[ngrilly]

I'm currently using MacPass on macOS and KeePaasium on iOS, and syncing both through Dropbox. But that means I need my Dropbox credentials, in addition to the KeePass file secrets, if I lose both the Mac and the iPhone (after a fire or a robbery for example). Not sure I'm comfortable with that.

I'm considering switching to 1Password or Bitwarden. But I'm not sure about BitWarden using the same password both for encrypting the vault and accessing Bitwarden server. Chrome for example has an encryption password which is different from your usual Google Account password.

[ViViDboarder]

I may be a little off in my description, but I believe that the Bitwarden server never sees your password. The client sends a derived key to authorize your access to the vault and then your password is used on the client side to decrypt the vault.

It all depends on the risk you’re trying to mitigate. A MITTM or a server attack won’t be able to gain access to your passwords, even if they intercept the data. A user with knowledge of your password or a key logged on your client could. However in either of those cases, you’re not protected all that much by having two passwords as opposed to one long one.