In a number of ways, I have become a dinosaur. One of those ways is an insistence that my password management solution has one of its layers of security being the fact that the data is not in the cloud. There is nothing on someone else’s commodity service, and, thus, no data to potentially be compromised in bulk as a result of an attack on a common service. Those services are probably pretty secure, but they are also huge, concentrated targets.
I have a really high standard to meet for the security of password management for my personal computing. That is how I feel comfortable.
So the march of password managers into the cloud presented me a problem. To move forward and to maintain my investment became incompatible with this principle.
Additionally, I became more and more disillusioned with macOS as a desktop platform. Increasingly, maintaining control over what the system is actually doing became impossible. (Why is the News app refreshing in the background when I have never opened it on this brand new install??) So the new solution needs to be native to the Linux desktop.
So my requirements discounted me from my long-time password management app 1Password (clearly moving towards cloud only) — a migration of some kind was in order.
|Bitwarden||Interesting. Open source.|
Yes, you can self host, but for syncing purposes you are still exposing a host to the whole web, presumably, which centralises all that data and you would likely need to have this in the cloud.
|Pass||Command line based, and built around GnuPG. I got somewhere with this, but ultimately found myself wanting a bit more of a GUI for managing and sorting the password data.|
|KeePassXC||Provides a desktop GUI app with the categorisation and management I am used to, with import capabilities from 1Password. Locally syncable (albeit not bidirectionally with great ease) with Strongbox on iOS.|
I do sacrifice some convenience on the desktop with browser integration, as I have not yet installed the browser extension for KeePassXC. I would love it to be in Mozilla’s “Recommended” category, where they review the extension on an ongoing basis. I trust the KeePassXC developers are not malicious, but there are lots of risks with browser integration that I don’t fully understand the implications of — the boundary from the external app into the browser context affects the principle of data isolation in ways I haven’t studied.
So, KeePassXC + Strongbox + local network syncing of data is where I have landed.
And because supporting the projects that we depend upon is important, I have paid for the premium version of Strongbox and made an annual donation to the KeePassXC project. I am one of a decreasing number of people who will want to maintain this level of control, so, given that I am fortunate enough to be able to, providing the resources to keep this alive is something I wanted to do.