KeepassXC is going really well for me and friends. We all get on with it, and figure it's better than storing any sort of info on the cloud.
My main point of concern with these web-based password managers is what would happen if an attacker were able to hijack the JavaScript served to clients. The code is obfuscated, and it can be updated at any time without anyone noticing which, in the context of a password manager, certainly gives me pause for thought.
Are you talking about generating TOTP codes? Bitwarden can do that, but it requires the subscription to generate the codes. You can store the key for free though
I note there's no mention of importing your existing passwords from other password managers, which pretty much all the other password managers I've tried do allow. So yet another 'alternative' that expects us to abandon all our existing content/data and start over again from scratch [cf. The Fediverse]
Did you not read? It's very easy to migrate from the common password managers into Pass.
Migrating to pass
To free password data from the clutches of other (bloated) password managers, various users have come up with different password store organizations that work best for them. Some users have contributed scripts to help import passwords from other programs:
1password2pass.rb: imports 1Password txt or 1pif data
keepassx2pass.py: imports KeepassX XML data
keepass2csv2pass.py: imports Keepass2 CSV data
keepass2pass.py: imports Keepass2 XML data
fpm2pass.pl: imports Figaro's Password Manager XML data
lastpass2pass.rb: imports Lastpass CSV data
kedpm2pass.py: imports Ked Password Manager data
revelation2pass.py: imports Revelation Password Manager data
gorilla2pass.rb: imports Password Gorilla data
pwsafe2pass.sh: imports PWSafe data
kwallet2pass.py: imports KWallet data
roboform2pass.rb: imports Roboform data
password-exporter2pass.py: imports password-exporter data
pwsafe2pass.py: imports pwsafe data
firefox_decrypt: full blown Firefox password interface, which supports exporting to pass
You got me there! -- I did read, but only down as far as the download links. As they came after a substantial amount of blurb, I assumed they were the last item on the page and didn't scroll any further.
I humbly withdraw my snidey comment [although not the bit in regards to the Fediverse!]
I use Bitwarden myself and it gets some kudos for being free for personal use and open source. But the browser extension usability is badly flawed and the app suffers from an arrogant "You're holding it wrong!" dev team, who refuse to address these problems.
Also, its autofill functionality is completely broken on Android, and has been since forever. So, while it's preferable to LastPass, it's still pretty mediocre.
13 comments
[ 4.1 ms ] story [ 36.8 ms ] threadI’m satisfied. It’s actively maintained and reliable.
My main point of concern with these web-based password managers is what would happen if an attacker were able to hijack the JavaScript served to clients. The code is obfuscated, and it can be updated at any time without anyone noticing which, in the context of a password manager, certainly gives me pause for thought.
https://bitwarden.com/help/authenticator-keys/
Migrating to pass
I humbly withdraw my snidey comment [although not the bit in regards to the Fediverse!]
Also, its autofill functionality is completely broken on Android, and has been since forever. So, while it's preferable to LastPass, it's still pretty mediocre.