdog to auto-cleanup if I have to install a new client. It works for me, but it's non trivial... The whole mess lends itself to several very interesting side channel attacks ... But while it's only me using it, I will tolerate the inconvenience of having to plug this hole myself for the benefits of using Bitwarden.
I dunno why but self hosting bitwarden makes me a bit nervous with regards to external access . Places a lot of the responsibility to hardness my server better than bitwarden can do but its something I'm interested in exploring perhaps a topic for a video?
A few points: * It'd nice to find stats for this, but I wouldn't not be surprised if you're at bigger risk of your password database leaking when centrally hosted through Bitwarden, simply because they are a much more attractive target than you unless you're Jeff Bezos or something * As mentioned in the video, the database on the server is meaningless unless you have the master password * You can layer security here -- for example, you could make all your services (including Bitwarden) only accessible when connected via VPN
I have considered self hosting, but came to the same conclusion. I trust Bitwarden more to keep their servers protected than myself. I also trust Bitwarden more not to loose my database file than myself (in case of house fire, lightning frying computers and so on).
Is it bad that I make all of my passwords by smashing my keyboard into a text document? Never saw the need for password managers beyond what the browser comes with tbh.
Wendell, I have to disagree about using Keepass files on sync service - I tried it and wouldn't recommend it because there is no conflict resolution or direct access to the DB. That means if you work on multiple machines you have to be sure that the file has been fully synced before you edit on the second machine; and of course it's single user only. And whenever you need access to a password you need to download and unlock the entire file. So it's a possible solution, but not a great one.
I already left from Lastpass and started using Bitwarden. I was using Lastpass for last five and a half years.. pffff We use keepass at work also. Good, but not for everyday use (for me). Anyway, it was nice listening to you, giving information to people and comparing solutions.
I would love to see Wendell do an additional video discussing password managers that ship with antivirus software. I've read that they are typically not even close to as good, but it might be worth commenting on these in light of changes to LP.
+1 for bitwarden it's FOSS and it has a self host option if you don't like their cloud option. Even if they ever go closed, we can always use the service prior to it going closed and know it's functional. a fork can always exist.
One detail that was not mentioned- you can log into Bitwarden on Android phones using biometrics so you do not have to enter in your long passphrase every time... Select Settings->Security/Unlock with Biometrics.
Good presentation, I've used KeePass and Bitwarden, like them both. Even self hosted Bitwarden. For the price I let them host it and pay for the extra features. Like using my Yubi Keys as an extra layer of protection. Both KeePass and Bitwarden are great for managing thousands of pwds. Last Pass sucks and pulling your passwords off Last Pass is not for the faint of heart, they make it more difficult than needed.
Family pricing for LastPass and Bitwarden seems to be very similar though. Also, seriously, for most folks running Linode or NextCloud or their own containers is just LOL. Next step: Just spin up a Kubernetes cluster, configure a few Helm charts, run some NGINX on the front end, pull that Bitwarden container, and bam, as Todd Howard himself would say: "It just works".
If you can get by sharing the few passwords you need to share in the family manually, then you most likely can get by on the free version (if you use a yubikey you need a subscription and some statistics are only available to subscribers). I like that self hosting is an option. I’m one of those who like the idea of self hosting. But I think that for the vast majority of people, it’s nothing they should bother to even consider. (Currently testing self hosting Nextcloud, not sure if I’ll keep it yet. But I won’t self host Bitwarden, at least not now, since I trust them more with security, availability and backups than myself.)
I use keepassxc with a yubikey, synced over nextcloud, works perfectly for me. With the app FolderSync you can add a task to periodically copy the keepass database to phone and tablet to have additional automated backups.
It's kind of amazing that a decision to use KeePass around 2004 remains not only viable but a preferred solution over 15 years later. The biggest difference is that the software has kind of stagnated, even when considering the wealth of plugins, so that the XC variant is probably more generally recommended. You can even still use the original version if you've been resisting .NET all this time.
I am in EXACTLY the same boat, and hadn't really considered that. I started using KeePass back in about 2005 as a high school student, back when the original .NET version of KeePass was the only version, and I did it out of convenience more than anything - so many sites required weird password rules, and I kept forgetting my slight variations of my memorized password. I chose KeePass because it seemed like the only good option at the time. By now, I have switched to KeePassXC, I use it on multiple platforms, and it just generally works great and has nearly 2 decades worth of passwords in it. I never would have expected that now, 17 years later, not only are there lots of password manager options, but most of them are terrible and I backed the right horse initially. Feels good. I guess you can't go wrong with open source.
I am a user of 1Password for more than 15 years. Sometimes I am tempted to move and save a buck, but I am too lazy to maintain this solution for me and family. Up to now I have a very good experience, and pretty sure that it will be like this unless they are sold.
I have a well established db file I just copy to new devices and add new passwords as I go. I only use 2 devices normally, so it works out fine. No sync needed.
A few months ago I migrated from LastPass to Bitwarden self-hosted and I'm really happy with the change. The setup was a little bit involved but that didn't bother me. The web browser integration is excellent as you said, and that's a big deal to me.
I am one of those effected by this change on Lastpass. They had the by far best free password manager solution out there. Over time they limited here and this latest limitation means I have to switch/pay the premium. I was considering 1Password but Bitwarden also looks decent and I will check it out but it feels like I will probably go with 1Password.
I have been using keypass 2 for a few years, I guess I will try XC to see what the differences are. I recently got an email from last pass saying that someone was trying to get into my account. I created an account a long time ago, realized that it wanted you to pay so I never used it.
Thanks and good advice. Curious tho on devices like smart tv, roku, etc which have a netflix app for example... is this able to be syncd and used on those type devices as well? Thats my biggest hurdle I think to get across to then start using better passwords across my whole ecosystem...
I started out with KeePass, but had trouble with synchronization. I didn’t trust the free services with the encrypted file (I know), and Nextcloud/own cloud at times created conflicted files. I switched to Enpass, cross platform, mobile platforms and syncing. It was a $10 lifetime app purchase for unlimited syncing from unlimited devices, but they have changed their offerings as time goes on. I still like it because I can use WebDAV with Nextcloud to keep the password file “local” and easily in sync.
No mention of 'Pass' - the standard unix password manager ? I thought a combo with 'Dmenu' and 'Pass-Tomb' was the solution. Am I missing something that makes KeepassXC safer / better ?
For those debating whether they want to use KeePassXC or Bitwarden. I used KeePassXC synced between a few of my devices, I tried a few tools for sync, syncthing, a usb drive and others I don't remember. An issue I always encountered was that sometime I would modify the db on a few devices before they got a chance to sync with each other, this results in a synchronization conflict. Imo, these sync conflicts are the worst part of the experience, I managed for a few years, but Its part of the experience that @Level1Tachs did not mention and its the biggest difference between the two options. When KeePass db file is modified in anyway it looks completely different from the file system perspective, only when you decrypt your KeePass db file, by opening it in KeePassXC, can you understand the changes. Because of this no file sync service can resolve any sync conflicts on its own. This is where Bitwarden provides a lot of usability IMO, on the server it can reconcile these sync issues because on the server it can see the file. But that's a big tradeoff, KeePassXC is more secure but on Bitwarden you don't have to deal with sync issues. Tl;dr @Level1Techs forgot to mention that Bitwarden saves you from having to deal with sync issues, but it can only do this because you are trusting the Bitwarden server more than you trust a sync server with a KeePass file.
