Evaluation of five password managers

247 点作者 jik超过 6 年前

31 条评论

zmmmmm超过 6 年前

In the end I've just been using the Unix pass password manager [1].It's just cobbling together of GPG and git with shell scripts but it works like a normal git repository so you get all your synchronization, from that, your security from GPG which are all things I know and trust without introducing other components that I don't know / understand.[1] <a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a>

评论 #18736670 未加载

评论 #18737296 未加载

评论 #18737341 未加载

评论 #18737482 未加载

评论 #18738925 未加载

评论 #18737013 未加载

评论 #18743385 未加载

评论 #18740407 未加载

评论 #18742070 未加载

zmix超过 6 年前

I wonder, why not a single word has been spoken about Keepass/X, which is available on all platforms (not sure about iOS, though), can work with UbiKeys, afaik, has huge im- and export support and is free from any corporate interests.

评论 #18739742 未加载

评论 #18737924 未加载

评论 #18737965 未加载

评论 #18738630 未加载

评论 #18739972 未加载

mithr超过 6 年前

> Mac OS, Windows, Linux, Android, and iOS ... full functionality can’t be dependent on an app which is only available on Mac OS and/or Windows. In other words, lack of full Linux support is a show-stopper for us. This ruled out 1Password......Huh? 1Password supports all of those platforms (including Linux) <a href="https://1password.com/downloads/linux/" rel="nofollow">https://1password.com/downloads/linux/</a>

评论 #18736201 未加载

评论 #18736065 未加载

评论 #18736426 未加载

评论 #18739859 未加载

评论 #18736475 未加载

faitswulff超过 6 年前

Just idle curiosity, but I'd be curious to see BitWarden's commit on GitHub:> ...at one point during our evaluation we submitted a bug report about Bitwarden through its Github project; one of the product’s maintainers committed a bug fix seventeen minutes later, and just a few days after that the fix was released to the public.

评论 #18739303 未加载

评论 #18739195 未加载

评论 #18741119 未加载

评论 #18738823 未加载

评论 #18739912 未加载

vbezhenar超过 6 年前

For me an important selling point of 1Password was that their software looks like native Windows software and native iOS software while Bitwarden is just Chrome wrapper or something like that for desktop and C# for mobile and I don't want to support that kind of cross-platform software.

评论 #18737437 未加载

评论 #18740399 未加载

amanzi超过 6 年前

Glad to see Bitwarden up on top. They tick all the boxes for me - open source, transparent security (including recently published audit), feature-rich, optional self-hosted, and easy to use.

评论 #18740371 未加载

评论 #18737777 未加载

yinyang_in超过 6 年前

No mention of enpass.io, i found their method to be completely safe. Encrypted sqlite files, shared across Dropbox/onedrive/Google-drive.Apps used for Mac, Linux, windows, browser integration also works fine. All boxes are checked, don't know why isn't it popular among masses or nerd community.

评论 #18741148 未加载

评论 #18740277 未加载

评论 #18740229 未加载

moulidorai超过 6 年前

Hi folks,That's a thorough comparison. I just wanted to make an attempt on why someone should consider using Zoho Vault for password management.Zoho Vault is an online password manager for teams, used by more than 20,000 small and medium sized companies across the globe. We offer client-side encryption, multi-platform support, auto-fill, auto login websites and cloud apps, fine-grained password sharing, bulk folder sharing with user groups, audit, reports, two-factor & multi-factor authentication, US/EU data centers, browser extensions (Chrome, Firefox, Safari), and mobile apps (iOS, Android, Windows), option to maintain personal vault.Integrations: G Suite, Microsoft Office 365, Zoho Mail, Zoho Desk, OKTA, OneLogin, Single Sign-On for 90+ Cloud Apps, Windows Active Directory/LDAP, Azure Active DirectoryDisclaimer: I work for Zoho Vault. If you need a comparison document of Zoho Vault with any product, drop an email to support@zohovault.com.

