Good cross-platform password managers?

[+Elі Subscriber²]

Another one for 1Password.  I used RoboForm for years, but dropped it in favor of 1Password because of their lack of support for security keys such as Yubico keys. I'm now VERY happy with 1Password. It has all the features you could expect from a password manager, with a beautiful, intuitive and well-designed interface with support for all platforms and more.

Let alone, they have never been breached so far. This could change, and they might be one day, so keep reading.

Like always, please remember that the security of your account/s is always dependent on the weakest link, which is usually us humans. So make sure to have a long complicated very hard to guess master password created by machines and not humans. (1Password has a password generator feature) human generated passwords are easy to break. 

DO NOT save your master password on the cloud or anywhere on your computer. My master password is saved on several USB sticks (to have multiple backups of it) that I ONLY use for that. Then I have it again saved on a locked and password-protected folder on my phone in case I need to use my master password while on the move. This folder only opens with my fingerprint, and it has a randomly generated name as well.

My master password is also printed out on paper and is stored somewhere safe.

Oh, my 1Password Account/Apps CAN ONLY be open on new devices with the physical Yubico Keys that I have, the Master Password and another feature called "1Passwod Secret". The 1Password apps will not open even with the fingerprint only if they are to be open on a new device, and I must use the physical key and master password every 60 days regardless.

Cheers! 

[The Dark Knight]

Bitwarden user here for a long time. Switched from LastPass Premium when they jacked up their prices substantially. Also the multiple breaches.

The icing on the cake for me is I have total control of Bitwarden since I self host it at home. For mobile devices I am anyway always connected via a VPN to my home network when I'm outside for adblocking, so I have access to Bitwarden as well, without specifically giving it public access.

[+DonC Subscriber²]

On 31/12/2022 at 12:53, Nick H. said:

I'm starting to use KeePass. One of the reasons for doing so is that it is open source, free and cross-platform, so as well as Windows there are forks for MacOS and iOS, as well as Android and Linux.

BUT the information is stored in a local database. My workaround is to store a copy of the database on a cloud, and each time I make a modification I upload the databse and then download it to the necessary devices. This means that I have a local copy of the database on my device (if for example the network is down) but it's a bit more time-consuming compared to using something like LastPass. At the same time though, I don't need to worry about a company like LastPass notifying me that they had a breach on their servers.

KeePass has had internal database synchronisation for a long time now.

I've been storing my main copy on OneDrive for years and having them sync by themselves without issue.

[Joe User]

On 03/01/2023 at 10:26, DonC said:

KeePass has had internal database synchronisation for a long time now.

I've been storing my main copy on OneDrive for years and having them sync by themselves without issue.

KeePass also has scripting ability, so you can do more complex things when saving.

[Nick H. Supervisor]

On 03/01/2023 at 17:26, DonC said:

KeePass has had internal database synchronisation for a long time now.

I've been storing my main copy on OneDrive for years and having them sync by themselves without issue.

 

On 03/01/2023 at 19:35, Joe User said:

KeePass also has scripting ability, so you can do more complex things when saving.

Easy, guys.  I said that I'm starting to use it! It seems quite functional for my needs, but I don't pretend to know the finer points to it.

[Good Bot, Bad Bot]

Bitwarden all the way... Cross-platform, open source, audited, can be self-hosted, and only $10 a year.

[JayZJay]

PasswordSafe is an oldy but a goodie, but the same is true with KeePass and many others that have been mentioned.

[cooky560 Veteran]

I've been using bitwarden for some time, and never had problems with it. It works cross platform (and supports faceid on my phone) and they don't have the encryption key, so it being in the cloud, really doesn't matter.

[Asharae]

I used to use Lastpass until they restricted free accounts.

Since then I've been Bitwarden all the way, syncs between my PC, Mac, Linux box, Android phone all painlessly simple.

[Sir Topham Hatt]

On 30/12/2022 at 23:18, SnoopZ said:

I use Bitwarden on Android and Windows, it's free and it replaced Lastpass for me, you can import your Lastpass passwords into this too.

https://bitwarden.com/

This is it.

However, question for those that have it on their PC - do they force the extension to prompt with the master password?

My PC auto logs in but I do find it a faff to have to type in the master password (although I do have it to only prompt when I close the browser).