Yeah, he lost me there. Everything gets more expensive because people want to earn more money. Also, will you trust an online service that charges only $1 per user per year?
Moved away from LastPass when they were making a mess of transitioning their Firefox browser extension to WebExtension. Their website offered an updated version, but the version in AMO was a whole full version number behind, missing a ton of features and being a buggy mess. Went to Bitwarden, haven't looked back since. That being said, Bitwarden does also limit the amount of devices on the free tier, but it's a much more generous 3 devices of any type. This will cover, for example, mobile, tablet/laptop, and desktop PC.
I just switched from Lastpass to BitWarden. Glad I did. I was able to export all my passwords from lastpass to bitwarden really easily. So I was able to make the switch without a hitch.
Is bitwarden easy to use in mobile, like allowing you to sign into apps and services via app-overlays? I am thinking of moving my entire family over, the problem is I am the only technical person, the rest are nearly technophobic and or elderly. It was hard enough getting them on lastpass (granted I already always used Family/Premium, but if they pulled this shit now, I can't trust them to not do it again soon, this time affecting my case)
Running KeepassXC with Syncthing. Using my Yubi key for MFA. I love how keepass can store MFA codes too for different services too. Haven't had a single issue with the set-up yet.
I've been using Enpass for a few years now and it's great (although the pricing is a bit questionable now, but I got it back when it was a 10-20€ one time purchase). While closed source, it synchronizes using many cloud services (Gdrive, WebDAV etc.) and supports custom fields with autofill and unlocking via biometrics (even on Windows).
Migrated to Bitwarden. Took literally a few clicks using my laptop and then setting it up on my phone took another few clicks. Getting face unlock gets a bit finicky but I managed. Works just as good as LP if not better. Really liking the simplicity of it.
Thanks Wendell. I didn't mind when Lastpass was $1/month for mobile to deskotp sync. No problem. I'll help keep your servers up and get people paid. I get it. Then it went free to help users forget what it used to cost. Ok, that was strange. Now they want $51CAD/year. ($4.25CAD/month) NO! Alternative implemented in 30 minutes. All data moved. Extensions and phone apps installed. Done. Logmein has done nothing but slowly destroy their own products over time.
@@Liverblow1 If you use a secure method to create your database passphrase (realistically a diceware generated 6, 7, 8+ word long password that you remember in your head) you can store password databases on cloud storage like google drive or dropbox. If you want to be extra safe add a key file of 128-256 bits of ascii characters to keepass. Then you can print the keyfile out and save it as a hardcopy backup in your ammo and gold safe, just in case. (But I am pretty sure a decent passphrase would be sufficient.)
Been using Lastpass for over 10 years, even paid for premium service for a few years. But then they made the premium features I cared about free, so I stopped paying. Figured they already made enough money from enterprise users. New price of $3/month is too much, they used to charge just $1/month. Great service while it lasted. With the changes to lastpass free, I switched to bitwarden, may even pay for it since $10/year is fair for yubikey support. So far it's working nearly as good, no regrets.
The main issue I had with KeepassXC was with the lock file created while editing the Keepass database (normal and expected for file editing). The lock file gets synced along with updates to the Keepass db file through a service such as SugarSync. Sometimes, the lock file does not get deleted once editing is complete, and will remain in the cloud hosting service even though it was removed locally. When opening the kdbx db from another computer, KeepassXC will instead create a new DB file with a unique name instead of returning an error that a lock exists. Over time, this can create many versions the db file without realizing what is happening.
I agree with the sentiment in general, and everyone needs to decide what is valuable for them. However, there are some things in life you should WANT to pay for. Email service and a password manager are in that category for me. To be clear, the alternatives to LastPass are good, and i may switch at some point. But I expect LastPass to invest in defending against attackers. This is a highly attractive single point of failure and I want to pay money for someone to help the hackers away, as much as is possible. Don’t cheap out on security and privacy.
I'm using both KeePassXC and a self-hosted Bitwarden. I love both. KeepassXC for stuff I don't ever need sync'd, bitwarden protected by a Yubikey for everything else. Works great. I used to use LP but their software went to crap long before their business model did.
I can strongly recommend KeepassXC as well, additionally it can also automatically download the favicon if a URL is added to a password/secret entry and makes selecting the right entry easier (if not using the extension for browser integration already. For me the biggest difficulty has always been synchronizing multiple databases since you wanna have it on every device you use obviously (and I didn't used to be always connected to the internet to just be able to synchronize when needed). Sadly the Android app version doesn't integrate that well and already makes it difficult synchronizing the internal cached version with the one on the "external" storage (aka /sdcard). At least for the version I'm using (which is one of the few offering fingerprint unlock if master key is entered once after boot). Especially when having a bigger database file (mine's already at 5MB because of some compressed sensitive data I've put in there) synchronization takes while, which it wants to do on every edit (can be disabled but then you are desynced). Sadly my work for some reason doesn't allow that keepass version to be used for whatever reason (probably some licence they don't recognize), though I guess I could compile my own version which the AV woudn't like (flags as not "reputable" software as not many people use it). If there were a hardware key with builtin keepass compatibility and keyboard emulation for auto-type would be ideal really as then you essentially have implicit 2FA (ownership+pw knowledge) but would need to be able to export the DB for backup. Nitrokey has something like it but requires their own software and only has like 10 pw slots (since I guess space is limited) though they also have encrypted usb drives (which again doesn't work at work since writing to external storage is forbidden by Windows). All in All, I'd really like to follow the best practices and usability open-source has already achieved but sadly it hasn't reached too much public knowledge or enterprise acceptance yet. I'd really like to see it succeed. Same story with Linux though and we see how this is going though perhaps at some point everyone will kind of get to use it explicitly or implicitly (under-the-hood as a platform-as-a-service) through some means or another. Really liked the video though, would like to see more of this type of PSA in video form that might be shareable for other people to follow, liked it twice (here and on floatplane ;) )
Somebody recommended syncthing to me. And although it's a damn hassle to setup it is fire and forget after that. It syncs perfectly fine now across my PC and my android phone. but yeah, It is always a hassle. And although Wendell says "it's fine if you know tech" it really isn't. Some people just don't have the time to go through the bullshit of setting up an entire architecture just to host your online credentials.
i've been using the vanilla keepass for like a decade (sync'ed in cloud) but never took the time to look into the other flavors. hmm if one of them has auto-update then I might look there...
I have been using Keepass for over 10 years. And am fine with it. Glad I didn't stray to something else. Now I am using it on Linux. I tried KeepassXC, and still like the original better. I may try it again, but KeePass gets it done. I also use KeePass2Android. Regardless, the data file, your passwords, is an encrypted file and you can move it around. I use a cloud service to hold the KeePass file that I replicate to from my devices.
Bitwarden recommended. Migrated from LP. Works on my mac and android just fine.
