Hi
Can anyone advice really good password manager for Linux?
Main criteria:
I thought about keepass but I wanna have your opinion before I will make a decision.
No i am not concidering any cloud based ones!
KeepassXC. https://keepassxc.org/
Open source, cross-platform, completely offline, no cloud.
Edit: About my opinion, it is great. I choose it over everything else, since I only need my password database only on one device and easy backups. If you do need to sync it, Syncthing is a good option.
Welcome to our forum! Glad to have you onboard.
For future reference, you can read over our Knowledge Base and Recommendations for any basic questions regarding tool recommendations. Chances are, you might find an answer there already (i.e KeePassXC).
We are happy to help out with any additional questions about this topic though. I’m not sure of any reliable local alternatives besides KeePass. If you know of any, please do let us know
Thank you! And thank you for your awesome work!
I read it. But my bad, I found “cloud based” an didn’t continue scrolling.
OK, is it secure and stable enough not to have breach or data loss because of bug?
KeePassXC is an excellent option for stability and security, you shouldn’t experience any data loss unless you lose your database (the .kdbx file). It’s imperative to keep sufficient backups when you choose to use a local option.
Where do you recommend to store it though? Just on drive + backup (aditionally encrypted) to SD card?
As I see there is only database wich can be opened only with password?
Dumb question:
I see that database encrypted by master password. But there is thing: if it will be copied somewhere, won’t attacker be able to compare passwords in it using hashes (for example from some breach database)?
I follow the 3-2-1 backup method. 3 copies in total, on 2 different types of storage media, one offsite. That could be one on your PC hard drive, one on a USB flash drive, and another up in the cloud like on Proton Drive or Google Drive (just don’t store a keyfile in the cloud!). Since the database is encrypted it doesn’t really matter where you store it as long as you have a good master password.
No, KeepassXC doesn’t store passwords like that. The database is completely encrypted (with AES-256 by default). It looks like complete gibberish to an outside viewer.
I agree with @anthill3459 that you should follow the 3-2-1 backup philosophy; however, it is incorrect to treat the live database on your drive as a backup, and you really ought to have 3 copies on top of that.
As for where you store your backups, it’s not super important. You should pick places / mediums where you can keep your backups up to date easily without risking losing access to your backups.
I like the original pass/password store. It’s simple and easy to get autotype to work. I couldn’t get keepassxc autotype to work under my wayland compositor.
Actually I disagree. 3-2-1 simply means 3 copies in total. The live database counts as a one copy.
This article by Backblaze sums it up pretty well.
I will screenshot a part of it too.
Another source from Jeff Geerling:
So yes, actually. The live copy counts as one. This is how I have been doing my backups and it has never failed me.
It’s subjective, there is no right answer. But per the definition of backup “A copy of a program or file that is stored separately from the original” that should mean 4 copies total. The original file can’t reasonably be considered a backup in my opinion.
Try GNOME Secrets, I really loved that one.
I couldn’t get keepassxc autotype to work under my wayland compositor.
You can follow this PR for autotype under Wayland - Wayland autotype implementation (using xdg-desktop-portal) by TheConfuZzledDude · Pull Request #10905 · keepassxreboot/keepassxc · GitHub
