Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there any reason to use these cloud based solutions when open source alternatives like KeepassXC is available?


I used KeePass + Dropbox/Syncthing for years, but eventually gave up. At some point I saved my KeePass db with a newer version (of the software and the DB format), and later found out that the newer software version will not run on an older version of MacOS that I still use on one machine.

I mean, I could maybe update the OS on that machine (not sure--it's over 10 years old) but at that point it was less work and less risk to switch to BitWarden. And the user experience is much better as well.


If you’re using a ten year old OS your password manager is the least of your security concerns.


That's not what he stated.


Same problem with many other open source alternatives. Lousy user experience, in this case across devices.


Although LastPass had a pretty lousy UX for years and years.


People keep asking: if you have family and you need partial sharing and full sharing as well as write capabilities on multiple devices at same time without messing up, keepass is insufficient.


Yeah: they’re cloud based. Your passwords get synced to all your devices automatically. That’s kinda the entire draw.


That and you get to centrally admin this for others (employees, family members), fine grained access controls for business use, you don't have to host and secure anything yourself (e.g. Bitwarden), pretty good UX on all your devices. I had to use a shared KeepassX file in git for a project and it was a frequent source of problems.


Exactly. I used Keepass for years but it became too much of a pain.

(Though I suppose changing a bunch of passwords that I had in LastPass is also kind of a pain.)


Is there any reason to give someone else your password to store when you can just remember it or write it down somewhere safe?


I have >200 unique randomly generated passwords in my Keepass file for various accounts (granted, a lot of them are throwaway accounts). No way I could ever remember those passwords, so any attempt at using that approach would necessitate less secure passwords.


Yes. Humans can't remember a sufficient number of sufficiently-complex passwords.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: