this post was submitted on 11 Sep 2023
129 points (96.4% liked)

Privacy

32177 readers
638 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

thank you.

top 50 comments
sorted by: hot top controversial new old
[–] Anon819450514@lemmy.ca 140 points 1 year ago (4 children)

Bitwarden. It's free, open-srouce, you can even self-host your own instance.. or pay 10$/year! for the full support. The free version has everything you will ever need.

[–] Cralder@feddit.nu 53 points 1 year ago (8 children)

The price for the premium is fucking crazy. 10$ a fucking YEAR?? Not month but YEAR!? What features do you get? Actually I don't care about the features just take my money that's cheap as shit

[–] ikiru@lemmy.ml 55 points 1 year ago (1 children)

I have premium and I have no idea. I just pay it to support them.

It's an excellent password manager. I love it!

[–] Molotov@feddit.de 7 points 1 year ago
[–] sarjalim@lemm.ee 17 points 1 year ago* (last edited 1 year ago) (2 children)

I pay for Bitwarden premium and the big thing for me is the ability to use it for 2FA/TOTP right from the browser extension (for sites where I feel convenience mostly trumps hardened security). It's glorious that Bitwarden autofills username and password, and then auto-copies the current 2FA code to your clipboard so you can just paste it immediately, instead of needing to pull up your phone and authenticator app to fetch a code, or check your email/texts for a code.

[–] pjhenry1216@kbin.social 9 points 1 year ago (1 children)

Proton has a similar feature (not sure if it's part of free or premium as I subscribed for proton ultimate so it just came with Proton Pass). It's honestly crazy how nice having TOTP right in the extension for the account's entry in the manager.

Also, I realize this is like the third time I've made a comment about Proton, so I'm probably gonna stop before folks think I'm like a shill or something.

[–] TheLastOfHisName@kbin.social 9 points 1 year ago

It's not shilling if you genuinely believe in it. I use Proton's services as well. Love that company.

load more comments (1 replies)
[–] LUHG_HANI@lemmy.world 12 points 1 year ago

It's so good that people think we are paid to promote it. Kinda sad that really. It's pretty evident that we aren't shills. Use my code: shill20

[–] amju_wolf@pawb.social 11 points 1 year ago* (last edited 1 year ago)

It's insane to think that people think of that as cheap. It's ... adequate. Clearly enough to run a company that can support it and further develop it, all the infrastructure, etc. Somehow all other companies convinced us that it should be okay to pay $10 per month or more for the most basic of services, where until now their revenue per user was maybe $0.5/month for the biggest users (ad watchers).

$10 per year is what the vast majority of subscriptions should cost - they'd still make plenty of money, but it's just not enough for them when they know they can nickle and dime you for more.

[–] kittykabal@kbin.social 6 points 1 year ago

the big feature i use from premium is the ability to use hardware 2fa. i use a Yubikey to secure it further. worth the peace of mind imo, and Bitwarden has never once failed me in the years i've been using it!

[–] Anon819450514@lemmy.ca 3 points 1 year ago* (last edited 1 year ago)

You can share passwords with other people, you get 1gb of attachments space disk (to store important documents, recovery keys, crypto wallet, etc), you have access to many reports that will tell you what password might have leaked, weak password and whatnot.

[–] Nyanix@lemmy.ca 3 points 1 year ago (1 children)

I know of MFA being allowed on it when you go premium, and I think it allows a collection, so you can have a shared collection of passwords with someone else. It's been really handy for my wife and I, especially for things like bank and apartment logins.

load more comments (1 replies)
load more comments (1 replies)
load more comments (3 replies)
[–] adhdplantdev@lemm.ee 64 points 1 year ago (1 children)

The Firefox password manager can be secured with a master password that encrypts everything in your browser password store. Believe it's pretty secure if you set this password otherwise it's almost akin to having passwords stored in plain text.

+1 for bitwarden

[–] artaxthehappyhorse@lemmy.ml 24 points 1 year ago* (last edited 1 year ago) (2 children)

It's encrypted over Firefox Sync though, regardless of if you set a master password.

The master password is only needed if you don't have complete physical security (or your machine is hacked)

Curious if OP was more interested in how secure the Sync feature is vs the manager itself. Sync requires trusting that Mozilla aren't the bad guys.

[–] PeachMan@lemmy.one 8 points 1 year ago

It only uses Sync if you set up a Mozilla account. If you prefer not to do that, you can still set a Primary Password and the passwords will remain local on your machine, encrypted: https://support.mozilla.org/en-US/kb/how-firefox-securely-saves-passwords

load more comments (1 replies)
[–] lemann@lemmy.one 42 points 1 year ago (1 children)

IMO yes. It's stored encrypted on their sync service, and you can additionally encrypt it locally too by setting a master password in FF settings.

Didn't notice any mention that you can actually self host Firefox's browser sync service yourself. Personally haven't tried, but IIRC there's setup docs on Mozilla's github

[–] electric_nan@lemmy.ml 7 points 1 year ago

I self hosted the sync service for awhile, but I think its broken now.

[–] Sandbag@lemmy.world 38 points 1 year ago (3 children)

I wouldn't use any browser password manager, last time I even looked at one they were saving my passwords in plaintext!

Bitwarden, one pass, keepass, basically anything other than LastPass should be good!

[–] ares35@kbin.social 10 points 1 year ago

without a master password, firefox just uses a simple scheme it can reverse. if you use a master password, though, then that password is needed.

chromium browsers now use windows credentials, if you have no password on a local windows account, then none is needed to extract the passwords from the browser. .

[–] Risus_Nex@lemmy.world 4 points 1 year ago* (last edited 1 year ago) (4 children)

It seems I'm not up-to-date. What's wrong with LastPass?

