I have been using Bitwarden for some time now. It’s an open source password manager. There are apps for all major platforms and extensions to all major browsers. Checkout https://bitwarden.com/
Interesting in that you can host your own instance of their cloud server, but I really prefer something that uses standard cloud storage mechanisms (Dropbox, iCloud, etc.) for sync and works on top of that.
Like others here, I'll probably be reevaluating my choice when it feels like it's time to upgrade. For me, some of the open source solutions are perfect as far as the underlying storage format and sync technology, but lack good browser extensions that already understand all the quirks of various sites. That's the kind of thing that a commercial product can tend to do a better job at.
I use Enpass for this, which uses any kind of regular cloud storage backend and has a fully-featured desktop client and browser fill plugins for free. The mobile clients cost money ($10 per platform, once) which I think makes perfect sense.
You can get it to recognize fingerprints or a short version of your password if it's even been fully unlocked for the current phone session. It's a little fiddly and may not meet the level of security you're looking for, but it's an option.
I don't use any plugins. I just copy/paste, which if you're doing it from the app stores the copied parameter in memory for a ~15 seconds, after which it is flushed.
I've been an early adopter and really they are coming in leaps and bounds. The only complaint I have is that integration with iOS apps is very very spotty, but I believe that's an issue with Apple muscling 3rd-parties away from that field (and to a certain degree, an issue with developers not following best practices in their apps).
To be precise, their base software is Free software, licensed under the AGPLv3. The also distribute non-Free (and non-Open Source, and non-gratis) software.
Their base software has an artificial limit in terms of number of users and number of 'collections', which goes contrary to the ethics of Free software.
Your passwords are stored on their server. You'd have to compile and run your own server, which is more expensive than the $1/month they're asking for.
So you’re paying for the service they offer: a hosted version. You do so because it’s cheaper than hosting your own. There’s no conflict at all with any open source ethic.
> You'd have to compile and run your own server, which is more expensive than the $1/month they're asking for.
For people like me that already rent a VPS for their mail and website the marginal cost is $0 except for the time it would take for me to perform the installation and setup.
If the system is good and stable then the "cost" of the time that I would spend installing it on my server would be close to $0 when divided over the amount of time I use the software in the future.
I think another plus of buying their service is your supporting development of the software and saving yourself time, while a critical piece of your security software remains open source.
> which goes contrary to the ethics of Free software.
No it doesn’t. Free software doesn’t have to be free: Even on the GPL page it’s written that it’s even ok to sell free software. It’s only unethical if you equate OSS to software communism, but that’s another topic.
So anything that encourages the user to either use the freemium, then either dive into the code or either pay, is ethically correct. After all, you can download their AGPL, knock the limit, and redistribute. At which point you’ll be a contributor and while you’re at it, you’ll probably make a few other improvements: it means effectively free for contributors, which is awesome. See, it articulates quite well gratis, contributors and funding.
It’s only designed to make enterprises pay, which is good because they can “donate” huge sums for good software, so it funds the open-source community quite well. And it retains the qualities of OSS: You know what you install, you’re not tied to the editor if he dies, and if they stop improving the software, a contributor can take over their code and become more famous. Win-win-win.
I saw all that but it looks like you've got to pay a monthly fee for full access for their cloud storage. Not sure its worth the hassle of migrating to in this case.
Maybe, but Bitwarden is open source, and Enpass is not. It's not important for people unless it is important for them, and in that case it's usually very important.
It's $1/month to support open source software. That's not a bad price. You can also choose to use their hosting for free too; I was doing that for a few months before fully adopting it.
Like others here, I'll probably be reevaluating my choice when it feels like it's time to upgrade. For me, some of the open source solutions are perfect as far as the underlying storage format and sync technology, but lack good browser extensions that already understand all the quirks of various sites. That's the kind of thing that a commercial product can tend to do a better job at.