Definitely recommend a password vault to anyone that doesn’t already use one. After this next hack leaks, I imagine you’ll get at least a couple of attempts on your email/phone.
I had an identity theft a few years back, still cleaning up from it. At the time I had the typical set of standard passwords that I would use. I thought they were ok since they were pretty random but I had one for Financial, one for Web Services, etc. so of course when the creds leaked, I suddenly had a bunch of credit card bills I never signed up for…
Since then, every password is unique, my default is 31 characters, and 2-factor for everything possible. Unfortunately I initially settled on LastPass, figured that they had hopefully learned their lesson from their breach years ago. Then it happened again recently and I moved to Bitwarden so that I can eventually migrate to a self-hosted solution.
I’ve been trying to get my family on board for years but it’s still too complex. Non-technical folk still will take the path of least resistance, even when the dangers are right in front of their face. We need something better.
I use Keepass with Syncthing as the sync backend. Syncthing comes as a Docker container these days and sets up in seconds, I like how it doesn’t rely on a central server and gives you some redundancy.
Also, Keepassxc is a rewrite with better integration, true cross platform support and more features, keepassxc.org
I don’t know much about them to be honest, and what little I have heard sounded like it was paid for. My knee jerk reaction is to avoid them. Maybe they’re decent, maybe not. Couldn’t say.
Definitely recommend a password vault to anyone that doesn’t already use one. After this next hack leaks, I imagine you’ll get at least a couple of attempts on your email/phone.
I had an identity theft a few years back, still cleaning up from it. At the time I had the typical set of standard passwords that I would use. I thought they were ok since they were pretty random but I had one for Financial, one for Web Services, etc. so of course when the creds leaked, I suddenly had a bunch of credit card bills I never signed up for…
Since then, every password is unique, my default is 31 characters, and 2-factor for everything possible. Unfortunately I initially settled on LastPass, figured that they had hopefully learned their lesson from their breach years ago. Then it happened again recently and I moved to Bitwarden so that I can eventually migrate to a self-hosted solution.
I’ve been trying to get my family on board for years but it’s still too complex. Non-technical folk still will take the path of least resistance, even when the dangers are right in front of their face. We need something better.
Who do you recommend?
Keepass is probably the most secure, but was a pain for multi device / multi OS users last time I used it.
Currently I use Bitwarden. You can either use their backend or you can self host. Cross platform, multi device support, 2FA support.
I use Keepass with Syncthing as the sync backend. Syncthing comes as a Docker container these days and sets up in seconds, I like how it doesn’t rely on a central server and gives you some redundancy.
Also, Keepassxc is a rewrite with better integration, true cross platform support and more features, keepassxc.org
Thoughts on 1Password?
They are okay, but I had massive problems with their browser plugin after a while and moved to bitwarden
I don’t know much about them to be honest, and what little I have heard sounded like it was paid for. My knee jerk reaction is to avoid them. Maybe they’re decent, maybe not. Couldn’t say.