What do you prefer to use for a password manager?
How well does it work on mobile? (specifically, using autofill on android 14)
I’m currently using Vaultwarden; but the android app, which is where I’m using it 95% of the time, has always been a bit flakey getting autofill to popup. Now it’s decided to stop working entirely; so I’m going to look around at some alternatives for now.
/edit:
Well, idk what happened.
I spent about 30min trying different things: switched androids autofill settings to another app, changed them back, cleared app data, force stopped everything relevant, re-installed bitwarden, restarted the device, messed with accessibility; nothing seemed to work. Bitwarden adamantly refused to popup for autofill in anything I’d tried. (4-5 different sites in chrome, firefox, and duckduckgo. The openvpn app, Jerboa, my bank. Nothing worked. Absolutely 0 sign of autofill anywhere.)
I made this post and went for a walk.
Now suddenly autofill is working again.
I hate technology sometimes.
/edit again:
The best option I’ve seen so far: There is an ‘autofill’ QuickSettings button you can add to the notification tray that opens the vault and asks which item to fill with. (just like the ‘open vault’ inline autofill option). If inline isn’t popping up, use that.
I wish I had the confidence in my security provisions to self host my secrets on the internet. I do use bitwarden, but that is local to my machine. It works good for me, as my memory is shit. About the only thing I could say against Bitwarden is that the recent theme change was a huge mistake and caused a lot of people a lot of stress. Insomuch as the public outcry against the new theme was so great, they switched back to the old theme. Whoever created the new theme had to have been a sadist.
I keep vaultwarden behind a vpn so it’s not exposed directly to the net. You don’t need a constant connection to the server; that’s only needed to add/change vault items.
This does require some planning though; it’s easy to lock yourself out of your accounts when you’re away, if you don’t incorporate a backdoor of some kind to let yourself in in an emergency. (lost your device while away from home for example)
My normal vpn connection requires a private key and a password that’s stored in my vault to decrypt it. I’ve setup a method for retrieving a backup set of keys using a series of usernames, emails, passwords, and undocumented paths (these are the only passwords I actually memorize); allowing me to reach vaultwarden where I can retrieve my vault with the data needed to login to everything else properly.
I’ve often thought about this, and since it has come up in convo, I’ll ask: If you were to implement a backdoor to your server, how would you go about that? Currently I have 3 vps and one rack in the closet. It is the vps I’m interested in the most. Only one vps offers a rescue ssh, and yes I can confirm, if you are not exceedingly careful on my setup, you can lock yourself right out. I run tailscale on everything and I often wondered if I could incorporate tailscale as a emergency backdoor.
Most of my web services are behind my vpn, but there are a couple I expose publicly for friends/family to use. Things like emby, ombi, and some generic file sharing with file browser.
One of these has a long custom path setup in nginx which, instead of proxying to the named service, will ask for http basic auth credentials. Use the correct host+path, then provide the correct user+pass, and you’ll be served an openvpn configuration file which includes an encrypted private key. Decrypt that and you’ve got backdoor vpn access.