The Best Password Managers in 2023

I second the recommendation for Bitwarden.

I switched over from Dashlane and never looked back. They even have a browser extension for mobile Firefox (the browser you should be using anyways) so it's easy and convenient on all my devices.

Been using KeePassXC (and before that, KeePassX) since I abandoned LastPass about a decade ago. The apps integrate with Nextcloud perfectly and at least for me, it's a breeze. I use it for TOTP too, and I second the recommendation of a hardware token for an additional layer of security. There are some USBc options that work on phones (I'm using a pixel 7 pro).

when lastpass screwed around with it's free tier offering, i switched to bitwarden and haven't felt any reason to use or even try anything else, it's rock solid

+1 for BitWarden.

Plus, it's ridiculously easy to self-host with VaultWarden.

Bitwarden - does everything, and is free. You can even setup a shared vault so 2 people can have access to shared stuff like online shopping and streaming sites. Takes a bit of admin work but it is not hard.

Bitwarden gang

Bitwarden, Been using it since 2021

I’ve settled in with Keep Ass myself.

Proton Pass pisses me off. Proton is such a money grubbing company that takes FOREVER to release stuff.

I pay $120 per year for ProtonMail, and they want me to pay $180 to unlock the full Proton Pass. $60 per year, for something that BitWarden does for only $12 per year.

Not to mention you'll be waiting years for apps to come out. They're such a fragmented company. The Android remake is already so far past the estimated release date it's sad. Proton Drive Windows app finally came out, but fuck Mac and Linux users, I guess.

BitWarden is available for Windows, Linux, Mac, 9 browsers, iOS, Android, and CLI. - Premium is $1/month.

ProtonPass is available for iOS, Android, and 4 browsers. - Premium is $5/month.

Can't wait for Proton to release a few more half baked services with outdated apps and a promise to update them in a year, but then 3 years later there's still radio silence. Perhaps use your paid services money for developing in a timely manner? Holy shit.

It's important to me to keep the three main pillars of my digital life—passwords, 2FA and email—separate, so I use Bitwarden, Aegis and ProtonMail. I don't think that's likely to change unless some catastrophic incident made one of those unusable.

Wow, so 1Password is not recommended anymore? How come? I’ve been using them for years.

pass

I use KeePass and keep it synced with self hosting Nextcloud. I get the appeal of bitwarden, but I'm really trying to get off other people's computers.

Bitwarden. Tried Proton Pass but ultimately stuck with Bitwarden.

It has been my password manager of choice for quite some time and I didn't see any reason to change.

Self-hosted bit warden works like a charm plus you get to learn reverse proxies if you use docker on a Nas, it's pretty fun, would recommend

I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It's barely-secure, but the data is not accessible except when I'm updating it. It's similar to the mooltipass but all the passwords are stored on eeprom.

Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.

Honestly, I'd love to just simply be able to afford a mooltipass though. :(

This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/

And I usually generate the passwords with an online tool so that I'm never using the same password twice.

GNU Pass, has been the best one so far. Set up your own git to sync it to all devices.

While I find a discussion about password managers great, I found the article to be underwhelming.

15 years ago the common logic was the most likely way for a password to get stolen is by writing it down and leaving it in an accessible spot, and somebody stealing the password there.

I don't think that logic holds anymore, and with the LastPass breach I think that's proof you want to step away from the cloud not towards it. Imo the most secure way to store passwords is to generate multiple random codes, use a portion of each and then just write those down.

LastPass did not make the list, I am shocked, shocked, well ok not that shocked.

Your homegrown script opening a gpg encrypted file in runtimedir in a text editor.

have being using Enpass for a long time, it’s really good, you can choose any cloud provider or host your vault yourself, subscription based payment or one time only

Permanently Deleted

I use KeepassXC for years, but lately I'm having problems connecting it. I use it only offline and the Firefox plugin doesn't work very well. It has many options, too many in my opinion. I don't like having my passwords in a company's cloud. The selfhosting is the solution, but i dont have to know

Also worth reading https://www.privacyguides.org/en/passwords/

Bitwarden, been using it for 3yrs

I use ironvest, it's had two name changes now, was originally maskme and then blur. I'm sure I found it originally because of an article but I've never seen it mentioned since but for free it's done me well over the years.

They forgot to include the best one: 1Password

Personally I'm using Dashlane, I'm pretty comfortable with it and as far as I know there have been no breaches in security

Quick question - any issue with just saving passwords on Firefox? I use FF across all my devices and the sync between them without the need of an extra app is super convenient.

Or am I just being naive?

I've been using gopass+Yubikey for years, with gopass syncing to a remote git repository. Works great on my phone too with Open Keychain+Password Store. I'm really happy with it, but do realize it doesn't fit into most people's workflow.

Put my wife on bitwarden though, and she's pleased with it. At some point I'll migrate her over to a self-hosted variant with Vaultwarden, but that's mostly because I prefer to have services in-house, not because either of us are dissatisfied with BW.