[swdunlop]

Ditto. I came to HN after seeing the email, looking for the best way to migrate my passwords out of Lockwise.

Well, still looking. They are outta here.

[KennyBlanken]

Keepass + your choice of file sync. Keepass's database has file-based locking so it's safe to sync just via filesystem.

I like KeepassXC one Android and MacOS; Keepassium free-tier on iOS works great. On Android you can use syncthing, but syncthing doesn't work on iOS, so I use NextCloud to sync everything now.

[Firehawke]

Keepass2Android supports Dropbox, Onedrive, and a few other ways of direct sync. https://play.google.com/store/apps/details?id=keepass2androi...

For Windows 10/11 users who use a MS account, put a portable copy of Keepass on OneDrive and it'll be there right after a fresh reinstall plus sign-in, and you can access it from the Android app using OneDrive sync built into K2A.

[kenniskrag]

Keepass2Android also supports webdav, http, ftp, sftp and nextcloud directly

[anmipo]

For Syncthing on iOS there is Möbius Sync. However, it struggles with background updates (due to iOS restrictions).

[emaro]

For iOS I can also recommend Strongbox.

[orhmeh09]

Safe even on NFS? ;)

[Spivak]

Bitwarden is my goto. If you're the selfhosting type bitwarden_rs (now vaultwarden) is free and easy to setup. If not BW's cloud hosting is also fine. Vaults work offline just fine, apps on every major platform, biometric unlock if you care about such things, and autofill on browsers/ios/android. And they have a snazzy officially supported CLI tool.

[ulimn]

And if you pay $10/year, it has 2FA as well. And you can add notes and such. It's definitely worth using (and paying imo).

[YXNjaGVyZWdlbgo]

Wait so it lets you store your 2FA secrets and your password in the same place? That sounds counterintuitive.

[jfrunyon]

It's super useful for a few sites I visit frequently who require 2FA but I don't need that security. But yeah, otherwise it's a pretty remarkably bad idea.

[scrollaway]

When you sign in to a website from your phone using a saved password and use that same phone for 2fa, it's pretty much the same thing.

The whole meme that saving the 2fa seed to password managers is a bad idea needs to die. Most of the advantages of 2fa are still present when using a password manager.

[jfrunyon]

It's the other way around. Literally all of the advantages of using 2FA are not present when you store both factors together.

[thinkloop]

No-one seems to ever mention LastPass for some reason when this comes up. It's a complete solution, locally-encrypted, backed-up to the cloud, auto-fill, apps, all platforms, etc.

[ziddoap]

Not open-source, 3rd-party trackers in the android app, no easily accessible 3rd-party audits (that I can find), an unintuitive UI (no easy 1-button copy, clunky item entry*, etc.), and roughly 1 security incident every 1.5 years.

Are they the worst? No. Are there better ones? Yes.

*The number of people at work which put their username in the URL field is astounding. We also have people saving personal passwords into shared folders without realizing it. This speaks to UI issues.

[agolliver]

I'd also say it's integration with Firefox on Android is just a broken, miserable experience. (I mostly blame FF for this, because it used to be great)

https://github.com/mozilla-mobile/fenix/issues/9773

[reiichiroh]

LastPass has stagnated last few years after being bought out and raising prices for no additional benefit