My vote goes to 1Password, for ease of use, built in security model (client side encryption), versatility in handling all kinds of data (notes, credit cards, etc) and reliability of the plugins to work with all websites and apps. Other password management apps that I’ve tried have frequently had problems with some websites. Sometimes 1Password still has edge cases where e.g. 2FA is not automatically filled in and you have to copy paste it manually. But I haven’t seen a better app yet.

I self host Bitwarden. Before that we’ve been thru Enpass and 1Password but nothing felt as secure. Just be sure to back up data regularly in either case!

The reason for going down self hosted solution was primarily privacy. The only drawback is that we can’t snyc without VPN (which we do not mind at all).

I use bitwarden with a bitwarden_rs backend running on a raspberry pi. Encrypted backups every 4 hours.

I use KeePass compatable password managers. At the moment that’s KeePassXC on the desktop. I use it because there’s a choice of clients all using this same database format; said format is a single file I can sync between devices myself (I use Syncthing); and because it’s good enough! And of course a local database allows me to make sure my secrets never leave my devices.

I previously used 1Password but I reached a point where I couldn’t tolerate relying and trusting a third party with my secrets. At the time their Linux and BSD support was essentially non-existant, although believe that’s recently changed for the better.

The biggest problem I have with KeePass is its limited data model. For example, items can’t be associated with more than one URL and trying to store anything other than website username-password pairs feels unnatural. But that’s not a major issue.

I use the free version of Bitwarden for a year now and never had any issues. It syncs with all my devices and works on every platform. I‘ve thought about upgrading to premium, just because I want to support the cause, but the free version works just fine. As a second factor I use my phone and a Yubikey.

pass. I trained my SO to use it, but I do have the advantage that she does data science for work and knows how to code. I also store my SSH keys in pass in such a way that lets me add keys to my agent with only my GPG key password. See for example: https://github.com/BurntSushi/dotfiles/blob/master/bin/ssh-add-pass-key (and the host of other ssh-* scripts in ~/bin).

I use the Password Store app on Android to access my passwords on the go. It’s not terribly convenient, but it works well enough.

I use pass for a couple reasons:

• If the current maintainers of pass decided to quit maintaining it I could probably handle maintaining pass for my own purposes.
• Similarly, if pass became defunct, I would still have all of my passwords.
• Even if the Android Password Store app went away, I could persist without it. And I’m confident I could scrape together the resources to build one myself. The underlying tool composition is simple enough.

Stated differently, I don’t see any reason why pass won’t continue to work indefinitely. I should never be forced to migrate away from it for extrinsic reasons. This is in contrast to many other systems like 1password which take ownership of storing your passwords for you. It is definitely more convenient than my system, but for my purposes and given my own technical knowledge, it’s not convenient enough to justify it from my perspective.

Companies like 1password are just one acquisition away from shutting down or doing a complete 180. It’s happened sooooo many times that it actually makes sense to plan for it at this point and take evasive action. It sucks. I’d love to use a company I trust with a nice convenient system, but that just isn’t the way the cookie crumbles.

1Password Family, protects everyone in the house and we can share passwords between us as needed. Costs a handful of pounds a month for what I view as an essential service. (I also use 1Password at work.)

Works everywhere I need it to (including eldest’s Chromebook), synced between everything and easy to autofill webpages with.

Just Firefox

My own tool based on GPG: pw.

prs

It is basically pass, but with with fast/smart git sync, easy multi-machine/recipient support and with many annoyances fixed. I don’t recommend it for your significant other though, but you might like it.

I use Bitwarden, it’s very cheap and never got any issue with it. I tried Dashlane but too expensive.

Bitwarden. I’ve started switching my parents (both 70+) over to using it. It doesn’t seem like it’s too technically complicated, but getting them to have good habits is the larger challenge. My mother thankfully doesn’t have many bad habits because she avoids computers.

I use KeePassXC. My password database is secured by: a password, a key file on an encrypted USB memstick, and my Yubikey. Must have all three to open the database.

I just use the built in Mac/iOS Keychain. Safari stores passwords (and credit cards) there, and iCloud syncs it across my devices with end-to-end encryption. Easy.

KeePassX and KeePassDroid (and no access to these passwords on my Ipad). Password database file shared via Dropbox. Lockfile shared out of band.

Another +1 to Bitwarden, been using it for years. Before that I used 1password until I moved off of mac, then LastPass which was just all around a bad experience.

Bitwarden is just a steal at $10/yr and the option to basically seamlessly self-host if need be is just great. I’ve been debating standing up bitwarden_rs, I had tried the Ruby bitwarden implementation and it was not so good.

I use pass (password-store) for all the important passwords, which are synchronized across devices via syncthing. The android utility is quite good I think and no manager as a better CLI interface than pass.

For general passwords, I use Firefox sync, which works fairly well across devices.

