[autoexec]

> Most people use a work machine and a mobile device, so cloud syncing is absolutely necessary.

I keep a password database on the company network with all my work passwords and I have no need to keep a copy of those credentials on a bunch of my personal devices or cloud servers.

My personal passwords are stored on my own personal devices. Syncing between them can be done using any number of methods without uploading to the cloud, but even if I wanted to use somebody else's servers to do that a properly encrypted file with a very strong password could be safely stored anywhere, so there's no need to limit myself to one company's servers. I can use whatever works best for my needs and won't have to worry about what I'd do if the one I was using goes under or becomes unavailable. In exchange for a little extra work you gain a ton of utility and resiliency

[smt88]

Yeah, again: all of this is great for you, but it doesn't change the fact that you are a very, very niche case. You can't just dismiss cloud syncing of passwords because you are the edge case who doesn't need it.

> I keep a password database on the company network with all my work passwords and I have no need to keep a copy of those credentials on a bunch of my personal devices or cloud servers.

That doesn't work for mobile devices. Most people have a work mobile device.

> even if I wanted to use somebody else's servers to do that a properly encrypted file with a very strong password could be safely stored anywhere

This is literally how LastPass and 1Password handle it. If you lose your key, the file in the cloud becomes useless.

> In exchange for a little extra work...

"A little extra work" that is beyond the skills of the vast majority of users.

> ...you gain a ton of utility and resiliency

As someone who used KeePass for more than 10 years until recently, I can honestly say that it was a massive reduction of utility and had no resiliency benefits.

[fezfight]

You've picked a strange subset of 'most' for the people you're imagining. They are savy enough to know what a password manager is, but not savy enough to deal with an offline one. Are you sure its not just a few people like you?

[HelloMcFly]

> They are savy enough to know what a password manager is, but not savy enough to deal with an offline one.

Not the person you responded to, but: I think that most people are savvy enough to know what a password manager is, and most people are not savvy enough to be interested in the work necessary to setup, personalize, and maintaining an offline password manager that functions well across multiple devices. That doesn't sound like a niche subset to me, but I could be way off.

[fezfight]

My point is to illustrate that the commenter is speaking out of their respective ass. None of us know what the average person thinks, we are a group of tremendous nerds who are engaging, not just reading, in the comments section to a post about a flipping password manager.

[smt88]

I'm speaking out of personal experience trying to get non-average users (my friends and family, some of whom work in non-technical roles at software companies) to understand and use password managers.

Most of them can't and won't invest the time just to switch to 1Password. The average person isn't going to exceed that bar by a margin that even I, a software developer, wouldn't bother with.

When something is too technical for even an average developer to bother with (because it's unnecessary, not because it's hard), it is totally hopeless for the average user.

[nunez]

it took a LOOOONG time to get my wife into using a password manager, specifically 1Pass. I'm super comfortable with an offline password manager, but there is not a chance in hell that I'd subject her to that

for a large amount of people, tech and non-tech alike, LastPass and 1Pass are really really good.

[fezfight]

Paragraph one is good. In paragraph two, you're doing it again. :D

It's easy, unless you have actual data, what you have is an opinion.

[HelloMcFly]

Many of us in this forum are people that have tried to influence those around us - family, friends, coworkers - to use better security practices such as password managers. Those personal experiences alongside the prevalence and adoption of cloud-sync enabled password managers (including browsers) creates a reasonable foundation from which to form a not-fully-ignorant opinion.

[fezfight]

Yes, like me, and I've had success with getting people to use keepass. Should I extrapolate my personal anecdote to apply to everyone?

[nicoburns]

I’ve sold some friends and family on password managers, and the cloud syncing has been a key part of getting them to accept it. The alternative is often shortish passwords shared between systems.

[Msw242]

I'm savvy enough to maintain an offline password manager, but fuck that noise.

It's already painful enough to use a cloud password manager; why would I burn hours more of time to maintain a worse experience?

[noctis]

How about cloud storage? iCloud, OneDrive, Google Drive, etc. Good apps support those out of box; for desktop install their client and use the file as you normally would.

[sixothree]

Have you literally not used the password save feature in iOS? What about this password manager makes you think the people using it can duplicate the features using an offline version?

[archi42]

Copying files has the disadvantage of requiring some merge mechanism, or not permitting parallel modification.

I found vaultwarden to be a nice alternative. It runs on my server at home, to which I connect the relevant devices by VPN. It still requires the server to be online for modification (& the VPN connected), which I find to be a bit annoying, but it solves the concurrent modification issue. Plus, passwords are encrypted at rest and the browser extension verifies I'm using the password on a legitimate website (anti-phishing).

But if you're happy with your variant, I guess that's fine as well :)