Any reason to use the original Keepass over KeepassXC?
Also, tip for anyone using Keepass or KeepassXC: there’s an Android app called KeepassDX that supports the keepass database format, so you can keep your passwords synchronized between your computer and phone by simply syncing the database file with Syncthing. No third-party server required!
You do have to host the files yourself, which requires an extra step beyond just handing your password over to Lastpass for future leaking, but I consider that a good thing.
I also consider the selfhosting of the files as a good thing - I run my own Nextcloud server, which means my password database is 100% private to me alone, only present on my hardware and I don’t have to trust a third-party to store it. Sure, it’s encrypted. but … an encrypted file on someone else’s servers is still an attack surface that I don’t have to deal with when I host it myself.
Yes, do it! Now! It’s the safest way, but only by choosing the right and trusted ones. Examples:
You’re not giving Bitwarden much credit here. It’s really great.
I will die on the Bitwarden hill. Go Bitwarden!
Any reason to use the original Keepass over KeepassXC? Also, tip for anyone using Keepass or KeepassXC: there’s an Android app called KeepassDX that supports the keepass database format, so you can keep your passwords synchronized between your computer and phone by simply syncing the database file with Syncthing. No third-party server required!
The whole database is encrypted. Just put it on Google Drive or similar and it will be synced automatically.
Also I don’t see Keepass(XC) as difficult or geeky.
I love Keepass(XC). I’ve used it for years.
You do have to host the files yourself, which requires an extra step beyond just handing your password over to Lastpass for future leaking, but I consider that a good thing.
I also consider the selfhosting of the files as a good thing - I run my own Nextcloud server, which means my password database is 100% private to me alone, only present on my hardware and I don’t have to trust a third-party to store it. Sure, it’s encrypted. but … an encrypted file on someone else’s servers is still an attack surface that I don’t have to deal with when I host it myself.