
Ask HN: Password manager recommendation? - ryanmccullagh
New to this space...I have too many passwords to manage, and I&#x27;m no longer comfortable using the same password for multiple services.<p>I know in order to sync my set of passwords, they&#x27;ll have to be stored centrally on another entity&#x27;s server. Is this the usual case? Are these passwords going to be decrypted on the client only?
======
davismwfl
1Password. I never used to like using password managers and 1password has
changed that. Mobile app and web integration are both done well. With the
ability to share vaults and keeps things separate and orderly.

~~~
lewisl9029
I've been mostly using 1Password since my workplace provides an account that
includes a personal vault, but I've also been looking at switching to Enpass
for my personal passwords.

[https://www.enpass.io](https://www.enpass.io)

Some things I like about Enpass over 1Password:

\- Has a Linux client.

\- Offers free desktop clients, mobile clients require a 1 time purchase (not
subscription based).

\- Stores passwords locally. Sync is provided through a separate storage
provider of your choosing (GDrive, iCloud, OneDrive, Dropbox, etc). I like
this implementation much more than traditional cloud-based password managers
because a hack of a single server (1Password's, for instance) won't compromise
everybody's data and expose your (hopefully hashed) password database as
collateral damage.

I'd love to hear from anyone who might have experience with both 1Password and
Enpass on how it is to use Enpass on a daily basis compared to 1Password.

~~~
tmd83
This actually looks good. Wondering why I haven't heard of this before.

Anyone has thoughts/knowledge on its security, on SQLCipher?

------
dallbee
I'm a huge fan of Pass.
([https://www.passwordstore.org/](https://www.passwordstore.org/)). It's
command line based but there are adaptations for various platforms. It works
best in a UNIX-like environment, though.

~~~
ravloony
I also use Pass. It integrates great with git, so you can store your password
database anywhere, and sync on demand with `pass git pull`.

Also by using GPG as an encryption mechanism it allows you to use your gpg-
agent so you only have to authenticate when you log in to your computer.

Basically it relies on existing tools to solve existing problems (sync,
encryption) and concentrates on the added value: listing, storage and
retrieval of passwords.

A greatly useful application of the unix philosophy.

------
sheraz
LastPass, and I pay for it. Does the job, but the chrome plugin seems sluggish
sometimes.

Happy customer.

~~~
imaginenore
LastPass is the last thing you should use. It got hacked in 2015 and 2016:

[http://lifehacker.com/lastpass-hacked-time-to-change-your-
ma...](http://lifehacker.com/lastpass-hacked-time-to-change-your-master-
password-1711463571)

[https://www.hackread.com/lastpass-hacked-this-time-for-
good/](https://www.hackread.com/lastpass-hacked-this-time-for-good/)

~~~
interurban
For clarity's sake, they were hacked once and in separate instances had
vulnerabilities reported to them by security researchers, which were then
fixed.

I don't know if it's more or less secure than other password managers, but it
certainly isn't the last thing you should be using.

------
z1mm32m4n
I use KeePass (MacPass on OS X). It's open source and saves to a single
encrypted file. I stick it in Dropbox and it's available everywhere I need.

~~~
WorldMaker
I use a small constellation of context-specific KeePass files (Work versus
Home, for example) as the overall huge number of password groups ("folders")
started to get hard to manage, and I also wanted to start better managing the
specific devices with access to some of the files.

I had been using various combos of Dropbox/OneDrive to sync several of my
primary files, but recently moved to Resilio Sync (formerly known as
Bittorrent Sync) Encrypted Share folders because I can have "dumb nodes" that
can share the "torrent" of the encrypted share folder but not access the
internals (individual files), such as an always available VPS in the cloud
somewhere.

------
c13k
Google password manager passwords.google.com works very well for me. I also
use a veracrypt encrypted container with a plain text file containing my
sensitive notes and passwords, stored on my Linux laptop and backed up onto an
encrypted bucket on AWS S3 in case my laptop dies or is stolen or destroyed.

This works very well for me, and I'm in control of my passwords.

------
rebootthesystem
Is there one that does NOT use any off-device storage? Or one that provides
options for how and where your data is stored?

What I mean by this is no cloud, no central server storage, no third party
storage of your data at all.

In other words, if you have it installed on three devices there's file of some
sort that you have to replicate between them yourself or some network-based
(not internet, local network) approach to synchronization.