Hi..
Are you using the extension on safari?
My safari extension stops working after quitting safari and I need to re-enable it manually from safari preferences :(
Same here, been using LP for almost 6 years now. But with their upcoming policy changes I’ve just migrated to bitwarden.
how is the autofill on mobile?
@@garycoleman8906 I would say it’s pretty good.
@Robert Maclean I hope it doesn't and that they collapse and fail. Short-sighted profiteering. I'll gladly pay for a good service, but not when that service degrades so badly it's embarrassing.
I figured $40 a year for a family plan supporting 4 people, with the option to have a family folder to share, was a pretty good deal, but we spend so much time now nursing logins on Android that they should pay us.
Oh, for the Halcyon days of 2014 LastPass.
Anybody else remember when Wendell was just a torso sat behind four computer monitors?
I still have some t-shirts of him from teksyndicate
Don't forget the viking horns and beard
Speaking of _The Syndicate_ is, and shall remain *forbidden on this Channel...*
The days when you weren't sure if Wendell was just camera shy, or if he had done something crazy illegal and didn't want to be in the public eye.
He was like Wilson from Home Improvement
step1 - entice users
step2 - trap users
step3 - exploit users until collapse
silicon valley, and a lot of industries, are on step 2.5
@@mritunjaymusale Making their video cards shitty (banning vm usage for consumer cards and the mining bs for example) is not step 3, that's just believing they are at step 3. And it only works temporarily during massive shortages. Or are you talking about a service i am currently not aware of?
I mean that's still a dick move but still 2.5 at best.
@@fgregerfeaxcwfeffece Maybe true for Nvidia but I believe Apple is already at step 3.
And by the time you get to step 3 you have already become unsustainable. So in step 3 you continuously exploit with no room for respite.
@@adblockturnedoff4515 Well, that's why i never opposed it on apple. They absolutely are doing it. Thankfully they have no real monopoly (Well, i am biased i can barely see use for their "product"). Just one of the heaviest vendor lock-ins imaginable.
@@fgregerfeaxcwfeffece They have very real monopoly on their platform, but I see what you mean. They do create good products that work well with each other and are intuitive to use. But their business practices and the way they treat their customers is horrible. They blindly chase after profits and clout. Not a single shred of human emotion. The whole phrase that even the biggest of companies are run by humans doesn't apply to them. Sad.
@@adblockturnedoff4515 It's easier to have everything work when only whitelisted test cases work to begin with. And that's why i see apple as barely having a product. With this high price and this low functionality that's simply not a good ratio.
I actually had this conversation with a co worker just about 2 years ago:
A: Oh Linux is so hard!
B: Why did you use it?
A: Because what i tried was impossible with everything else.
B: See why this comparison is a bit unfair then because you basically equated impossible with "easy" or at least not as hard for the other side?
A: Okay, valid point..
Or in other words it's easy to never fail if you never do anything hard. Just avoid everything hard and never fail.
Sounds good until you look at all the missed opportunities. But i get it. Loss aversion psychology just leads you down that fallacy. That's just a known and well documented flaw in human psychology. We value loss harder then missed opportunity but in reality they are exactly equal. Money shows this very clearly. It doesn't matter if you lose 500 currency units or not gain 500 currency units. The result is you being short 500 as opposed to the alternative.
That also leads to the next common apple fallacy: They retain value!
Not really, if "A" buys a 1200$ iPhone and resells it after 2 years for 800$ "A" lost 400$.
Meanwhile "B bought a 200$ used One+ use it 2 years and drops it in the old phones drawer. (Of course it lasts longer, but i don't see the point in further beating a dead horse. Besides, the point was the 2 years period, so anything after that doesn't count no matter how much it goes in my favor. )
"B" saved 200$ compared to the great value retainer if if "B" just threw the phone into a river.
Or in other words after 2 years "B" is already 200$ ahead (even if the phone lost ALL value) if we are talking monetary gain. Not a good start i would say.
Now the common point would be: it's unfair to compare bought new to used etc. But the value retaining argument is usually used in against exactly buying cheaper.
I simply see impossible as a straight fail. So Apple products have to many fails to be considered. Biggest one: it's either locked or unsafe.
And on a business evaluation of a product you compare everything to other options at the same price and i don't see apple winning on single metric by that standard. But i am open to change my mind. So go on, tell me what's great. Only concrete use cases no marketing bullshit like "intuitive". Nothing is intuitive. there is no such thing as common sense. You only know what you learned.
The only thing that comes to my mind is a very narrow by its nature and my main contra argument:
Limited software lowers administration cost. They are glorified v-techs or gaming consoles, not computers.
I define computer as a general purpose device. Apple products are distinctly not that.
So i frankly can't see how the treatment is not part of the service. Sounds like plain old fin dom to me. And i don't kink shame.
"It's like running water inside your hosue getting more expensive, or electricity getting more expensive" - Texans staring from the corner.
*house
First thing I thought of.
@@minespeed2009 Any idea what causes prices to be so high at least compared to the US? I would hazard a guess of politics but I'm sure there's more to it because you pay literally 4-5x as much. That's not a ~30% tax.
@@minespeed2009 It's not 80%. According to Verivox it's 6.5 cents/kWh (www.verivox.de/strom/themen/eeg-umlage/) which is around 25%.
@@minespeed2009 In Sweden a few years ago when the environmental party came into power in a coalition government, a tax was introduced on solar power production that you use yourself (if you sold it you did not have to pay the fee, but instead some other fees, at least then you did a small profit).
They had to back down and remove the tax for small scale production (home size, but a few larger apartment buildings would still have to pay) after public “outrage”.
Who else is here after the LastPass database leak?
Here we go again.
oddly enough, i just saw another youtuber talking about LastPass as though it was still a viable password manager
Ha, yup.
This has aged amazingly well. Thank you, Wendell!
I just spent the last six hours changing passwords, tying up some loose strings as far as 2FA is concerned, as well as migrating everything off Lastpass to something hosted on my home server. Should have done this years ago, but the recent data breach scared me enough to get the ball rolling.
Wendell: "I don't want this to get technical or take too long" Me: "Sounds good. I guess I'm going to need my calculator, some paper, Visual Studio Code Editor and plenty of water to stay hydrated."
😆
Jumping from Lastpass to Keepass has been on my backlog for... probably a decade now, but this recent move forced me to make the jump.
I've started on Dashlane, migrated to Lastpass, and considered Bitwarden... but ultimately the objective was to go Keepass synching stuff on my own.
I have to say, there are reasons not to do it... go for something like Bitwarden instead for instance.
But I'm insisting... because ultimately, I don't wanna rely on someone else's server/service, so as good a time as ever I guess.
The general problem with Keepass is the general problem with several other FOSS software, which I also have highly adopted in recent years - it's fine for me, but if I'm gonna put it for someone else to use, like say, my mom who is in a permanent tech illiterate state, it starts getting harder.
But even for me, the decisions are taking longer than I'd like. Problem is, there are too many options, not that much material for research, and videos like this one are not that numerous, so it ends up not covering specific cases like mine.
For desktop it was kinda easy. Original Keepass is kind outdated but fine, KeepassXC is more modern with newer features, so there you go.
