I currently use KeepassXC that is synced through NextCloud. The sync isn’t very elegant, especially on my phone. So I’m looking for a new password manager, which has a native server sync support that I can self host. What do y’all recommend? I need at least a phone app and a browser integration that can autofill.
I use KeepassXC on desktop, KeepassDX on my phone and keep it all synced with Syncthing. Works great
This is the way.
Bitwarden
Never looked back.
Have you tried syncthing? It works great with keepassxc.
Vaultwarden is pretty easy to self host.
+1 for Keepass + Syncthing. Free, no cloud, always synced.
Have been using it for 2+ years with 3 devices, no problem
deleted by creator
Bitwarden is excellent and the paid plan is very reasonable unlike with others.
Bitwarden.
My recommendation: Don’t use Vaultwarden (self hostable server side of bitwarden. Really easy to run and use). Why? You’re not a security personal, and securing your vault isn’t your job. You might do a slight mistake that’ll lead to the compromise of your vault.
The people at Bitwarden have their work dedicated to securing the vaults and all they do is security. And they’ll probably do it better then you. When it comes to serious matter, I prefer to trust the professionals.
Just to play devils advocate. Bitwarden.com is a much more valuable target. My instance is behind a VPN. I think its actually far more likely Bitwarden will have a breach similar to LastPass then I will. But I agree with you mostly.
The data stored on Bitwarden’s servers is completely encrypted though, which means a breach will not yield useful data, unlike the plain text storage for LastPass.
I have the ability to selfhost BW so I am interested in counterpoints.
Yes I agree. I was just offering a counter to the statement that Vaultwarden isnt as safe as Bitwarden. They both are encrypted but my vaultwarden instance is a lot less likely to experience a breach than Bitwarden. The guys with real skill are going after Bitwarden not me.
Doesn’t the server just hold an encrypted vault? What could go wrong when the server is compromised? Just thinking out loud I don’t know the answer
I just don’t want any unauthorized persons anywhere near my vaults in general. I also see my vault as a critical service that requires high availability, and I know enough about system administration to know that my network and I are not qualified to provide that.
Ignoring the security aspect of it Bitwarden is responsible for hosting a fault tolerant, highly available web app.
They have redundant networking, redundant servers, load balancers, redundant databases.
While you could host this yourself to these tolerances it’s work and it’s not free.
If you’re using your password manager to the fullest you have a different password for every resource out there. It’s more than a minor inconvenience if you get locked out of your passwords.
Their service is dirt cheap and it’s absolutely worth every penny.
Most here won’t like this answer. 1Password.
I’ve used it for years and it just works well for me. Finally convinced my spouse to also use it a couple of years ago. Switching is not an option since it took years of convincing to make that happen.
Big fan of Keeppass + syncing program of choice. It has served me well for years. If you don’t like nextcloud pick a different syncing app.
I haven’t seen it mentioned here so I’ll throw it out there - 1Password. It’s just a very smooth experience that I really appreciate.
1Password is the only one I found that I can share with the family, syncs changes practically instantly, and actually detects login fields on every platform I use it on (Android, Windows, Linux).
There’s a lot of arguments for one solution or the other based on security or privacy, but let me present a different scenario:
Imagine you’re in a natural disaster. Your home based self hosted server is down because of a general rolling network outage or just irrecoverably destroyed. Your offsite on the other side of the county is in a similar state. Can your cloud hosted backup be accessed at generic, public computer in a shelter or public building?
Bitwarden can. It has specific instructions for doing so as safely as possible.
deleted by creator
Good thing the KeepassXC can be used as a 2nd factor authenticator, though it has TOTP only, doesn’t offer HOTP.
I like to use SyncThing for my keepass vault. Imo it’s about as simple and elegant as it can get without involving third party services.
I know you’re asking for an integrated sync but this has been flawless for me and only rarely notice a delay between machines including android, linux, and windows (less that 30s in any case)