
Ask HN: Password Manager (2017) - ohmymac
A handful of years ago I finally started using a pwd manager. Time passed and I am a bit unhappy about how they handle security and what they consider &quot;secure&quot;.<p>This is a very discussed theme and there are plenty of options.<p>My main idea is to gather what are the best options currently and as a bonus if they fulfill a some requirements like: open source, browser extension, other easy to use solutions to fill browser forms, support integration with 2f apps,..<p>Let me know in the comments what you think is the best solution at the moment.
======
f_allwein
I use 1Password. Not a security expert, but the site looks trustworthy and
they have been recommended in various places. Extensions for all browsers, but
not open source. Here’s a discussion on this:
[https://discussions.agilebits.com/discussion/22686/open-
sour...](https://discussions.agilebits.com/discussion/22686/open-
sourcing-1password-was-security-question)

~~~
Crontab
I used to have a favorable opinion of AgileBits but I can't recommend them
after they started their push to subscription-ware. And if you look at this
URL:

[https://1password.com/sign-up/](https://1password.com/sign-up/)

it appears that they are still playing games in regards to letting people know
that there is a regular version that you can pay for up front.

Personally, I would recommend finding an alternative.

~~~
xcubic
Can't see the regular version no more

------
aagat
I have been using
pass[[https://www.passwordstore.org/](https://www.passwordstore.org/)] for two
years now and it works reasonably well.

Desktop "GUI": rofi-pass[[https://github.com/carnager/rofi-
pass](https://github.com/carnager/rofi-pass)]

Android Client:
[https://f-droid.org/packages/com.zeapo.pwdstore/](https://f-droid.org/packages/com.zeapo.pwdstore/)

Sync: Git+Manual download

All components are open source and actively maintained.

------
jryan49
I host my own ala,
pass([https://www.passwordstore.org](https://www.passwordstore.org)), and
qtpass on windows. It uses gpg encrypted files in a git repo. Pretty sure it's
as safe as gpg is.

------
finchisko
KeepassXC with sync to dropbox or even better to keybase.io KBFS. There is
Chrome and Firefox extension. Shameless plug I'm working on new kind of
extension [https://github.com/mauron85/keepassxc-
browser](https://github.com/mauron85/keepassxc-browser). There is alpha
release already, but missing many features. My goal is to make it work in
major browser and also with NativeClient version of KeePassXC
[https://github.com/varjolintu/keepassxc](https://github.com/varjolintu/keepassxc).

------
TurboHaskal
I use 1Password due to convenience. I'd happily go with an open source format
and whatever implementations exist for different desktop and mobile operating
systems, but these are often lacking in terms of ease of use and user
experience and are therefore not the best option should I want my relatives to
make use of them as well.

1Password passes the litmus test which is getting my wife to actually using
the password manager that I installed her. I didn't have much luck with open
source alternatives.

------
toifiz
I use KeeWeb both on desktop app and web app :
[https://app.keeweb.info](https://app.keeweb.info)

I store my kdbx in my Google Drive.

------
hopesthoughts
Lol I think I'm the only one here still using LastPass. I just started using a
password manager at the beginning of this year and it really seems to work for
me.

------
ngrilly
If you use a Mac, I suggest MacPass:
[https://mstarke.github.io/MacPass/](https://mstarke.github.io/MacPass/)

------
cpburns2009
I use KeePassXC for my password manager on Linux which is open source. I can't
comment about web browser extensions. KeePass is the Windows version.

------
alexnewman
Pass used git and gpg and works on every platform

~~~
QUFB
Android and iPhone too?

~~~
stephenr
I believe there are clients for all platforms.
[https://www.passwordstore.org/#other](https://www.passwordstore.org/#other)

------
kek918
KeePassXC for my Windows and Linux computers. KeePassDroid on my Android
phone. All three are synced in Dropbox

~~~
auxym
Exactly the same setup here!

------
Rjevski
1Password, but it fails the open-source check. Otherwise it's great and even
supports 2FA (though you might argue it's not really 2FA as your master
password now protects both your password and second factor).

------
chrisked
If you are on a MAC go for 1Password. On a side note: I’ve read discussions
here among very recognized folks that the windows version does not compare
security wise.

~~~
Crontab
That is a surprise. How is the Windows version less secure?

~~~
chrisked
That's was not about 1Password. It's about the fact that the security models
are different on the two OS. Also I remember that 1Password had a certain
vulnerability on windows which is now fixed.

In any case a bad password manager can be significantly worse than not using
any pw manager at all. So pick wisely.

------
baflatfair
KeepassXC + plugins + sync with gdrive

------
codegeek
keepassx sycned with cloud providers.

------
Siilwyn
Dashlane.

