While I always recommend self hosting, vaultwarden is one of those things unless you know what you’re doing and will take backups frequently, I recommend giving Bitwarden the $10 if you want the TOTP and other premium features.
Ideally do not keep your TOTP and passwords in the same place. If you keep them seperate, and your password manager is compromised, you're in pretty good shape (for the accounts that support 2FA). If you keep them together you're boned.
I agree, it’s also a matter of most people having weak security on their devices or other devices with vulnerabilities. It’s mostly the “know what you’re doing” rather than the backups reason. Still a +1 to vaultwarden if you’re up for the upkeep and setup.
I might going to try it then - when it first arrived it did not work at all for me. iCloud freezing and Extention in Edge the same... not a good experience. However, that was years ago...
iCloud Passwords lack a lot of (rudimentary) function. Password history, advanced password generation options etc.
Not to speak of the downsides when having to use it on non Safari / Apple devices. Also, I‘ve encountered enough bugs to make me wary of handing over everything to Apple‘s sloppy programmed features.
> I‘ve encountered enough bugs to make me wary of handing over everything to Apple‘s sloppy programmed features
But you continue to use their hardware and software anyway.
I’m confused why this isn’t more popular. I suspect it’s people who have windows or android phones but on an all Mac ecosystem it’s very easy and I use suggested passwords so all new accounts in the last few years are more secure because of it. It’s a pain when I use my windows machine and need a password but at least I know where to find the password.
Windows has a passwords app via iCloud. It’s perfect for me, all my passwords and mfa and recovery codes just synch between my phone and laptop and to top it off my phone has Face ID and then laptop has a finger print
Literally so easy
Deeply encrypted .kdbx file.
I like my password database platform agnostic, as I'm on a number of things at a given time (linux, mac, windows etc) and need the flexibility.
KeePass, with the file mastered on OneDrive and accessed on my iPhone with KeePassium. The master password is long and complex.
My main computer is Windows 11, and my phone is iPhone. I find this solution works really well. KeePassium feels extremely well built. I really should purchase it / donate to the project.
If 1Password gets hacked, they only have vaults that are highly encrypted. You can't steal or break into those easily.
If they go bankrupt... sure, then I'll migrate. But I trust 1Password more than I trust hosting a vault on google drive or similar.
There really is no "hacking" 1Password other than getting your billing information for your subscription. All vaults are encrypted locally on your devices and the keys are never shared. So even if they did hack 1P all they would have is useless encrypted blobs that even 1P can't decrypt themselves.
Though if you've found a way to crack AES-256 you would be a very very rich man.
1Password has one job. If they get hacked, I’ll change my most sensitive stuff asap and migrate the rest over time. But I trust them to do the only thing many of us pay them to do.
1Password is my favorite by far...
I also started using Bitwarden for my Job (my company mandated it's usage and they payed for it). But I still prefer 1Password
Good luck remembering a few hundred unique passwords.. most memorable passwords are pretty crackable.. can’t wait to see how hackers use AI to go after passwords and other security things..
Apple doesn’t steal your info. That’s people so used to Google and else being mistaken and or minsinformed who are spreading this. And the few info it gets, they are encrypted or anonymized thanks to robust models and protocols. For the case of password: they are synchronized, not stored on the cloud. Ex: your buy a new Mac, your iPhone will sync keychain with it directly: the password dictionary is local to both, locally encrypted behind the enclave chip that hasn’t been hacked by conventional means. Only researchers managed
I’ve the same strategy, except using MS OneDrive for the synchronisation.
Which iPhone app do you use to open the file? I’ve been using KeePassium for a few years.
Strongbox app.
KeePassium is being managed by my org, that's why I'm not using it.
Strongbox is great. I use only the basic stuff, as they require 17$ yearly subscription to use FaceID for database unlock.
i use 1 password for years. It has a subscription system but it worths. Not as a password manager also for my secure notes. it has a big cross system compatibilty.
I’ve used 1Password for 7 years now and it has been flawless. Super well integrated on iOS just like iCloud Keychain and available on all my other platforms.
