Do you have any ideas for a password safe that stores its data locally (an encrypted cloud drive is available for synchronizing), offers clients for Linux, Win and Android and has some amenities like filling in passwords in browsers?

My family needs to learn password safety, and I want to make it easy for them.

    • goebbe@discuss.tchncs.de
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Keepassxc is a good choice, in the long run. It uses an open standard to save the passwords, and is supported by many clients. Consider using syncthing, if you want to sync the password files directly between your different devices. (In case you don’t want a cloud solution)

    • iminahurry@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      My primary password manager is Bitwarden, but I use Keepass as well for having a local backup as well as for it’s 2fa feature. It works pretty well.

  • bruchsturm@discuss.tchncs.de
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I’m using keepassXC for that, there are clients for Linux, Windows and Android. Also there are browser plugins. The android app I’m using is KeepassDX, you also find it on f-droid

    I’m using it for years now, started out syncing it to Google drive, but nw i have my own nextcloud server

  • 77slevin@sopuli.xyz
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    1 year ago

    Keepass Password Safe: I started it on Windows, moved on to OSX for 10 years and am now exclusively on Linux and my Keepass library migrated through all OS’s. Used it too on both iOS and Android. My Keepass file lives on my online cloud storage so it’s accessible for all means.

  • olicvb@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    Been using Keepass, and it seems like a solid choice for local password vault. It’s not as convenient at other vaults like bitwarden (unless there’s a browser extension i could use), and i dont know how the android side of it looks.

  • alsternerd@discuss.tchncs.de
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    As other’s have recommended: Yes, KeePass. On desktop i recommend KeepassXC and the plugins for your favorite webbrowser. And on mobile whatever app works best for you, Strongbox on iOS and KeepassDX on Android are doing pretty great and the integration is also working well.

    On mobile you can also save the database password secured with your favorite screen unlocking feature and have webdav, ftp or others available for sync. On android you could also use nextcloud sync or syncthing.

  • humdrumgentleman@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Bitwarden, Bitwarden, Bitwarden. Use their free vendor-hosted service, and don’t fixate on self hosting or handling syncing of local files. They are highly transparent and well regarded, and this is the way to go if you want any hope of converting your family.

  • soulsource@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    While this is not exactly what you are looking for, have you considered deterministic password generators? There’s a nice explanation how they work in the Passwordmaker Pro Introduction.

    The main downside of deterministic password generators is that their master password can be brute-forced from a single known password and the generator’s settings (so, don’t use the default settings…).

    Their main advantage is that they don’t store the passwords anywhere, therefore you don’t need synchronization, or worry about the provider’s data safety (which, as the LastPass leak has shown, should in general not be trusted).

    If deterministic generators aren’t an option for you, I’d also suggest KeePass.

    • Eufalconimorph@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      You still need synchronization, and any deterministic password manager that doesn’t provide it will break eventually. Any time a site experiences a breach you’ll be forced to change your password, so you need to synchronize a counter for that for each account. Also, different sites have different (and often mutually incompatible) composition and length rules (in blatant violation of NIST SP 800-63b recommendations), which need to be synchronized to ensure generated passwords actually work for the account.

      • soulsource@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        True. However the need for synchronization is rather infrequent and can easily be done via sneakernet.

        There is something else I would like to highlight, about the problem if a single password gets leaked: At least with PasswordMaker Pro I wouldn’t only increase the counter for that one site, but rather change it (ideally to a new random number) globally, and change passwords everywhere. The way PasswordMaker Pro uses the counter is that it just gets appended to the input url before hashing. For the hash algorithms that aren’t using HMAC this is equivalent to just prepending that counter to the master password, so, a bad actor could just brute-force the combination of increment and master password, and get access to all sites that used the same master password and increment.

        So, yeah, that’s another big downside. If one password gets leaked, you can either rely on the attacker never finding out that it’s a deterministic one, or you can do the same “change every password” dance that you have to perform if your password manager’s cloud service data gets leaked.

        • Eufalconimorph@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          If your KeePassXC databate gets leaked and you had a secure master password (10+ Diceware words or similar), you can do nothing (it’s encrypted).

          • soulsource@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Yeah, PasswordMaker Pro isn’t built with protection against brute-forcing, sadly. That risk could be mitigated though, by choosing an algorithm that takes a few moments to compute a single password, instead of doing so in mere nanoseconds…

            I’m half tempted to write such an app myself (would be a nice upgrade after doing the PasswordMaker Pro port for Sailfish OS), but I’m also in the middle of another spare time project, so, probably not anytime soon…

  • xn0r@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I’d recommend Standard Unix Password Store. I’ve been using it for two years and it works fine. You have to solve synchronisation by yourself i use git for it but you can also use rsync or syncthing or anything else. It also has extensions for most web browsers includong firefox and chrome. It has clients for android ios windows and unix like operating systems. You can also use it with dmenu or rofi like i do.

  • cryptix@discuss.tchncs.de
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Since its for your family and some password manager is better than no password manager , I feel bitwarden is the most convenient solution. Its a good balance between security and paranoia.

    For you keepass would make sense .

    • _edge@discuss.tchncs.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      This, consider Bitwarden. The password save will be in the cloud, i.e. on someone else computer, but all your devices are probably on the cloud to some degree with the risk of hostile takeover.

      Bitwarden’s sync and browser integration is top-notch and more importantly just works.

      With the keepass* family you need to work out your personal setup, which clients can sync with what storage. And do they integrated with your favorite browser and apps?

      Your family will understand and love Bitwarden. The client is open-source and encryption happens locally (unless on the web app), so you can approve it. Maybe KeePass* will work for you personally or for some special passwords, where security is more important than availability…

  • bzLem0n@lemmy.ca
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    If you don’t want to self host then I suggest Bitwarden as the only service I would recommend. If you want/are willing to self host Bitwarden. Just stay away from Lastpass.

    • tuhriel@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I can wholeheartedly support that statement. Been using a locally hosted bitwarden instance for a few years now, never head an issue and the Browser plugins work great.
      Also: actual desktop clients on all three platforms There are some discussions on HackerNews, about some VC which invested there and what the impact will be, but nothing actually popped up

  • @WenAmon Also advocating for KeepassXC here. Plays nice with “synced” folders, like with NextCloud, too.

    Even comes with ssh-agent which is perfect for persons like me 👌

    Alas I’d never install it on my Android. That’s my 2FA device. Not much sense in putting all in the same place - even if it offers integrated TOTP 🙃

    The only exception may be the TOTP that Steam uses, that is one digit shorter and not supported by the usual (RFC 6238) ones.