Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
Which one works on all browsers including mobile safari and mobile Firefox?
Bitwarden
Bitwarden has been good for me, but I actually don’t know about safari…
It works with Safari. I use both Bitwarden and mobile/desktop Safari.
Thank you for actually answering the question.
On mobile, Bitwarden is an app that fills login/password info into your browser.
So you have to switch over to it every time you need a password?
No. When you click into a password field it puts a password field above your keyboard like word suggestions.
It is not seamless, but it is not a pain in the ass. If you have ever used the keychain or passwords app from Apple it works like that.
Thank you. This helps me to decide.
It is a free app. I suggest giving it a try at the least. I think it is $10/year if you pay for it, that adds extra features. But it is fully functional free.
Not an iOS user and it certainly seems like something they would be behind on, but with Android every password manager with a Android app will work since the hooks are built directly into Android. Other than websites and apps that don’t implement passwords properly it works pretty well.
Keepass does a pretty decent job. I have keepassXC on my Windows, Debian and Android devices. On Android it’s integrated into the phone(and the autofill service if actual 2fa isn’t supported on the app) so it works on every application. With IOS though I know they can be a stickler on anything remotely technical so I’m not sure if something similar exists with it. I also use syncthing as the service to make sure the same copy of the database is on each device to prevent having to use a password manager that requires a subscription for a cloud service, this also minimizes my risk factor of a cloud service being compromised.
For mobile safari Bitwarden (and I think a number of others, but Bitwarden’s the only one I can speak to) ties into Apple’s password management system for autofill and password generation. Still have to use the app or webpage (either Bitwarden’s official site or self-hosted vaultwarden) for more in depth management.
For mobile Firefox, on iOS it’s the same as Safari. On Android you can either use the Bitwarden add-on or use it with the app and Android’s built-in password management system just like on iOS.
Since you mentioned “all browsers” for chrome/chromium based browsers there is also on add-on for both mobile and desktop. For Internet Explorer and pre-chrome Edge I don’t believe there’s an add-on but it can still work, it’ll just be more of a pain since you autofill either won’t work or will be spotty. You’ll probably be relying on the standalone desktop app.
On MacOS it integrates with Apple’s password management, so no need for an add-on on desktop safari.
For other browsers, you’ll probably have to use the desktop app and manually copy/paste just like for IE.
I also remember seeing some third-party integration for the windows terminal app and various Linux terminals, but I can’t really speak to their quality or functionality since I haven’t used them. But that would probably cover your needs for terminal based browsers like Lynx.
Thank you! You may have finally convinced me to go this directions
I assume Firefox desktop is also supported on Windows and Mac?
There’s an add-on for the browser for both, but on Mac, the desktop app is what integrates with the system wide password manager. I don’t know if desktop Firefox is integrated into that, so you may need both the add-on and desktop app to get the same systemwide functionality.
On Windows it’s worth having both the browser add-on and desktop app installed as well, since the browser add-on only works in browser but the desktop app, while somewhat hit or miss whether or not it works with any specific application, is supposed to provide autofill/generation capabilities anywhere you have username/password field.
If there’s one thing I’ve always been wary of, it’s the password manager browser extensions. And I’ve been proven right. Don’t be lazy, it takes 30 extra seconds to do it manually.
Pishing detection is nice though, I’ll admit.
There are two major threats to a password manager:
The second is much harder to mitigate, but also much harder for an attacker to pull off since they need to compromise the update delivery chain.
Whatever client you use, make sure you trust the update mechanism.
Heard great things about bitwarden. I’ve personally been using 1Password for over a decade.
I’ve heard great things about Bitwarden, Vaultwarden, 1Password and Keepass, although the latter may fall out of preference rapidly. Some also recommend the Apple Cloud key storage. Call me a stickler but I haven’t trusted Apple security since the Fappening, even if it was the victims’ fault for not using 2FA
I’m a big fan of the Keep It Simple (KISS) approach, and went with Password Safe. Works on Linux, Windows, MacOS, iOS, and Android. It’s big thing is it just makes an encrypted password file which then you can sync between devices however you like (Box, Dropbox, etc)
It has an auto-type and copy feature, so no need for browser support. Though, the main criticism of this offering is if you want a ton of features and don’t care about KISS.
Something to keep in mind about not using browser integrations is that you can fall victim to simple keyloggers and clipboard stealers. But using an extension can also be a weakpoint if it autopopulates incorrectly or on a compromised site; but that’s far less common.
But, dear readers, don’t let that dissuade you: even a text file in a veracrypt volume is better than “PurpleElephant1994”
In theory auto-population is way more likely to save you from getting scammed because it won’t do it for a fake site, as the URL doesn’t match. In practice though most people are just going to be annoyed it didn’t work and do it manually anyway before they realize why it didn’t work.
I would dare say PurpleElephant1994 is already much better than most passwords people have been willingly tell me.
I recently found out a family member’s passwords are things like “1100011”, “1111000” and similar variations. It’s like they’re already using binary to give a helping boost to brute-forcing bots.
Autopopulate is probably less likely to mistake I and l or O and 0 in a fake url though.
One second, let me just
Keychain should work in both now. (iCloud passwords)