
Ask HN: What password manager tools do you use or recommend? - testybesty44
What password manager tools do you use or recommend?
======
toyg
BitWarden has come a long way and now it does everything I need: iOs
integration (in ios12), Android, extensions for all browsers, and even the
(fairly pointless but customary in 2018) electron-based desktop app. It’s even
opensource, so one could host a private instance - which I’d be keen to do if
it weren’t based on the annoying Microsoft stack.

The only feature I miss is the little gamification that LastPass has, where
you can check how many of your credentials had the same details - lowering
that score day by day was a nice challenge. I was tempted to build it myself
(BW has an API too) but not got around it yet.

~~~
cutety
Seconding BitWarden. It’s the only open source/self host able password manager
I could find that provides all the features that I wanted from closed
source/hosted password managers (1pass/lastpass). The chrome extension and iOS
app are great, have auto fill support unlike some other open source password
managers (KeeWeb).

Self hosting it is super easy to setup, they just give you a docker compose
file, and a few commands later it’s ready to go. It’s also fairly easy to
modify the compose file to deploy it to a Docker Swarm cluster, which is how I
have mine setup.

------
deanmoriarty
This won’t be popular here, but I use LastPass extensively (300+ saved
credentials) and works like a charm: 2FA via TOTP, incredibly reliable Chrome
extension (I almost never have to copy/paste passwords from it, the auto
completion aggressively works even with the websites that explicitly try to
prevent it or change frequently), beautiful ios integration and seamless
synchronization across 6+ devices. I take a csv backup on an encrypted usb
stick monthly just in case. I don’t remember any of the passwords I use
(besides the LastPass master password), including the most important ones such
as gmail and bank accounts (for which I also rely on TOTP whenever possible).
Always automatically generated and stored in LastPass.

I would love if someone convinced me to move to something that would work just
as well, for me user experience is the most important thing, I don’t want to
deal with complicated workflows, considering password completion is something
I have to do ~50 times a day or more, so even just a few additional seconds
become exponentially annoying for me.

------
kevinherron
I use 1password right now. It's really nice.

If I were starting over I'd give pass and its various open source UIs/apps a
chance: [https://www.passwordstore.org](https://www.passwordstore.org)

------
ecesena
I wrote my own, MemPa [1, 2].

I'm not sure I'd recommend it because it's basically iOS-only now and with no
iOS12 integration, but I'd definitely recommend a deterministic approach for
at least your most important sites (banks, google?, facebook?). The main
reason is availability in case of real need, when for example your phone could
be broken or inaccessible. I wrote about my use case here [3].

Happy to discuss deterministic approaches, please make sure to read also the
counter arguments [4].

In addition, I strongly encourage setting up 2FA, especially on the most
important sites. My choice for passwords is also related: I really want my
password to be something I know (not something I need a device/password
manager for) because with 2FA you prove already something you have. Another
totally valid option is to setup 2FA on your password manager and call it the
day. For completeness, I'm also building a security key called Solo, open
source and FIDO2 [5].

[1] [https://mempa.io](https://mempa.io)

[2] [https://hackernoon.com/mempa-a-modern-deterministic-
password...](https://hackernoon.com/mempa-a-modern-deterministic-password-
manager-2c0f28fa108b)

[3] [https://hackernoon.com/how-i-manage-my-passwords-
technical-v...](https://hackernoon.com/how-i-manage-my-passwords-technical-
version-8549dc1bde1e?gi=c53454131b71)

[4] [https://tonyarcieri.com/4-fatal-flaws-in-deterministic-
passw...](https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-
managers)

[5] [https://solokeys.com](https://solokeys.com)

------
mawalu
I switched to keepassxc[1] a while back.

[1] [https://keepassxc.org/](https://keepassxc.org/)

~~~
facorreia
I use KeePass with DropBox on Windows, Linux and Android.

------
ocdtrekkie
A notebook or a folded up sheet of paper with hints you need to remind you of
your passwords but not explicitly stated. Completely invulnerable to security
flaws, it's only breachable by physical access.

------
chickahoona
Im using [https://psono.pw](https://psono.pw)

its free, open source and you can host it easily yourself with docker. Full
disclosure, Im the key developer behind it.

------
it007
I use an app called oPass, it's iPhone only though
([https://opassapp.info](https://opassapp.info)).

------
wilbertliu
I personally use iCloud Keychain, and it’s more than enough for me.

------
pwg
I use PasswordGorilla
([https://github.com/zdia/gorilla/wiki](https://github.com/zdia/gorilla/wiki))

------
java-man
Passwørd Safe

[https://github.com/andy-goryachev/PasswordSafe](https://github.com/andy-
goryachev/PasswordSafe)

------
pacuna
Firefox native password manager. Works fine and it syncs with my phone
automatically.

------
jppope
I use mnemonic devices (Rhymes, non-wester geography, latin or greek history),
with really long strings: ([https://xkcd.com/936/](https://xkcd.com/936/)) The
system works pretty well. Zero password reuse. Always Remember, Can't be
compromised with a password manager... the problem is the companies and their
poor security! (LinkedIn, Experian)

I'm really looking forward to the days when we don't have passwords anymore.

NOTE: And they said I would never use Latin!

~~~
sublupo
If Gmail gets hacked and they leak your password, thereby requiring you to
change your password, how will you remember the changed password?

