- cross-posted to:
- protonprivacy
- cross-posted to:
- protonprivacy
Proton is great but I do feel wary from putting all my eggs in one basket again.
Same, staying with bitwarden for now
Bitwarden also has better features for now like more solid URL matching (handy if you have a bunch of services on subdomains of the same domain name).
Hey what type of URL matching do you use for achieving this? BW suggest me all the entries for a domain and doesn’t differentiate sub domains.
You have to set each entry under the same domain to to match against “host” and you’re set.
I use “Host” matching to only target specific subdomains.
I don’t have Bitwarden installed right now but I believe they had a parameter called „starts with“ or something? That has always been solid for me.
Same, staying with keepass for forever
Same. Although the simplelogin integration seems nice.
I discovered not too long ago that Bitwarden has the same integration! https://bitwarden.com/blog/add-privacy-and-security-using-email-aliases-with-bitwarden/
You need to configure it on each device though, and you need to generate an API key first.
I was just about to write this… Proton is cool, but I only use mail from them. All my other services are independent from each other, and soon I will be self hosting most of them.
I’m switching from privatevpn to protonvpn just for the port forwarding with wireguard within a terminal, no stupid GUI app. Quite pleased with the service, they do VPN well.
The backend is proprietary. Avoid.
As all things Proton.
I use their mail system, and it’s pretty good ngl
Best alternative for email?
E2E Encrypted FOSS smoke signals that are only visible on a Time-Based One-Time wavelength of light are the only way.
Even steam proton?
Except anything Valve, which is awesome.
Avoid why?
Because we only know what the client does, and have no clue on the server side of things, allowing Proton to do any manipulations with the data. Not ideal when you consider it for password storage.
What should I use then?
Something like Vaultwarden if you care about cloud sync, or KeePassXC if that’s not on your priority list.
if the client is e2ee and you can control that, then why is the server relevant?
Because non-obvious backdoors can be added to the client that break or circumvent encryption (looking at you, xz), stealing all of your passwords, and no one will be able to raise the alarm just by looking at the server code.
Open-source backend allows to generally avoid this situation, while also potentially rendering you able to self-host if you’re paranoid.
and you can control that
Sorry, I meant “assuming one has complete control over the client source” where the remote cannot just change it on you.
I mean they can make a sneaky update to the client that introduces such changes.
Sure, if you won’t update your client, this won’t affect you, but would potentially open you up to other security vulnerabilities.
This was a real concern with MEGA back in the day (after Kim said you should no longer trust them) and a big reason why I prefer to use standalone client apps that I can control the source of.
Just give me a Linux client for proton drive please. I’m tired of manually uploading/downloading files 😐
Yeeeeees. If you’re orienting your company as the privacy-alternative it’d be great to emphasize support for the main privacy-oriented OS. I get that developers don’t grow on trees, but this seems like a pretty crucial feature that should be prioritized.
I mean, I recently switched to Proton knowing what I was getting into, but I’d really like to see this happen soon.
deleted by creator
They likely have a larger portion of Linux users then other companies though.
deleted by creator
I don’t think you have the insider information to really make that call.
deleted by creator
Very cool! Thank you for this.
deleted by creator
On their GitHub:
Supported cloud providers Celeste can currently connect to the following cloud providers:
Dropbox Google Drive Nextcloud Owncloud pCloud Proton Drive WebDAV
That’s pretty cool all things considered I didn’t think a 3rd party client could be made for drive
deleted by creator
deleted by creator
I tried this before and it was very unreliable when used with WebDAV.
deleted by creator
i tried it recently, and it worked, it may have broken since then though
I’ll still stick with bitwarden, but if I were to introduce someone very tech illiterate, I would probably recommend proton
I’m tech illiterate and been using Bitwarden for 3 years (premium), and honestly it doesn’t work very well on Android. Every time I need to enter a password, it’s completely hit-or-miss with Bitwarden. Half of the time it doesn’t even pop up. I’m using Xiaomi phone and tablet with stock rom (global version).
Should I switch to Proton?
Before switching you should maybe read this and wait for the native app : https://www.reddit.com/r/Bitwarden/comments/1b32bbz/going_native_the_future_of_the_bitwarden_mobile/
Wow thanks, I have no idea. That’s great news. I’ll definitely wait for the native app. But in the meantime I’ll try out Proton as a “backup” just in case something bad happens to Bitwarden or my personal vault.
I have the same issue with Keepass2Android. I think the issue is with Android itself rather than the password app.
