🔑 What password manager do you folks use?
I have recently moved my credentials from NextCloud Passwords to Bitwarden, and I must say that I'm impressed by the quality and the sheer amount of features that such an open-source solution provides.
Their business model is also amazing: the product is free and open-source, you can install anywhere you want, and if you want specific premium features (like cloud backup, Yubico/Duo support etc.) then you pay as little as $10/year. For that price you have a modern, self-hosted password manager that is almost on par with commercial cloud solution like 1Password, for just a small fraction of their price.
I've also been a bit disappointed by NC Passwords. I've really tried my best to use it for the past year, but there are things that you just expect from a password manager in 2022 that NC Passwords still struggles to provide. Like:
- A fast interface: currently NC Passwords basically does a full-table scan of the passwords every time you open your vault. No pagination/query optimization whatsoever. If you have a large vault, it may take up to 10 seconds for your password to show up. Such levels of performance aren't acceptable from a password manager to be used as a daily driver in 2022.
- Better autocomplete: detection and auto-completion of login forms is often broken, so you'll have to manually open the extension/app to get the credentials. Bitwarden also allows a smarter detection of credentials per website by providing the ability to map specific HTML `input` elements to an account, something that NC NextCloud doesn't provide.
- No keybindings to open the extension in the browser:having to get my hands off the keyboard and search for the extension bubble every time I have to input a password can slow productivity on the long run.
- No import/export support for some of the most popular formats (1Password, LastPass, Bitwarden etc.). Import/export from/to other formats can be done by reverse engineering the NC Passwords export format, and writing a small script that maps apples to apples. Definitely not the most user-friendly solution.
- No support for modern forms of MFA (Yubico, Duo, email/sms challenge etc.).
- A primitive way of matching credentials to URLs. Only one URL per credentials entry is supported (i.e. no support for matching against subdomains). And the matching algorithm is also quite strict (i.e. credentials stored for mywebsite.com/login/#auth won't be reported if I'm on mywebsite.com/purchase). And there's no way of adding domain rules (i.e. amazon.de, amazon.nl and amazon.com should all point to the same set of accounts).
It's really a shame, because Bitwarden isn't exactly lightweight to run (especially its mssql container), and I'd rather have everything centralized on NextCloud rather than having another service that I have to run and maintain. But for now I'm happy with my decision - and hope that NextCloud decides to invest more on their password manager: there's a lot of potential in that area, and most of the fruits are low-hanging.
p.s. Mastodon won't allow me to post more than 4 poll options, but if you use anything that is not reported below feel free to list it in the comments :)
A newer server operated by the Mastodon gGmbH non-profit