Lastpass but I’ve been itching to move to 1Password for a while. My hesitance is in the network effect: I have many passwords shared with other Lastpass users, so I’d end up having both Lastpass and whatever I’d be using installed. I wish there was a decentralized, host-agnostic password storage system that allowed sharing across major open source and proprietary password managers.

For something really low-fi, I recently discovered Password Card while searching for something more accessible and friendly to an elderly family member. We decided against implementing it, only because her attack surface is ~four passwords including Google and Facebook. It’s better for her to write it down on a sticky note and put it in her line of sight because her handwriting is sufficient encryption to thwart even the most sophisticated attackers except perhaps a nation-state with seasoned handwriting analysis experts. She even thwarts herself without her glasses on!

I’ve been using Buttercup, opening up KeepassXC when there’s an account I haven’t migrated over yet.

Vimʼs :X with blowfish.

I use LastPass (and pay for it).

It was the first password manager I heard about and I thought it sounded neat. It was easy to install the extension and the mobile app.

I’ve since heard rumblings that it’s not as secure as other solutions but frankly I don’t really care. Much like having a strong lock on a storage locker, the idea is that any normal bad actor will just move on to one with weaker locks.

Someone should write a graphical frontend to pass it seems.

I have been using KeePass for the last couple of years (since 2012, if not a bit earlier), with SyncThing keeping it synced across my devices.

It has been quite reliable. Sometimes I’ll get a sync conflict, but it’s rare enough that I fix it manually, and I like the fact that I don’t need Internet access - hotspot on airplane mode is enough - for it to work.

I wrote a small and simple password manager in Go. Cryptography is provided by x/crypto/nacl/secretbox, x/crypto/scrypt, and crypto/rand. It does what I want it to do. Synchronization is easy, just use rsync over ssh or sftp.

I highly recommend using a password manager – it increases security and convenience at the same time. And you can put all kinds of things in it, not just passwords/passphrases. For example I save DNSCurve keys, WireGuard keys, etc. You can put anything you want in there.

Also interested in hearing what non-technical people are known to like and use. Would love to get my wife to use a password manager but I don’t know what’s both secure and frictionless.

i use gpg encrypted files in a git repo.

I did use pass as well but found it a bit rough around the edges, especially for my SO. So I tried to improve the UX of pass. Failing at mastering bash I started from scratch and built a compatible password store implementation called gopass.

It’s come along nicely and working very well.

Related question: What’s your backup plan if you forget your master password, for example after an accident leaving you with a temporary memory loss?

[Comment removed by author]

I started out on 1password in 2009 or so after carefully inspecting the javascript from their web version to make sure I felt like the scheme was broadly sane. I was happy with that, and cheerfully paying for upgrades, until a couple of years ago. A few changes made me start shopping around:

1. I had shifted away from Mac because I needed a new laptop, didn’t consider their laptop hardware acceptable and didn’t like Mac OS High Sierra.
2. Linux became my daily driver and 1password only ran on that through wine.
3. 1password started pushing their subscription offering much harder, and it became clear that bring-your-own-sync was going away. (So I’d have to keep my password database on their servers.)
4. The new windows version stopped working on wine, and the old one that did wasn’t being maintained.
5. Their beta Linux version required a subscription (not a deal breaker for me) and required you to use their sync service instead of the old bring-your-own-sync mode (deal breaker for me).

Now I use Bitwarden. I started out self hosting their server on a VPS. That was very resource heavy and didn’t run all that well on a $10/mo Linode; I had to reboot the box every 6 weeks or so.

I stood up a bitwarden_rs instance in my basement and configured it to connect to a cloud VPS via wireguard. That cloud VPS has caddy configured as a reverse proxy. bitwarden_rs is light enough that it would most likely work just fine on a $5/mo Linode or DO VPS, but I like this better. I wrote up my reverse proxy setup and later described the steps I’ve landed on for exposing new VMs.

I am very happy with Bitwarden, and pay the premium personal subscription even though the bitwarden_rs server includes all of the premium features without paying. 1Password is a little bit nicer. If I were still spending all of my time on Mac/iOS/Android/Windows I might think about giving up my insistence on hosting my own data for synchronization and just use that. But Bitwarden is really, really good and I don’t have to give that up. The iphone and ipad apps are excellent, the electron thing for linux is pretty good, and their browser add-ons are good.

Also, much like I did with 1password all that time ago, I read the source to satisfy myself that their approach is broadly sane. But this time the source is open, so I didn’t have to pick it out of a web viewer.

As other have said: Keepass. The Keepass format will guarantee that you won’t be locked on a specific platform/software.

KeepassXC is pretty good, feature-wise: it works with hardware keys (e.g., Yubikey), supports OTP, and you may use it as an SSH agent for storing your SSH keys.

If your partner uses macOS or iOS, Strongbox has a better UI, and many features, too (it also supports Password Safe). It’s based on a freemium model, but it’s fully functional in its free version; the full version is reasonably priced, though, and helps support its indie developer. Source code is on GitHub.

