Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
If it can help you, I'm in the process of choosing a password manager for my small company and asked this (awesome) community for help.
I made a table with the results so far. You can find it here : https://sh.itjust.works/post/52850975
I'm still lost, but I hope it can help you...
KeepassXC
I don’t understand your issue with needing to enter your master password repeatedly with Bitwarden. You can use biometrics or a pass code to sign in on mobile. It’s pretty easy to enable in the settings. You enter master password once, turn on passcode or biometrics and then that’s it.
For me, I'm extra paranoid.. Someone can forcefully unlock with biometric
You can set a pin as an alternative. Pin would be easier to brute force but no different to a password when forcefully unlocked by coersion.
there's the lockdown or similar feature at the phone level in Android and iOS
if you're in a situation where you don't want someone to access Bitwarden, then you probably also want to stop them from using your browser with all the cookies and logins it currently has
so temporarily block all biometric access on your phone in such cases, and merrily enjoy biometric access when you're physically safe again
on Android, it's Power + Volume-Up, then Lockdown
Same on iOS too. Same buttons.
i think you can alsk yubikey
I tried bitwarden wasn’t good cuz on mobile I had to reenter master pass over and over
Setup fingerprint unlock and enable it in Bitwarden.
Bitwarden, is still the way to go. I say this as a proton customer. I've learned to work around it's small annoyances
On mobile, I had to reenter the master password ever time I filled in a password. With a really safe, long, password, it was torture.
That is something you can configure in the settings for the mobile app. To ask for the master password every time is default behavior, but it can also be set to a PIN or biometric instead.
How would this be any different with another app?
On proton pass, I just need a pin(which isn’t enabled by default, it should be tho)
Same on Bitwarden.
It's just a setting you enable in bitwarden settings
Use bitwarden, go to Settings -> account security -> unlock with pin and turn it on. If it’s already on, toggle it off then on. You will be prompted to set your pin. Dont forget your master password.
I wont :) I should give bitwarden another try.
After you eventually settle on bitwarden, rotate all passwords and uninstall or clear out the contents of other password managers. From your replies in this thread it seems like you’ve used many different managers.
I’ve switched 5 times in one day
Keepass is good, with Synching you can synchronize everything better
If your main concern is usability, 1password works pretty well. The downsides are it's paid, closed source, and I think they removed the option to use a local vault, so it might have to be cloud.
I’ll check it out. If it’s cheap I might be willing to try it. Its not like proton is FOSS.
WDYM? Isn’t it?
Only the frontend. Not the backend, so you can’t self host without modifying both browser extension and mobile app, along with rewriting a server from scratch.
Okay fair enough, but that is at least slightly different than saying Proton isn’t FOSS, but I understand.
They have a pretty good FOSS standing and audits for software they distribute. While that doesn’t make it easy to host privately, it does make it trivial to see how data is shipped to their servers.
KeePassium on iOS and the .kdbx-files in your iCloud for sync? Strongbox for macOS.
I don’t wanna be reliant on icloud. Also keepassxc web ui sucks ass.
Whats wrong with keepass. I'v been syncing with syncthing for years now. I still don't know why frontend matters is not like you will use it every 10 minutes
I get to keep the ass? I should switch to that.
Idk it was so bad it was annoying me, when I tried. Maybe I should force myself to use for a month, and see the results.
What's wrong with having your data on proton's servers? I thought the app and browser extensions are verifiably only sending encrypted packets? Or do they only encrypt your password and send metadata as is?
I wanna use a different proton service, but using 2 services from proton is a bad idea.
Why
Use one service for one thing, so that when it gets disabled, only that one thing is affected.
https://ignorethecode.net/blog/2025/06/11/stop_uploading_your_data_to_google/
That's fine as a general guideline, but does not need to be a steadfast rule. You can use your own judgement. I like ProtonPass's SimpleLogin feature so I use that for email aliases. Its so nice and convenient.
I don't know if Syncthing is available on iOS but this works great to sync Keepass's database between Linux and Android.
Synctrain is an ios syncthing client. It works great!
Good to know, thanks.
I'm in the same boat. Wanted to do Bitwarden but their sign up process is garbage. It never sends me the confirmation email. I'd love to set up a keypassxc server, but didn't know about the frontend issues.
The frontend for keypassxc isn’t necessarily horrible, it’s just proton pass feels like magic, while key pass feels just barely working. idk I remember it being kinda awkward
Ive found pencil/pen and paper and memorization work (ive been got by a bad download they cant scrape the paper) its old school but its pretty good not all eggs in one basket kind of thing
Good luck, but I still recommend encrypted offline strong passwords
KeePassXC. I think you can install client on every OS.
I use ExpressVPN and their PW manager. I love it. It also has 2fa keys. Super dynamic and has worked on a few different phones I've had as well as browsers (Vivaldi, brave, etc)
I wouldn’t trust any of those vpns that do a shit ton of youtube sponsors. You should try mullvad.
not aware of youtube sponsorships or why that would matter. I've used it for like 4 years now and have had no problems.