I rely on Bitwarden (slooowly migrating from… a spreadsheet…) and am thinking of keeping a master backup to be SyncThing-synchronized across all my devices, but I’m not sure of how to secure the SyncThing-synchronized files’ local access if any one of my Windows or Android units got stolen and somehow cracked into or something. I’m curious about how others handle theirs. Thanks in advance for sharing!
For years I’ve been using KeepassXC on desktop and Keepass2Android on mobile. Rather than sync the kdbx file between my devices, I have each device access it through the network. Either via sftp, smb, or nfs, but regardless I need to connect to my home’s VPN to access it when away from home since I don’t directly expose those things to the outside world.
I used to also keep a second copy of the website-tied passwords in Firefox Sync, but recently tried migrating that to Proton Pass because I thought the PIN feature might help, then ultimately decided to move away from that too and start using the KeepassXC-Browser plugin instead. I considered Bitwarden too but haven’t tried it out yet, was somewhat deterred by seeing people say its UI seems very outdated.
It didn’t look outdated to me, but is kind of weird and hard to get used to, though I eventually did. I don’t know how to make an export from Bitwarden to take into KeePassXC, though… I’ll need to look into this. Perhaps it can’t be done from the browser alone. Anyway, thanks for sharing.
If you only have login names and passwords you can export to JSON and then import to KDBX using KeePass (works best) or KeePassXC.
If you have attachments (key files, certificates, etc…) then you will learn Bitwarden is not that open as it advertises. You will need specific scripts to move your data…
I had no attachments, imported effortlessly, and have been loving KeePassXC!!! Thanks!
Is syncing the .kbdx files using Syncthing unsafe?
Syncing files that you may open in both (or more) devices at the same time is unsafe with any service, but you can manage to avoid sync conflicts with KeePass if you do not open the same file at the same time or open the Android app in read-only mode. I’ve only had like 3-4 conflict files this year and they weren’t important.
Do the files pass through their servers unprotected? I don’t really understand how Syncthing works under the hood.
From https://docs.syncthing.net/users/faq.html#what-is-syncthing (bolding mine)
We believe your data is your data alone and you deserve to choose where it is stored. Therefore Syncthing does not upload your data to the cloud but exchanges your data across your machines as soon as they are online at the same time.
Bitwarden keeps a local copy of the data that can exported if something ever happened to bitwarden. If you want to keep an encrypted backup you can export the CSV and store it on an encrypted drive as a backup but not big worry about syncing it to all devices
I write them on paper just because I’m very old schooled.
My wife does the same, and I can’t tell you how many times a day I have to help her reset passwords, figure out if something is an “1”, “i”, “l”, or “|”, or decide what needed to be capitalized.
Even though I have Bitwarden installed for her, she just “prefers” paper like some people prefer to stub their toes.
Proton Pass. If you’re comfortable with cloud E2EE managers, it’s far more worth it than Bitwarden, since you get unlimited email aliases. Better for privacy and even security. Plus, I trust Proton, they have a phenomenal track record in terms of security and encryption.
they have a phenomenal track record in terms of security
I read that they have bowed to email subpoenas in the past.
Every company would. They’re not going to go out of business over one customer. What’s important is that they weren’t able to give any important information.
passwords.txton a full-disk encryption HDD.What if the HDD catches on fire or the room gets flooded while you’re not home?
I backup stuff both on a MicroSD and on web storage with
duplicity. Hopefully that is enough!web storage
Google Drive?
Nope, I use Mega
I don’t really understand why passwords are so hard. Take two words that have meaning to you. Two number sequences that are important. Then lastly decide on two symbols. That’s eight different passwords if you use one of each in that order, more if you want to mix the order. Now set rules to each. One word for personal one for business. One number set for fun the other for essential. The symbols are rather arbitrary but I try and stick with one for passwords I’m forced to make the other for passwords and logins I’m wanting to make. Obviously make unique passwords for any important stuff like baking and such but with this method I can log into accounts over ten years old within the first two tries. Usually it’s the user name or tag that gives me the real trouble.
