[kqp]

It’s phones, mainly. People do also have multiple other devices, yes. For me another big pro is having a realtime offsite backup and being able to survive simultaneous loss of all my devices, which is plausible in correlated scenarios like a burglary, fire, mugging, car crash, etc, but I don’t know how much others think of that one.

The people I know who use KeePass live like they’re disabled. You ask them to sign up for something and they need to schedule a half hour for it two weeks out. Ask them to use a website and they need to wait until they’re home because their biweekly manual data transfer was put off because of whatever. And if they ever drop their phone, it’s this totally unforeseeable panic they’re still recovering from two months later. I’m far from convinced it must be like this, but I’m also far from convinced that most KeePass people—or people using any other strategy—have really thought this through.

[NoGravitas]

Weird. I keep my KeePass database on NextCloud, and the only difference between home and phone is that on a bad network I may need a few seconds for KeePassDX on the phone to decide to use its cached copy of the database rather than the latest one. It would probably be even smoother if I used Syncthing. I assume non-technical people ought at least be able to put their KeePass files on DropBox?

[Esophagus4]

> I assume non-technical people ought at least be able to put their KeePass files on DropBox?

Non-technical people would not do something this complicated. They don’t even have password managers, let alone a setup like this.

Shoot, even a lot of technical people (like me) wouldn’t bother with this. It’s why I pay for a cloud-based password manager.

[Ukv]

> > I assume non-technical people ought at least be able to put their KeePass files on DropBox?

> Non-technical people would not do something this complicated. They don’t even have password managers, let alone a setup like this.

Google Drive/iCloud/OneDrive/Dropbox are already used by non-technical users - moreso than SaaS password managers.

> Shoot, even a lot of technical people (like me) wouldn’t bother with this. It’s why I pay for a cloud-based password manager.

What do you do for when you want to access some other type of file across devices, like notes or photos? If you have notes.txt on an FTP server, just put passwords.kdbx alongside it. If you're subscribing to some new service for each individual filetype you want to sync, with nothing for arbitrary files, that seems like considerably more hassle overall to me.

[Esophagus4]

For other types of files, I have different apps: Obsidian Vaults with Syncthing, but that’s not accessible from the internet. And I like having my passwords across all my devices, updating anywhere I am.

And for me, it’s just not worth the headache (and security risk) of hosting my own password manager.

[Ukv]

> For other types of files, I have different apps

How many separate services do you have for accessing files across devices, and what do you do for filetypes outside of what they cover?

> And I like having my passwords across all my devices, updating anywhere I am.

That's how it works for me with a passwords.kdbx file on my FTP server (but any cloud storage works). Same for any filetype.

> And for me, it’s just not worth the headache (and security risk) of hosting my own password manager.

What's the security risk? If anything, it's SaaS password managers that seem to semi-regularly get hit with breaches (well, mostly LastPass).

You don't need to host anything for KeePass - just plop the file next to your notes/etc.

Headache seems greater overall if you're juggling a large number of subscriptions, particularly when they start ramping up payment or moving features you rely on to higher tiers.

[Esophagus4]

> What's the security risk? If anything, it's SaaS password managers that seem to semi-regularly get hit with breaches (well, mostly LastPass).

Talk to your local security engineer :)

On a venting note, this mentality is a frustration I have with SV, because I see it a lot. They don’t know what they don’t know, and think they can just stand up businesses without understanding the domain.