this post was submitted on 13 Jul 2025

73 points (97.4% liked)

Privacy

39877 readers

314 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[ANSWERED] Should i use KeePass* instead of Proton Pass, for privacy? (lemmy.dbzer0.com)

submitted 1 day ago* (last edited 1 day ago) by somerandomperson@lemmy.dbzer0.com to c/privacy@lemmy.ml

63 comments fedilink hide all child comments

One downside is that i'll have no more passkeys. The vault syncing, i can do via SyncThing.

top 50 comments

sorted by: hot top controversial new old

[–] Crabhands@lemmy.ml 5 points 10 hours ago (1 children)

I think I've done the opposite of most. After using keepassx for the last 4 or 5 years I switched to ProtonPass.

I value security and privacy but Ive realized some of my processes have become too complex, like using syncthing to keep my keepass on my phone and PC aligned. I'm not confident that older man version of me will be able to keep up so Ive stared valuing simplicity.

Im sure many will argue that it is simple but between backups and keys and passwords it really is a lot, especially with a new device each time.

[–] hyacin@lemmy.ml 2 points 3 hours ago

I think I’ve done the opposite of most. After using keepassx for the last 4 or 5 years I switched to ProtonPass.

Me three.

[–] ReversalHatchery@beehaw.org 3 points 23 hours ago* (last edited 21 hours ago) (1 children)

Syncthing is fine and secure, but be absolutely sure you set up some kind of file versioning for the shared folder. at least a trashcan versioning, if not better. protects you against accidental deletion

[–] Provolone@lemmy.zip 2 points 17 hours ago (2 children)

Something I never fully understood with file versioning is on which side to apply it. The source or the receiving end?

[–] Ulrich@feddit.org 2 points 3 hours ago* (last edited 3 hours ago)

There is no source or receiving end. Syncthing is omnidirectional synchronization. Versioning is applied across all syncs.

[–] ReversalHatchery@beehaw.org 2 points 12 hours ago

on the receiving end. Syncthing cant act to keep a version before you delete a file locally, but it can move a remotely deleted file to the version control instead of deleting it

[–] crankyrebel@lemmy.dbzer0.com 37 points 1 day ago (4 children)

I have used KeePassXC for years. I also use Syncthing which syncs files via my wifi for all devices, including KeePass.

[–] SuppenMartl@beehaw.org 1 points 1 day ago

Works like a charm. Occasionally deleting the sync-conflict files in case they appear.

[–] unnamedau@lemmy.ca 6 points 1 day ago

recently set mine up exactly like this, can vouch

[–] xyx@sh.itjust.works 2 points 1 day ago

yep, thats the way

[–] dandelion@lemmy.blahaj.zone 2 points 1 day ago

this is the correct answer

[–] ArcaneSlime@lemmy.dbzer0.com 18 points 1 day ago

I like KeepAss.

[–] DemBoSain@midwest.social 32 points 1 day ago* (last edited 1 day ago) (4 children)

There have been too many data breaches from cloud-based services to trust another one. I have a Proton account for email and online storage, but I won't use their password service because it's cloud based.

https://blog.lastpass.com/posts/notice-of-recent-security-incident

Lastpass leaked their password database in 2022, and bad actors are still using it to access peoples files, stealing passwords and hundreds of thousands of dollars in crypto.

DON'T trust anything important to cloud-based storage or services. Use Keepass. Use Syncthing if you need to keep the database on multiple devices.

(I see other comments using Dropbox. Dropbox = cloud. Don't store anything security related in the cloud.)

[–] slackness@lemmy.ml 1 points 1 day ago (1 children)

Isn't protonpass E2EE?

[–] rumba@lemmy.zip 11 points 1 day ago* (last edited 1 day ago) (1 children)

So was LastPass. But when they're source code leaked, turned out their encryption method was crappy. Just because something is encrypted doesn't mean that it's safe.

The key is that proton pass and bit warden and keypass are open source and have all passed independent security audits.

[–] slackness@lemmy.ml 1 points 1 day ago (2 children)

You can't talk about E2EE on a closed source client.

load more comments (2 replies)

load more comments (3 replies)

[–] brunoqc@piefed.ca 4 points 1 day ago

I like that I'm able to use keepassxc as a keyring on Linux. I like that there is a prompt on access so no rogue script can real my whole keyring.

[–] OhVenus_Baby@lemmy.ml 22 points 1 day ago (1 children)

Why not Bitwarden?

[–] umbrella@lemmy.ml 1 points 3 hours ago (1 children)

how is it better?

[–] OhVenus_Baby@lemmy.ml 2 points 3 hours ago* (last edited 3 hours ago) (1 children)

Look I love fully offline concepts just as much as the next person. But what Bitwarden offers me that those other solutions don't, is to offload some of the mental load long-term. I like privacy but something are exhausting. Pick and choose your battles.

Less hands on maintenance and mental overhead to keep things synced and all services / files up to date. We bitwarden users have other stuff to do. Different priorities.

This is one of the things I decided to keep to the people who do this far more and deeper than I ever could. Their job. Their liability.

