Okay so yesterday, I changed my password as a precaution because of the hack, and just now I decided to clean my browser tabs and re login and almost forgot my password. I’m done dealing with passwords.

What password manager do you recommend?

Features I’m looking for

-Open Source

-Can be synced to cloud (I don’t want self host)

-Can be accessed via a browser

-Cross platform, the more platforms, the better

-End to End Encrypted, and Encrypted at rest on my device, also need some way to authenticate before releasing the password, like a pin or biometrics

-Autofill for browser and apps

-Free (can be a freemium model, but I need the base tier to be free, too broke to spend money on this lol)

-Can export the passwords to a file

I never used a password manager before so sorry if I seem like a noob.

I know I could google it, but I want the lastest info, not some outdated reddit post.

Edit: Woah, those replies are fast. I think I’ll use Bitwarden. Thanks for recommendations! Now I don’t need to worry about forgetting passwords anymore. 😄

Edit 2: It seems I’ve forgotten my email password as well as a few other accounts I haven’t logged into for a while. Damn, should’ve used a password manager earlier.

      • RandallFlagg@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Can someone sell me on the subscription? I don’t mind paying for it because that’s really cheap but I don’t really understand what exactly it offers. I’ve been using the free version of Bitwarden for years now.

        • ᗪᗩᗰᑎ@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I specifically pay them because the money I’m giving them is put (mostly) directly into open source client/server components that benefit everyone at the end of the day, not just myself or the company but “humanity” in general.

          If Bitwarden (the org) disappeared tomorrow, we would all still have access to really high quality software that someone could continue to push forward/develop and I appreciate that confidence and trust that they put forward.

    • hellequin67@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      Agreed, I’ve been using it for about 6 years after moving from iOS to Android and its great, fits all the points required by OP.

    • stebo@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      Yep I’ve been using it for a while and it’s great. The Firefox extension is a bit broken tho, as it keeps asking to save passwords which are already saved and there’s no way to turn it off.

    • Christov@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      Another +1 for bitwarden, been using it for years without sub but I could see it being worth it.

    • nom_nom@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      Also been using this for several years and can concur, simple, easy-to-use, never let me down.

    • neardeaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Bitwarden user here for years, it fits everything you’re asking for , OP

  • Ram@lemmy.ramram.ink
    link
    fedilink
    English
    arrow-up
    51
    arrow-down
    2
    ·
    1 year ago

    Bitwarden checks all the boxes. I’ve had great experience with it. https://bitwarden.com/

    I will say, auto-fill on load is a bad idea. On desktop I keep my auto-fill bound to a key so it doesn’t actually end up in fields it shouldn’t be.

    2FA is locked behind the $10/year premium if that’s something you wanted, but beyond that the free plan has everything 99% of people will use. They do third party security audits, have public white papers, and is completely open source.

    • hinterlufer@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      Email and TOTP 2FA options are available in the free version, YubiKey, FIDO2 and Duo options are only available in the 10$/year premium option.

      • Moonwalk@lemm.ee
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 year ago

        I’m sure they meant TOTP 2FA for the accounts saved in Bitwarden, not for the Bitwarden login itself.

      • Saintcloud@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        I’ve been curious about a Yubikey like option for a bit now. Would you recommend one and if so which type?

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Get a Yubikey that supports Webauthn and FIDO2. It’s the future of two-factor authentication on the web. At work we use the YubiKey 5C Nano, but I think the entire Yubikey 5 series supports Webauthn.

    • Dusk@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Is there much benefit to having access to the 2FA option if I already use RAIVO for 2FA codes.

    • Makeshift@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Bitwarden only autofills if the page’s URL is the same as the account in your vault. So it actually helps you make sure that you aren’t putting your info into a phishing site or something

      although, I’m pretty sure autofill is disabled by default anyway?

      • Ram@lemmy.ramram.ink
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Bitwarden only autofills if the page’s URL is the same as the account in your vault. So it actually helps you make sure that you aren’t putting your info into a phishing site or something

        This is true, though wasn’t my concern. My concern is that it (and other PW managers ofc) can sometimes fill in fields its not supposed to, and you end up accidentally including a username or password in a GET header.

        although, I’m pretty sure autofill is disabled by default anyway?

        Auto-fill on page-load is, yes.

    • Hubi@feddit.de
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      1 year ago

      KeepassXC with a browser plugin on the desktop and Keepass2Android on the smartphone. The password files are synced over my self-hosted Nextcloud and backed up to OneDrive. I couldn’t be happier with this setup.

    • sirnak@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Happy KeepassXC User reporting and there actually is a browser plugin that works flawlessly.

    • korok@possumpat.io
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      How is the OSX and iOS support for Keepass nowadays? Are there desktop and browser clients for OSX, and what’s the autofill situation like?

      Keepass was the first password manager I used and I really liked it, but I had to switch when I started using Apple devices for work a few years back, and the lack of platform support there was a nonstarter.

    • quortez@kbin.social
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      I would be happier with KeePass if the Android situation wasn’t so bad. The most reliable app still uses UI elements from goddamn Froyo and the more sleek, modern, auto fill aware app can’t deal with cloud sync to save its life. I hate it here.

        • quortez@kbin.social
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          KeepassDX is the modern one I’m referring to. Because of the whole Android 11 SAF/scoped storage issue, syncing to databases and clouds that use DocumentsUI (the special folders you see when your Files manager window opens) fails all the time. I’ve repeatedly lost data due to KDX not properly saving or syncing, causing file conflicts and the passwords I literally just saved to vanish the next time I unlock the database.

