Hy,
In your opinion do you prefer Bitwarden or Proton Pass and why?
It seems proton pass have better integration with Firefox.
Good and bad?
Thanks.
Bitwarden because it is open source.
Both are open source
Am I a boomer for still using KeepassXC synced via Dropbox?
deleted by creator
KeepassXC + SyncThing in my case, to skip the middle man (Dropbox/Google drive)
Nope, that’s a pretty secure password manager setup.
No sir, I did this for years. I used Kypass on my iPhone so I could use my passwords on my phone as well. I ended up switching to Bitwarden for easier 2FA implementation and granular password sharing rather than having to share my whole vault or manage a separated shared vault
What kind of 2FA setup do you have?
I use Bitwarden with DUO as my Authenticator app. I know that you can set up keepass with 2FA via an extension but I didn’t find it as portable with my existing apps which is why I decided to make the switch
Nah, still a great solution if you like. That was my solution for years until just about a month ago I switched to bitwarden because it seemed easier to protect with a yubikey. I’ve liked it so far.
I took the opportunity to export all my passwords from Firefox, chrome, and KeePass, then spent about a day cleaning the whole mess up and removing duplicates, THEN imported the csv into bitwarden. Still getting used to not using chrome/Firefox for auto filling and storing passwords, but I like that my passwords don’t feel so spread out across multiple browsers/dbs.
It works but partitions can and will happen and a merge afterwards is non-trivial AFAIK.
Do you encrypt it before syncing in Dropbox? Or just raw .kdbx and password (+ key)?
I just trust the built-in encryption, which makes it easier to read via keepass2android (since I don’t have to do an extra decryption step).
Yeah that makes sense
deleted by creator
Defense in depth is my thinking
deleted by creator
Interesting. I assumed it did, two layers of encryption, different passcodes and ideally keys - not sure how it wouldn’t, but now I need to research it
These are my opinions, not a security expert or anything but - if your system is compromised two layers won’t make a difference. If someone gets ahold of the KDBX, two layers might slow them down but if they have the compute to crack the KDBX in the first place a second layer won’t make a difference, even if you’re using a stronger algorithm.
I can only think of two benefits.
-
using two different algorithms adds a layer of protection in the event a flaw is discovered.
-
If it’s wrapped it would likely have a different extension and signature, so if someone were to say, hack the cloud storage provider and grab all the KDBX files you might get missed.
In any case, the encryption algorithms we use today will likely be irrelevant and useless at some point in the near future. If you suspect your KDBX has been stolen, you should change all your passwords - even if they can’t crack it today, you don’t want to get an unpleasant surprise in a decade because you didn’t.
Although changing your passwords on interval is a good security practice anyway.
I also wouldn’t sync them with a cloud storage system either, since you never know.
Yeah, that makes a lot of sense, thanks for the insight!
-
deleted by creator
deleted by creator
I like Bitwarden because I can host my own server and control it all. Not sure if the other service does set-hosting. Maybe you can do the same with that?
I’ve been thinking of setting up my own server. Does hosting your own server feel secure? I feel capable of setting up my own server but I’m not sure if I trust myself to secure it appropriately.
Yes, it’s secure and of course can be further secured by other services, like vpn and scanners and such. I front my stuff with Cloudflare certs on their free tier as well.
Just use complex passwords for the admin and logins. They also support two-factor authentication which is easy to setup.
Bitwarden isn’t a brand new solution. I don’t understand the comment in Firefox, though, Bitwarden has no issues with it that I’ve found.
I’ve used Bitwarden heavily in various browsers and Android. It’s really great and very effective at filling in passwords. Every now and then there’s a site that does something weird to make it autofill a bit wonky, but I can only recall seeing that happen with registration forms (sometimes the enter + confirm your password fields seem to confuse it). It’s near perfect at sign in forms that I’ve used.
There are issues with Firefox private browsing windows that don’t happen in Chrome. Quoting their help article:
- Your vault will lock every time the browser extension closes, unless you set vault timeout to Never.