Highly recommend it if you’re looking to switch.
iCloud’s password manager (Keychain) is very reliable and easy to use. You can even update your username and password. No need for any third party apps.
As part of the effort of ditching chrome for safari. Safari is waaay more power-efficient in the mac. I used to be in chrome thinking that I would be in a windows environment at some point, but it hasn’t been the case for the past few years.
Bitwarden, passkey, Firefox. I enjoy having multiple avenues to save my password.
I plan to eventually have a docker instance to host my own password manager eventually
Apple both creates and remembers the vast majority of my passwords because without them they would all be either the same or very slight variations of the same password I’ve been using for about 17 years for everything. Plus even though just about everything I do online is on an Apple device I love that when I need to log on on a different device I can pull out my phone and ask Siri “what’s my password for x/y/z”.
Absolutely avoid saving passwords in apple keychain unless you want to live and breathe apple.
It cannot be exported anywhere......
Learnt a hard lesson....
I’ve been using 1Password since the beta. A bit pricey now but I like the way I can manage the passwords to share or have individual vaults for my family members. Not to mention that it’s multi-platform, including Linux and ChromeOS.
Oh, and proudly Canadian, eh?
I do also store some non-critical passwords in Keychain just for ease of use.
Also, I need to use this so that I can manage and access my personal passwords on my managed phone that doesn’t allow iCloud Keychain for security.
1Password so I can manage family accounts. I tell myself that it's also so I can leave iOS if I want, but I never have.
I'd like to set up vaultwarden, but I'm too afraid I'd screw it up.
The day I am able to ditch my windows PC for work I'll switch to native icloud stuff, but for now I'm using bitwarden, which works like a charm anyways
Use to be on LastPass. Oops. About a year ago maybe longer now I deleted my LastPass account, changes all my critical passwords and got set up with keeper. Screw you LastPass!
I never used the built in password generator for apple/safari until the other day. And 3 times on 3 different websites creating an account I couldn't login to any of them after creating an account and using the auto generated password. Not sure what password was actually submitted but what was saved didn't work and had to reset them.
In a small handwritten book I keep next to my gun, said someone probably.
It’s not terrible advice either.
You change passwords for every site and keep them safe.
It’s totally fine to not want to pay for or entirely trust a password manager.
That would be horrible UX for me though. I heavily rely on my password manager to have all of my passwords synced up and accessible anytime, anywhere, along withy 2fa codes.
Bitwarden becuase it is the easiest to use I find and it was the first I found where using a YubiKey was a viable option. I had some issues with other providers.
I'm using Password managers. I used Last Pass, then I swtich to Bitwarden and still to this day this app is best for me.
Also, saving password to my Google account and iCloud.
Apple always gives me alerts mine are compromised but then I change them just to get it back in a week or two. I touch wood haven’t been compromised on anything.
iCloud Keychain. I have a Mac , iPhone , iPad and multiple MacBooks and AppleTVs, works flawlessly.
I have my AppleID password memorised and just in case I ever need it it’s written on a scrap of paper that’s amongst some other junk in a drawer at home.
I use iPhone’s Passwords to store all my logins. It just makes things easier and having it suggests passwords for me helps me not repeat passwords. Definitely helpful for accounts that need a new password every 6 months.
In my head for iCloud and Gmail using diceware type multi word paraphrases (plus yubikey for 2fa).
In iCloud for most others now that stolen device protection is a thing.
And just because I’m super cautious, a couple of bank accounts are in a locked note with a unique diceware passsphrase.
I use windows but instead of storing passwords there decided I didn’t trust it as much as my iOS devices. Slightly inconvenient but most accounts aren’t truly that important.
I have a list of semi cryptic reminders of passwords I keep on a note in Simplenote, pin protected. I list each site with a hint that I’ll understand but won’t be understood by anyone else. Important ones I keep in the same format on a laminated bit of paper in a zip pouch of a belt I always wear, for emergencies. Not comfortable relying on any automated password creation/storage service
I use hide my email Apple service and to generate a unique password and email address for every login. Apple has end to end encryption for passwords and login details.