Install the keyboard autotype plugin for Keepass2Android!
Sometimes you have to long press on the password box and bitwarden might appear or a little “autofill” option may appear along in the 3 vertical dots pop up. Most of the time, Bitwarden auto pops up for me.
I feel like if you’re already using Bitwarden and you’re talking to us on Lemmy, you’re not tech illiterate.
Try the free version and switch to premium if you like it better than bitwarden.
In terms of “Free version”, what would be better? What would you recommend if I were to use one as Premium (daily use) and the other as Free (for backup purpose)?
Idk its up to you really try both out and go with what you like and buy a premium for what you decide to use daily .
Same problem on 1password.
As a mobile developer I can tell you that working with Android keyboards has been a giant fucking pain in ass since inception to today.
While I can’t speak specifically to why they both seem to have this problem, I wouldn’t be surprised if the OS is part of the problem.
I wouldn’t be shocked that if someone had it working consistently, it might be because of the most heinous hacks, or private greylisted APIs or some other nonsense.
I do remember trying several different keyboard apps, but none works consistently enough and some don’t even work at all.
I like anysoft. The autofill thing for bitwarden sometimes takes a second but it always shows up.
deleted by creator
Which sites or apps does it not pop up? It is rare for it not to pop up for me.
I’ll take KeepassXC and KeepassDX + SyncThing, just works and I don’t have to ever rely on someone else for my most sensitive data.
This. At least until i find a better solution than syncthing. But keepass(xc) all the way.
I tried Google Drive, and also Seafile. the catch is that it needs to sync the files to your phones local file system. You could also do Next cloud or use Folder sync. https://play.google.com/store/apps/details?id=dk.tacit.android.foldersync.lite
Problem is, i want to exclude third parties. I’d prefer a direct heavily encrypted connection directly to my server. Definitely not a cloud somewhere, especially not google & co.
Nextcloud is way too blown up and vulnerable for me. I really only need file-synching. Got servers working for the other stuff like caldav.
i use Termux and just scp/rsync my stuff around.
ideallyi’d use Unison sync inside termux, but it hasnt been packaged and i dont know the first thing about ocaml, so it’d be hard for me to make the needed adjustments to package it.
Termux/Rsync is nice and all, but not really a comfy fire’n’forget-solution like syncthing.
And today i heard the first time of unison sync. So i have no opinion at all here, but thanks for the hint.
deleted by creator
Drive is under a different org:
deleted by creator
How does it compare to vaultwarden/bitwarden?
When it launched the apps were more modern than bitwarden. If bitwarden hasn’t improved since, then it’s still the same
Bitwarden’s interface hasn’t changed a bit and it’s a pity
Whats wrong with it?
Bitwarden is excellent but i have a few nitpicks on Android.
I wish I could change the “Username” field to “Email address” because it kind of annoys me having email addresses under usernames. I’d also like to add things to favourites or folders without having to go into edit mode on every entry individually. Same with adding notes. The app has trouble following the system theme and doesn’t always autofill reliably for me, meaning I sometimes have to go into the app and copy/paste my passwords manually.
Other than that, the UI is just a bit ugly compared to some other password managers,
It’s not open source. Only source available unfortunately.
I did not realize that. That explains why it’s not on F-Droid. Really unfortunate but at least it can still be publicly audited.
Huh, this is the first time I heard about this, thanks for sharing!
Do not use the version from the Play Store though, get it directly from Github.
Why? I use Vaultwarden with Bitwarden from the Playstore is there anything wrong with it?
The version on the Play Store requires a “premium” subscription for some features but the Github release gets those for free.
There is no guarantee that play store build contains the same code as GitHub repository. Ideally you’d need to compile apps yourself.
But most of the time stuff like vaultwarden is trustworthy enough.
Thank you, I will have a look at this!
Weren’t they planning to change it from Microsoft’s Android UI, it’s just taking a while, as they have to rebuilt it from scratch? I thought I saw something about that.
Correct, they announced it two months ago: https://www.androidpolice.com/bitwarden-app-about-prettier/
There is nothing wrong with it. Why people always want things to be changing? What really important feature are you missing?
And what better person to answer that question than Mr. Bitwarden himself:
https://www.reddit.com/r/Bitwarden/comments/1b32bbz/going_native_the_future_of_the_bitwarden_mobile/
Looks like everything is essentially in the same spot UI wise, but with a native application that hopefully gets moving a lot faster.