          The developer’s response is that it’s everyone else’s fault that their apps’ SAF implementation is bad, not KDX.

          I absolutely cannot recommend using it.

            • quortez@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I’ve had it fail with most SAF locations I tried after Android 11, especially pCloud. After the database locks and KDX leaves the RAM, it often cannot find the database it literally just saved, and will often just generate a merge conflict to the location it attempted to save. As a result, after you unlock once, it can no longer unlock the database and you have to bring up DocumentsUI again.

              • Schooner@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                You know, I did have this problem like a year ago. Except, it was a problem with saving the database. I don’t know what happened but haven’t faced it in a long time now.

  • DoctorWhookah@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    edit-2
    1 year ago

    *Sees post. Guess I should make sure someone has said Bitwarden.

    *Checks comments. Hmm, Bitwarden, Bitwarden, another Bitwarden.

    *Good. I don’t need to reply.

  • mika@lemmy.ml
    link
    fedilink
    English
    arrow-up
    32
    arrow-down
    1
    ·
    1 year ago

    Non self-hosted: Bitwarden

    Self-hosted: Keepass

    Both are open-souce, multi-platform, and free. Bitwarden does have additional paid tiers to include support for things like OTPs. I used to use Keepass but got tired of manually syncing my database; If that’s not a problem for you then it’s a great choice.

    • flashgnash@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Bitwarden supports self hosting doesn’t it? There’s an option in the UI to specify server

      • Racle@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yup, you can selfhost bitwarden and use your own private server to sync between devices.

    • kwelzel@feddit.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      One thing I was always wondering about the OTP feature: If OTPs are used for two-factor authentication but both your password and the OTP can be accessed through Bitwarden, aren’t you effectively sidestepping the two-factor part? I mean if I have the OTPs only on my phone then I need to know the Bitwarden master password and I need to have my phone in order to log in. On the other hand if both are in the Bitwarden vault, I only need to know the Bitwarden password. So effectively two-factor becomes one-factor authentication.

      Maybe the relevant scenario here is your credentials for some website getting leaked. With OTPs inside Bitwarden any attacker would still not be able to log in as long as they don’t know your master password, giving you plenty of time to change your password. Although, if the attacker already found a way to access confidential website logins, they can probably access all kinds of other confidential data related to this account without even logging in as you.

    • Swarfega@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You sound like me. I used KeePass for many years. AutoType rules. That said it wasn’t as slick as other password managers for browser credentials. I moved my home stuff to Bitwarden and use KeePass for work. I honestly could never give up AutoType for work. Typing credentials into other applications is so handy and one majority of other password managers lack, including Bitwarden.

    • terk@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It’s more to setup, but I have my keepass auto sync across several devices using OneDrive. Each device has a local copy of the database that is synced with the cloud version using triggers.

      • Swarfega@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        This is what I used to do. Although KeePass is better these days in that it will recognise when a database has changed and ask you if you want to synchronise the changes. KeePassXC will even reload the database when it detects changes.

    • flashgnash@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I use bitwarden but it can be quite annoying to use sometimes. Feel like I have to type my master password every 5 minutes and it won’t even prompt me to enter it for a site I have a login on, have to dig into the menu and find it

      • Trapping5341@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        On my desktop browser I have it set to relock only when I close the browser. So I only have to enter my master password the first time.

        I have an Android phone and an iPhone and have bitwarden enabled on both and set to auto lock after 15 minutes. Very rarely do I run into and instance where bitwarden won’t be able to auto populate everything on either device and I have biometrics set up to unlock my vault. When it doesn’t I have to go searching but imo it’s a minor inconvenience because it very rarely happens.

        If you mean that when you are using the auto entry feature your account isn’t showing up to populate the field without searching then you need to save the URI to the password so that bitwarden knows what account goes with that site. Just hit the auto fill and save button and it will automatically add that URI for you so you don’t have to search next time.

        • flashgnash@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I’ve got all that setup and biometrics work great. The problem is sometimes bitwarden just won’t prompt in the first place, sometimes it works sometimes it doesn’t, sometimes I have to wait a bit for it to realise

          • Trapping5341@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Ah yeah, I run into that sometimes but in my experience its pretty rare that it won’t pop up. Sometimes just closing the app, from recent apps, and reopening will get it to trigger. I always assumed it had something to do with the apps save state when I closed it since it generally happens on my banking apps that automatically log me out. It’s one thing I like about iOS is that when you are logging into something there is the little key button to open up iCloud keychain and Bitwarden so you don’t have to let it do it automatically.

  • gandalftheBlack@lemmy.ml
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    Bitwarden is a no brainer. It offers ALL the features that an average user needs in its free plan (which imo all other password managers don’t.)

    Its also a privacy friendly service which has passed multiple security audits from external entities

  • techgearwhips@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    1 year ago

    KeePass all day. Completely open sourced and free.

    I use

    KeePassium on iOS

    KeePassiumXC on desktop

    Keepass2Android (no net) on Android.

    All synced via Nextcloud but you can sync via sync thing as well if you don’t want to self cloud host.

  • justsayit@lemm.ee
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    1 year ago

    Plus one for BitWarden for a great low price/free option that’s open source.

    1Password if you have a few extra bucks to spend. I find the look and feel to be worth the money despite not being open source.

    • Kristho@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I agree on this one. I used Bitwarden first - but now I’m on 1Password for both work and personal use.

  • Gleddified@lemmy.ca
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    2
    ·
    1 year ago

    I don’t want to self host

    IMO Keepass is not for you then. Bitwarden all day