A few months back, Ars Technica published Password managers' promise that they can't see your vaults isn't always true. I haven't used an online password manager in 5 years. Previously I had been using Bitwarden, which is fine, I just prefer to take ownership of as much of my digital life as I can. My setup is KeepassXC to manage all my passwords in a database and Syncthing to sync all my passwords across my smartphone, laptop, and server. I read a comment on HN recently about how a couple people who had a similar setup and struggled with syncing conflicts, eventually switching back to an online password manager. In the 5 years I've been using KeepassXC + Syncthing, I have yet to have a single conflict with my password. Granted, I don't have a lot of credentials and am very diligent about going through the motions of deleting an online account I no longer have a use for. Once I get confirmation the account is deleted, I then delete the credential from my password manager. I have about…
Log in to reply on the Fediverse. Comments will appear here.
It seems obvious to me that if there exists a recovery mechanism (whether that's "next of kin" or "my coworkers") then that's a weakness that can be exploited from within the company.
Still, I appreciated seeing somebody else that uses the #KeepassXC + #Syncthing pattern! I love it!