I have used KeePassXC for years. I also use Syncthing which syncs files via my wifi for all devices, including KeePass.
recently set mine up exactly like this, can vouch
Yes, me too. This also solves 2 problems in 1 shot, since I often want to sync / backup other contents between devices too, so it's perfect, specially for those of us with a NAS at home.
this is the correct answer
yep, thats the way
Works like a charm. Occasionally deleting the sync-conflict files in case they appear.
It really depend on your threat model, Proton Pass is fine. Of course a self-hosted or local solution will be more privacy friendly but at the cost of being responsable for security and good backups (3,2 1 rule).
There is no black or white regarding privacy. You want to ask yourself what you want to protect from and is the investment worth being sovereign ?
There have been too many data breaches from cloud-based services to trust another one. I have a Proton account for email and online storage, but I won't use their password service because it's cloud based.
https://blog.lastpass.com/posts/notice-of-recent-security-incident
Lastpass leaked their password database in 2022, and bad actors are still using it to access peoples files, stealing passwords and hundreds of thousands of dollars in crypto.
DON'T trust anything important to cloud-based storage or services. Use Keepass. Use Syncthing if you need to keep the database on multiple devices.
(I see other comments using Dropbox. Dropbox = cloud. Don't store anything security related in the cloud.)
Why not Bitwarden?
I like KeepAss.
I know it's not your question, but have you checked out Bitwarden or the alternative Selfhosted Vaultwarden. Bitwarden supports passkeys and vault syncing, and if you are offline you can still access your vault.
https://bitwarden.com/passwordless-passkeys/
Bitwarden also released a AIO selfhosted docker image, but last I checked it's still not in "official release" status.
Ooh an AIO docker image you say? I may have to look into that.
Its called Bitwarden Unified. Its still in beta at the moment. I have been running this along side Vaultwarden myself.
I use KeepassXC on my computer and Keepass2Android on my phone. Passkeys work fine and are synchronized across my Synology.
Same here, it works well, and the Firefox plugin works well for auto fill, too.
Just make sure KeepassXC is set to Automatically save after every change & Automatically reload the database when modified externally, on the General > Basic Settings screen.
Do both local and cloud backup using keepass or keepassxc, use dropbox or g drive, or private cloud. The .kdbx file is already encrypted when at rest.
you should own your data. So yes
I like that I'm able to use keepassxc as a keyring on Linux. I like that there is a prompt on access so no rogue script can real my whole keyring.
KeePass then you have your own file instead of relying on a third party. And you are free to sync it how you wish , syncthing is great . I left proton earlier since I don't trust them , but never used the proton pass at all.
I think proton is the most blocked by governments group of services in the entire world. To have a backup in .kbdx file sounds at least like a good idea.
i use keepassxc and from protonpass and its great its a lot lot more manuel work but in theory its worth it anything with a internet connection can be hacked
It will always be safer to store sensitive information in a system that you control than in a system that someone else controls. KeePass is easy to setup, it's easy to use, and it provides excellent protection.
Syncthing is fine and secure, but be absolutely sure you set up some kind of file versioning for the shared folder. at least a trashcan versioning, if not better. protects you against accidental deletion
Something I never fully understood with file versioning is on which side to apply it. The source or the receiving end?
on the receiving end. Syncthing cant act to keep a version before you delete a file locally, but it can move a remotely deleted file to the version control instead of deleting it
There is no source or receiving end. Syncthing is omnidirectional synchronization. Versioning is applied across all syncs.
personally I use keepass for important things and don't sue extension or anything that would pull from it and I use bitwarden for unimportant passwords. not that bitwarden is necessarilly unsafe but im a person who ultimately thinks its best I completely control the important things.
At least KeePassium also supports passkeys.
Any specific reason that makes Proton Pass less secure? I am curious since I am using both pass and bitwarden at the moment. bitwarden for all my logins and pass for alias + their logins.
Yikes I need to get off lastpass. I'm paying for it too, since years ago they made it so you had to pay to use it on multiple devices.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)