Benad's Web Site

I already mentioned years ago the KeePass password manager, and to this day this remained my prefered choice. What my post didn't mention is that while KeePass doesn't handle synchronization of its password database files, many 3rd-party KeePass apps limit their choice of synchronization to using Dropbox. Earlier this year Dropbox added a 3-device limit to its free accounts. Luckily for me, all my KeePass apps supported OneDrive, so I moved my password files there. Still, I took the occasion to try out other open-source password managers.

The first I tried was pass, the self-proclaimed "standard unix password manager". I actually found it mentioned in passing in Docker's Credential store support. To put it simply, pass is a wrapper around GnuPG, and to some extent Git. It doesn't really perform encryption, but rather manages password entry files encrypted by GnuPG. As for synchonization, it can wrap around some Git commands. On one end, it's "standard unix" design and the way it delegates cryptography to GnuPG may make it the most secure password manager out there. Even for synchronization, you need to set up both the private key for the password files, but also the public SSH key used by Git for file synchronization. One the other hand, while for someone like me, used to GnuPG, Git and Linux, pass isn't too difficult to set up and use, I can't imagine the "public at large" using it. Git is already difficult to use, let alone GnuPG. Also, the password entry names are simply the file names, which is already some information leak, and since searching is limited to entry names it makes storing more complex entries like multi-URLs sites quite difficult to maintain.

So, is there another open-source password manager for "the rest of us"? Well, there is at least Bitwarden. It incorporates password database synchronization, making it similar to LastPass or 1Password, but unlike the others its entire code is open-source and offers the option for you to self-host your own Bitwarden server. In practice it means that you can pay for hosting, support and a few bonus features, or you can use the free option, or you can review the code and host it yourself if you are tech-savvy. Even for the paid version, the pricing is reasonable (and much cheaper than 1Password).

I'll keep using KeePass for the time being, mostly with a combination of KeePassXC and KyPass. While I still recommend KeePass, I would equally recommend Bitwarden, especially if you need a simpler solution.

Published on September 29, 2019 at 14:00 EDT

Older post: Browsing Home

Newer post: The App Subscription Model