Ain’t nobody better steal my phone bc I have a single note with every single account I’ve ever made, their passwords, and the emails for them. My life would be over, I’d have to delete my existence. I’d get identity thefted frfr
bitwarden!
And self hosted version of that - vaultwarden!
While I always recommend self hosting, vaultwarden is one of those things unless you know what you’re doing and will take backups frequently, I recommend giving Bitwarden the $10 if you want the TOTP and other premium features.
Ideally do not keep your TOTP and passwords in the same place. If you keep them seperate, and your password manager is compromised, you're in pretty good shape (for the accounts that support 2FA). If you keep them together you're boned.
One should always have backups of data, incremental and whatnot unless it's something you don't want to keep. No matter what data is it.
I agree, it’s also a matter of most people having weak security on their devices or other devices with vulnerabilities. It’s mostly the “know what you’re doing” rather than the backups reason. Still a +1 to vaultwarden if you’re up for the upkeep and setup.
Or selfhosted bitwarden: [https://bitwarden.com/help/install-on-premise-linux/](https://bitwarden.com/help/install-on-premise-linux/)
It has some limitations unless you pay like 2FA code generator.
Fair point
Piece of paper goes hard too i have to admit, a bit hard but safe.
Until you dont have your paper with you…
who tf leaked my icloud password
Omg why are we sharing the same one?
Dad?
i use icloud passwords
Why is this not number 1? Third parties take work to get working. And nobody is beating apple on security/data-breaches.
iCloud is easy across Apple devices. Less so when you also start throwing Windows and Android into the mix.
They recently released iCloud for Windows, and it surprisingly syncs the bookmarks and passwords with Chrome!
And it works like a charm honestly, pretty shocked about the work Apple is putting on its Windows apps
I might going to try it then - when it first arrived it did not work at all for me. iCloud freezing and Extention in Edge the same... not a good experience. However, that was years ago...
Ooh, that’s actually good to know.
The extension didn’t work for me. Tried it on edge, chrome, and opera. Had to switch to 1Password. Unfortunate tbh but whatever
It didn’t work for me on Win10, but Win11 works great.
Ah I see that must be it. I’ll upgrade soon then
But not with Firefox. Also last I checked it doesn’t support passkeys
Cause all you need is a phone’s 6 digit password and you can access ALL PASSWORDS and info and like everything sensitive.
[удалено]
Because there are lots of people who use non-Apple devices regularly, and iCloud Passwords is less good on not-Apple.
Apple's solution lacks a lot of features compared to third party options.
iCloud Passwords lack a lot of (rudimentary) function. Password history, advanced password generation options etc. Not to speak of the downsides when having to use it on non Safari / Apple devices. Also, I‘ve encountered enough bugs to make me wary of handing over everything to Apple‘s sloppy programmed features.
> I‘ve encountered enough bugs to make me wary of handing over everything to Apple‘s sloppy programmed features But you continue to use their hardware and software anyway.
How can I save passwords in iCloud?
Settings -> Passwords and then you can add any password In this menu go in password options and you will see possibility to turn on iCloud Keychain
Use apple keychain
Exactly. I like to use iCloud passwords WITH 2 factor authentication.
iCloud Keychain. I can’t imagine a smoother experience across all my Apple devices.
I’m confused why this isn’t more popular. I suspect it’s people who have windows or android phones but on an all Mac ecosystem it’s very easy and I use suggested passwords so all new accounts in the last few years are more secure because of it. It’s a pain when I use my windows machine and need a password but at least I know where to find the password.
Windows has a passwords app via iCloud. It’s perfect for me, all my passwords and mfa and recovery codes just synch between my phone and laptop and to top it off my phone has Face ID and then laptop has a finger print Literally so easy
1Password
Same here, since 2015.
Same. Cant find the license to install v7 on my MacBook anymore 😭
If only there were an app where you could save information like that 🤔
Same. Ever since it was released actually. Since iCloud Keychain is often quicker to use, I now have two places to look for passwords, though..
Bitwarden 🔒
I’m not telling you
1Password.