All my accounts are encrypted, cloud accessible, or offline accessible. Protected by a giant hash of a master password. It allows me to feel safe and provides the convenience of copy and pasting insane credentials needed in today's times. Hassle free. Great features. The end.

*potentially even under free account if you choose.

[–] umbrella@lemmy.ml 1 points 2 hours ago* (last edited 2 hours ago) (1 children)

oh, i was expecting bitwarden to be self hosted too. as long as they are trustworthy, i guess it is convenient to be able to pay to get this stuff done for you.

[–] OhVenus_Baby@lemmy.ml 2 points 2 hours ago (1 children)

Here's the beauty. You can self host it. They give you the option to choose your method. You don't have to pay they offer free accounts.

[–] umbrella@lemmy.ml 1 points 2 hours ago

so kinda like nextcloud, cool.

[–] sonalder@lemmy.ml 38 points 1 day ago (2 children)

It really depend on your threat model, Proton Pass is fine. Of course a self-hosted or local solution will be more privacy friendly but at the cost of being responsable for security and good backups (3,2 1 rule).

There is no black or white regarding privacy. You want to ask yourself what you want to protect from and is the investment worth being sovereign ?

load more comments (2 replies)

[–] NarrativeBear@lemmy.world 13 points 1 day ago (2 children)

I know it's not your question, but have you checked out Bitwarden or the alternative Selfhosted Vaultwarden. Bitwarden supports passkeys and vault syncing, and if you are offline you can still access your vault.

https://bitwarden.com/passwordless-passkeys/

Bitwarden also released a AIO selfhosted docker image, but last I checked it's still not in "official release" status.

[–] ObsidianZed@lemmy.world 2 points 1 day ago (1 children)

Ooh an AIO docker image you say? I may have to look into that.

[–] NarrativeBear@lemmy.world 3 points 1 day ago

Its called Bitwarden Unified. Its still in beta at the moment. I have been running this along side Vaultwarden myself.

https://bitwarden.com/help/install-and-deploy-unified-beta/

load more comments (1 replies)

[–] encrust9870@lemmy.world 11 points 1 day ago (1 children)

I use KeepassXC on my computer and Keepass2Android on my phone. Passkeys work fine and are synchronized across my Synology.

[–] hendu@lemmy.dbzer0.com 3 points 1 day ago* (last edited 1 day ago)

Same here, it works well, and the Firefox plugin works well for auto fill, too.

Just make sure KeepassXC is set to Automatically save after every change & Automatically reload the database when modified externally, on the General > Basic Settings screen.

[–] vrighter@discuss.tchncs.de 8 points 1 day ago

you should own your data. So yes

[–] nixfreak@sopuli.xyz 11 points 1 day ago (2 children)

Do both local and cloud backup using keepass or keepassxc, use dropbox or g drive, or private cloud. The .kdbx file is already encrypted when at rest.

load more comments (2 replies)

[–] DrunkAnRoot@sh.itjust.works 4 points 1 day ago

i use keepassxc and from protonpass and its great its a lot lot more manuel work but in theory its worth it anything with a internet connection can be hacked

[–] MarriedCavelady50@lemmy.ml 4 points 1 day ago (1 children)

Doesn’t keypass support passkeys?

As you can see from the thread, this question is divided amongst the cult of “sensible privacy is a thing provided you’re not a criminal” to the cult of “everybody’s on a FEMA/🧊 spreadsheet and they’re working their way down”.

I’d say make sure you use a separate password for proton pass, it’s an advanced option. You are far more likely to get hacked for your money and password manager goes 97% of the way to defeating those attacks.

Don’t take your eye off the ball. The real threats to your wallet have always been the shareholders.

[–] somerandomperson@lemmy.dbzer0.com 3 points 1 day ago (1 children)

AFAIK, no; keepass does NOT support passkeys. TOTP's are still fine though.

[–] MarriedCavelady50@lemmy.ml 3 points 1 day ago

Sorry, I was thinking of keepasssXC which does have passkey support

[–] sem@lemmy.ml 5 points 1 day ago

I think proton is the most blocked by governments group of services in the entire world. To have a backup in .kbdx file sounds at least like a good idea.

[–] HubertManne@piefed.social 3 points 1 day ago

personally I use keepass for important things and don't sue extension or anything that would pull from it and I use bitwarden for unimportant passwords. not that bitwarden is necessarilly unsafe but im a person who ultimately thinks its best I completely control the important things.

[–] Curious_Canid@lemmy.ca 3 points 1 day ago

It will always be safer to store sensitive information in a system that you control than in a system that someone else controls. KeePass is easy to setup, it's easy to use, and it provides excellent protection.

[–] salvor_hardin@lemmy.ml 2 points 1 day ago (1 children)

Any specific reason that makes Proton Pass less secure? I am curious since I am using both pass and bitwarden at the moment. bitwarden for all my logins and pass for alias + their logins.

[–] Lfrith@lemmy.ca 2 points 1 day ago

I like that KeePass on PC and Android lets you use an autotype feature if autofill isn't working instead of using copy paste.

[–] NochMehrG@feddit.org 2 points 1 day ago

At least KeePassium also supports passkeys.

load more comments