Overall, which one would you use?

Please boost.

@arh For bitwarden I do not trust a software available only as cloud subscription or black box docker images containing microsoft products (what about licenses of those products ?) and that I cannot install on my FreeBSD

@R1Rail good point. You can always self-host and build it from source though.

@arh Not possible to build with the avaiable documentation without douing reverse engeneering, and finding dependencies which may not be available to me.

@arh Anything that is "cloud" is no go for me. Also anything proprietrary, online or offline. FWIW I use pass, but used KeePassX before.

@cadadr these are libre, checked by FSF. About cloud, well you can self-host on a home local network but thr antifeature of Bitwarden that doesn't let you use it absolutely offline is a problem, I agree with you.

@arh Oh, didn't know bitwarden was FOSS. Thought it was like 1Password or whatever. Nice that they have a web based alternative.

I find that both KeePassX' and pass' files are easy to sync with sync software, tho then it's 2 things to maintain, so it's neat that there are options.

@arh I mean, keepass looks great, but i havent found a version that like, i can host has a seever to be able to access them from my phone, or with an extension.
Bitwarden instead both has a selfhosted option with all the options, and a version hosted from them for free, even if a slightly smaller set of options, but still, is plenty enough do normal use i think

@kettlevoid @arh
I use KeePass to store passwords and SyncThing to sync db across my devices.

The only issue I have is when I modify db on one device while it's already loaded into memory in the second one. But ten I just need to close and reopen it on the second device, I can live with this. I haven't found anything better so far.

@arh When I wrote that the poll only had my answer.

@arh I should use a password manager. Typically I have no problem remembering 8+ character random sequences, but it's not a great use of my time.

Yet I only have pi memorized to 3.1415926 because I never cared enough to enter that wang waving contest.

@arh none of the above.

stateless password management is where I go. no database to backup or sync, regenerate the password from seed info every time I need to use it.


Also there's Pass (CLI based).. I'm trying to move towards it.

@arh I use keepass, don't know bitwarden but I don't trust cloud services for this.

@ghostdancer @arh bitwarden is open source and you can self host the server component. thats what i do.

Please note that Bitwarden server needs some proprietary requirements. Use Bitwarden_ruby fork for server.

@arh @ghostdancer bitwarden_ruby fork is terrible, the only implementation is the Rust version (which is also terrible because it's Rust)

@arh @feld Ask you both, in your opinion how difficult would be to set up one instance for a family. Just curiosity , not that I'm going to do it.

@feld Ok, I thought it was OS but you had to depend on them for cloud service. @arh

@arh You don't have enough options here;

I do "encrypted text file," but I understand that's pretty geeky.

I personally recommend
"Paper and pencil in a purse/wallet" over all others for most people.

@arh I don't recognize any of these... Google Chrome automatically remembers Passwords... That's What I Use.

@Gregvan so you use the unsafest way. Trusting Google on your passwords? C'mon man.

@arh Yes - That's what I Use and It has worked great... BUT I DON'T USE IT FOR MY BANK ACCOUNT... I Just Write that down on a Piece of Paper...

@Gregvan then I suggest using a secure password manager. Trusting Google, in any way and reason, is not a good idea.

@arh Ok... Free Advice Noted... On a slightly different subject, I Have made it a Point to Tell Google EVERYTHING POSSIBLE about me... I Uploaded my Autobiography... and every opinion I've Ever Had... and every Fiction Story... MY GOAL is to Live Forever in the Cloud as a IIDURU... or BOT or Whatever we will call it after the Singularity Happens...

@arh I'm currently using KeePassXC and Syncthing to keep the database synced across devices. I haven't had any issues with it.

Remembering passwords has become more difficult with all of these passwords. Keepass is my current solution but a self-hosted open service is my personal endgame.

@musicmatze @peranchor @arh There are several problems with password-store. It doesn’t conceal metadata, just stores “data” and doesn’t have defined fields for passwords/urls/usernames/notes, uses PGP, the front-end GUI clients are poor quality (I never got it working on Windows)…

I forked it to hide the metadata a while ago, probably should have upstreamed it…

@fikran @arh @peranchor well, luckily Windows is a niche OS and almost nobody uses it.

What you list as problems is why I use it. QtPass works fine, KDE integration is perfect, GPG is the way passwords should be encrypted. I don't see any problems.

@musicmatze @arh @peranchor How could you see the leak of metadata as a positive?

Or the lack of functionality of separating the password/username/URL/notes as a positive?

I don't see any leak of metadata. And for me, password store keeps all required data, so it does it's job perfectly for me.
@arh @peranchor

@musicmatze @arh @peranchor Take a look in ~/.password. You’ll see the filenames specifying where you have accounts. It’s what happens when you run pass list or whatever it was (I forgot). Under the hood, it just runs tree.

No. It's leaked to anybody who can access your computer and if you connect to internet, that's a wide range of people.
@fikran @peranchor

Keep telling that to yourself, yes!
Feel free to tell me my list of accounts then. Spoiler: most of them are linked on my website, so no news for anyone.

Priorities! Come on!
@fikran @peranchor

Look. We don't think someone cares a lot about your list of accounts or is cracking your computer. This is just a hint that a program is doing something wrong. It's not this specific part that is important, it's the whole process that matters. So when we see some metadata is leaked somewhere, while it shouldn't, we're talking about some serious possible corruption. Security enforces us to be cautious always.
@fikran @peranchor

@arh @musicmatze @fikran @peranchor

@arh now that makes more sense when explained in such a way. Thanks for elaborating on this.

@arh @musicmatze @fikran @peranchor

@arh wouldn't that only apply if one has spyware installed or has their system compromised in another similar fashion? It is best to be cautious and use a software that does not leak metadata for the fact that infections can happen without our knowledge, but to say tons of people can access your PC because you use internet is a logical fallacy in my opinion.
Firewalls work wonders.

A simple click on a link can compromize your system. Or even an app that has access to your files. That is why we cypherpunks are always asking people to encrypt everything.

I don't say somebody is after you guys, what I'm saying is that we should be always careful about everything if we really care for security.
@musicmatze @fikran @peranchor

@arh @musicmatze @fikran @peranchor

@arh I just wish you could see how encrypted everything I own actually is after that statement. Haha ;-)

Sign in to participate in the conversation

This service is offered by, visit our website to discover all the free services offered.
Beer, privacy and free software lovers. Join us!