I know centralized storage is convenient but that's where you open yourself up
for compromising your information in the even of a breach wherever your info
is stored.

~~~
WorldMaker
KeePass (and family) store to encrypted files on your machine that never leave
the device by default. It doesn't know or care about cloud or central server
storage. (It simply provides a means to reconcile changes made in other files,
such as synchronized conflict versions.)

Most people then choose the cloud storage of their own choice (Dropbox,
OneDrive, Resilio Sync, etc...) to pass the files between devices as
interested/necessary. KeePass doesn't know nor care that a sync provider is
being used and its just like any other file to sync (which is why you can
choose any file sync strategy under the sun).

------
matthberg
I have used Dashlane since the beta days, it works well. It is closed source,
yet works well, the paid version ($40/year) syncs between devices while the
free version is one device only. There are apps for Android, iOS, Mac, and PC.
Features include autofill on websites and receipt logging when using credit
cards. Their site says they decrypt and encrypt locally only, using an
unrecoverable master password.

~~~
JulianVModesto
I love Dashlane!

I've been there since Beta, too, and it's in the highest price tier for
password managers, but it's often lauded as having the best user experience on
desktop & mobile, and one of the simplest managers for even non-technical
people. The local decryption also makes it uniquely secure and less
susceptible to attacks like the LastPass attack in 2015.

Great product and happy to support the Dashlane team! You can store passwords,
secure notes, payment methods, and even IDs like passport or driver's license
numbers, with great autofill support.

Before Dashlane, I used a KeePass database that I synced with Dropbox, so I
could access it on macOS or iOS, but the clients varied in quality, and when I
switched to Dashlane, the experience was fantastic with autofill available on
both macOS and iOS.

------
richbhanover
I use Password Wallet ([http://www.selznick.com/](http://www.selznick.com/)).
It's not sexy, but has decent web browser integration, and it has never failed
for me. (More specifically, it does a couple things well, not trying to do
everything for everyone.)

------
onetom
1\. 1Password IF your desktop machines are all macOS/iOS/Android.

Pros:

* Best UX

* Great keyboard support

* Non-cloud, local network sync option

* Sharing for families and teams via vaults which specify permissions of users (identified by their team specific email address)

* Login into multiple teams

* Intuitive web login form autocompletion and password generation for account creation

Cons:

* Closed source, so you still have to trust their binaries and their team

* No Linux version and only the Windows version is still beta, so the the whole team/family should be on Macs pretty much

2\. Dashlane

Pros:

* Slightly cheaper than 1Password

* Reasonably nice UI

* Windows client

Cons:

* Annoying UX (auto-generated passwords are hard to find later, doesn't recognize a lot of login forms, etc etc)

* Almost no keyboard shortcuts

* Sharing is per-password with user emails (which might be the private emails, because they don't have proper team support)

* Closed source

3\. Lastpass

Pros:

* Even cheaper than Dashlane and 1Password

* Enterprise plan has nice company-wide audit of password usage and hygiene

* Share passwords without revealing them (which is useless if you can hack their clients of course)

* Sharing is folder based

* Lastpass 4.0 got a modern look and feel finally, but it's still ugly compared to the others

Cons:

* Enterprise admin interface UI & UX is terrible

* Can't fill out a lot of login forms (even basic ones, like google, amazon IAM), especially if you have multiple accounts for them

* Closed source

4\. KeePass - haven't used it for real, but I know about one, 30+ ppl company
successfully using it on all 3 major platforms

Pros:

* Open source

* Cross platform

Cons:

* Haven't found a proper web login form filler integration for it

* Quite inconvenient compared to eg. 1Password

Not sure how sharing is supposed to work in it exactly. I think it's out of
their scope.

------
sullyx
I'm using Vault (vaultapp.xyz). It's open-source, simple and free and meets
all my needs. Disclaimer: I'm a developer for Vault.

------
brandon272
The small team I am on uses 1Password for Teams and it works brilliantly.

------
johnmathews123
I use Zoho Vault free plan. Very much happy with it.

------
davidbanham
I use Enpass and have been happy with it.

------
dotpot
KeePassX

------
imaginenore
KeePass for the important things - anything that involves money, directly or
indirectly - email, banking, amazon, ebay, bitcoins.

1Password for everything else.

~~~
rhlala
Why do you use two?

~~~
imaginenore
I don't trust anything integrated with the browser. I could probably use two
separate databases of KeePass, but it's browser integration sucks.

------
NotThe1Pct
keepassx

