Hy,
In your opinion do you prefer Bitwarden or Proton Pass and why?
It seems proton pass have better integration with Firefox.
Good and bad?
Thanks.
Don’t combine email, password manager, or 2FA authenticator together with the same company. All 3 should be completely separate from each other.
Bitwarden has a distinct advantage for this reason alone.
I love Proton but I don’t use their password manager because I use Proton for email (and calendar, and VPN, and cloud storage). If my email gets compromised somehow, I don’t want my password manager compromised too.
I use protonpass for alias email and bitwarden for passwords.
Why not simplelogin integration in Bitwarden? The first comes as part of your assuming proton unlimited package
Bitwarden because it is open source.
Both are open source
Thanks for all comments and opinions. I’ll give a chance to bitwarden.
KeepassXC
Am I a boomer for still using KeepassXC synced via Dropbox?
KeepassXC + SyncThing in my case, to skip the middle man (Dropbox/Google drive)
It works but partitions can and will happen and a merge afterwards is non-trivial AFAIK.
Do you encrypt it before syncing in Dropbox? Or just raw .kdbx and password (+ key)?
The “raw” KDBX file is already encrypted, there’s no need to re-encrypt it.
Defense in depth is my thinking
I’ve read that it doesn’t really improve security much? Or maybe it’s just a matter of opinion.
Interesting. I assumed it did, two layers of encryption, different passcodes and ideally keys - not sure how it wouldn’t, but now I need to research it
These are my opinions, not a security expert or anything but - if your system is compromised two layers won’t make a difference. If someone gets ahold of the KDBX, two layers might slow them down but if they have the compute to crack the KDBX in the first place a second layer won’t make a difference, even if you’re using a stronger algorithm.
I can only think of two benefits.
-
using two different algorithms adds a layer of protection in the event a flaw is discovered.
-
If it’s wrapped it would likely have a different extension and signature, so if someone were to say, hack the cloud storage provider and grab all the KDBX files you might get missed.
In any case, the encryption algorithms we use today will likely be irrelevant and useless at some point in the near future. If you suspect your KDBX has been stolen, you should change all your passwords - even if they can’t crack it today, you don’t want to get an unpleasant surprise in a decade because you didn’t.
Although changing your passwords on interval is a good security practice anyway.
I also wouldn’t sync them with a cloud storage system either, since you never know.
-
Been a longtime user of Bitwarden (free, and over the last year paid). It’s a straightforward/good but a bit boring UI, connects very well and easily into browser, phone etc. Works well, highly recommended, and having 2FA on paid version is awesome.
Been trying out Proton Pass for the last few days since I already pay for Proton Unlimited. It’s got a good UI and so far it’s been working well in Firefox and on my phone. It’s much better integration with Simple Login features so I like the slightly more seemless sign-up ability. It’s not 100% feature parity with Bitwarden paid though.
Bottom line - I prefer proton pass as a heavy proton user already BUT if I just wanted a standalone password manager, Bitwarden is probably better. Both are good options though, and competition is good.
(Possibly a silly question: Is there anything wrong with a boring UI? What makes a good UI not boring?)
Nothing wrong with a utilitarian boring UI/UX. It’s not going to be a determining factor but a nicer looking and feeling experience is…nicer.
Been using Bitwarden and Firefox for years and years. Never had any integration issues.
Bitwarden is what I am using and I am having no problem with it so far.
I like Bitwarden because I can host my own server and control it all. Not sure if the other service does set-hosting. Maybe you can do the same with that?
I’ve been thinking of setting up my own server. Does hosting your own server feel secure? I feel capable of setting up my own server but I’m not sure if I trust myself to secure it appropriately.
Bitwarden isn’t a brand new solution. I don’t understand the comment in Firefox, though, Bitwarden has no issues with it that I’ve found.
I’ve used Bitwarden heavily in various browsers and Android. It’s really great and very effective at filling in passwords. Every now and then there’s a site that does something weird to make it autofill a bit wonky, but I can only recall seeing that happen with registration forms (sometimes the enter + confirm your password fields seem to confuse it). It’s near perfect at sign in forms that I’ve used.
Bitwarden+vaultwarden server = free enterprise access 👍
I have all things in Proton except password manager. I’m already using Bitwarden, and I don’t think keeping all your eggs in one basket is a good idea. That and I don’t want to support it, as Proton should be focusing on improving their existing products instead of creating new ones.
Passwords are keys, not eggs. You wouldn’t hide your house keys all over town, you’d keep them on your key ring and maybe give a spare to a single trusted person that explicitly would not be carrying it around town exposing your key to the risk of theft.
Eggs are pretty nutritious though (superfood alert), and you can bet your bottom dollar that I would be sharing all my eggs with the townsfolk. You know, as a learning experience, to teach about their worth.
I think it depends on the mobile device you use. I’ve read that proton is better on iPhone and bitwarden doesn’t integrate that well with it but it’s seamless on android. I also haven’t had any issues with bitwarden and Firefox and they’ve been my combo since I started using bitwarden a couple years ago. I haven’t given proton pass a full on try yet though and I pay both companies for their awesome services so I’m a bit of a shill for both. I don’t think you can make a bad choice here.
I use Bitwarden on iOS and have for years now. I have never run into any major issues. Occasionally I’ll have to jump out to the Bitwarden app to copy a password but that’s usually because the website I’m trying to log into has their form set up weird/wrong.
I was copying passwords and usernames all the time. This comment made me realize I didn’t configure it properly
To be fair, I have to do this with Android sometimes as well
Both are open source. I will use the free version. Proton pass seems to have a UI more polish.
i trust proton quite a lot, but the open source part seems to be only partially true. on their github, i can only find client side code (ie. browser extensions, mobile apps), not the server code, which bitwarden does publish
