[liberia]

I trust this over Bitwarden or Lastpass since you have to trust those services with your data (and I don't). Web-based password managers can be hacked, or have their login interface laced with third-party code that could be exfiltrating your master passphrase. My strategy is using KeePass and keeping multiple copies of the database in various cloud providers in case my local copy is lost/corrupted. It takes under a minute to sync my local copy to Dropbox, Google Drive, Box, etc

[n4r9]

For the super paranoid, SyncThing provides a straightforward way for you to synchronise your database between various local devices without having any data in the cloud at all.

[edit: Syncthing's Discovery Server probably counts as data, actually; you can work around that but then it's less "straightforward"]

[xtracto]

OMG I tried to setup SyncThing a couple of months ago to sync my KeePassX (kdbx) between my PC, my MAC and my Android phone. It was hell, I had to fight SyncThing every step of the way (connecting between clients, which one is the receiver and which one is the sender and whatnot), and it just didn't sync. In addition I learned that in Android SyncThing cannot sync to an external SD card ( https://github.com/syncthing/syncthing-android/issues/1366 ) .

I ended up uploading the file to Google Drive and using it's client. It works pretty flawlessly.

[n4r9]

It works just fine for my PC, laptop and Android. Shame that you had a bad experience with it although perhaps your use case is a bit unusual. Although that's surprising about Android being so difficult to work with in Go. It sounds like this is being resolved in Android 10 upwards: https://github.com/syncthing/syncthing-android/wiki/Frequent...

[david_allison]

> In addition I learned that in Android SyncThing cannot sync to an external SD card ( https://github.com/syncthing/syncthing-android/issues/1366 ) .

This should be fixed: https://github.com/syncthing/syncthing-android/pull/1724

[witrak]

>I ended up uploading the file to Google Drive and using it's client. It works pretty flawlessly.

Besides my general distrust of Google, the real source of my headache is the ransomware attack. Thus such a simple schema is unsatisfactory. And the proper automatic backup procedure needs noninteractive testing whether the cloud copy is not garbled. Until now I don't know how to do it so I make backups of my Dropbox copy by hand.

[stjohnswarts]

I remember trying something similar and I kept getting weird results like repeated folders that didn't sync and then when they would I'd have 2 copies of somethign not knowing which I should keep. Maybe it's gotten better a couple years later?

[WorldMaker]

It's a strange commercial offering with a weird relationship to BitTorrent (it's "ex"), but Resilio Sync is an interesting device to device option as well.

[aborsy]

Why is it strange?

It’s closed source though.

I would like to see a comparison with Syncthing.

[WorldMaker]

Mostly because it is closed source, and also the odd behind-the-scenes drama of Resilio's spin out from BitTorrent (the company, not the tech). (The BitTorrent company of today is a strange cryptocurrency/NFT zombie of the tech company it originally was.) To my understanding that drama and corporate spin out in part even influenced the creation of Syncthing as an alternative.

From my view, Resilio is still easier to use with better apps than Syncthing, and in theory their corporate business model seems sustainable (more so than the previous parent company) and can provide useful corporate support when such needs occur. But there's still lingering doubts after all this time that they will continue to do the right things, support the software well, and it is closed source so there's not a lot of community support options if the company's business model pivots in any accidentally similar way to the events that lead to Resilio existing in the first place.

[jamessb]

If you don't want to trust Bitwarden with your data, you can self-host a server yourself (either running the official server [1] or the compatible Vaultwarden [2]).

[1]: https://github.com/bitwarden/server

[2]: https://github.com/dani-garcia/vaultwarden

[rvz]

Exactly. If you can self-host a password manager then surely you can self-host a Git repository as well and use that instead and avoid this: [0]

[0] https://news.ycombinator.com/item?id=32735734

[stjohnswarts]

and get into merge hell when you forget to push and have passwords added on two different binary blobs? no thanks. I prefer using something that was meant to be a password server

[rvz]

No. You misread my point. I never said you should replace Bitwarden and use a Git repository as a password manager. My point is about self-hosting in general, hence why I linked the recent GitHub outage.

If you can self-host a password manager, then in the case of GitHub [0] going down every month you can self-host your Git repositories yourself, especially if you have projects like wireguard [1] for example.

[0] https://news.ycombinator.com/item?id=32735734

[1] https://git.zx2c4.com

[mushufasa]

yes but don't you still need a 'license key' to unlock the full set of features? E.g. sharing among a team?

[BOOSTERHIDROGEN]

No, you don’t.

[baumandm]

Yes, but only to use the official Bitwarden server. The Vaultwarden project is an alternate server implementation that does not require a license key.

[RajT88]

> I trust this over Bitwarden or Lastpass since you have to trust those services with your data (and I don't).

This is the conundrum I am in. I have been looking for a pocket-sized password manager, which can sync from something like a spreadsheet I keep in cold storage. This seemed to fit the bill:

https://www.beamu.io/

So I purchased one. It's pretty cool, although the controls are a bit clunky. Overall, pretty cool bit of tech.

However, to import your passwords into the device, there is no way to do so with the stock software which does not involve uploading all of your passwords to their servers. That is asinine, if I am being generous.

[hoistbypetard]

I use Bitwarden. I don't trust that service with my data. I host an instance of the community-developed backend: https://github.com/dani-garcia/vaultwarden on my own server so that I don't need to, and use the FOSS clients to access it.

I feel more comfortable with that than syncing a KeePass file over dropbox or google drive, mostly because I got myself into a nasty situation that way with a corrupted KeePass database a while back.