- Unlock with PIN will work only if the Lock with master password on browser restart option is not selected.
- The badge icon will not update to show vault state (locked or unlocked).
Not huge issues, but definitely annoying on a daily basis.
I don’t have experience with the second point but the other two don’t happen to me; it works as it should.
Really? With Firefox in a Private browsing window - are you certain?
Here’s mine, with the vault currently locked, but not showing any locked state (point 3):
And for point 1, just unlock the dropdown extension, exit the extension window, then click on the icon again. It will be re-locked when it shouldn’t.
If you’re really not seeing this, would you mind telling me how you fixed it?
I missed that you said in private tabs. I can reproduce it there but BW also says that private tabs support is still experimental when you try to do it.
To be honest, also Proton Pass is pretty new
Don’t combine email, password manager, or 2FA authenticator together with the same company. All 3 should be completely separate from each other.
Bitwarden has a distinct advantage for this reason alone.
Been using Bitwarden and Firefox for years and years. Never had any integration issues.
Same. Works well on Firefox, iOS, and android.
Yup, it just works.
deleted by creator
I use protonpass for alias email and bitwarden for passwords.
Why not simplelogin integration in Bitwarden? The first comes as part of your assuming proton unlimited package
Just got an email from proton today about their “lifetime deal” for proton pass I currently use bitwarden and Firefox relay but I’ve been debating trying to drop my Gmail account and switch everything to my proton account. Thinking it would be silly to pay Firefox $12 a year just for relay when I can get that and more from proton for the same price.
All of that to say how exactly does the email alias work and can I set a custom email subdomain to just have an alias get created whenever an email is sent to the email I give someone without me having to go manually create it?
Been a longtime user of Bitwarden (free, and over the last year paid). It’s a straightforward/good but a bit boring UI, connects very well and easily into browser, phone etc. Works well, highly recommended, and having 2FA on paid version is awesome.
Been trying out Proton Pass for the last few days since I already pay for Proton Unlimited. It’s got a good UI and so far it’s been working well in Firefox and on my phone. It’s much better integration with Simple Login features so I like the slightly more seemless sign-up ability. It’s not 100% feature parity with Bitwarden paid though.
Bottom line - I prefer proton pass as a heavy proton user already BUT if I just wanted a standalone password manager, Bitwarden is probably better. Both are good options though, and competition is good.
(Possibly a silly question: Is there anything wrong with a boring UI? What makes a good UI not boring?)
Nothing wrong with a utilitarian boring UI/UX. It’s not going to be a determining factor but a nicer looking and feeling experience is…nicer.
I was just about to ask this too. I think boring is better than complicated, Especially for something you use everyday and that too, on autopilot a significant amount of time.
Bitwarden+vaultwarden server = free enterprise access 👍
I love this. I have it running on my Synology which has native docker support, reverse proxied through a wire guard tunnel to a digital ocean droplet.
Bitwarden. I’ve used it for years, never been unreliable. I pay for it.
Bitwarden is an open source, very popular choice, tried and tested. The Firefox extension works great, as do the mobile apps. The free version includes most of the features if you want to try it out.
If you’re considering paying for the most polished experience, 1Password is the nicest in my opinion. Stay away from LastPass. No opinion on Proton Pass, it’s still new. But I still choose Bitwarden because I like that it’s open source, and I COULD choose to self-host a server if I got paranoid (I probably won’t).
Bitwarden is what I am using and I am having no problem with it so far.
I’ve never used Proton Pass so I can’t comment on which is better. However, my wife and I have both used Bitwarden for a number of years and have no complaints. Works with Brave, Chrome, Firefox; works on Linux, Mac and Android. We don’t have Windows or iPhone so can’t comment on those. We can share selected passwords between us.
And it all just works.
Works great with iPhone. It gets a little angsty when you have the Apple keychain or whatever it’s called activated sometimes. Honestly it is just a matter of selecting which to use, but the software gets a little confused sometimes.
I prefer Bitwarden just to not put all my eggs in the same basket
Thanks for all comments and opinions. I’ll give a chance to bitwarden.