Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I’m done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I’ll use Bitwarden. Thanks for recommendations! Now I don’t need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I’ve forgotten my email password as well as a few other accounts I haven’t logged into for a while. Damn, should’ve used a password manager earlier.

      • RandallFlagg@lemm.ee
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Can someone sell me on the subscription? I don’t mind paying for it because that’s really cheap but I don’t really understand what exactly it offers. I’ve been using the free version of Bitwarden for years now.

        • Christopher@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Illl be watching this too - I have bitwarden, managed - but I don’t use a subscription currently.

        • ᗪᗩᗰᑎ@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          1 year ago

          I specifically pay them because the money I’m giving them is put (mostly) directly into open source client/server components that benefit everyone at the end of the day, not just myself or the company but “humanity” in general.

          If Bitwarden (the org) disappeared tomorrow, we would all still have access to really high quality software that someone could continue to push forward/develop and I appreciate that confidence and trust that they put forward.

        • collin93@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I personally got it for the reports of duplicated or leaked passwords to make it easier for me to find and update all of my old, bad passwords.

    • Christov@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      Another +1 for bitwarden, been using it for years without sub but I could see it being worth it.

    • stebo@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Yep I’ve been using it for a while and it’s great. The Firefox extension is a bit broken tho, as it keeps asking to save passwords which are already saved and there’s no way to turn it off.

    • hellequin67@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Agreed, I’ve been using it for about 6 years after moving from iOS to Android and its great, fits all the points required by OP.

      • FunkyClown@lemmy.fail
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I’m using it since doing the opposite and it works great on iOS. Not sure if it was different a while ago but you can set it as your auto fill password manager.

        • hellequin67@lemmy.fmhy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I was just relying on keychain whilst on iOS and made me realise after migration I needed something that was platform agnostic.

    • Alethe Crow@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Throwing in for Bitwarden. Works across all my devices and I’m only using the free version.

    • neardeaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Bitwarden user here for years, it fits everything you’re asking for , OP

    • nom_nom@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Also been using this for several years and can concur, simple, easy-to-use, never let me down.

  • gandalftheBlack@lemmy.ml
    link
    fedilink
    English
    arrow-up
    88
    ·
    1 year ago

    Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don’t.)

    Its also a privacy friendly service which has passed multiple security audits from external entities

  • onichama@feddit.de
    link
    fedilink
    English
    arrow-up
    58
    ·
    1 year ago

    Yet another vote for Bitwarden. I love that you can access your stuff through a browser without installing anything, I need that sometimes on my work pc where I cannot install anything.

  • LoyalOrange503@lemmy.world
    link
    fedilink
    English
    arrow-up
    57
    ·
    1 year ago

    Bitwarden, hands down. been using them for like 7 years now? have got nearly 300 accounts in the password manager, and is fully free. Haven’t paid a single penny to them. Autofill is possible, on both android and web browser, although you’ll have to set it up through an extension. Fully cross-platform. Used it on Linux, windows, MacOS, IOS, iPadOS, Android. you can access it via a browser, is open source and is hosted by Bitwarden if you want to.

    it ticks all your requirements!

    • Concept1037@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      Bitwarden is great. If OP wants they can self host it via Vaultwarden which I’m using. It works perfectly.

      • LoyalOrange503@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I would love to, but I’m a bit tight with cash atm. I’ve been meaning to pay the 10-11 quid a year plan just to support them. They’ve given so much to me and I haven’t given anything back :(

  • DoctorWhookah@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    58
    arrow-down
    2
    ·
    edit-2
    1 year ago

    *Sees post. Guess I should make sure someone has said Bitwarden.

    *Checks comments. Hmm, Bitwarden, Bitwarden, another Bitwarden.

    *Good. I don’t need to reply.

  • Christopher@lemm.ee
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    1 year ago

    One more point on Bitwarden - when the top password managers were being hacked/exploited, Bitwarden was keen to fix what appeared to be vulnerabilities in an extremely timely manner. I don’t remember where I read the article but it still fared best out of all the other managers out there.

    It may have been ars technica, I don’t remember.

    • paris@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      This is one of the few things I don’t want to selfhost, at least right now. If I fuck something up with Vaultwarden or the PC it runs on, I lose access to EVERYTHING all at once. I’d rather offload that risk to Bitwarden’s official server.

      • idle@158436977.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        As long as you are using it on multiple devices you are ok. If the server goes down the app still works. So absolute worst case scenario, you can just export your vaults from your phone, then sign up for Bitwarden and import it.

        I periodically take proactive exports every few months and put them on an external hard drive still though.

      • ErwinLottemann@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Backups is the keyword. I run Vaultwarden on my internal network, the data gets backed up to an external hard drive, borgbase and another remote machine using borg backup. I also stored the passphrases for these backups in a KeePass database (that is backed up elsewhere). I don’t think I need to worry about data loss. Plus - if the Server is not reachable the synced devices should still have access to the passwords.

  • Robertej92@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    ·
    1 year ago

    Guess I’m gonna have to give bitwarden a go, I’ve used LastPass for years but their quality of service and value for money has plummeted.

  • mika@lemmy.ml
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    1
    ·
    1 year ago

    Non self-hosted: Bitwarden

    Self-hosted: Keepass

    Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that’s not a problem for you then it’s a great choice.

    • flashgnash@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Bitwarden supports self hosting doesn’t it? There’s an option in the UI to specify server

      • Racle@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yup, you can selfhost bitwarden and use your own private server to sync between devices.

    • kwelzel@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren’t you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

      Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don’t know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

    • Swarfega@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You sound like me. I used KeePass for many years. AutoType rules. That said it wasn’t as slick as other password managers for browser credentials. I moved my home stuff to Bitwarden and use KeePass for work. I honestly could never give up AutoType for work. Typing credentials into other applications is so handy and one majority of other password managers lack, including Bitwarden.

    • terk@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It’s more to setup, but I have my keepass auto sync across several devices using OneDrive. Each device has a local copy of the database that is synced with the cloud version using triggers.

      • Swarfega@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        This is what I used to do. Although KeePass is better these days in that it will recognise when a database has changed and ask you if you want to synchronise the changes. KeePassXC will even reload the database when it detects changes.

  • teawrecks@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    1 year ago

    Keepass is

    • open source and free
    • just uses a file, so you can sync it wherever/however you want
    • has a browser plugin with autofill if you’re into that
    • is supported on all platforms
    • database lives in an encrypted file that you put wherever you choose