[shmageggy]

What's the latest consensus on the best password manager these days. I see he is recommending 1Password, but I recently found Bitwarden which looks quite good.

[amanzi]

Bitwarden (https://bitwarden.com/) is great and scores well in feature comparisons -- there was one on here recently. It's open source and has recently been audited too. It's free for the basic service, and really cheap for additional features. Great mobile apps and a web vault. And you can self-host. No bad points really.

[sjun]

The things that held me back from Bitwarden is the relatively short age of the company at 2~ years and the fact that there is only one dev. I'm reaching here. But even though the code is open source, he still owns the distribution. He can potentially be compromised (whether maliciously or not) and release an update that uploads the entire vault to him unencrypted. It could take a while before the internet caught on that the source code doesn't match the release build.

This of course could happen in a company like 1Password and there is at some point that I need to make the call and trust the person(s) coding the password manager. I feel that with 1Password there's at least the large size of the company which would mean more eyeballs and accountability. There is also the history of the company at 12~ years. This includes vetting and buy in from larger companies, which inspires a vote of confidence.

FWIW Bitwarden checks off nearly all the other boxes for me and I think the single dev has done a seriously bang up job.

[amanzi]

All valid points. I guess nothing is perfect and you just need to decide where you're happy to compromise.

[Sander_Marechal]

I recommend this one too. The paid subscription option also gives you encrypted file uploads. Great for those 2FA backup code lists.

[thirdsun]

I'd agree with him: 1Password

- long history - to me it's the original password manager

- frequent updates and always keeping up with relevant OS features, like iOS AutoFill which allows 1Password to be set as the default iOS password store: https://support.1password.com/ios-autofill/

- flawless experience

[unethical_ban]

I use keepass. There are mobile apps and it can load from a cloud account.

[leetbulb]

KeePass + Syncthing + YubiKey = Awesome, and free!

[triangleman]

Does keepass support yubikey out of the box or is there a certain plugin you use? What do you do about mobile?

[leetbulb]

KeePassXC supports YubiKey out of the box. I do not access anything important via phone. I usually have my laptop nearby anyway.

[jenscow]

Now I just recommend to people (who don't understand password managers) to use chrome's built-in feature.

It's better than using the same password.

[russley]

I used to think this, but I think this is actually bad advice for a few reasons.

1. People are bad at making new passwords 2. Someone might clear their browser history and delete the logins as a result. 3. Lock-in into the Chrome ecosystem.

I personally use KeePass, but I understand it is a bit cumbersome to carry around a USB stick.

I'd recommend LastPass to those who don't understand simply because it has a free tier, but everyone else should seriously consider paying the 2$ a month for whichever service they use.

[jenscow]

Chrome now has a "generate password" option in password fields, and a page where the passwords can be managed.

For the people I'm talking about, installing and maintaining a "real" password manager isn't going to happen. The alternative is for them to continue using "Nameofcat1" for every damn site.

It's a reasonable trade-off.

[giarc]

I tried using Chrome's built in feature but I found the password field was set up wrong on many sites and therefore the "Generate Strong Password" wouldn't be an option. I've since started using BitWarden.

[dsl]

LastPass