I still ran into some weird problem though. Not sure why, but Keepass XC was refusing to import a Lastpass CSV file inside an already created database... it keeps trying to create a new database instead.
So I had to do it via standard Keepass, and then open the database via KeepassXC. Perhaps because I'm trying to create a new database with a keyfile, not sure what's the issue.
On Android, things got worse. I tested KeePassDX, AuthPass, TinyKeepass and am currently using Keepass2Android... all of them have something that doesn't work, works weirdly, or is kinda messed up somehow. I think TinyKeepass doesn't support key files, KeePassDX I couldn't find a way of using biometrics alone do unlock the thing (requirement for my mom), AuthPass wouldn't accept my master password no matter how many times I tried for some reason. Keepass2Android is older and has a bit less friendly UI, but seems to be working... I just didn't fully test it yet to tell.
But the general problem is the same - compared to Lastpass, all these versions of Keepass seems to be generally more difficult for someone like my mom to use. You have bugs here and there, the interface is kinda convoluted and complicated, and you end up having to go through this familiar path of trying and testing things out...
I'm also trying to sync the database through my Synology NAS, future plans to build a server running NextCloud for it. I'm not sure what's the ideal way to do it.
I'm using a mix of DS Drive for Android and PC, or an older app called DS cloud for Android, and trying to sync things up that way. For me personally anything should work fine, but for my mom it has to be seamless and under the hood. No weird glitches, need for constant confirmation, reliant on configuration, and whatnot.
Just not sure if this will work out ok because I'm not sure how these apps deal with file conflicts and simultaneous usage.
Of course, the best thing about it is that when I manage to make it work for us, no more fears of a service cutting off features and ramping up prices out of nowhere.
Going the same route for Google Photos... for now, it's Synology Moments, and when I can get back home and build my own servers, it'll be NextCloud. Depending on how it goes, how easy to use the interfaces are, I might just keep the Synology for family usage, and reserve NextCloud for my personal stuff...
This was super helpful. I'm looking to get off the LP family plan on to 'XC -- your comment probably saved me a few hours.
Bitwarden is great for the lazy/busy technical user.
been using KeepassXC for couple years now because has win and Linux versions, and supports using keys with password.
thanks for the video.
*because
@@alvallac2171 sorry ty for correction
I've been using KeepassXC along with NextCloud. Been working great. I also use key files to make it harder to crack the encrypted database. The only issue is the firefox plugin can be flaky at times but still works fine most of the time.
@@Darkk6969 Thats good, love keepassxc. I have not used plugins, I generally use the portable version from a usb thumbdrive. I have 300 random keyfile documents on the same drive and turn off so it won't remember it along with a password---great for Linux as well, same DB files. Another great thing about keepass is it works on many "locked down" corporate computers without admin having to authorize it (good luck with that)
I started with Bitwarden 2 years ago as my first password manager and I have absolutely no regrets
I went from lastpass -> keepass 2 -> self hosted bitwarden on unraid with ssl and custom domain. Works very well across all devices.
Yeah, keepass is ok, but the browser/mobile integration is about on par or better than lastpass with bitwarden, also confused why Wendell said it was harder to setup? I mean if you can follow terminal instructions on how to setup docker then btiwarden_rs is really easy and thanks to ngnix proxy manager, forwarding that to a domain is also really easy these days.
@@vgamesx1 That was confusing. I assumed he meant that the official Bitwarden self-hosted install was too difficult, as opposed to bitwarden_rs which is fairly easy but is an unofficial 3rd party effort.
I have been considering doing the same, if it's as simple as just running a docker container and proxying traffic to it, I just might do that. I've been lazy with my password management stuff, so I probably should do better than I am rn.
I’m switching to bitwarden as well. I was happy to pay for LastPass as a way of supporting them and maintaining for the free users, but not really into the idea of eventually losing access (if I can’t use it in both my phone and desktop it isn’t useful) to an important piece of software if times are though financially.
Same, i've used lastpass for years, back when they were 12 bucks a year i paid that without issue. but then they made the free tier and the pay tier essentially identical, so i went free, now theyre basically ripping me off. They also make it seem like you get that cheaper discounted rate as 'grandfathered deal', nah its not, its just for 1 year and then you're bumped up to 36 (or likely more i'd bet) after the first year. sorry logmein not worth it.
@@gigatigga Same here, used free LastPass for a couple of years, then payed the 12$/month until it became free. Moved to Bitwarden a few months ago since I would rather have a open source/source available product for this. I happily pay the 10$/year for Yubikey access.
@@gigatigga Lastpass was the first 'free' service that I ever paid for just because I wanted to make sure it stayed a functional company. Never used any of the premium features.
When it went to $36 I dropped the payments because while its a useful service its not $36 a year useful and I never used any premium features to begin with.
Switched to Bitwarden 2 or 3 years ago now.
I use my phone and Mac interchangeably, and since i'm on "Free" the only way to use password on my iOS device is type it in by hand... I wouldn't mind paying for Premium if only security was better handled (without breaches).. but to me, it doesn't justify paying for something hackers already know about.
I'm gonna try Bitwarden,
Been using Bitwarden for a year-ish now ever since dashlane hiked their prices and haven't looked back. Highly recommended 👍
"Electricity getting more expensive... It doesn't make sense"
Laughs in Brazilian
And Germany. (Where the price for electricity has gone up 100% in recent years) ...
2002 it was 16 €cent/kWh. 2021 it is 32 €cent/kWh (32 €cent are 0.39$)
I see alot of Brazilians post things about Brazil and expect world to know what it means.....
@@murphy7801 I think my comment was pretty straight forward. We had an increase in our electricity.
It was 4% form 2020 to 2021. Honestly, that doesn't sound too bad comparing with other countries in the comments.
I'm sorry that other Brazilians are venting in the internet, our government is very controversial.
@@pacifico4999 no more just commenting on interesting phenomenon, not saying you shouldn't be doing it.
*Texas has joined the chat*
Trying to create a value where there is none or trying to press water out of a stone is what is ruining many products and companies. A company that offers something like password manager shouldn't be expected to make YOY gains until the end of time.
There should be some free quality password managers just there are with antivirus. Security hacks affect everyone. We need public health for the internet.
I've been using LP for the last 8 years or so. Switched to Bitwarden instantly last week and did the same with my parents this weekend. Keypass looked great as well but ease of use is much more important b.c. I gotta set up the whole family. Very happy with Bitwarden so far, I like that that it's all a bit more rudimentary looking than LP while having better useability imo
I meant to migrate away from Lastpass when I saw this video when you first released it. Sadly, work got in the way and procrastination. How did that bite me on the butt. Migrating now, changing all the passwords and notifying clients who may also have been affected. This video made a handy reference and giving it my clients saved me a lot of time.
1 year after, a pair of breaches shows that LOTS of things are stored UN-encrypted by LastPass.
I'm so glad I have used synced KeePass for years, even long before this video was published.
