Hello

On Sun, 22 Sept 2024 at 16:15, Georg <g.schlisio@dukun.de> wrote:

Dear list crowd,

I'm looking for a synced password manager solution that connects my Arch
PC with my android phone, and a Windows PC. I'd like to use my arch
server as the nexus, and want to avoid commercial services by all means.
One option I heard is using one or more keepass databases and keeping
them in sync via syncthing.
Another option seems to be bitwarden.

Are there more good options? What do people use, that works well and
painfree? What other options for automatic syncing of the keepass
database would there be?

I used to be a commercial user of LastPass and I was pretty happy with it. 

However, when they started charging disgusting amounts (70+ a year, to be paid annually) I told them where the /dev/null was

and changed to bitwarden. 

I paid the 10 pounds one-off fee, and now I have the bitwarden on my android phone (in a knox [secure folder]), and on my Linux daily driver, and My Linux workstation and my Linux/Windows laptop (both oses).

I'm pretty happy about it all. I use multiple authentication factors, such as OTP (on-time-password) and hardware keys (fido,yubi,...)

Bitwarden *CAN* also act as authenticator for the OTP but I strongly encourage people NOT to use that because it would combine your extra factor with your password.

I also highly recommend that you DO NOT automatically fill out your forms with bitwarden, or *ANY* password manager, as it can expose you without you even realising it.

What I do instead is, visit a website, when I want to login and have a password for it, bitwarden will show me that with an icon in the toolbar, I can then click to fill out the form.

Remember, your mfa can fail, so best to set up multiple so that you can still log in if you accidentally drive over your fido e.g.