egberts1

My running note on self-hosted password managers:

1password: since version 8, dead due to cloud-only-now, not standalone, its over-usage of Electron web and its many unverified modules/libraries; remote storage of password only in encrypted form. Key stays offline.

vaultwarden: yet another Electron web app and its usage of many unverified modules/libraries; remote storage of password only in encrypted form. Key stays offline.

KeepassXC, with syncthing: leading contender, best-self-hosted solution that stores password remotely only in encrypted form. but still has iOS unverifiable source code imposed by Apple. Key stays offline.

NordPass: best zero knowledge remote storage; has apps for Windows, macOS, Linux, Android, and iOS. When it comes to browser extensions, one would be hard-pressed to find a wider selection. You can install NordPass on Chrome, Firefox, Safari, Opera, Brave, Vivaldi, and Edge. Not open-source.

LassPass, hacked in 2022; remote storage of raw passwords

pwsafe, still is the safest CLI-only solution to date. The design of pwsafe (Password Safe CLI) got started by Bruce Schnier, the crypto security privacy expert. In pwsafe, unbroken TwoFish algorithm is still being used instead of currently safer Argon2i, simply because it's faster (after millions of iterations). The recommended client-wise of PasswordSafe is still Netwrix (formerly MATESO of Germany) PasswordSafe with YubiKey but stay away from its web-client variants due to ease of memory access to JavaScript variable names (by OS, browser, JS engine, and JS language)

Only downside for ANY PasswordSafe-design GUI client is trusting yet another app repository source.

ssbash

Strongbox is a fantastic KeePass client on iOS and macOS.

- fully native apps

- open source

- fully offline option (Strongbox Zero)

- one time purchase

- solid browser extensions for Chrome and Firefox

- native keychain autofill for Safari and Orion

- compatible with other KeePass apps on other platforms

- multiple sync options iCloud, G Drive, Dropbox, OneDrive, SFTP, WebDav, Syncthing

- support for offline vaults

- biometrics, Apple Watch unlock, and Yubikey support

- TOTP codes, attachments, and markdown notes can be stored

- supports password auditing with Have I Been Pwned

- supports importing 1PW vaults

Most importantly, Strongbox is made by a small and transparent company. Unlike Bitwarden or 1Password, they are solely focused on making high quality macOS and iOS apps.

https://strongboxsafe.com

egberts1
I really really like Strongbox.

My only resistance from going the route of strongboxsafe is the lack of app-specific PIN, opposed to OS-specific PIN that is still missing from the free version.

While a master password covers the specific database, the PIN covers the app.

This is a problem for me there:

1. No OS-specific PIN/passcode in free version

  A wider acceptance should borne with this simple feature in the free version.
Also Netwrix is more enterprise-ready with their SOC 2, ISO 27001 and HIPAA ready but that is a moot point for most SMBs, SMEs, family-servers and homelabs.

I do do like the simple fact that Strongbox has it all out with their Github repository.

https://github.com/strongbox-password-safe/Strongbox