@Devas said: I'm currently looking for another alternative and may end up going the KeePass (or KeePassXC) path. I'm still trying to understand what happens if you change the db file in two separate locations without connectivity - I imagine data loss is inevitable is such scenario.
Depends on how you sync. I use Syncthing and that will give you a "conflict", which you can then resolve using both copies of the DB. The times that that happens is very few in my case.
@Hxxx said:
At this point I expect that anyone using LP for business have a paid plan along with two-factor. If you are using free, what are you even thinking?
Good thing is that LP have a solid company behind, Logmein solid track record. Security wise.
Security-wise, your passwords are saved on their server. And they promise it's all encrypted and they won't look into it (I have no reason to doubt them, but for the really security concerned people, I think that's a valid argument).
@bikegremlin with every SaaS , thats bound to happen. Trust is required.
However LP doesn't save your master, and IIRC content is encrypted at transmission and at rest. They have it locked down in such way that if you lose your master and you had the optional recovery key off there is no way for them to help you.
Another feature question: does Bitwarden have a sort of archive feature, where you can store a password entry where it still exists in your database but wouldn't appear in search?
I've been waiting for LastPass to have this feature but I don't think it was ever implemented?
Keepass on Nextcloud for me. I do want pass to succeed, but it's not yet as featureful as KP or BW. It makes sense to think of encrypted storage as one thing, sync as another, browser autofill as yet another, etc.
Comments
I am using both lastpass and bitwarden but this is quite a bad move for the free version of lastpass.
At this point I expect that anyone using LP for business have a paid plan along with two-factor. If you are using free, what are you even thinking?
Good thing is that LP have a solid company behind, Logmein solid track record. Security wise.
Depends on how you sync. I use Syncthing and that will give you a "conflict", which you can then resolve using both copies of the DB. The times that that happens is very few in my case.
Security-wise, your passwords are saved on their server. And they promise it's all encrypted and they won't look into it (I have no reason to doubt them, but for the really security concerned people, I think that's a valid argument).
BikeGremlin I/O
Mostly WordPress ™
@bikegremlin with every SaaS , thats bound to happen. Trust is required.
However LP doesn't save your master, and IIRC content is encrypted at transmission and at rest. They have it locked down in such way that if you lose your master and you had the optional recovery key off there is no way for them to help you.
Another feature question: does Bitwarden have a sort of archive feature, where you can store a password entry where it still exists in your database but wouldn't appear in search?
I've been waiting for LastPass to have this feature but I don't think it was ever implemented?
Spreadsheet plus paper
VPS reviews | | MicroLXC | English is my nth language.
KeePass via KeeWeb plugin on my Nextcloud instance
Humble janitor of LES
Proud papa of YABS
Honestly, LastPass is pretty solid, and the paid options are pretty affordable, so I upgraded to paid.
So far Bitwarden has been working quite well for my needs. And it has been working better on mobile than LastPass.
Planning to do self-hosted bitwarden I think.
Keypass seems popular too and more FOSS but I don't quite understand their sync.
(I want selfhost at home and VPN in from phone)
Self hosted Bitwarden.
Keepass on Nextcloud for me. I do want pass to succeed, but it's not yet as featureful as KP or BW. It makes sense to think of encrypted storage as one thing, sync as another, browser autofill as yet another, etc.
I have been using self hosted bitwarden which has been pretty good.