Bitwarden or Proton Pass

If you’re using Proton Drive, you can also use Celeste.

I don’t use it myself since it doesn’t support S3 yet.

I know. I hesitated mentioning it.

It uses rclone underneath, but, when I tried it, it seemed to be very slow. I think it may be because of this issue (I have 16 cores, so…).

I don’t know why they won’t just add calendar and contacts to the Bridge, and port the Bridge to mobile devices too. That’s basically what Etesync does: end-to-end encrypted contacts, calendars and tasks (!) that just appear as normal CalDAV/CardDAV on the local device and hence can be used with any calendar/tasks/contacts app.

This is would solve all three problems at once.

I think they will, in the future. It’s certainly possible.

I don’t think they will do that though, and I don’t think they need to. They have a mail app, and a calendar app. A contacts app would be nice, but really just having them sync with the device from the mail app would work. This is also planned.

This is getting a bit off-topic though. I have made two new threads:

• My personal setup
• My Proton disappointments

I pay Proton Unlimited and still use free BW. As others said, Proton Pass is very half baked. The lack of data breach monitoring is the deal breaker imo, for now. There are a lot of other features that will still be missing even if they complete their roadmap:

I want to present @AlphaElwedritsch with a different opinion. I use the word because I don’t think any of what @Catering9655 said is wrong, but this is how/why I weigh things differently.

First, cloud does add another point of failure, but so does syncing. If you’ll selfhost, most likely you’ll want the passwords on your phone as well, so there’s that.
Using reputed cloud-based software that go through serious audits (like Bitwarden, 1Password or Proton Pass) mitigates the cloud risk, as well as using reputable syncing solutions also mitigate syncing risks, but it’s much much more complex than simply using a cloud service.
As a rule, self hosting requires tech savviness even if security is not an issue.

Second:
@Catering9655 is probably right that your password manager cloud is more likely to be targeted than your selfhosted solution if you’re not yourself a high-value target. But the real danger here is neither, but rather malware in your computer/phone. A compromised OS will get you either way. It doesn’t matter where your passwords are hosted if the malware is looking at your keystrokes & clipboard or taking screen shots. Your mitigation here is having sound habits: use good (and few) software (&hardware if possible), update constantly, don’t use browser extensions other than uBO, don’t download sh*t online, specially pirated software, etc.
Of course, on the computer you can always compartmentalize by running VMs for different stuff (1 for browsing, 1 for password manager, 1 for documents and email, etc). On the phone you don’t have the same option. You do have UTM on iPhones, but then all pretense of privacy and security go out of the window when you use an iPhone.

Edit because I forgot the bottom-line: I don’t think you have a bigger risk if you use BitWarden, 1password or Proton Pass on the cloud. And given that BW has a free-tier cloud service and how hard it is to selfhost anything even if you’re tech savvy, it feels like a no-brainer to me. The risk is elsewhere.

Bitwarden passkeys support is here now.
So more reasons to make bitwarden a better choice than proton pass.
I am sure there is plenty of features in pipeline for bitwarden including major ui changes.

Desktop only tho

They need to change their damn UI real quick fr

I will give the arguments I have heard, although tilted toward BW.

1. BW is a more mature product
2. BW is more focused on secret management products
3. Proton tends to be slow on feature development (you decide)
4. BW has functional interfaces but are due for major overhaul
5. BW is almost entirely free. A $10/year subscription will give you TOTP code generation, emergency access assignment, some additional 2FA for BW (like Yubikey TOTP, Duo, etc.) It’s also cheap for family subscription.
6. Personally, I think BW is still a technical product, meaning you have the watch the development cycle like a hawk; otherwise, the safety/accessibility requirements, maintenance, and releases will catch you off-guard. For example, they are releasing Passkey storage/usage in the desktop web browser’s extension now, but how they do this is upsetting quite a few people. It may be better to skip this first few versions which are not easy to do if you are a general user.
7. BW’s bread is from corporate customers. You might not like how they treat your consumer preferences of what features should be developed, what bugs should be fixed.

Personally, I’d recommend BW to anybody who needs a cloud-based PWM, but am somewhat reluctant to recommend to non-technical people unless I can directly help them.

Imma go with Bitwarden. Tried Proton Pass for 2 weeks and got some bugs tho

Until Bitwarden gets a UI/UX refresh, I will be using Proton Pass (only the free version as I already have a Simple Login subscription. Also, only your first 10 aliases will function if you stop paying for Pass which is a major turn off).

As much of a more mature product Bitwarden is, I’ve just found it very hard to look past their UI recently, so I think the change of pace with Pass will be quite nice for me. Even using it these past few days, I’ve found Pass to be a much more seamless experience on the web.

Yeah agreed. Bitwardens UI is terrible. Heard there is a UI changing plan cookin bts

It’s listed as under research on their roadmap (Bitwarden Roadmap - Feature Requests - Bitwarden Community Forums), so there’s no telling how long it will take. I’ll just be keeping an eye on it from afar for the time being.

I’d like to comment that BitWarden’s UI feels like its a PWA of sorts and it doesnt feel nice to use.

One thing that I notice that is significantly lacking from BitWarden is the autotype feature (to use in logins where pasting is weirdly disabled). With Linux’s X11 impending demise coming up, this function is going away because of some security in part of Wayland being incompatible with these AutoType (like in KeePassXC). I find that it is not these password managers that saves me from manually typing, but the browser itself with Brave’s force paste function.

In the end, they have to be functional and secure enough and both products seem to meet both expectations.

Good to know

Any source on this? I thought that aliases that have been created will keep working indefinitely, but you cannot create any new ones.

This is the case for SimpleLogin, but I emailed Proton support before making this post, and they responded,

“If you create more than 10 hide-my-email aliases and decide to downgrade your plan to the free Proton Pass, you will be able to use only the first 10 aliases, while the other ones will be disabled.”

In the end, this is what’s deterring me from paying for Pass atm.

Well you shouldn’t lose them, they’d just be disabled, so there’s no security risk of someone else claiming your old aliases.

I noticed another major downside to Pass. It appears that the amount of vaults (folders) you can have is limited to 20. Makes it basically impossible to structure your passwords here, too. Bitwarden at least allows for more folders, but the UI is not helping you with that.