this post was submitted on 08 Sep 2023
19 points (91.3% liked)

Sysadmin

5627 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

founded 5 years ago
MODERATORS
 

Not sure if this is the right place to ask, but recommendations for personal and family password management?

I finally switched to Firefox on my phone, because Chrome "privacy". And then when trying to find out how enable password storage, I accidentally set up Microsoft Authenticator as password management phone-wide. Realizing this meant cross-app password management, I finally accepted that my old approach of politely ignoring the problem and manually memorizing algorithmic passwords is no longer tenable. I honestly would prefer the anti-privacy approach where every service just uses oAuth and only one provider has my password, but we're not there today, so time to learn the new tech.

So basically, what's the current OSS best-practice for a one-stop-shop password management software? I know "OSS" and "big safe cloud storage provider" are kind of oxymoronic, but imho encrypted-cloud-storage is the best tradeoff between security and convenience.

And, ideally, something I could get my kids onto as well and manage some shared family-PWs as well, since I assume their password management strategies are either "reset every time" or "just use the same PW everywhere and it's a ticking time-bomb".

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

KeePass.

It's got an app for basically all platforms, and you retain complete control over your data. Passwords go into an encrypted file, and you maintain that however you see fit.

[–] [email protected] 6 points 1 year ago

I love Bitwarden and you can self host Vaultwarden. I'm not sure how OSS it is however.

[–] [email protected] 2 points 1 year ago (1 children)

It's going to come down to how much you trust the provider but I'd say bitwarden is pretty solid. I use it for stuff I'm not particularly concerned about (like disney+ or some random forum) and I use keepass for stuff that would be particularly bad if it was compromised like banking credentials, I keep backups of my keepass DB on separate physical media.

I also use a completely separate bitwarden account for all of my work accounts, keep that stuff separated, I only log into it from work devices and I never log into personal accounts from work devices.

[–] [email protected] 3 points 1 year ago (1 children)

This workflow raises the obvious question for me: why not use keepass for everything, if you're already using it for your critical high security stuff? Worse ergonomics?

[–] [email protected] 2 points 1 year ago

I could do that but I only have a couple of things in keepass so it's easy to manage and backups are not very frequent. Bitwarden has EVERYTHING else and syncs across all my devices, if all that stuff was in keepass it would get combersome to generate backups every time I create a new entry or change a password. I could use nextcloud or something to sync the backup files but honestly this has worked well for me. I just setup keepass basically once, create a backup somewhere else, then use bitwarden for everything else.

Alternatively, plenty of people trust bitwarden completely. Honesty I'd trust bitwarden more than a self hosted solution that I'll likely neglect and probably fail to keep up with best practices because I barely got it working in the first place, also screw ISPs that use CGNAT, it's 2023, give me an ipv6 address already.

[–] [email protected] 1 points 1 year ago

Try heylogin.com Read the docs to understand their system .. also not so technical people will love it, because of its easiness .

[–] [email protected] 1 points 1 year ago

If cost isn't too much of an issue check out The Mooltipass or one of its competitors.

[–] [email protected] 1 points 1 week ago

Hello

We are using for years home and business gnupg (for public/private keys) + pass + QtPass + git (for remote central storage). We are using it even as a team with shared keys.