Knowing that I’m a long way behind on my security practices, I asked some friends “What password manager do you use?” (with the proviso that I use Linux and Android at home).
I’ve decided to give KeePass a go, but for full disclosure here’s all the responses I received:
ST: I like LastPass. They LastPass got hacked last year, but didn’t lose anything.
Ah, they did lose hashes.
If that puts you off, I hear KeePass is good.
And that’s offline.
Though you’ll probably still want to sync it.
AG: ¯\_(ツ)_/¯ I use 1Password, the Linux client is shite
KeePass is nice but theres no decent browser extensions since foxpass died AFAIK
don’t trust lastpass for shit, their concept is whack theres been some dodgy phishing like stuff
like this https://www.seancassidy.me/lostpass.html
historically had some super dodgy defaults too, like auto filling sites without prompts, so JS could grab your credentials etc
no clue if they’ve fixed that
https://www.dashlane.com/ is a competitor to lastpass, no clue how it compares, go google around see if Taviso found any exploits
https://twitter.com/taviso/status/763801055725359104 apaprently there is
TD: fwiw I use keepass @tumbarumba , have for 7yrs+ now . zero issues. I don’t use a web client… good old fashioned copy pasta for me.
MS: I continue to love 1Password, which I’ve used for years. I find the following feature set unmatched anywhere: (a) easily sync securely via DropBox to all my devices on multiple platforms, (b) easily move/copy data between my personal vault, my family shared vault, and business vaults.
I hope someday that 1Password makes Linux a first-class citizen. If I were you, I’d suggest to them that they use Flatpak or the other similar thing. They are the ideal use case for secure cross-distro Linux software distribution with a containerized security model. If they jump on that train early, they could set the tone for a lot of security-conscious desktop proprietary software on Linux, I bet.