I currently use KeepassXC that is synced through NextCloud. The sync isn’t very elegant, especially on my phone. So I’m looking for a new password manager, which has a native server sync support that I can self host. What do y’all recommend? I need at least a phone app and a browser integration that can autofill.
If you can’t self host --> KeePass If you can self host --> Vaultwarden
Vaultwarden is perfect imo
I like to use SyncThing for my keepass vault. Imo it’s about as simple and elegant as it can get without involving third party services.
I know you’re asking for an integrated sync but this has been flawless for me and only rarely notice a delay between machines including android, linux, and windows (less that 30s in any case)
Bitwarden is excellent and the paid plan is very reasonable unlike with others.
Bitwarden
Have you tried syncthing? It works great with keepassxc.
Vaultwarden is pretty easy to self host.
+1 for Keepass + Syncthing. Free, no cloud, always synced.
Yeah this is me. It’s been just perfect for many years now.
This is faultless for me
Which one? Or both?
Actually keepassdx, and sounding syncthing
For native sync, the two good and reputable alternatives are Bitwarden and Proton Pass
2nding the Bitwarden, absolutely love it. I moved from LastPass years ago and never looked back.
I also use Unix pass and self host a git repo over Tailscale to keep it synced across devices. Works like a charm so long as I remember to push whenever I edit a password somewhere.
Bitwarden.
My recommendation: Don’t use Vaultwarden (self hostable server side of bitwarden. Really easy to run and use). Why? You’re not a security personal, and securing your vault isn’t your job. You might do a slight mistake that’ll lead to the compromise of your vault.
The people at Bitwarden have their work dedicated to securing the vaults and all they do is security. And they’ll probably do it better then you. When it comes to serious matter, I prefer to trust the professionals.
Ignoring the security aspect of it Bitwarden is responsible for hosting a fault tolerant, highly available web app.
They have redundant networking, redundant servers, load balancers, redundant databases.
While you could host this yourself to these tolerances it’s work and it’s not free.
If you’re using your password manager to the fullest you have a different password for every resource out there. It’s more than a minor inconvenience if you get locked out of your passwords.
Their service is dirt cheap and it’s absolutely worth every penny.
Just to play devils advocate. Bitwarden.com is a much more valuable target. My instance is behind a VPN. I think its actually far more likely Bitwarden will have a breach similar to LastPass then I will. But I agree with you mostly.
Doesn’t the server just hold an encrypted vault? What could go wrong when the server is compromised? Just thinking out loud I don’t know the answer
I just don’t want any unauthorized persons anywhere near my vaults in general. I also see my vault as a critical service that requires high availability, and I know enough about system administration to know that my network and I are not qualified to provide that.
Security is also about backups. 3 Replicas 2 Formats 1 Offsite location
deleted by creator
Yep, that’s right. In theory you could share the encrypted DB with the public and not degrade security. (Still don’t do that though…)
KeePassXC. Despite a lot of room for improvement, overall it is pretty powerful & you don’t have to host a server. You can also sync your password file to cloud storage. With VaultWarden, it will store a cache of your passwords on your phone but you wont’ be able to update them away from home unless you also setup port forwarding, dynamic DNS, web server & all that.
Vaultwarden works really well for me.
Good thing the KeepassXC can be used as a 2nd factor authenticator, though it has TOTP only, doesn’t offer HOTP.
Proton pass if general UX and speed are important to you. Bitwarden if amount of features is important to you
Keepass2android should be able to handle nextcloud sync from within the app so that might work better than on device sync. If your done with keepass bitwarden or proton pass are common alternatives