Disclaimer: I have no relationship whatsoever with Strongbox, and I don’t know whether the code has been audited.

https://www.passwordstore.org

accounts.txt

[Comment removed by author]

I use Firefox + LastPass and a few (duplicated) YubiKeys for 2FA.

Works great for me, regardless of if I’m on Mac/Windows/Linux or iOS.

(I’m sure a self-hosted bitwarden-rs would be more secure.)

I use pass with git on my personal server and it works wonders and it’s like a god send for me. I have used bitwarden in the past amongst many others though and would reccomend bitwarden to anyone that isn’t technically savvy or just wants a ready to go password manager.

I’ve heard good things about 1password though, but never used it.

Very surprised there’s no love for vault. We use it.

Firefox + Firefox Sync + Mozilla Lockwise app for iOS. It’s a syncing, cross-platform password manager for free.

I use and endorse the use of 1Password, because it is the easiest for my non-technical wife to use. Any theoretical decrease in security due to the closed source nature of the client and service are entirely outweighed by the practical benefits of having my wife move onto strong passwords.

I’ve been using Bitwarden for the past year and have been very happy with it so far. I mainly use the iOS app and Chrome plugin:

https://bitwarden.com/

I am posting my simillar query here ( because i am not able to make it as post) Is there any open source solution for sharing TOTP, HOTP (Multifactor Auth Systems) across team for accounts?

[Comment removed by author]

I switched from LastPass to Bitwarden today and I’m really happy with my decision:

• UI: Bitwarden’s is way simpler and cleaner.
• iOS: I’d call it even. Both apps work fine, support autofill, fingerprint unlock, etc.
• macOS: Bitwarden’s app feels snappier. And it’s just 1 click to copy a password. (With the LastPass app, it was 3 — click a checkbox, click a dropdown, and click “Copy Password”.)
• Safari: This is the big one. LastPass had become really sluggish and unreliable. Sometimes I’d click the icon and it would take 5 seconds to populate, or not work at all. So far Bitwarden is working great.
• URLs: With LastPass I often had duplicates (e.g. amazon.{ca,com}) and had to dig through complicated settings to add an “equivalent domain” rule. With Bitwarden I can just add another URL to any vault item.
• Organization: Again Bitwarden is simpler here. LastPass tries too hard to auto-categorize and structure things. Bitwarden has structured fields for the basic stuff (e.g. credit cards), and that’s all I want.

Exporting to CSV from LastPass and importing in Bitwarden was easy. I just had to delete one of the Secure Notes first because it was too big (it was my big text file of passwords from pre-LastPass).

I’m using the free version, but I’ll happily pay $10/year if I ever find myself needing one of the premium features.

[Comment removed by author]

Previously I use encrypted .org files. Now I have migrated to pass. I love that it’s being a plain text format. I cat put anything there however I want. And, it’s free software all around.

KeePassXC in the computer :) I rotate these about once every 2 years, unless a site gets their passwords exposed/hacked and I know about it.

I also store the passwords in the browser (Safari) for convenience.

The attack vector I am mostly trying to avoid with this combo (KeePassXC + Browser password manager) is the website leak, not so much my computer being invaded/stolen (I am planning on buying a YubiKey for a while now…)

I have no phone.

Work gives us a free 1password family account, so I have been switching over to that for ease of sharing and usability by family. (Think of those 5 people you would share Netflix with but still want to change the password from time to time).

Before 1password I was all in on Pass, working on multiple keys for certain shared directories and deploy tokens for each device. My chromebook stopped copying from/to the x clipboard, so I started having usability issues, but it still is my long term favorite and I expect to go back to it in the future.

For everything: https://www.passwordstore.org/

For Android: https://github.com/android-password-store/Android-Password-Store

For Mac: http://qtpass.org/

For Firefox: https://github.com/jvenant/passff#readme

I also use pass, and with the right UI setup it might be an option.

However, my wife uses firefox lockwise and loves it.

I use Enpass but am looking to switch because they moved away from their one-time payment model to a recurring subscription (even though I selfhost the data) and they’ve added an annoying red dot on a tab in the app that won’t go away unless you buy said extra subscription.

I’ll probably selfhost Bitwarden with the ruby server, but just need to get around to it.

Enpass.

I am using Bitwarden since couple of years and I am quite happy about that. I have also used KeepassXC in the past because Bitwarden URL was blocked by company firewall. The only feature that is truly missing is a way to check and remove duplicate entry.

I use the simple pass utility on the command line.

yapet, which I found in the Debian package list. I don’t want a web app, I don’t want a phone app, I want something I can keep on my terminal server and access from anywhere with an SSH connection. yapet is some weird little thing nobody’s ever heard of, but it has a nice TUI that lets me actually see and manipulate entries, which is where things like pass fall down for me. I should probably look at various Keepass TUI’s again, last I did they were excessively flaky but that was a few years ago.