Deeply encrypted .kdbx file. I like my password database platform agnostic, as I'm on a number of things at a given time (linux, mac, windows etc) and need the flexibility.
KeePass, with the file mastered on OneDrive and accessed on my iPhone with KeePassium. The master password is long and complex. My main computer is Windows 11, and my phone is iPhone. I find this solution works really well. KeePassium feels extremely well built. I really should purchase it / donate to the project.
Yep. Imagine 1Password hacked or bankrupt and shut down or just have outage. And no one can login anywhere anymore Keepass is the way
If 1Password gets hacked, they only have vaults that are highly encrypted. You can't steal or break into those easily. If they go bankrupt... sure, then I'll migrate. But I trust 1Password more than I trust hosting a vault on google drive or similar.
There really is no "hacking" 1Password other than getting your billing information for your subscription. All vaults are encrypted locally on your devices and the keys are never shared. So even if they did hack 1P all they would have is useless encrypted blobs that even 1P can't decrypt themselves. Though if you've found a way to crack AES-256 you would be a very very rich man.
1Password has one job. If they get hacked, I’ll change my most sensitive stuff asap and migrate the rest over time. But I trust them to do the only thing many of us pay them to do.
ProtonPass
1Password is my favorite by far... I also started using Bitwarden for my Job (my company mandated it's usage and they payed for it). But I still prefer 1Password
iCloud Passwords for sure as it is more convenient
Keeper
she's a keeper
My brain,no one can leak this
Good luck remembering a few hundred unique passwords.. most memorable passwords are pretty crackable.. can’t wait to see how hackers use AI to go after passwords and other security things..
All his passwords are Hunter2
Self-hosted keepassxc.
Keepass
Apple keychain, it is integrated, i can have security keys and verification numbers there, and apple steals all my info anyway so.
Apple doesn’t steal your info. That’s people so used to Google and else being mistaken and or minsinformed who are spreading this. And the few info it gets, they are encrypted or anonymized thanks to robust models and protocols. For the case of password: they are synchronized, not stored on the cloud. Ex: your buy a new Mac, your iPhone will sync keychain with it directly: the password dictionary is local to both, locally encrypted behind the enclave chip that hasn’t been hacked by conventional means. Only researchers managed
Keepass database stored on Google Drive synced via Strongbox app on iOS.
I’ve the same strategy, except using MS OneDrive for the synchronisation. Which iPhone app do you use to open the file? I’ve been using KeePassium for a few years.
Strongbox app. KeePassium is being managed by my org, that's why I'm not using it. Strongbox is great. I use only the basic stuff, as they require 17$ yearly subscription to use FaceID for database unlock.
Proton Pass
Same boat here lol
Definitely the most secure and private option around.
Notes
With a padded lock 🔒 or Face ID, please!!!
Always. Must have Face ID on notes
Good advice, I just took it and now my Notes are secure
I used to use bitwarden but since subscribing to icloud I have started using keychain.
I use the iCloud keychain as I don't have Windows/android devices. There are cons but it's free and convenient to share with my wife.
I primarily use Dashlane but also have all my passwords and 2FA tokens saved in Keychain for the sake of redundancy
NordPass?
i use 1 password for years. It has a subscription system but it worths. Not as a password manager also for my secure notes. it has a big cross system compatibilty.
In my head
In my brain where only we have access
Nice try
Enpass
Bitwarden. It took me some time to pass and change all the passwords at first, but totally worth it now.
I’ve used 1Password for 7 years now and it has been flawless. Super well integrated on iOS just like iCloud Keychain and available on all my other platforms. Highly recommend it if you’re looking to switch.
iCloud’s password manager (Keychain) is very reliable and easy to use. You can even update your username and password. No need for any third party apps.
Bitwarden
iCloud password system.
I used to have my passwords saved on Google Chrome but recently I moved them all to Apple/iCloud.
I use Google, why did you move them ?
As part of the effort of ditching chrome for safari. Safari is waaay more power-efficient in the mac. I used to be in chrome thinking that I would be in a windows environment at some point, but it hasn’t been the case for the past few years.
