Comment by worble

1 day ago

Keepass is just a single file, you can share it between devices however you want (google drive, onedrive, dropbox, nextcloud, syncthing, rsync, ftp, etc); as long as you can read and write to it, it just works. There are keepass clients for just about everything (keepassxc for desktops, keepass2android or keepassdx for android, keepassium for iphone).

12 comments

worble

Reply
FreePalestine1  9 hours ago

That is the problem, syncing isn't the most trivial problem especially for non technical folks. User experience is far superior in a fully managed solution.

aborsy  21 hours ago

How is the quality of browser extensions compared to Bitwarden?

  • worble  21 hours ago

    I don't have any points of comparison since I've never used Bitwarden, but it works well enough for my purposes. It'll match the url, offer to autofill (sometimes those multiflow sites like Microsoft will trip it up, but you can always just right click -> enter username/password for a site and that'll work), and it does TOTP filling too.

  • prmoustache  17 hours ago

    You don't use a browser extension if you are serious about security anyway.

    • TheDong  9 hours ago

      You do use the browser extension because it's a strong anti-phishing defense.

      If someone links me to "rnicrosoft.com" with a perfectly cloned login page, my eyes might not notice that it's a phishing link, but my browser extension will refuse to autofill, and that will cause me to notice.

      Phishing is one of the most common attacks, and also one of the easiest to fall for, so I think using the browser extension is on-net more secure even though it does increase your attack surface some.

      I know proper 2fa, like webauthn/fido/yubikeys, also solves this (though totp 2fa does not), but a lot of the sites I use do not support a security key. If all my sites supported webauthn, I think avoiding the browser extension would be defensible.

      1 reply →