评论 #18743317 未加载

redwards510超过 6 年前

> Yubikey support in browser (Personal) BitWarden: nohuh? I use my yubikey in the Bitwarden browser extension.Otherwise, a very extensive collection of comparison data. Not surprised to see Bitwarden come out on top.

评论 #18741218 未加载

评论 #18738731 未加载

评论 #18737766 未加载

notatoad超过 6 年前

What did you find changed in lastpass after the logmein acquisition? We've been using lastpass since before the acquisition, and i can't say i've noticed any substantial changes (either positive or negative)

评论 #18737067 未加载

评论 #18738268 未加载

评论 #18736941 未加载

thedanbob超过 6 年前

I rarely see it mentioned, but when 1Password changed to a subscription model I switched to Enpass (<a href="https://www.enpass.io" rel="nofollow">https://www.enpass.io</a>) and I've been very happy with it.

评论 #18736151 未加载

评论 #18758848 未加载

评论 #18736131 未加载

CiPHPerCoder超过 6 年前

I'm surprised there was no mention of recent security audits.BitWarden just famously had one.

评论 #18736994 未加载

评论 #18736416 未加载

评论 #18737080 未加载

codesuki超过 6 年前

Question about bitwarden: I found this issue saying there are no tests. <a href="https://github.com/bitwarden/core/issues/399" rel="nofollow">https://github.com/bitwarden/core/issues/399</a>Also in the comments here someone said there are no tests. Does anyone have any info about that? I am interested in the software but no tests would be worrying. (Had no time to browse the code yet.)

tejado超过 6 年前

As I want to protect all my passwords offline at one place but have them also available mobile, I developed Authorizer.It is an Android password manager based on PasswdSafe with USB HID keyboard support to enter paaawords automatically on any device. Also stores TOTP/HOTP.The idea is, to have a complete offline device (hardend android without network stack/always flight mode on, baseband overwritten, ...).<a href="https://github.com/tejado/Authorizer" rel="nofollow">https://github.com/tejado/Authorizer</a>

scndthe2nd超过 6 年前

This SAAS bias is untenable. "Use a big target" they say. "Store them with a big company" they say. "Give your data to someone, let them worry about it" they say. Meanwhile, breach after breach tells us that regardless of security, the likelihood of successful attack comes closer and closer to 1 as the size and exposure increases.It's likely that these services have already been zerodayed, and we're just waiting for the shell to drop on an upswing.

评论 #18739775 未加载

评论 #18739658 未加载

评论 #18741202 未加载

VectorLock超过 6 年前

I like the functionality comparison but I'm really curious how they stack up to each other security wise.

评论 #18737757 未加载

Kiro超过 6 年前

I'm using Chrome's built-in password manager. What are the drawbacks besides it being Google?

评论 #18736001 未加载

评论 #18736183 未加载

评论 #18736061 未加载

评论 #18736037 未加载

评论 #18755459 未加载

Wowfunhappy超过 6 年前

One feature I didn't see mentioned—LastPass has a Bookmarklet that can be used in leu of a proper extension. This means that if I ever decide to start using a random niche web browser, I won't have to start copying and pasting from a web vault in order to log in to sites.The freedom to do this is important to me regardless of whether I ever actually use it.

xte超过 6 年前

My personal password manager: GNUPG-encrypted text file (org-mode). No extra fuss.Reason? I have too much code to look/trust to add more and I do not keep log-in anywhere during my day, I do my best to avoid web-(cr)app as much as I can and try to live asynchronously connects via Emacs, being capable of operate as much as I can offline...

Avery3R超过 6 年前

No keepass? Disappointed.

评论 #18736249 未加载

评论 #18735994 未加载

评论 #18737209 未加载

评论 #18736804 未加载

评论 #18736438 未加载

beat超过 6 年前

Has anyone gone through the process of switching? I use Keeper for personal stuff, and I suppose there's always the chance to switch if one turns out to be technically or politically much superior, but there are dozens and dozens of passwords in there to transfer...