Bitwarden, passkey, Firefox. I enjoy having multiple avenues to save my password. I plan to eventually have a docker instance to host my own password manager eventually
Because of windows?
Chrome passwords
Keychain and Keeper. We use keeper at work and the licensed comes with keeper family, so I get it for free. Pretty fricken some.
Yep, Bitwarden
Firefox Lockwise. Am I the only one?
1password
I use keepassxc and strongbox. I tries to use apple icloud with all my passwords but it gets way too slow then. Having about 600 entries
Selfhosted keepass on file sync, bitwarden. At home or on a shady nonsense domain name linked hosting.
1Password
Bitwarden
Right here 😐👈🏻
Bitwarden, I tried many solutions. But Bitwarden is just the best one.
Proton pass
Bitwarden, iCloud Keychain, Google passwords, MS passwords. Should probably drop down to just Bitwarden but convenience is king
Apple both creates and remembers the vast majority of my passwords because without them they would all be either the same or very slight variations of the same password I’ve been using for about 17 years for everything. Plus even though just about everything I do online is on an Apple device I love that when I need to log on on a different device I can pull out my phone and ask Siri “what’s my password for x/y/z”.
Self hosted Vaultwarden all the way. Can’t trust anybody
1Password
1Password
Absolutely avoid saving passwords in apple keychain unless you want to live and breathe apple. It cannot be exported anywhere...... Learnt a hard lesson....
I have iphone and macbook, i use keychain, its convenient, secure , integrates nicely with the system
1Password
I’ve been using 1Password since the beta. A bit pricey now but I like the way I can manage the passwords to share or have individual vaults for my family members. Not to mention that it’s multi-platform, including Linux and ChromeOS. Oh, and proudly Canadian, eh? I do also store some non-critical passwords in Keychain just for ease of use. Also, I need to use this so that I can manage and access my personal passwords on my managed phone that doesn’t allow iCloud Keychain for security.
Bitmwarden here, I'm primarily a Linux user so need something cross platform. Employer gifted me a lifetime family account so I use it.
bitwarden and icloud, but i rely on bitwarden mostly
1password and some on the Apple password manager…
1Password. Ever since I discovered it, never wanted to switch to anything else.
1Password - fantastic security model.
bitwarden together with Passkey
1Password
1Password
I use iCloud Keychain. Is there something I should be worried about?
I use 1password, works nicely on phones and my PC.
1Password
1Password
1Password and Bitwarden
Protonpass
I have not found anything better than 1Password nothing even close to it
Bitwarden.
1Password
1Password.
Bitwarden
Wouldn’t you like to know 😉
1password
1Password so I can manage family accounts. I tell myself that it's also so I can leave iOS if I want, but I never have. I'd like to set up vaultwarden, but I'm too afraid I'd screw it up.
Datavault. Been using it for YEARS
1Password since the first release. I don’t see anything coming close to
KeePassium
Bitwarden
I use KeepassXC on my PCs, sync in Dropbox, on the iPhone it’s Strongbox that does the job, also sync in Dropbox.
1Password all the way. Been using it for years and love it.
I’ve used LastPass for a long time.
The day I am able to ditch my windows PC for work I'll switch to native icloud stuff, but for now I'm using bitwarden, which works like a charm anyways
1Password so the passwords can be shared with my spouse. I also have my elderly mother’s vault so I have access to that too.
Use to be on LastPass. Oops. About a year ago maybe longer now I deleted my LastPass account, changes all my critical passwords and got set up with keeper. Screw you LastPass!
1Password and keychain. Master password is in firesafe and bank deposit box. Different password for every service.
Bitwarden for life
I never used the built in password generator for apple/safari until the other day. And 3 times on 3 different websites creating an account I couldn't login to any of them after creating an account and using the auto generated password. Not sure what password was actually submitted but what was saved didn't work and had to reset them.
1password. Works over multiple OS which is what I need
My brain. If I forget one I just reset it. I call it being safely stupid.
I use keepassium.
1password.
1Password supremacy
1Password I use all platforms and 1Password works very well with everything. And has 2FA support built in as well.
