Password Managers

I’m thinking about changing password managers yet again… Why? Because I’m not happy with my current one anymore.
As of now, the password managers I’ve been using (in order) are:

When I used KeePass, at some point I felt like I needed to switch to a different one (although I don’t remember the specifics), which is why I used pass. Quickly, I noticed pass doesn’t fit my use case properly. I wanted something with nice browser integration and seamless synchronization, which Bitwarden offered, the password manager I’m currently using.

I trust all 3 of these solutions, but ideally I want to keep my data to myself and have the highest degree of customizability.

So far, Bitwarden has been the least appealing on paper so far, requiring my password store to be stored on their servers1 and offering next to no customizability, e.g. by having a nice custom client to be used instead of their solution, which is an Electron client of all things. A nice tool to mitigate the downside of the Electron client is rbw, an open source command line client for Bitwarden written in Rust. This makes it possible to use it like pass, which is the ultimate password manager experience for me (more on that later).

To mitigate these downsides I could use KeePass (or more specifically KeePassXC, a community maintained fork), which stores passwords locally in a file. It’s then up to the user to sync this with other devices.
This is where I stumbled when I first used it. I had to sync this password database manually, making it really clunky and, most notably, annoying to use. I feel like this is the reason I switched to pass for a while afterwards.
KeePassXC has a few nice features, like scanning the password database against HIBP or Browser Integration (which felt mediocre at best).

The ultimate password management option for me is pass, though, which stores all passwords (and accompanying information) in single text files encrypted with GPG. This makes it trivial to write scripts for use with pass, like passmenu, a script that allows easy copying of passwords through dmenu.
The downside for using pass for me is similar to KeePass: Syncing across devices. This is usually mitigated by using git in combination, but this inevitably requires me setting up a repo somewhere (either on a service like Sourcehut or on my own server), but this exposes the “database” to the internet, which makes me feel a little uneasy.

By far the most important “feature” I need is being able to access my passwords on my phone, though. All 3 options make this possible, but Bitwarden is by far the simplest option since the syncing is seamless, without the need to set up some synchronization.
Ultimately, this is the feature that pushed me to Bitwarden in the first place, but I am rethinking this decision and feel like either pass or KeePassXC is the way to go forward.


  1. Setting up my own Bitwarden instance, e.g. with vaultwarden, is a viable solution, but mitigates the upside of having a nice and simple synchronization solution. Instead of setting up my own Bitwarden instance I might as well use any of the other 2 options listed. ↩︎

Do you have a comment on one of my posts? Feel free to send me an E-Mail: witcher@wiredspace.de
To participate in a public discussion, use my public inbox: ~witcher/public-inbox@lists.sr.ht
Please review the mail etiquette.

Posted on: June 09, 2022

Articles from blogs I read

vdirsyncer status update, May 2023

So far, libdav seems to be working pretty solid for interacting with CalDav server, and davcli has been handy for interactively inspecting remote collections. There are a few reported issues for the previous vdirsyncer implementation that are related URL d…

via Hugo Barrera's site May 27, 2023

Status update, May 2023

Hi all! This status update comes in a bit late because I was on leave last week. The highlight this month is the HDR hackfest, I’ve written a dedicated blog post about it. After the publication of that blog post, I’ve sent out an RFC to dri-devel. We’ve made s…

via emersion May 22, 2023

Burnout

It kind of crept up on me. One day, sitting at my workstation, I stopped typing, stared blankly at the screen for a few seconds, and a switch flipped in my head. On the night of New Year’s Eve, my backpack was stolen from me on the train from Berlin to Amste…

via Drew DeVault's blog May 1, 2023

Generated by openring