Switching My Password Manager

by
, posted

We all know how important role passwords play in our digital lives. They are the keys to our online versions. Passwords protect & guard our online identities be it out social handles, shopping sites, financial vaults, academic profiles, cloud storages and what not. To avoid reusing same passwords on multiple sites or using short-length passwords, I use dedicated password manager. The major advantage of using a password manager is they allow us to have very complicated & unique passwords for all of our accounts.

Browser built-ins! Big NO. That is because browser built-in password managers ain’t really as safe as they claim to be. The widely used Gulgule chrome doesn’t even use a master password so anybody who gets physical access to your machine can look up into your browser and voila! Also the browser’s potential vulnerability also poses the risk to password vault so built ins are not really a good option. And not to mention browser extensions increases the odds of getting fingerprinted.

There are dozens of dedicated password managers out there, some of which are served at a rental pricing and some are available at free cost mostly FOSS. For instance:

I used to rely on Bitwarden up until 2021, but the only thing that made me ditch Bitwarden is it requires an active internet connection to fetch password entries, so I switched to KeypassXC, another FOSS password manager featuring offline availabilty of database, which is definitely a deal breaker for me.

I have been using KeypassXC for more than a year but it comes with it’s own downside - it doesn’t feature cross device sync. Because KeypassXC works completely offline so there is no native feature to achieve cross device sync even though there is a way around for Win, Android & Linux but not for iOS/ macOS environment. How I was bearing with it for last one year is because I didn’t really needed cross device sync, as macOS is the only machine I do my computing from.

However, I recently felt the need of my password vault on my iPad which I carry around when I travel. After running a simple search query, I came across strongbox, which is another freemium password manager but supported on Apple devices only. It has a decent UI and features multiple remotes for db mounting. Also it is very snappy as comapared to KeypassXC.

I imported the .kdbx export from KeypassXC into iCloud and configured the strongbox to mount from iCloud. Therefore, strongbox takes care of encryption & iCloud of the cross device sync. Yeah, strongbox is more of a client & I can change the db location on will, anytime, and even have multiple databases mounted from multiple locations, like Dropbox, Google Drive, One Drive, WebDAV, Nextcloud & so on. Now I am able to access the password vault via my iPad as well. The vault is protected with 36 bit master password, the only password I (have to) remember.

Conclusion

I am sticking to strongbox for time being, however I might give DashLane a try at some point. The free tier is enough but I can also avail free license using Github Developer Pack.

Do you think password managers are worthwhile, if yes which one do you prefer. Or if you believe password managers are time waste, feel free to leave a reply via mail. I am keen to learn the opinion of other side.

Your Signature