You should have heeded Wendell's warning. LastPass has been fully compromised. I'm going to self host to keep my stuff secure. (Although my current manager is physical and the only plane of attack is breaking into my house, bypassing the dogs, and finding my password book.)
thanks for the information, see you soon lmao
@@GabrielM01 Are you threatening me with hacking? Or, are you threatening me with breaking into my house?
@@Hidyman people cant take a joke anymore?
@@GabrielM01 Oh, sorry, I take my privacy seriously, next time throw a winky face in there.
@@Hidyman sure, my bad
I'm old school, I have a note book with really long passwords written in pencil. Some of the passwords characters are different than how they are written.
Totally fine. Providing your passwords are essentially diceware. It's all about identifying your threat model and a notepad and pen works great for some.
You've essentially created your own encrypted password file residing in your house. :)
You're surprised someone isn't as hysterical as you?
Vishur, what is your threat model?
My parents for example live in a nice community, crime is low, they've long since retired. Their password books are stored in a fire rated (and water rated) document lockbox situated next to their main PC along with other pieces of important information and their passwords are diceware.
Now, if they wanted synchronisation across devices I'd consider getting them up to speed with bitwarden, but they're happy with their current system, they understand it.
If I start talking about kdbx's and dropbox, etc their eyes will glaze over and I'll lose them, right now however with their little dice and crib sheet and their books my parents are considerably better off than when they used the name of our first pet for everything.
Now lets take a look at your tin foil hat approach - it all sounds splendid, until... "algorithms". You see, unless you're a mathematics whizz, or a computer, well the issue with it is that given enough public breaches, your algorithm becomes a recognisable pattern.
What once was "super secure" has now compromised every single password you ever generated using said algorithm.
@@iVGaur it's still terrible advice.
@@iVGaur crime impossible fire impossible? No they don't live in a make believe world but they've addressed those things.
It lives in a Fireproof safe.
Is physical violence impossible in your world? Pretty sure you'd succomb to a few sledgehammer blows to your knee caps and reveal your algorithm under duress. Yet you don't seem so concerned about that.
It depends, if you're a nobody like yourself then perhaps you're correct your threat model needn't be concerned with targeted attacks however if you're someone of at least moderate interest perhaps it should be.
Notice you're demonstrating my point exactly, you're agreeing that it all depends on your threat model.
Are my parents concerned about crime? Not really, but it's under lock and key anyway.
Are my parents concerned about fire? Not really but it's in a fire proof safe anyway.
Both of those risks are now mitigated.
Yours however is still unanswered.
Thank you, Wendell! I was actually thinking that I will have to start paying them, but here you are helping us to save money!
I've been a paying Lastpass customer for about a year now. I pay $48 a year for a Family Plan for four of us. Bitwarden is $40 per year. So while that's cheaper, the cost of switching (in time) makes me stay put for now. I realize that's a slippery slope that could have us get locked in for longer due to increasing amount of time required to switch as the password lists grow. I need the family plan because I've got grade-school kids that I'd like to have learn good password management habits. I'll see how things shake out for a bit - but this is good info to consider.
Moving between them is pretty simple.
Lastpass - export to CSV
Bitwarden - import from CSV
Securely delete CSV.
Done.
Must be a sign when this video came up on my recommended. I stuck with Lastpass despite the service changes last year, thought i could still work with the limitations which was still livable. But with the recent big hack, pretty much lost faith in them.
Been using BitwardenRS on my home server for about a year now. It is great! I use the browser plugins, desktop application, and phone app with fingerprint access, super convenient.
I had exported all my passwords from Chrome password sync (yuck, I know), then I used bitwarden to help me set unique super secure passwords for all my websites.
My next step is to develop a high availability strategy in the event my home internet takes a nap while I'm on vacation or something..
Bitwarden clients cache password file, so you can use your passwords even without Internet connection. This should be enough to survive a brief nap, but high availability is a good thing nevertheless.
@@VaKU. it might be an issue if you changed the password and the cached password is out of date.
If you're running bitwardenrs you should be able to access your passwords even without internet since you can use the local IP to access the docker.
@@VaKU. I'm assuming running it on a local machine, not running on linode. You could run bitwardenrs on a raspberry pi if you wanted to. Really no reason pay for linode, when a you can get a raspberry pi for cheap and cost you very little to run. Should easily be under $1 of electricity every month unless power is very expensive in your area.
@@joemann7971 Thanks, I know that and have several RPis. I'm hosting BitwardenRS on my NAS. My earlier comment was an answer to @Chris Burnes on the point of "a high availability strategy in the event my home internet takes a nap while I'm on vacation".
I think that cached passwords may be a reasonably sufficient solution for a brief periods, when server at home is without connectivity.
For a single user scenario I would agree, when you have 4 family members with shared folders and passwords, lastpass takes the cake for me. I can update a password and my wife doesn't even have to know, it will just sync to her account and work for her
3:37 the electric infrastructure in Texas collapsed due to own lack of foresight and maintenance. there's scarcity. let's drop some surprise $10,000+ charges to the user's electric bill.
It shouldn’t have come as a surprise. They signed up for wholesale rate plans. It’s a case of know what you’re signing up for. Not defending the electric companies. But people need to understand there’s a flip side to the ultra low bills they usually get.
Bitwarden sounds like the thing for me since Ive been wanting to get my parents to use a password manager, and they aren't technically inclined.
I want to use the same service as them if only because then I would be familiar with the service and how it works if they ever have a problem.
To many times they have called me about something I have never used or heard of before and always takes time quickly learning how to actually use whatever they are trying to use to fix the problem.
I was using Keepass/Dropbox and found that combination worked quite well. I’ve moved to Bitwarden as the integration is better, especially across multi-device/multi-platform
I've been using KeePass + Kee browser plugin on desktop, works very good. Also KeePass supports ChaCha20 that is even better than AES256.
Isn't ChaCha20 only better than AES because it is faster? I can see that being good for some purposes but my AES password database decrypts so fast I don't notice it doing anything already.
Whatever alternate you choose, remember to keep a backup of your passwords just in case, you probably have a few hundred or so passwords and really don't want to lose them, so even if you don't plan on using Keepass it isn't a bad idea to import them anyway or if nothing else at least get veracrypt and encrypt your password export.
This should be part of the business of building computers. From smart phones to desktops should come secure otherwise these programs seem based of the old mafia style “protection” rackets
I prefer keeping my passwords on a local level and not online. Yes I'm aware that things can be encrypted before they are sent and what not. Just keeping things offline that you don't want others to know is just a better way to be sure if you ask me. I don't have to worry about an encryption being broken or a databreach among other things. The only real downside is that I don't have the convenience of a quick one password login, and I'm more than OK with that.
I’ve been using DataVault for years and all data lies at the local level. You have to manually sync between devices. But it’s one password for the program across all devices. You can’t fix what isn’t broken.
Thanks for this video Wendell. I always come back to you when I'm doing security spring cleaning. Been using Lastpass for a few years and with their recent change I wanted to double check what the options out there are. Just switched to Bitwarden!
I use the Bitwarden docker image and haven't had any issues but I do dread the day when something goes wrong. It's a total blackbox. Maybe remind folks to enable backups on their Linode instance if they're going to host all their passwords on it..
