At this point it is too high of a risk to store my password elsewhere. I've been screwed over by dashlane, lastpass, potentially bitwarden now, I am with 1password now, but I've had my passwords in all these places, and I've had to change them each time, probably missing a few.
I like 1password, it is by far the highest quality product I've used in this category. I moved from BitWarden back then because their browser integration was quite poor.
I think I'll move to something custom, or a selfhosted keepass server, with the rugpulls, incidents, and whatnot, it is becoming too high of a risk.
Keepass has been my go to since forever, highly recommend. I never jumped on the SaaS password manager train when they started coming out, always just kept it local. There were times I thought I was missing out on some convenience but I'm glad I never moved.
Depending on your threat model, you can even just keep the .kdbx in cloud storage somewhere and point your keepass client to that. I'd recommend using a keyfile in addition to your master password though so that if anyone does happen to get a hold of the database they can't just make brute force attempts against it.
I’ve found being able to share passwords with my spouse very valuable which we couldn’t easily do with keepass. Also the syncing strategy on iOS is a disaster and corrupted my wife’s keepass db causing her to lose everything.
Is there reasonably priced cloud storage for this use-case? Their offerings are usually for several gigs of data, a kdbx is minuscule
keepass files + syncthing works very nicely for me.
For non technical people, I just recommend to use the browser built in password managers. traviso has a good writeup why: https://lock.cmpxchg8b.com/passmgrs.html
I was doing this too until recently. The problem with this setup is more at Syncthing. More specifically, Syncthing Android app has seen some troubling changes in maintainers. The latest maintainer has a very sparse Github profile and an AI generated avatar, so I noped out of installing it right then.
Serious questions: what's wrong with just using Firefox built in password manager?
How were you screwed over by these products?
Rug-pulls, security incidents, lost passwords, I also don't know if they've kept my passwords behind when i deleted my accounts. The risk of them having them is too high, so i had to swap all of them.
Interesting! I've been a LastPass and then 1Password user since 2009ish.
I left LastPass because of UX paper-cuts, but I've never lost passwords on either of them.
Honestly, it's something I don't want to think about and just need it to work on mobile and desktop, so the switching friction is very high for me. I'm not going to shop around and try different password managers.
Is "rug pull" a cost thing? I'm generally frugal, but pay for a family plan and don't think twice.