One downside is that i’ll have no more passkeys. The vault syncing, i can do via SyncThing.

  • Drunk & Root@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    2 hours ago

    i use keepassxc and from protonpass and its great its a lot lot more manuel work but in theory its worth it anything with a internet connection can be hacked

  • Dem Bosain@midwest.social
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    6 hours ago

    There have been too many data breaches from cloud-based services to trust another one. I have a Proton account for email and online storage, but I won’t use their password service because it’s cloud based.

    https://blog.lastpass.com/posts/notice-of-recent-security-incident

    Lastpass leaked their password database in 2022, and bad actors are still using it to access peoples files, stealing passwords and hundreds of thousands of dollars in crypto.

    DON’T trust anything important to cloud-based storage or services. Use Keepass. Use Syncthing if you need to keep the database on multiple devices.

    (I see other comments using Dropbox. Dropbox = cloud. Don’t store anything security related in the cloud.)

      • rumba@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        8 minutes ago

        So was LastPass. But when they’re source code leaked, turned out their encryption method was crappy. Just because something is encrypted doesn’t mean that it’s safe.

        The key is that proton pass and bit warden and keypass are open source and have all passed independent security audits.

    • georgeskorp@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      2 hours ago

      I know I can probably google this. But where are the passwords from Keepass stored? Or what makes it harder to hack?

      I still use 1Password because the subscription is still running and I was planning to switch to Proton Pass once that is over. I know 1Password is harder to crack due to their 2nd master key password (or whatever they call it)

      • Creat@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        51 minutes ago

        Keepass just uses a (local) file, but it expects and can handle if the file is modified externally. That’s important because it means you can store it on a network share, or in some sort of synchronized storage, self hosted or not (next cloud, sync thing, Google drive, whatever). It’s just up to you. If you have it open on your PC and you add an entry on your phone, your PC won’t “overwrite” it, but integrates any changes you’re making there at the same time.

        For example the android client has direct support for a long list on storage services for this exact reason.

  • Sonalder@lemmy.ml
    link
    fedilink
    arrow-up
    25
    ·
    8 hours ago

    It really depend on your threat model, Proton Pass is fine. Of course a self-hosted or local solution will be more privacy friendly but at the cost of being responsable for security and good backups (3,2 1 rule).

    There is no black or white regarding privacy. You want to ask yourself what you want to protect from and is the investment worth being sovereign ?

  • NarrativeBear@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    6 hours ago

    I know it’s not your question, but have you checked out Bitwarden or the alternative Selfhosted Vaultwarden. Bitwarden supports passkeys and vault syncing, and if you are offline you can still access your vault.

    https://bitwarden.com/passwordless-passkeys/

    Bitwarden also released a AIO selfhosted docker image, but last I checked it’s still not in “official release” status.

  • salvor_hardin@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    5 hours ago

    Any specific reason that makes Proton Pass less secure? I am curious since I am using both pass and bitwarden at the moment. bitwarden for all my logins and pass for alias + their logins.

    • Lfrith@lemmy.ca
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      2 hours ago

      I like that KeePass on PC and Android lets you use an autotype feature if autofill isn’t working instead of using copy paste.

  • Pearl@lemmy.ml
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    5 hours ago

    Doesn’t keypass support passkeys?

    As you can see from the thread, this question is divided amongst the cult of “sensible privacy is a thing provided you’re not a criminal” to the cult of “everybody’s on a FEMA/🧊 spreadsheet and they’re working their way down”.

    I’d say make sure you use a separate password for proton pass, it’s an advanced option. You are far more likely to get hacked for your money and password manager goes 97% of the way to defeating those attacks.

    Don’t take your eye off the ball. The real threats to your wallet have always been the shareholders.

  • encrust9870@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 hours ago

    I use KeepassXC on my computer and Keepass2Android on my phone. Passkeys work fine and are synchronized across my Synology.

    • hendu@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      5 hours ago

      Same here, it works well, and the Firefox plugin works very well for auto fill, too.

      Just make sure KeepassXC is set to Automatically save after every change & Automatically reload the database when modified externally, on the General > Basic Settings screen.

  • nixfreak@sopuli.xyz
    link
    fedilink
    arrow-up
    8
    ·
    8 hours ago

    Do both local and cloud backup using keepass or keepassxc, use dropbox or g drive, or private cloud. The .kdbx file is already encrypted when at rest.

  • PodPerson@lemmy.zip
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 hours ago

    I’ve been using Strongbox since 1Password switched to subscription only and it’s been good. It’s based on Keepass and supports all the normal password manager stuff (TOTP, passkeys, etc):

    https://strongboxsafe.com/personal/

    I use the desktop and mobile apps, and keep my vault stored in my iCloud account so everything is always synced real time without relying on a third party cloud (yes, I know I’m still relying on Apple for that).

      • PodPerson@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 hours ago

        I tried it and just couldn’t get on board with it. Severely lacking in features that I use often. Would have been my preference but it came up short.

  • HubertManne@piefed.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 hours ago

    personally I use keepass for important things and don’t sue extension or anything that would pull from it and I use bitwarden for unimportant passwords. not that bitwarden is necessarilly unsafe but im a person who ultimately thinks its best I completely control the important things.