Want more Linux content? Follow me on Mastodon: fosstodon.org/@thelinuxcast

Kee-pass-ex-see vs keep-ass-secs-ee pronunciation debate should replace the guh-nome debate. Much more fun 😊

You could run your own Bitwarden server, so that you don’t have to keep your passwords outside of your network.

I use them both. Bitwarden mostly for the browser extension, and KeepassXC for its flexibility. One effectively acts as a backup to the other.

A hacker's not getting my handwritten paper! lol

I use Bitwarden for 2 years now, never had a complaint.

Nice summary of all the features, thanks.

When you make a NAS/home server, I think you should make a docker containing this. That's what I'm thinking of doing.

What I hate the most about Bitwarden is that the desktop app is a stinking bloated Electron web app and not a proper native (Qt) app like with KeepassXC. That was the deciding factor for me choosing KeepassXC.

Never wrote down passwords in 30 plus years. Also wrote a password manager in 2005 though. Been using Bitwarden for years now...

Good overview. However, not enough credit given to ability to sync database with mobile devices (e.g. keepass2android and keepasium for iphone - I've used the former quite a bit and it syncs seamlessly and easy to set up). Also no discussion of hardware security keys or key file for added security with keepassxc.

Another thing. Keepass does have 2 factor authentication. But it does not have TOTP based authentication. You have physical keys and you also have a key file. Secure enough I would say.

Bitwarden all the way... But Keepass is probably safer if you prefer offline password management.

I would personally recommend hardening your password manager with a physical security key.

Keepassxc has 2FA in the form of key files or hardware keys. I use a key file in an obscure directory deep in the file system

KeepassXC does recognize the system theme, but just like any other QT5 application you need to setup qt5ct and the like. I thought you were already using Syncthing? but that's the best tool not just for this but everything regarding file synchronization...

Had tried both and more. The convenience and security of bitwarden is unmatched...

The clipboard integration in keepassxc works perfectly in my Plasma NixOS machine. It might be xfce problem but I don't really know much.

I use both. One essentially acts as a backup for the other.

The fact that you control how the database in synchronized is not a security upgrade unless you are a security professional. Otherwise, I would say you stick to a service where they spent a lot of time thinking about it and they have experts.

Like that bitwarden added Argon2id recently as a KDF function but for me KeepassXC still wins due to being able to use a Key file which just adds so much more entropy.

Lately, I've been looking for a local password manager to help me manage my accounts and passwords w/o remembering the passwords. I then install pass, The Standard Unix Password Manager which I found from DistroTube's video. And then I watched this video about KeepassXC. If you have tried pass before, which one is better in your opinion between pass and KeepassXC??

On my pc I use keepassXC and on android I use keepassDX I can use fingerprint to unlock my database with it

Hello Bitwarden won't recognize a login page that only asks for the username (once the username is entered, the NEXT page asks for the password). How to get Bitwarden to recognize this situation? It works ok if the page asks for both the username and password.

i also will say it says you can import your bitwarden passwords and stuff but either cause it was first time using it or what not but it seemed like when i tried to import them it put them in the wrong text field so i had to literally type every password out lol so thats one thing i don't really like about the keepass i would eventually like to get stuff off the internet though like paswords its just gonna take me some getting used to or learning.

I prefer KeepassXC for personal stuff. I do use bitwarden for work stuff and it is convenient. Interesting point about the clipboard history. For Ubuntu it doesn't come with a clipboard manager and it does clear history after 10 sec (can't paste pw anymore) which I find much more convenient (and safer) than having to override it manually when using Bitwarden on the work laptop.

i've used bitwarden i also have tried keepass but with forgetting things and if i changed my passwords or something i'd be afraid i'd forget something. like right now its been awhile since i used keepass and i'd have to go in and probably re write my passwords and stuff in a new file just cause i've changed or added some stuff since the last time i used it. but now that im back on linux and got a laptop i can keep up with it easier but if you just have mobile its kinda a pain.

Typically, the SSH Agent allows you to store ssh keys in the password manager itself, and you point your .ssh/config file at the socket of the password manager. It forces you to authenticate in order to use your keys.

I'm currently working on my own password manager. It's going to use local storage only, with the option to backup somehow (haven't gotten that far yet). I'm hoping to have it released in the next month or two.

How come these companies don't use MFA: Multi-Factor Authentication.

The BitWarden Android version is VERY unstable on my Lenovo M10 tablet, and very reliable on my Pixel 6a phone But overall, I like BitWarden, The convenience and value of its ability to sync across all platforms can not be over stated. I also REALLY like it's ability to search for compromised passwords. I've just switched to Linux and have tried a LOT of distros (settling on Ubuntu, I think) but I'e noticed that the UNIQUE login password I used for Zorin was compromised within the week. Is this a common Linux issue?

Bitwarden ❤

The best password manager - only "Orthodox" pass 👍

Pen and Paper solos.

keepassxc uses qt, you could use gtk plugin for qt so that it can use native theme

Vault Warden video please.

Sync a keepass password file with cryptomator in cloud

I recently got a 2FA code sent to my phone ,which indicated someone had my bank account user number and was attempting to change my password using the "forgot password" option. Of course , using 2FA prevented any further progress for the criminal. I notified the bank and their fraud department got as far as locating to origin of the attempt as being in the region I reside. I have never given my bank account user number to anyone and I was intrigued as to how the criminal got it. Was it just a random number attempt? Was it an "inside job" by a bank employee? Or the only other thing I could think of was that years ago I used LastPass but closed my LP account after their first data breech. I was wondering if my data still exists on LastPass servers even though I closed my account. I used Bit Warden briefly and then went to Keepassxc. I synchronise the KP database on my devices using Syncthing

security through obscurity, statistically you'd be safer keeping your passwords in a plain text file on your desktop than on a major target like bitwarden

Bitwarden forsure

🔐🛡👍