[kn100]

Good post. I switched from Bitwarden to KeepassXC / KeepassDX / Syncthing across my Android phone, Linux PC, and Windows PC. This was the setup I had prior to using Bitwarden for the first time. The Keepass experience is significantly better these days! Importing from Bitwarden is trivial too. Recommended!

[flanbiscuit]

I was using this but when I switched to iOS I switched to Bitwarden.

What are you using for Syncthing on Android? There used to be an official Syncthing app for Android but then they stopped maintaining it. There was a popular fork but then that person stopped as well.

I looked into using Syncthing on iOS but there was only Möbius Sync and it didn’t run in the background. This is was made me finally switch to Bitwarden. But of course now I need figure what to do next.

[Keeblo]

I have had an excellent experience with Sushitrain/Synctrain on iOS [0]. It’s honestly the nicest Syncthing client I’ve used, although to be fair desktop-oriented clients have different design goals than mobile clientsm

[0] https://github.com/pixelspark/sushitrain

[kreyenborgi]

I use syncthing-fork from fdroid, works great

[IG_Semmelweiss]

same. Recommend

as long as the house doesn't catch fire, or as long i run outside with 1 of my syncthing devices (have several), local cloud is the best.

[red369]

Can I ask questions about your setup? I don't intend to grill you on it or pick it apart - I would like to go down this route further, but find myself gradually moving away from it. I switched from Keepass to Bitwarden in 2020, knowing it was just a move towards convenience.

I suppose you realised you could protect against the scenario where you run outside without any devices, by just having a copy of the encrypted data sent to some cloud service, e.g. iCloud/OneDrive/Google Drive, but decided you couldn't trust any?

I know everyone's threat models are different, but I'm still curious to know your thoughts. There's no one you would trust with an encrypted copy?

Do you have any automated backup of your phone to a cloud service, or only local? If a cloud service, do you make sure it excludes your password manager? If no cloud backup, then do you make sure you have a copy of your data outside the house?

I have incomplete thoughts about the robustness of my password/OTP code backups. It is the 2-factor codes, which one day in the distant future, when I am overseas holding a new replacement for a lost phone, looking at the text "Enter the 6‑digit verification code", I will wish I'd thought about more carefully.

[IG_Semmelweiss]

>>> by just having a copy of the encrypted data sent to some cloud service, e.g. iCloud/OneDrive/Google Drive, but decided you couldn't trust any?

False sense of security. As proven countless times in these forums, a ban on 1 product or 1 account on Google, is a ban on all of Google for that device and linked devices. I dont think you have factored in this risk. Or that commercial products get discontinued all the time. Open source (syncthing) doesn't have that issue. And we haven' touched billing yet.

>>> There's no one you would trust with an encrypted copy?

Doing password backups is particularly tricky. Commercial vendors are robust and depend on local circunstances. They do have changes in ownership which do change security priorities. Its a bit of a moving target whether they can be trusted or not. For non password needs, the answer is much simpler:No. They will sell data, at a minimum.

>>> o you have any automated backup of your phone to a cloud service, or only local?

Only local. I have 1 device parked in a relative's house that gets updated everytime i am there. That's my remote backup. But its not a daily backup, but i can live with that.

>>> I am overseas holding a new replacement for a lost phone, looking at the text "Enter the 6‑digit verification code", I will wish I'd thought about more carefully.

This is, indeed, the most important thing you must resolve. How urgent you need access to X ? Maybe you should solve for that separately. Everything else is much simpler and done.

[kreyenborgi]

For myself, i keep an encrypted usb disk with rsynced backups at my parent's place. Office drawer is another popular option. Another drive at home. Swap them every so often.

[kennywinker]

Which variant of keepass tho?