评论 #18736173 未加载

评论 #18736398 未加载

评论 #18738137 未加载

评论 #18738016 未加载

评论 #18737559 未加载

sakisv超过 6 年前

I only found out about Bitwarden a few weeks ago and it got me to change from KeepassXC and I'm overall very happy with the change.The main selling points for me were that it's open source and they allow you to host it yourself.Apart from these, I really enjoy the browser addons which don't require any jumping through hoops[1] and that they provide their own Android client and you don't have to play Play Store Columbus to find a decent one. It can also be used as an autofill service which allows it to interact with other apps which is incredibly useful.But because nothing in this world is perfect, the downsides so far are:1. Lack of shortcuts to copy only the username or only the password and forcing me to reach for the mouse. That's really annoying.2. With KeepassXC you could have a keyfile that you was necessary to unlock your database while Bitwarden doesn't have that option. They do provide 2FA[2] but only TOTP and email for the free version (although $10/year for the premium subscription, arguably, is not much).1: <a href="https://keepassxc.org/docs/keepassxc-browser-migration/" rel="nofollow">https://keepassxc.org/docs/keepassxc-browser-migration/</a> 2: <a href="https://help.bitwarden.com/article/setup-two-step-login/" rel="nofollow">https://help.bitwarden.com/article/setup-two-step-login/</a>

评论 #18740147 未加载

评论 #18740293 未加载

rollinDyno超过 6 年前

I've been using masterpassword [1] which is stateless and requires no sync. I wonder what the HN crowd thinks of its features. Another option with the same paradigm is lesspass [2].1. <a href="https://masterpassword.app/" rel="nofollow">https://masterpassword.app/</a> 2. <a href="https://lesspass.com/#/" rel="nofollow">https://lesspass.com/#/</a>

评论 #18736277 未加载

评论 #18736252 未加载

评论 #18737338 未加载

评论 #18739565 未加载

jiveturkey超过 6 年前

i find it hilarious, hilarious i tell you, that he felt the need to put a quasi-legal disclaimer at the bottom of his medium post. i suppose it is demanded by the field he is in (investment banking) but it just strikes me as nonsense.too bad the article is quite thin.

JJseiko超过 6 年前

If someone is still looking for a good one, I use Keepass and can very much recommend it.

banku_brougham超过 6 年前

i was using dashlane for a while. The features were great, but one thing really bothered me:On macOS everytime I opened safari it launched a dashlane.com page reminding me to install the plugin. I did not want the plugin, and after much googling never was able to prevent this behavior. I had to uninstall it.Switched to KeepassXC, its good.

w8rbt超过 6 年前

Here's a plug for DPG (zero storage password manager). I wrote it years ago and it meets my needs well.<a href="https://github.com/w8rbt/dpg" rel="nofollow">https://github.com/w8rbt/dpg</a>

评论 #18736126 未加载

ape4超过 6 年前

<a href="https://pwsafe.org/" rel="nofollow">https://pwsafe.org/</a> by Bruce Schneier

fosco超过 6 年前

anyone use passbolt[0]?interested to know your experience good/bad/etc...I am considering installing on a vm at home to use for family.[0] <a href="https://www.passbolt.com/" rel="nofollow">https://www.passbolt.com/</a>

the_duke超过 6 年前

A comparison matrix would help.

评论 #18736185 未加载

评论 #18736179 未加载

CompuHacker超过 6 年前

we decided that Bitwarden is the best choice for our company, and we’ve begun the process of migrating from LastPass to Bitwarden.<pre><code> whois lastpass.com LogMeIn, Inc. whois bitwarden.com WhoisGuard, Inc.</code></pre>

评论 #18735948 未加载

评论 #18736415 未加载

评论 #18736152 未加载