I am afraid of a private company being responsible for my passwords but also not confident in my own ability to manage any sort of password manager across all my devices. What do people do?
For cloud-synched across devices: BitWarden.<p>For maximum security (no cloud sync): KeePassXC<p>In both cases an essential feature applies: if you forget your master password you've lost access to your password database.
So, please define best, because it depends on what you're looking for. A list of the options I know and would personally recommend:<p>Bitwarden (optionally with self-hosted Vaultwarden) - Best UX for the FOSS options, syncs all your devices, overall just pretty good.<p><pre><code> Website: https://bitwarden.com/
Vaultwarden: https://github.com/dani-garcia/vaultwarden
</code></pre>
KeepassXC (optionally synced with syncthing or your cloud provider of choice) - Portable, no need to host a server to keep the database, offline-first. Database format is standardized, and other password managers support the database format.<p><pre><code> Desktop: https://keepassxc.org/
Android: https://www.keepassdx.com/
iOS: https://strongboxsafe.com/
Syncthing: https://syncthing.net/
</code></pre>
pass, if you're always on the terminal. (optionally synced with syncthing or any cloud provider). Or you can go with gopass, which uses the same database format, has better support for multiple users/stores, and enables git versioning by default. There are GUI and mobile clients available that are compatible with this database format.<p><pre><code> pass: https://www.passwordstore.org/
gopass: https://www.gopass.pw/
</code></pre>
These are the main ones I would recommend you take a look at for the most common use-cases. I can't recommend anything that doesn't provide FOSS clients or that can't be self-hosted, so some decent options UX-wise were excluded. You really have to see what you want out of the password manager to choose one. Keep in mind that for both pass and keepass there are multiple clients that are compatible with the database format, that affords you with more portability, options, and the possibility of having native clients.
I'd echo what others say, KeePassXC on local storage, which you can then sync across devices either with syncthing, dropbox etc.<p>However, I have just started exploring using vaultwarden (a rust rewrite of bitwarden, which is self-hosted).
Back when 1password, 90% sure it was that, had no Linux client I was searching for a solution to store passwords and settled for Enpass.<p>I sync via WebDAV on my Synology NAS and I’m not really worried to lose anything since every synced device has a full copy of the data.<p>Thought about switching to 1password a few months back since we’re using it at work and the client is better but they don’t have an Enpass import. It supports some kind of CSV transfer but I don’t want to pay for a bunch of, worst case scenario, not really perfectly structured data so I decided to stick with what I have.<p>Edit: when thinking of switching I was a little nitpicky. I’m pretty happy with Enpass everything considered. 1p client is just even better but with the give them your data and your money thing, which I’m not necessarily fond of
<a href="https://keepassxc.org/" rel="nofollow">https://keepassxc.org/</a><p>"no-nonsense, ad-free, tracker-free, and cloud-free manner. Free and open source."<p>Pair with Syncthing to go across devices.
pass, the standard unix password manager: <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a>
For all the people recommending keepassxc and are also iOS users, how do you deal with the lack of reproducibility of iOS apps?<p>Even “opensource” apps such as strongbox and keepassium have no way of asserting that whatever code they publish on GitHub is the same that I’m installing through the AppStore.<p>Am I just overly paranoid?<p>This is the main hindrance for me to using KeePassXC everywhere. If I’m going to blindly trust anyone I prefer to trust apple keychain.
I use Secrets (<a href="https://outercorner.com/secrets-mac/" rel="nofollow">https://outercorner.com/secrets-mac/</a>) which syncs via iCloud. Definitely not perfect, especially if you're not heavily within the Apple ecosystem, but at least it's native and doesn't require a subscription.
Codebook on iOS/macOS with local sync, almost 20 years old, indie dev, <a href="https://news.ycombinator.com/item?id=35804714" rel="nofollow">https://news.ycombinator.com/item?id=35804714</a>
Keeweb.info<p>Kepass kdb file compatible but can access through browser interface. Backup kdb file to cloud storage.<p>Don't like bitwarden. Keeping your encrypted password file in Google drive is much better and portable than self hosting on your own server.
I like portable-secret which uses the built-in browser cryptographic functions, no external software.<p><a href="https://github.com/mprimi/portable-secret">https://github.com/mprimi/portable-secret</a>
The most secure option is probably Password Store with a PGP key on Yubikey, in my view.<p>There is also Passage, which is a similar offering, but I have problems with Yubikey PIV PIN caching (and prefer CV25519 to NIST curves).
initially started with dashlane, but it was such a pain in the ass that i never used it. when i started getting my shit together security-wise, i signed up for bitwarden then hosted vaultwarden for a little while. i have keepassxc with syncthing a shot and im probably going to stick with this setup.<p>i have very little confidence recommending anything other than bitwarden/vaultwarden or keepassxc