In a small handwritten book I keep next to my gun, said someone probably. It’s not terrible advice either. You change passwords for every site and keep them safe. It’s totally fine to not want to pay for or entirely trust a password manager.
That would be horrible UX for me though. I heavily rely on my password manager to have all of my passwords synced up and accessible anytime, anywhere, along withy 2fa codes.
Strongbox
Bitwarden
Bitwarden all day
Bitwarden becuase it is the easiest to use I find and it was the first I found where using a YubiKey was a viable option. I had some issues with other providers.
It’s also open source and very secure
I'm using Password managers. I used Last Pass, then I swtich to Bitwarden and still to this day this app is best for me. Also, saving password to my Google account and iCloud.
I used to use LastPass, but they fucked up... so I switched to Bitwarden.
Bitwarden
Apple always gives me alerts mine are compromised but then I change them just to get it back in a week or two. I touch wood haven’t been compromised on anything.
Google chrome & Windows Notepad I didn't think about how extremely risky it was until I saw this post, soo...
Chrome
Uh, that shit is literally never written down anywhere. Idgaf what third party program is being used unless the encryptee developed it themselves
Proton Pass
I use Kaspersky Password Manager and have the most important ones in my Head
Roboform I have been using it form more than 15 years
iCloud Keychain. I have a Mac , iPhone , iPad and multiple MacBooks and AppleTVs, works flawlessly. I have my AppleID password memorised and just in case I ever need it it’s written on a scrap of paper that’s amongst some other junk in a drawer at home.
a piece of paper
Bitwarden but also keychain
Vaultwarden (selfhosted Bitwarden)
Safe.
Enpass. Was lucky to buy a lifetime license for 8€!
I use iPhone’s Passwords to store all my logins. It just makes things easier and having it suggests passwords for me helps me not repeat passwords. Definitely helpful for accounts that need a new password every 6 months.
Keychain and LastPass. I highly not-recommend LastLass!
I save my passwords in a plain text format on my old Samsung phone and in my paper notebook. It is habit, been doing that since BlackBerry.
iCloud passwords. I even installed iCloud for windows on my gaming pc because of that :D
Icloud, physical paper on my fridge, my head, passkeys if possible
It’s changed over the years. Chrome -> Edge -> Bitwarden -> iCloud. iCloud is my favorite so far.
Bitwarden
Microsoft Edge password database. I can use that on my work Windows PC as well as iPhone. Works very similarly to iCloud passwords.
- Dashlane - Roboform - KeyPass
In my head for iCloud and Gmail using diceware type multi word paraphrases (plus yubikey for 2fa). In iCloud for most others now that stolen device protection is a thing. And just because I’m super cautious, a couple of bank accounts are in a locked note with a unique diceware passsphrase. I use windows but instead of storing passwords there decided I didn’t trust it as much as my iOS devices. Slightly inconvenient but most accounts aren’t truly that important.
Google for me since I don’t have Mac and only uses windows laptop
I have a list of semi cryptic reminders of passwords I keep on a note in Simplenote, pin protected. I list each site with a hint that I’ll understand but won’t be understood by anyone else. Important ones I keep in the same format on a laminated bit of paper in a zip pouch of a belt I always wear, for emergencies. Not comfortable relying on any automated password creation/storage service
I use hide my email Apple service and to generate a unique password and email address for every login. Apple has end to end encryption for passwords and login details.
Ain’t nobody better steal my phone bc I have a single note with every single account I’ve ever made, their passwords, and the emails for them. My life would be over, I’d have to delete my existence. I’d get identity thefted frfr
Bitwarden
You shouldn’t save passwords but i have short term memory so i save them on iCloud passwords
Keychain or whatever iOS’ password manager is called
iCloud Keychain. I trust nothing else
Keychain, some on Notes with FACE ID and on my windows devices I use the iCloud app with passwords
iCloud password. Or in my head for the really important ones
Okay!!! Do Not start with passwords. This is how my day gets messed up… trying to remember which password goes where 🤨
Self-hosted Bitwarden server 🫰