I’ve noticed that currently on Bitwarden, for auto fill it takes 6-7 seconds just to get authenticated with fingerprint and fill in the username and password field. That should hopefully be down to like 2 or 3 seconds.
A few for me:
- Automatically updating entries with app or URL information if they didn’t match and you had to manually search for them. You have to copy the URL, leave the browser, open the app, search for the entry again, and manually add the URL in the current version.
- Better defaults in the app like which group you log in to or which collection new entries are added to. Keeping all your entries added to a shared collection is a constant chore right now.
- Better keyboard functionality. It’s basically impossible to navigate with a keyboard on PC right now. Keepass has a global auto type hotkey which made it so you hardly even had to open the app.
a new client is on the way btw https://www.youtube.com/watch?v=-rVQOESKbbA
Do you know if there’s a new interface coming for android as well?
Thanks for sharing, thats exciting!
The new client will use Material You.
Thats dope! I’ll be looking forward to it, thanks for sharing your knowledge of what’s going on ☺️
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=-rVQOESKbbA
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
good bot!
It’s about to get Material You
What do you feel it’s missing? It’s a tad slower than I’d like but otherwise works quite well.
I don’t think protonpass has auto fill even on browser extension.
Or maybe I’m too stupid to figure it out. I ran side by side against bitwarden which I love. Could not figure out a way that didn’t make me manually c/p the creds.
For me keepassxc is a dramatic improvement over a centralised service.
I use both and am afraid that I will lose the passwords in Proton Pass as Its a service they can restrict me of.
I should startto copy some accountd that I dont have yet in keepass but keepass is still the master holder
I’m not really sure what happens if Proton bans your account for any reason but Proton Pass does have offline access. I assume if you turn off internet access, you can still get all your passwords.
Is that not the same risk vith bitwarden too
Bitwarden has a really nice CLI that lets you backup your vault easily. I personally run
bw export --format json --raw
every few week so if for some reason I lose the “cloud” access, I can still migrate to self hosted or a different password manager. (Or you may choose to self-host to begin with)Great to know!
The danger with self hosting is that police can always steal everything from you.
Felt weird hearing story of my ex that the german customs office just stole their Laptop and Phone. She couldn’t show me pictures and she hadn’t any backups or smth.
I am afraid this could happen to me too when they suspect something but are wrong at the end. At the entire time I will not have access to my drives of my server and maybe they accidentally break them. Not sure if they will believe me that its a raid 1, I can imagine them stealing everything without questioning.
I wonder how to comfortable sync a 2TB drive and take it with you.
Additionally. I dont do backups. I only sync devices. Except for Phone pictures which are uploaded and deleted from the phone. I think there should be a second device that keeps data
Neat, I’m personally gonna keep with KeepassDX, but it’s good knowing that there’s some more variety popping up in the mobile market.
Don’t put all your eggs in one basket
Very much agree
I use protonmail and very happy with that, so much so I pay for it.
But I would not place my mail and all my secrets in the same spot.
for the love of god use a free open source app like keepass, this is a untrustworthy company
I’ve been using Keepass like more than 5 years. And its perfect.
Which F-Droid client is that?
Looks like the standard F-Droid client
Oh wait it’s not, F-Droid doesn’t show the file size at the top
huh, my standard f-droid client does show the file size
Yeah everything except the file size showing checks out
Edit : maybe it is the new versions or beta which most of us don’t have as it is not suggested .
it’s the standard one
Or even better use a local password manager. People will be swallowed by so much false comfort
Isn’t keepass local?
keepass is local
deleted by creator
both of them you download and use, it requires the smae amount of technical knowledge. in fact you could argue, that proton pass takes more technical expertise since you need to set up a account online first.
deleted by creator
Proton VPN and nothing more.
Long time Bitwarden user. Never been steered wrong. One of the few apps that I pay for premium not because I need the extra features, but because I value it enough to support the devs financially
They need to focus on providing quality services instead of quantity. The ProtonMail webmail is a shame: multiple selection lost if you click just outside the checkbox because that will open the email, emails that just after have been deketed reappear in the inbox and don’t get me started on the search 🤢!
P.s. I’ve double commented because I’ve just realized that I’ve written the other comment in Italian 😆, sorry.
the password manager kinda sucks too. credit cards are in a category that you have to delete the name of the site you’re visiting in order to see. sometimes I question why I’m paying for the thing. lastpass was way better 10 years ago.
deleted by creator