Edit: nevermind. I just googled it. [https://www.notebookcheck.com/Ist-LastPass-noch-sicher-Experten-kritisieren-den-Passwortmanager.677484.0.html)(url) Here is an article about it (in German), for anyone else wondering.

Seems like I will have to find a way to move my vault to another password manager. I hope I can find a way of doing this safely without needing to do that manually... So I am grateful for any advice!

[–] LinkOpensChest_wav@lemmy.one 11 points 1 year ago (1 children)

https://bitwarden.com/help/import-from-lastpass/

Here's how you do it with Bitwarden, in case you decide on that

[–] Risus_Nex@lemmy.world 3 points 1 year ago

Thank you! Bitwarden seems to be mentioned a lot here. I'm gonna look into it.

[–] TigrisMorte@kbin.social 6 points 1 year ago

Other than the terrible security record? That they are proprietary.

[–] MartinXYZ@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

I moved from LastPass to Bitwarden. It was quite easy to move everything over. I've been using Bitwarden for several years now and have no complains. I believe Bitwarden has a guide on how to move your content from LastPass.

Edit: I use Bitwarden on both pc and mobile. No issues.

[–] TechieDamien@lemmy.ml 2 points 1 year ago

I migrated from lastpass to pass using pass-import. Worked wonders.

[–] Squa64res@lemmy.ml 3 points 1 year ago (1 children)

thank you for the rec! a small doubt even though they are in plaintext, when the hackers can't log in aren't they safe tho or is it easy to hack?

load more comments (1 replies)
[–] LUHG_HANI@lemmy.world 38 points 1 year ago (1 children)

Just bitwarden is all that's needed to be said. Ohh, and yubikey

[–] mat@linux.community 3 points 1 year ago (3 children)

I use Bitwarden and, though all the features are very nice (self hosted Vaultwarden), the clients are really bad. The autofill is super inconsistent on Android. The app takes 20s+ to load on my Pixel 3a. You can't trigger a sync from the quick autofill menu, you have to open the full app. The "desktop app" is just an embedded browser. I really want to like it, but it doesn't make it easy.

[–] alsimoneau@lemmy.ca 4 points 1 year ago

The Firefox add-on works great, and I've never really needed more than that and the website. On Android I have a 3a too and not noticed this issue.

load more comments (2 replies)
[–] callyral@kbin.social 20 points 1 year ago (3 children)

I personally switched from it to Keepass, it is cross-platform, open-source and pretty secure. It doesn't come with cloud support, but I guess you could just put the file in some sort of cloud storage you trust. It also supports one-time authentication codes!

[–] joby@programming.dev 12 points 1 year ago

I've been using keepass for years. I use syncthing to keep the copy of the db on my phone and laptop and backup synced.

[–] 1984@lemmy.today 4 points 1 year ago* (last edited 1 year ago) (1 children)

The big downside of this is when you need to log in to some web site when being away from your computer.

Then you have to transfer your entire database to some other computer and make sure it's deleted afterwards in a secure way. Much more risky than using Bitwarden I believe.

I guess you can skip the deletion part if you trust there is no way to decrypt the db file in the future.

load more comments (1 replies)
load more comments (1 replies)
[–] cani@lemmy.world 20 points 1 year ago (1 children)

I use KeePassXC for some years now. Very happy with it, especially because there's a version of it for almost every platform.

[–] illectrility@sh.itjust.works 5 points 1 year ago

And the browser extension is great

[–] boblin@infosec.pub 19 points 1 year ago
[–] cheese_greater@lemmy.world 19 points 1 year ago

Broswer != password manager. Will this notion please fucking die

[–] shortwavesurfer@monero.town 17 points 1 year ago

Dont use browser password managers. Use KeepassXC

[–] deanne@iusearchlinux.fyi 13 points 1 year ago

it's pretty safe but bitwarden is much better

[–] merrick@normalcity.life 13 points 1 year ago

I don't recommend using any browser's in built manager. Look into Bitwarden or KeePassXC.

[–] nicman24@kbin.social 12 points 1 year ago* (last edited 1 year ago)

Mozilla is one of the like 3 companies (thought the foundation is non profit) that I would trust my encrypted data with

[–] NabeGewell@lemmy.world 12 points 1 year ago

Well it's better than Chrome's if you don't sync to your account, however I'd recommend you local password manager such as keepass

[–] 520@kbin.social 10 points 1 year ago (1 children)

Keepass has what you're looking for. Free, totally cross platform, no cloud unless you wanna put the database file on cloud storage, and can be very secure.

[–] jlow@beehaw.org 7 points 1 year ago (5 children)
load more comments (5 replies)
[–] TigrisMorte@kbin.social 9 points 1 year ago
[–] RyanUrq1328@programming.dev 6 points 1 year ago
[–] almightyGreek@lemmy.world 5 points 1 year ago (1 children)

I use enpass because you can choose where to store your pass db. Also, proton released their own password manager

[–] pjhenry1216@kbin.social 2 points 1 year ago (2 children)

I've used both Enpass and Proton. Enpass is a bit more feature-ful, mainly because Proton Pass is new. I switched away from Enpass as I didn't like that they basically had me pay for it three times, even though the first one was a lifetime license. But I needed my passwords. Finally decided to put in the effort to move away from them as their constant begging to subscribe was annoying. So switched to Proton since I already subscribe to the plan that includes Pass.

Proton is working on expanding features and have added a few in the short while I've had it. I'd suggest Bitwarden over Enpass personally, particularly if you want features Proton Pass doesn't offer yet (like no desktop or web app yet, but they are working on both, so until then, I need to use a browser extension)

load more comments (2 replies)
[–] Lancaban@sh.itjust.works 5 points 1 year ago

Bitwarden open Source independently audited. Many good things.

load more comments
view more: next ›