Privacy @lemmy.ml Pantherina @feddit.de 1 yr. ago

A entry-based password manager?

I dont agree with many things apple does at all, and I also think their password manager has flaws like revealing usernames without authentification.

It is pretty handy though, to have a file where the entries are stored unencrypted, and if the password manager detects an entry it prompts to decrypt exactly that field, maybe with a fingerprint.

KeepassDX needs to run in the background and be completely unlocked to even detect apps or password fields.

Do you know any existing app that can do this?

You're viewing a single thread.

39 comments

Bitwarden if you want it in the cloud, Keepass if you want it on the device. I'd recommend PrivacyGuides.org's recommendations this time. They are rather careful as to what they recommend, still doesn't mean they always get it right.
- You can also self-host Bitwarden using Vaultwarden.
  
  You can also run Bitwarden proper locally but unless you really know how to run and maintain a web server I wouldn’t recommend this.
  
  The official docker image uses a lot more resources than the vaultwarden container, but it allows significantly more than 100 users. If it’s just for yourself and your family I suggest just going with Vaultwarden.
  
  Why would any private person need this?
  
  You don’t. I meant to say that only large organizations need the official Bitwarden docker setup, but I did not communicate that clearly enough.
  
  Yes, but that is still cloud based. Keepass is local
  
  Well, only if you host it in the cloud. Not if you host it at home, for example.
  
  I think what they meant is that one option uses network connectivity while the other functions entirely offline
  
  No, I did mean cloud based. Thank you anyways
  
  Which would make it hardly accessible outside of your home. Still not locally saved as well. And imho if he is not sure which password manager he should choose, he should maybe not self host just yet.
  
  Bitwarden keeps a local encrypted copy of the database and only connects to the server for synchronisation.
  
  I am aware. Why are you telling me this?
  
  Maybe because it seems you claim self-hosting bit warden is cloud only and that self-hosted is not accessible outside the house?
  Note: I do not recommending self-hosting bitwarden
  
  Note: I do not recommending self-hosting bitwarden
  
  Why not? I have my own instance running on my NAS and I love to have it self-hosted because this way I keep the passwords where I know nobody else can get them.
  
  Because a password manager is critical and if you ask me I’d say no. If you have the know how and understand the risk you won’t be asking
  
  Well, I work in the IT so I know some stuff about security in the digital world. But these systems (password managers in general) are built to be secure and not just tell every password they store without some security measures. Yes, I know there can be security holes, bugs and so on. But that's why these tools get thoroughly tested.
  You always have to take risks in the world of computers. So what's the point? Being as secure as possible? Then better not even bother with password managers at all because they all can have security holes.
  It's more about how much you trust a password manager and how much you trust yourself in how cautious you use it. The risk is always there.
- KeePassDX + Syncthing is the best solution.
  
  I like this solution but it's not really entry level
  
  Use that but its not about that topic. Its about storing unencrypted metadata (or usinh android Keystore for example) and having autofill work always even if the database is locked, and its quickly unlocked just for that entry
  
  I don't think any password managers that don't have that feature currently are likely to implement this feature after the beating that LastPass took in the press about it:
  
  LastPass breach is worse than you think because URLs were unencrypted
  
  Maybe an app might be able to cache the metadata locally but I don't think it would be something people expect to be unprotected at this point.
- What do you think about PrivacyTools.io? Are they on the same level as PrivacyGuides.org?
  
  As announced on July 27th, and on Sept 14th, 2021, The Team Formerly Known As PrivacyTools.io – the entirety of the team providing privacy-related advice & services to you for the past couple years – has transitioned to PrivacyGuides.org and r/PrivacyGuides. Please join us there. :) For more recent news regarding The Reddit Blackout, see: https://lemmy.one/post/74432.
  
  Taken straight from the privacytools.io subreddit description. This will tell you more.
  
  Privacytools.io does seem to be quite outdated currently. There are other good sources out there however.

You've viewed 39 comments.