[+Warwagon MVC]

On 11/01/2023 at 08:28, Sir Topham Hatt said:

This is it.

However, question for those that have it on their PC - do they force the extension to prompt with the master password?

My PC auto logs in but I do find it a faff to have to type in the master password (although I do have it to only prompt when I close the browser).

You can have it prompt you for the master password only on browser restart

You can setup a pin, but in my case I just bought a mouse with a fingerprint reader. Then installed the Bitwarden desktop app, set it up with windows hello, and told the extension in the browser to also unlock with windows hello (it needs the desktop app to be installed) ... that makes it so my vault always locks on browser restart and is easy to unlock with my finger.

 

 

[Wannes]

Avid 1Password user here for a few years. Love it. 

[+mram Subscriber²]

On 31/12/2022 at 10:05, Warwagon said:

I just tried 1password and was surprised that they had no direct import support for Bitwarden, only a generic CSV and I had to custom map the fields. Deleted my 1password account and kept using Bitwarden.

Honestly, jumping forward in time here, you are unwilling to jump through the hoops of a one-time ingestion process, and immediately delete the account and walk away??  

 

On 31/12/2022 at 10:05, Warwagon said:

Then I said, no it's stupid, they need to support Bitworden, the password manager everyone seems to be using now.

Everyone in your circles, maybe?  The googles seem to disagree with you, but I'm sure anyone can find something somewhere that shows their opinion on top.  Bear in mind, again, this is a one-time process, not ongoing.  

Any product does not "need" to support every other competitor.  You're a highly technical guy.  https://bitwarden.com/help/export-your-data to export your data.  Import the CSV.  This isn't complicated sir.  By way of comparison, Bitwarden supports very very few password manager vaults from other competitors...  Dashlane, Lastpass, Keepasss all import to Bitwarden using CSV or other text file exports.  I mean ... you're in for a rude shock if you think native support is typical.   

All I'm saying is you shouldn't devalue the product just because it doesn't rub your back and mow the lawn while you migrate to it from a competitor.  Fair enough?  Or insert something about glass houses and stones here.    

 

On 31/12/2022 at 10:05, Warwagon said:

There was one thing that was annoying me about Bitwarden, but now I realize it's actually a better way of doing things.

For me Bitwarden wasn't reliability prompting me to save a changed password or a newly created account on a website. The comment was, well duh, just create the passcard inside Bitwarden first.

My initial response to reading that was "that is the stupidest thing I'd ever heard". then after actually doing it for a few sites while changing my passwords, it's actually a fantastic idea and much more reliable and gives you a bunch better piece of mind.

Having said all that, I still think it's stupid that "Autofill" is still unchecked by default and is still considered an experimental feature.

I use 1Password.  Moved from Lastpass 2 years ago.  Tried Bitwarden.  Bitwarden's UI is very very plain, and its updates are slow.  1Password updates very regularly compared to virtually every other provider out there (have also used Dashlane and Keepass in the distant past)  and with good fixes.  I reported that data fill wasn't working on a utility site to 1Password support and within 2 weeks it was, and was in the patch notes as well.  I was impressed.

Lets talk about UI.  Bitwarden is disturbingly plain.  Like, really really plain.  They care about data obviously, but the UI could've been written using WPF 1.0 from the 90s.  I don't exactly expect flair and pizazz but for something that I have to interact with a lot, I like pretty.  This ain't it.  But that's subjective as all hell, so just calling it out.

The 1Password developers are active and responsive.  Their security is appropriately annoying.   (this is a good thing)  And I am reliably prompted to save my password when I make changes... I'd struggle to support why making a passcard in advance is somehow more secure, but most good passwd managers are removing autofill for excellent reasons, of which there are still good workarounds.

I think both Bitwarden and 1Password support the same platforms at this point.

[+Warwagon MVC]

On 05/03/2023 at 19:31, mram said:

Honestly, jumping forward in time here, you are unwilling to jump through the hoops of a one-time ingestion process, and immediately delete the account and walk away?? 

Yes, the they created "Friction" to bring over my Bitwarden passwords. Because they didn't have an import option just for Bitwarden and made me map the fields my self, I was so worried that I would have screwed it up and not everything got imported. I screwed it up on my first attempt and had to delete the passwords and start over.

Same might have been for Bitwarden had they not had support for the password manager I had previously been using. But they did, so there was no friction.