[ffpip]

> What if https://bitwarden.com/ gets hacked

They only store the encrypted vaults, which is useless without your master password. So even if it is hacked, the only thing the hackers get is an encrypted blob.

> you can use that own its own without an online account.

That is because KeePassX/KeePassXC is an offline app that reads a database (.kdbx file) you have on your computer. Bitwarden is for people who want to use their password manager on multiple devices. So an account is necessary.

How do you use Keepass across multiple devices. Please don't say Syncthing cause that's not an option for most regular people. And if you use something like Dropbox, what if https://dropbox.com gets hacked?

> The fact that I have to create an account

This is for authentication (needed it for syncing it across multiple devices).

[gorjusborg]

i am fully aware i wear tin foil, but my passwords will never be online.

simply collecting them makes them a potentially valuable target, and even though encrypted, it cam be cracked with enough time and money.

edit: KeepassXC user here too.

[rand49an]

I would assume that the most likely issue you would face is malware running on your own computer that captures the master key or sends passwords back to an attacker. Not someone gaining access to the encrypted password vault and then cracking it - unless you have a very week key.

[gorjusborg]

No weak key here, and you may be right, but my main concern is that encryption is only strong in a given time period.

If someone could gain a copy of a known high-value ciphertext, they may not be able to crack it now, but time is on their side, and I can't recover the file once it is out there. My only recourse is to speculatively rotate passwords inside the file.