It's just a single SQlite database and bitwarden-rs source code is open source -- I would not consider that a total blackbox. But yeah, people should definitely back up their database regardless.
@@at0m113 Nah I'm talking about this one: bitwarden.com/help/article/install-on-premise/
I think Wendell mentioned it before talking about bitwarden-rs. It spins up 12 containers and installation/updates are all managed via a script. I've never had a problem with it but tbh I wouldn't even know where to begin if an update failed.
@@Brayden421 Oh yeah. As soon as I saw how nuts all the moving pieces was for that I ran away quickly. I don’t blame you for being nervous about it.
For me, the main draw of lastpass is the auto-fill, and the fact I can easily use it on my phone as well. So many times I need to randomly sign in to something on my phone, I'd like to have it work there.
I'll check out Keepass, as it seems like the synchronization could already be easy enough, but a lot of these open source tools feel like patchwork to me; How do I have file synchronization that automatically works every time? Where does a browser extension come in to it? What if my phone updates and 'messes' with something? I'm the layman that Lastpass was meant for, and if there are any similar solutions, please inform me.
I switched to Bitwarden and the autofill on smartphones works very well, was super easy to switch from Lastpass to Bitwarden, when it comes to password security I'm not super serious like Wendell, but I wanted a working service, so Bitwarden is it now.
I switched from LastPass to Bitwarden on my phone and can confirm what IR4TE said. Autofill is as easy as with LP.
I actually prefer using keybinds to autofill (bitwarden) and I've had no problems with autofill on phone using bitwarden, personally I haven't had any issues that would make me feel like bitwarden is patchwork if anything I'd say dashlane (what I used before bitwarden) made me feel that way more, if keepass doesn't work well for you I'd recommend checking out bitwarden.
There are Android and iOS apps that support KeePass files. Use what ever synchronization service to get your kdbx to your phone and the apps plug into the OS’s password auto fill for easy use. Synchronization is as easy as storing your kdbx file in your drop box folder or any other equivalent service. You could even use something open source like syncthing. For desktop KeePassXC does have browser integration but you also need the app running I think.
I run an extension called KeePassHelper that does what you want, you just have to use a plugin for keepass called keepasshttp and it should work.
Dude. This information made my month. Encryptr just end-of-lifed and I thought they shut down permanently leaving me without all my passwords or keys for crypto. They turned the servers back on this weekend for people to migrate their data off, and Bitwarden was super easy to setup and migrate to. Great video!
I saw the news about LastPass when it first came out, and I kid you not I had 3 accounts migrated over to Bitwarden within 15 minutes. It was so easy and I'd been looking for an excuse to ditch LastPass and this was the final straw.
Let's try again: Use KeePass + rclone, dont use any of the commercial products, they are all honeypot. You dont control the app, you dont control the remote rest data == you dont control your passwords.
not your keys not your stuff. is there dumb version than manages everything from the boot of the computer and no need to do much after copying the seed phrase?
Bitwarden.
Just self-host it.
All this keepass + cloud storage service + syncing between devices is bandaids around a crap solution. Host your own bitwarden setup and call it quits. Done.
Personally use keepass + Kee + rsync mostly.
Kee is pretty good as a browser extension and allows for far better domain fine tuning than lastpass ever could.
At work, we do use Lastpass on a company level as at the time I chose it, it was a good option for sharing passwords between people (yes we are single account freeloading on software that charges per account).
been using bitwarden for years and love it.
The biggest features that made LastPass so good are the browser extensions and the mobile application. If Bitwarden can match those (especially the iOS app making use of the system password auto fill) then I would definitely consider switching
I left LastPass after they were bought by LogMeIn. Bitwarden on iOS can autofill since you can specify the password manager in iOS now.
Be warned. When self-hosted, Bitwarden's data directory stores a PLAINTEXT list of what sites you visit (as well as your email address, and your recovery question)
@My Name Is Donk And I Love To Honk I use Bitwarden. But I have disabled the cache in every app, including the core, secure erased the unavoidable detritus, and wrote a watchdog to auto-cleanup if I have to install a new client. It works for me, but it's non trivial... The whole mess lends itself to several very interesting side channel attacks ... But while it's only me using it, I will tolerate the inconvenience of having to plug this hole myself for the benefits of using Bitwarden.
Man this may just make me switch back to 1Password.
@@csbluechip Stil the case, even with the new versions?
Bitwarden also lacks proper memory encryption, any app can just swallow the decrypted data from your cache, KeePass encrypts it
@@estebanod I wonder if there‘s anything these days, that just does it proper.
I dunno why but self hosting bitwarden makes me a bit nervous with regards to external access . Places a lot of the responsibility to hardness my server better than bitwarden can do but its something I'm interested in exploring perhaps a topic for a video?
Nothing to be afraid of. Even if they get in everything is encrypted in browser.
A few points:
* It'd nice to find stats for this, but I wouldn't not be surprised if you're at bigger risk of your password database leaking when centrally hosted through Bitwarden, simply because they are a much more attractive target than you unless you're Jeff Bezos or something
* As mentioned in the video, the database on the server is meaningless unless you have the master password
* You can layer security here -- for example, you could make all your services (including Bitwarden) only accessible when connected via VPN
I have considered self hosting, but came to the same conclusion. I trust Bitwarden more to keep their servers protected than myself. I also trust Bitwarden more not to loose my database file than myself (in case of house fire, lightning frying computers and so on).
Is it bad that I make all of my passwords by smashing my keyboard into a text document? Never saw the need for password managers beyond what the browser comes with tbh.
Wendell, I have to disagree about using Keepass files on sync service - I tried it and wouldn't recommend it because there is no conflict resolution or direct access to the DB. That means if you work on multiple machines you have to be sure that the file has been fully synced before you edit on the second machine; and of course it's single user only. And whenever you need access to a password you need to download and unlock the entire file. So it's a possible solution, but not a great one.
I already left from Lastpass and started using Bitwarden. I was using Lastpass for last five and a half years.. pffff
We use keepass at work also. Good, but not for everyday use (for me).
Anyway, it was nice listening to you, giving information to people and comparing solutions.
This video is just on time. I was using LP and now I'm looking for an alternative that I can trust.
Thank you : )
Glad we could help! ~ Editor Amber
Seriously use a free resource people. And make sure it's your own.
Man. This is timely and useful. Still can’t decide my next step, but this explains a couple options.
Thanks, my guy.
I would love to see Wendell do an additional video discussing password managers that ship with antivirus software. I've read that they are typically not even close to as good, but it might be worth commenting on these in light of changes to LP.
+1 for bitwarden it's FOSS and it has a self host option if you don't like their cloud option. Even if they ever go closed, we can always use the service prior to it going closed and know it's functional. a fork can always exist.
What about Firefox lockwise?
One detail that was not mentioned- you can log into Bitwarden on Android phones using biometrics so you do not have to enter in your long passphrase every time... Select Settings->Security/Unlock with Biometrics.
Good presentation, I've used KeePass and Bitwarden, like them both. Even self hosted Bitwarden. For the price I let them host it and pay for the extra features. Like using my Yubi Keys as an extra layer of protection. Both KeePass and Bitwarden are great for managing thousands of pwds. Last Pass sucks and pulling your passwords off Last Pass is not for the faint of heart, they make it more difficult than needed.
