Le lun. 23 sept. 2024 à 13:08, Andy Pieters <arch-gene...@andypieters.me.uk> a écrit :
> Hello > > > > On Sun, 22 Sept 2024 at 16:15, Georg <g.schli...@dukun.de> wrote: > >> Dear list crowd, >> >> I'm looking for a synced password manager solution that connects my Arch >> PC with my android phone, and a Windows PC. I'd like to use my arch >> server as the nexus, and want to avoid commercial services by all means. >> One option I heard is using one or more keepass databases and keeping >> them in sync via syncthing. >> Another option seems to be bitwarden. >> >> Are there more good options? What do people use, that works well and >> painfree? What other options for automatic syncing of the keepass >> database would there be? >> >> > I used to be a commercial user of LastPass and I was pretty happy with it. > However, when they started charging disgusting amounts (70+ a year, to be > paid annually) I told them where the /dev/null was > and changed to bitwarden. > > I paid the 10 pounds one-off fee, and now I have the bitwarden on my > android phone (in a knox [secure folder]), and on my Linux daily driver, > and My Linux workstation and my Linux/Windows laptop (both oses). > > I'm pretty happy about it all. I use multiple authentication factors, such > as OTP (on-time-password) and hardware keys (fido,yubi,...) > > Bitwarden *CAN* also act as authenticator for the OTP but I strongly > encourage people NOT to use that because it would combine your extra factor > with your password. > I also highly recommend that you DO NOT automatically fill out your forms > with bitwarden, or *ANY* password manager, as it can expose you without you > even realising it. > > What I do instead is, visit a website, when I want to login and have a > password for it, bitwarden will show me that with an icon in the toolbar, I > can then click to fill out the form. > > Remember, your mfa can fail, so best to set up multiple so that you can > still log in if you accidentally drive over your fido e.g. > > hi, what do you think of https://github.com/lesspass/lesspass ? the principle seems interesting : it consists in reconstructing the password from a piece of information (which can be synchronized easily/simply) and a secret (master password)... regards.
