privacyguides.org/docs/passwords.md
redoomed1 4b445b6267
update: GitHub releases link for Bitwarden (#2796)
Signed-off-by: fria <138676274+friadev@users.noreply.github.com>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2024-11-03 09:50:12 +10:30

22 KiB

meta_title title icon description cover schema
The Best Password Managers to Protect Your Privacy and Security - Privacy Guides Password Managers material/form-textbox-password Password managers allow you to securely store and manage passwords and other credentials. passwords.webp
@context @type name url
http://schema.org WebPage Password Manager Recommendations ./
@context @type name image url sameAs applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication Bitwarden /assets/img/password-management/bitwarden.svg https://bitwarden.com https://en.wikipedia.org/wiki/Bitwarden Password Manager
Windows
macOS
Linux
Android
iOS
@context @type url
http://schema.org WebPage ./
@context @type name image url sameAs applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication 1Password /assets/img/password-management/1password.svg https://1password.com https://en.wikipedia.org/wiki/1Password Password Manager
Windows
macOS
Linux
Android
iOS
@context @type url
http://schema.org WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication Proton Pass /assets/img/password-management/protonpass.svg https://proton.me/pass Password Manager
Android
iOS
@context @type url
http://schema.org WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication Psono /assets/img/password-management/psono.svg https://psono.com Password Manager
Android
iOS
@context @type url
http://schema.org WebPage ./
@context @type name image url sameAs applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication KeePassXC /assets/img/password-management/keepassxc.svg https://keepassxc.org https://en.wikipedia.org/wiki/KeePassXC Password Manager
Windows
macOS
Linux
@context @type url
http://schema.org WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication KeePassDX /assets/img/password-management/keepassdx.svg https://keepassdx.com Password Manager Android
@context @type url
http://schema.org WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication Strongbox /assets/img/password-management/strongbox.svg https://strongboxsafe.com Password Manager iOS
@context @type url
http://schema.org WebPage ./
@context @type name image url applicationCategory operatingSystem subjectOf
http://schema.org SoftwareApplication gopass /assets/img/password-management/gopass.svg https://gopass.pw Password Manager
Windows
macOS
Linux
FreeBSD
@context @type url
http://schema.org WebPage ./

Protects against the following threat(s):

Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.

Introduction to Passwords :material-arrow-right-drop-circle:

Info

Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have.

For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has optional E2EE, and Apple's offers E2EE by default.

Cloud-based

These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss.

Bitwarden

Bitwarden logo{ align=right }

Bitwarden is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

Bitwarden uses PBKDF2 as its key derivation function (KDF) algorithm by default. It also offers Argon2, which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault.

  • Select Settings > Security > Keys > KDF algorithm > Argon2id

Bitwarden's server-side code is open source, so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.

Vaultwarden is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.

:octicons-repo-16: Vaultwarden Repository{ .md-button } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Proton Pass

Proton Pass logo{ align=right }

Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind Proton Mail. It securely stores your login credentials, generates unique email aliases, and supports and stores passkeys.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).

Proton Pass currently doesn't have any "master password" functionality, which means that your vault is protected with the password for your Proton account and any of their supported two factor authentication methods.

The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:

Proton Pass apps and components leave a rather positive impression in terms of security.

All issues were addressed and fixed shortly after the report.

1Password

1Password logo{ align=right }

1Password is a password manager with a strong focus on security and ease-of-use that allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a monthly fee. 1Password is audited on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their security white paper.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" }

Downloads

Traditionally, 1Password has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature parity across all platforms. 1Password's clients boast many features geared towards families and less technical people, such as an intuitive UI for ease of use and navigation, as well as advanced functionality. Notably, nearly every feature of 1Password is available within its native mobile or desktop clients.

Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data.

Psono

Psono logo{ align=right }

Psono is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features.

In April 2024, Psono added support for passkeys for the browser extension only.

Criteria

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

Minimum Requirements

  • Must utilize strong, standards-based/modern E2EE.
  • Must have thoroughly documented encryption and security practices.
  • Must have a published audit from a reputable, independent third party.
  • All non-essential telemetry must be optional.
  • Must not collect more PII than is necessary for billing purposes.

Best-Case

Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.

  • Telemetry should be opt-in (disabled by default) or not collected at all.
  • Should be open source and reasonably self-hostable.

Local Storage

These options allow you to manage an encrypted password database locally.

KeePassXC

KeePassXC logo{ align=right }

KeePassXC is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

KeePassXC stores its export data as CSV files. You may encounter data loss if you import this file into another password manager. We advise you check each record manually.

KeePassDX (Android)

KeePassDX logo{ align=right }

KeePassDX is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The pro version of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

Strongbox (iOS & macOS)

Strongbox logo{ align=right }

Strongbox is a native password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a freemium model, Strongbox offers most features under its free tier, with more convenience-oriented features—such as biometric authentication—locked behind a subscription or perpetual license.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

Additionally, Strongbox offers an offline-only version: Strongbox Zero. This version is stripped down in an attempt to reduce attack surface.

gopass (CLI)

gopass logo{ align=right }

gopass is a minimal password manager for the command line written in Go. It can be used within scripting applications and works on all major desktop and server operating systems.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

Criteria

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

  • Must be cross-platform.