Password manager in browser is it safe? Keepass vs Bitwarden?

Actually I thought this is on topic since its related to the very thing I posted, perhaps I’m wrong

No, this topic is about general discussion on Keepass/bitwarden/etc. Your new query is a specific question related to keepassx. The solution of this topic will not be the same as the solution for your new query.

I have a hard time with browser-supplied password stores. Especially Googly ones. Yes they’re usually world class. I’d give Firefox’s a second thought if I weren’t already deep into password-store and Bitwarden. Why Both? There wasn’t a good plugin for password-store at the time and I needed a way to help my wife and family browse more safely as I lived in a clan of repeatedly-used passwords :upside_down_face:

As as @bryanmoore has already stated, Bitwarden is audited. I’ve had a cursory glance at the source and I feel the end-to-end nature of the encrypted store looks pretty good. To be fair I’m not a security expert, but if people can trust ProtonMail, they should be able to trust Bitwarden

When it comes down to it, there isn’t a password manager for the browser and Android/iOS that works as intuitively and as consistently as Bitwarden for auto-store, update and auto filling passwords that is also open source. It’s so dang easy to use my 60 year old mother-in-law is on board.

BTW, thanks for the tips @hhlp, I will be taking a hard look at these extensions. They seem to have come a long way. I would much rather trust GPG + my own storage solutions.

If you use the master password, make certain it is something you can remember. I recently had a friend that forgot his master password (senility creeping in) and even 6 months running jack the ripper on his firefox password file with a 6 core 12 thread machine failed to crack the password for that file.

Same goes for other solutions. If access without password was possible, that would be a major flaw :wink:
Any password manager should be susceptible only to such brute force attacks, where good cryptography and long passwords are supposed to make cracking it too expensive and/or time consuming.


Yes. Of course, cloud bad. bad cloud.

So. How do you keep all of your instances of KeepassXC synchronized with one-another?

I have multiple computers and multiple phones, and more often than not they’re on separate networks. I doubt I’m all that unique.

1 Like

This is really up to personal preference. I know some of us use Syncthing for example:

Folks, this discussion is now completely lost—it is no longer about the topic at all and is for example going into “how to keep things in sync without using the cloud”. So I’m going to close it now. I hope everyone learned something new here, and please do open fresh topics for specific issues/discussion.

1 Like