[max002]

Im sorry, but im really missing concept of any cloud/online password manager. I believe this one was hacked some time ago. Obviously the whole thing being online increases attack surface.

Im using KeePassX, when i know i will move/use it on other machine i just transfer it via gdrive or whatever and delete that afterwards.

So... Unless you change your machines constantly or travel all the time and use different machines whats the real benefit of using online password manager? Its not a "nasty" question, im just curious of benefits and hope to get enlighted by people who use it.

[dfdz]

> im really missing concept of any cloud/online password manager ... im just curious of benefits and hope to get enlighted by people who use it.

Since you are curious, here are two reasons:

1) I regularly use multiple devices, and it is convenient. For example, lately local business require online orders/reservations. If you set up an account up using your laptop, then you can immediately login to the account on your phone.

2) I trust the math behind online password managers. For example, see this white paper describing 1password https://1passwordstatic.com/files/security/1password-white-p... In particular, see pages 10-11 (two-secret key derivation 2skd) and page 18 (How Vault Items Are Secured). As long as the 2skd protocol is implemented correctly, then it should not matter if the password manager is hacked. Presumably the few dollars a month you pay for the service is used to pay someone to carefully check this code.

Edit: In theory 2) reduces the "attack surface" to just the code implementing the 2skd protocol

[infotropy]

For me, it’s multiple machines. 2 iPhones, 3 iPads, 3 laptops, a couple of raspberries, and a couple of work machines. I tried to do it with a synced KeePass DB, but getting it to synch properly was nightmarish.

[otachack]

I use Resilio Sync which used to be proprietary and it's been seamless. I do sometimes have to make sure the active device I'm on is synced before accessing the database but most of the time it's fine. I use my phone, laptop, and desktop as devices. With Resilio, there's a nifty option to have an encrypted store for devices you don't trust to read but trust enough to store (think like your parents computer or work computer)

SyncThing may also work for a open source solution, but doesn't have that nifty latter option I stated above, at least not out of the box.

[varjolintu]

Please don't use KeePassX. The development stopped already in 2016. Switch to a more active alternative. See: https://www.keepassx.org/index.html%3Fp=636.html

[max002]

Thank you very much for bringing me up to speed. And as well to others who provided me with their responses, i kind of get it if you have many machines and even though i'd still try to find best way to sync i understand and appreciate your point of view. I will do read up on links on vaults provided and everything else. Thank you again.