this post was submitted on 28 Sep 2023
73 points (100.0% liked)

Selfhosted

40767 readers
1666 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Objective: Secure & private password management, prevent anyone from stealing your passwords.

Option 1: Store Keepass PW file in personal cloud service like OneDrive/GoogleDrive/etc , download file, use KeepassXC to Open

Option 2: Use ProtonPass or similar solution like Bitwarden

Option 3: Host a solution like Vaultwarden

Which would do you choose? Are there more options ? Assume strong masterpassword and strong technical skills

(page 2) 43 comments
sorted by: hot top controversial new old
[–] nix@merv.news 2 points 1 year ago

I switched to proton pass after using bitwarden for a couple years

[–] Still@programming.dev 2 points 1 year ago (1 children)

I do 3 and have encrypted backups to Dropbox so I can easy restore/spin up a cloud server if I need to

[–] Auli@lemmy.ca 1 points 1 year ago

Yep but use Microsoft.

[–] rmstyle@feddit.de 2 points 1 year ago

To improve security of option 1 you could use a keyfile, that is either only transferred manually to devices or stored at a second cloud provider.

[–] MeaCulpa@feddit.de 2 points 1 year ago

Option 1, with manual copying to mobile. I tried syncthing in the past but had problems with corrupted files

[–] Decronym@lemmy.decronym.xyz 2 points 1 year ago* (last edited 1 year ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
Git Popular version control system, primarily for code
IP Internet Protocol
NAS Network-Attached Storage
SSH Secure Shell for remote terminal access
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

7 acronyms in this thread; the most compressed thread commented on today has 4 acronyms.

[Thread #173 for this sub, first seen 28th Sep 2023, 18:45] [FAQ] [Full list] [Contact] [Source code]

[–] Artaca@lemdro.id 1 points 1 year ago (1 children)

I like Enpass. $25 lifetime sub via Stack social. Does the trick. If they ever pull the rug out on lifetime folks, I would go to Bitwarden.

[–] vector_zero@lemmy.world 2 points 1 year ago (2 children)

I ended up scoring a free lifetime membership years ago, but is their stuff open source? I never fully trusted it, so I didn't end up using it for anything

[–] aksdb@feddit.de 1 points 1 year ago

Enpass uses the open source library sqlcipher (which is an sqlite fork with encryption). So while Enpass as a whole is not fully open source, you can still exfiltrate your passwords with open source tools, should they ever vanish or radically change their business model. You can then use for example enpass-cli.

That gives me enough confidence to trust in Enpass, since they can't easily hold my data hostage.

[–] Artaca@lemdro.id 1 points 1 year ago

It's not open source, so that's an easy deal breaker for some. Considering the vaults are encrypted and Enpass itself stores nothing on their servers, I've been okay with it. The vaults just exist on my phone and wherever I've chosen to back it up (OneDrive, GDrive, Nextcloud, NAS, etc).

[–] Nibodhika@lemmy.world 1 points 1 year ago

I like LessPass, essentially you choose one password and then it generates secure passwords for each website, since it uses a predefined generation algorithm it's completely offline and doesn't need syncing it's very secure. However it has the inconvenience of needing to remember the way you spelled the website, but if you stick to something like all lowercase it's fine.

[–] nyakojiru@lemmy.dbzer0.com 1 points 1 year ago (1 children)
load more comments (1 replies)

I did option 1 for a number of years but now I'm doing option 3 off a proxmox container and some cloud scripted backup. So far so good.

We just started doing option 3 at work and just keep it behind the firewall. It is going well so far.

[–] 0xD@infosec.pub 1 points 1 year ago

Option 2, because once you start thinking about the ways your stuff could be stolen ("threat modelling") you'll see that realistically it's the easiest option.

[–] fireshell@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I'm currently using KeePassXC. The setup that I created below gives me 3-backups of my passwords, but it's a bit to manage.

Computer

On my computer, I have my keepassxc database and key file stored in a veracrypt container. Next to my computer, I have a piece of paper that has the password for my keepassxc database and the password for my veracrypt container.

computer -> veracrypt container -> keepassxc database AND keepassxc key file

paper -> keepassxc database pw AND veracrypt pw

KeePassXC Export File (text file that contains all of my login information)

I store this file inside of a veracrypt container, on my USB LUKS. Next to my USB LUKS, I have a piece of paper that has the associated veracrypt password.

usb luks -> veracrypt container -> keepassxc export file

paper -> veracrypt pw

Cloud

I store my database in cloud service a.

I store my key file in a veracrypt container, in cloud service b.

On a piece of paper, I have the login information to both of these cloud accounts and the password for the veracrypt container.

[–] AA5B@lemmy.world -1 points 1 year ago

Apple keychain. Supposedly secure, extremely convenient, may be in the Cloud but not centralized - can’t lose everyone’s credentials at once.

The plug-in for Windows works pretty well too, although I wonder if that puts my confidential data at more risk

[–] sub_ubi@lemmy.ml -2 points 1 year ago

I keep my passwords in Google. Unencrypted of course

[–] Honytawk@lemmy.zip -3 points 1 year ago

I'd never store my passwords in the cloud.

[–] BCsven@lemmy.ca -3 points 1 year ago (4 children)

For highest security don't store in cloud or multiple places. Memorize them or keep a separate device that has no intermet access and keep them on that device encrypted/locked

load more comments (4 replies)
[–] DudeDudenson@lemmings.world -5 points 1 year ago (2 children)

I never understood how storing your password in an unified storage is better than just remembering it yourself

load more comments (2 replies)
load more comments
view more: ‹ prev next ›