Hi Wendell,
What is your take with the browser password managers, both Chrome and Firefox have pretty solid ones, but how are they encrypted?
Family pricing for LastPass and Bitwarden seems to be very similar though. Also, seriously, for most folks running Linode or NextCloud or their own containers is just LOL. Next step: Just spin up a Kubernetes cluster, configure a few Helm charts, run some NGINX on the front end, pull that Bitwarden container, and bam, as Todd Howard himself would say: "It just works".
If you can get by sharing the few passwords you need to share in the family manually, then you most likely can get by on the free version (if you use a yubikey you need a subscription and some statistics are only available to subscribers).
I like that self hosting is an option. I’m one of those who like the idea of self hosting. But I think that for the vast majority of people, it’s nothing they should bother to even consider.
(Currently testing self hosting Nextcloud, not sure if I’ll keep it yet. But I won’t self host Bitwarden, at least not now, since I trust them more with security, availability and backups than myself.)
I'm in the place between keepassxc on nextcloud or self hosted bitwarden right now
i do run bitwarden on a cheap vps that i had flying around and it works like a charm
I use keepassxc with a yubikey, synced over nextcloud, works perfectly for me. With the app FolderSync you can add a task to periodically copy the keepass database to phone and tablet to have additional automated backups.
Downright prophetic lol I'm happy I took this advice
It's kind of amazing that a decision to use KeePass around 2004 remains not only viable but a preferred solution over 15 years later. The biggest difference is that the software has kind of stagnated, even when considering the wealth of plugins, so that the XC variant is probably more generally recommended. You can even still use the original version if you've been resisting .NET all this time.
I am in EXACTLY the same boat, and hadn't really considered that. I started using KeePass back in about 2005 as a high school student, back when the original .NET version of KeePass was the only version, and I did it out of convenience more than anything - so many sites required weird password rules, and I kept forgetting my slight variations of my memorized password. I chose KeePass because it seemed like the only good option at the time. By now, I have switched to KeePassXC, I use it on multiple platforms, and it just generally works great and has nearly 2 decades worth of passwords in it. I never would have expected that now, 17 years later, not only are there lots of password manager options, but most of them are terrible and I backed the right horse initially. Feels good. I guess you can't go wrong with open source.
I am a user of 1Password for more than 15 years. Sometimes I am tempted to move and save a buck, but I am too lazy to maintain this solution for me and family. Up to now I have a very good experience, and pretty sure that it will be like this unless they are sold.
I’ve been a happy keepass user for a good year or so now. I pull the db onto my phone and tablet and use strongbox to access it mobile wise
I have a well established db file I just copy to new devices and add new passwords as I go. I only use 2 devices normally, so it works out fine. No sync needed.
Yeah, Keepass is just great. :D
@@larrygall5831 Sounds inconvenient to update database every time on both devices.
KeePassXC is the way to go here. Excellent stuff.
A few months ago I migrated from LastPass to Bitwarden self-hosted and I'm really happy with the change. The setup was a little bit involved but that didn't bother me. The web browser integration is excellent as you said, and that's a big deal to me.
Just switched to Bitwarden yesterday after 8 years of LastPass lets see how it goes. Might be trying KeePassXC as well
Let us know how it goes! ~ Editor Amber
Using Bitwarden for some years now... can't live without it... Just awesome 🥰
Keepass + Dropbox.
Not the slickest UI, but works so well for me over 10 years of doing dev work.
I am one of those effected by this change on Lastpass. They had the by far best free password manager solution out there. Over time they limited here and this latest limitation means I have to switch/pay the premium. I was considering 1Password but Bitwarden also looks decent and I will check it out but it feels like I will probably go with 1Password.
If you are going to pay for a manager 1Password is the way to go. Bitwarden is only good if you really want to self host it.
I have been using keypass 2 for a few years, I guess I will try XC to see what the differences are. I recently got an email from last pass saying that someone was trying to get into my account. I created an account a long time ago, realized that it wanted you to pay so I never used it.
Thanks and good advice. Curious tho on devices like smart tv, roku, etc which have a netflix app for example... is this able to be syncd and used on those type devices as well? Thats my biggest hurdle I think to get across to then start using better passwords across my whole ecosystem...
I started out with KeePass, but had trouble with synchronization. I didn’t trust the free services with the encrypted file (I know), and Nextcloud/own cloud at times created conflicted files. I switched to Enpass, cross platform, mobile platforms and syncing. It was a $10 lifetime app purchase for unlimited syncing from unlimited devices, but they have changed their offerings as time goes on. I still like it because I can use WebDAV with Nextcloud to keep the password file “local” and easily in sync.
Been using 1password for years , prob should switch at some point to something open
No mention of 'Pass' - the standard unix password manager ? I thought a combo with 'Dmenu' and 'Pass-Tomb' was the solution. Am I missing something that makes KeepassXC safer / better ?
I'm currently still using LP on Firefox but now FF offers its own password manager, how good or bad it is?
For those debating whether they want to use KeePassXC or Bitwarden. I used KeePassXC synced between a few of my devices, I tried a few tools for sync, syncthing, a usb drive and others I don't remember. An issue I always encountered was that sometime I would modify the db on a few devices before they got a chance to sync with each other, this results in a synchronization conflict. Imo, these sync conflicts are the worst part of the experience, I managed for a few years, but Its part of the experience that @Level1Tachs did not mention and its the biggest difference between the two options.
When KeePass db file is modified in anyway it looks completely different from the file system perspective, only when you decrypt your KeePass db file, by opening it in KeePassXC, can you understand the changes. Because of this no file sync service can resolve any sync conflicts on its own. This is where Bitwarden provides a lot of usability IMO, on the server it can reconcile these sync issues because on the server it can see the file. But that's a big tradeoff, KeePassXC is more secure but on Bitwarden you don't have to deal with sync issues.
Tl;dr @Level1Techs forgot to mention that Bitwarden saves you from having to deal with sync issues, but it can only do this because you are trusting the Bitwarden server more than you trust a sync server with a KeePass file.
i love how enthusiastically talks stuff i have no idea what is for.
Electricity and water ARE only getting more expensive in my country, what are you talking about :D
Yeah, he lost me there. Everything gets more expensive because people want to earn more money. Also, will you trust an online service that charges only $1 per user per year?
Moved away from LastPass when they were making a mess of transitioning their Firefox browser extension to WebExtension. Their website offered an updated version, but the version in AMO was a whole full version number behind, missing a ton of features and being a buggy mess. Went to Bitwarden, haven't looked back since. That being said, Bitwarden does also limit the amount of devices on the free tier, but it's a much more generous 3 devices of any type. This will cover, for example, mobile, tablet/laptop, and desktop PC.
I've used KeePass (not KeePassXC) for what seems decades. Probably not. But for many years.
I don't intend to switch.
I just switched from Lastpass to BitWarden. Glad I did. I was able to export all my passwords from lastpass to bitwarden really easily. So I was able to make the switch without a hitch.
Is bitwarden easy to use in mobile, like allowing you to sign into apps and services via app-overlays?
I am thinking of moving my entire family over, the problem is I am the only technical person, the rest are nearly technophobic and or elderly. It was hard enough getting them on lastpass (granted I already always used Family/Premium, but if they pulled this shit now, I can't trust them to not do it again soon, this time affecting my case)
I don’t know about android. But it works as well on iPhone as LastPass does (that is almost all the time).
Running KeepassXC with Syncthing. Using my Yubi key for MFA. I love how keepass can store MFA codes too for different services too. Haven't had a single issue with the set-up yet.
I've been using Enpass for a few years now and it's great (although the pricing is a bit questionable now, but I got it back when it was a 10-20€ one time purchase).
While closed source, it synchronizes using many cloud services (Gdrive, WebDAV etc.) and supports custom fields with autofill and unlocking via biometrics (even on Windows).
i'm selfhosting BitWarden for over a year now, couldn't be more happier with the works.
Using BitwardenRS (rust rewrite) with great success, give it a shot?
Oh wow, I didn't know you were an L1T viewer President Joe Biden!
Migrated to Bitwarden. Took literally a few clicks using my laptop and then setting it up on my phone took another few clicks. Getting face unlock gets a bit finicky but I managed. Works just as good as LP if not better. Really liking the simplicity of it.
Does it have the same auto fill functionality as LastPass?
Thanks Wendell. I didn't mind when Lastpass was $1/month for mobile to deskotp sync. No problem. I'll help keep your servers up and get people paid. I get it.
Then it went free to help users forget what it used to cost. Ok, that was strange.
Now they want $51CAD/year. ($4.25CAD/month)
NO!
Alternative implemented in 30 minutes. All data moved. Extensions and phone apps installed.
Done.
Logmein has done nothing but slowly destroy their own products over time.
What did you switch to?
KeePassXC on desktop. KeepassDX on android. Plus Syncthing.
BROTHER
YES!
this sounds like the best way forward, do you store any backups on any other devices? is it safe to store the file on google drive?
@@Liverblow1 If you use a secure method to create your database passphrase (realistically a diceware generated 6, 7, 8+ word long password that you remember in your head) you can store password databases on cloud storage like google drive or dropbox. If you want to be extra safe add a key file of 128-256 bits of ascii characters to keepass. Then you can print the keyfile out and save it as a hardcopy backup in your ammo and gold safe, just in case. (But I am pretty sure a decent passphrase would be sufficient.)
@@knightrider585 thank you I'll do that
Thanks soooo much.. was looking for something that wasn't last pass.. thanks good sir..
Been using Lastpass for over 10 years, even paid for premium service for a few years. But then they made the premium features I cared about free, so I stopped paying. Figured they already made enough money from enterprise users. New price of $3/month is too much, they used to charge just $1/month. Great service while it lasted. With the changes to lastpass free, I switched to bitwarden, may even pay for it since $10/year is fair for yubikey support. So far it's working nearly as good, no regrets.
The main issue I had with KeepassXC was with the lock file created while editing the Keepass database (normal and expected for file editing). The lock file gets synced along with updates to the Keepass db file through a service such as SugarSync.
Sometimes, the lock file does not get deleted once editing is complete, and will remain in the cloud hosting service even though it was removed locally. When opening the kdbx db from another computer, KeepassXC will instead create a new DB file with a unique name instead of returning an error that a lock exists. Over time, this can create many versions the db file without realizing what is happening.
I agree with the sentiment in general, and everyone needs to decide what is valuable for them. However, there are some things in life you should WANT to pay for. Email service and a password manager are in that category for me.
To be clear, the alternatives to LastPass are good, and i may switch at some point. But I expect LastPass to invest in defending against attackers. This is a highly attractive single point of failure and I want to pay money for someone to help the hackers away, as much as is possible. Don’t cheap out on security and privacy.
I'm using both KeePassXC and a self-hosted Bitwarden. I love both. KeepassXC for stuff I don't ever need sync'd, bitwarden protected by a Yubikey for everything else. Works great. I used to use LP but their software went to crap long before their business model did.
I can strongly recommend KeepassXC as well, additionally it can also automatically download the favicon if a URL is added to a password/secret entry and makes selecting the right entry easier (if not using the extension for browser integration already.
For me the biggest difficulty has always been synchronizing multiple databases since you wanna have it on every device you use obviously (and I didn't used to be always connected to the internet to just be able to synchronize when needed). Sadly the Android app version doesn't integrate that well and already makes it difficult synchronizing the internal cached version with the one on the "external" storage (aka /sdcard). At least for the version I'm using (which is one of the few offering fingerprint unlock if master key is entered once after boot). Especially when having a bigger database file (mine's already at 5MB because of some compressed sensitive data I've put in there) synchronization takes while, which it wants to do on every edit (can be disabled but then you are desynced).
Sadly my work for some reason doesn't allow that keepass version to be used for whatever reason (probably some licence they don't recognize), though I guess I could compile my own version which the AV woudn't like (flags as not "reputable" software as not many people use it).
If there were a hardware key with builtin keepass compatibility and keyboard emulation for auto-type would be ideal really as then you essentially have implicit 2FA (ownership+pw knowledge) but would need to be able to export the DB for backup. Nitrokey has something like it but requires their own software and only has like 10 pw slots (since I guess space is limited) though they also have encrypted usb drives (which again doesn't work at work since writing to external storage is forbidden by Windows).
All in All, I'd really like to follow the best practices and usability open-source has already achieved but sadly it hasn't reached too much public knowledge or enterprise acceptance yet. I'd really like to see it succeed. Same story with Linux though and we see how this is going though perhaps at some point everyone will kind of get to use it explicitly or implicitly (under-the-hood as a platform-as-a-service) through some means or another.
Really liked the video though, would like to see more of this type of PSA in video form that might be shareable for other people to follow, liked it twice (here and on floatplane ;) )
Somebody recommended syncthing to me. And although it's a damn hassle to setup it is fire and forget after that. It syncs perfectly fine now across my PC and my android phone.
but yeah, It is always a hassle. And although Wendell says "it's fine if you know tech" it really isn't. Some people just don't have the time to go through the bullshit of setting up an entire architecture just to host your online credentials.
Wendell: "I don't want this to get technical or take too long"
Me: Strong doubt on both of those :)
Ive been using bitwarden. Then I heard your summary at the very end. Thanks for labelling me as a "less technical user", for using bitwarden. 😜
:D ~ Editor Amber
Well same with Dashlane lately...it went down the dirty drain.
i've been using the vanilla keepass for like a decade (sync'ed in cloud) but never took the time to look into the other flavors. hmm if one of them has auto-update then I might look there...
I use keepassXC as my password manager on my PC and keepassDX on my phone synced with syncthing which works really well
I have been using Keepass for over 10 years. And am fine with it. Glad I didn't stray to something else. Now I am using it on Linux.
I tried KeepassXC, and still like the original better. I may try it again, but KeePass gets it done.
I also use KeePass2Android.
Regardless, the data file, your passwords, is an encrypted file and you can move it around. I use a cloud service to hold the KeePass file that I replicate to from my devices.