Thanks everyone. Over the weekend, I've installed Bitwarden_RS addon on my Hass.io Pi4 and copied CSV from LastPass into it. Nice and pain-free. I'm on the fence whether to open its port to big bad world. Even if they can brute force my master password, I've still got 2FA as last line of defence? The database file itself is encrypted as they leave my devices. So overall, risk should be very low?
I use Lastpass but not seen anything about any changes coming? I have tried searching but I cannot see anything, other than them apparently removing support for MAC's or something.
Never used a password manager before but have installed BitWarden and it's great. Don't know why I didn't use one before. Embarrassing but I was amazed at how insecure I was... I have some issues with the android autofill service being disabled but I think this is my aggressive phone killing background processes for battery optimization. On the PC it's flawless
Just installed Firefox again and it seems to have a password manager of sorts, anyone tried it out or have any feedback?
My wife uses it, only on her laptop. (in the process of switching to Bitwarden) From user perspective, like all other password managers, it works well on the laptop. But to get the password on mobile devices, you'll be limited to Firefox browser. It is not easy to get straight to the password if you are on mobile and signing into an app. On iOS Firefox app doesn't register as a password manager.
Also just made the move to Bitwarden after forgetting a ton of passwords, so far so good. Seems to work across my 3 PC's and phone pretty well too. Importing passwords was okay, but changing them for something more secure is a bit more of a task :/
Thank you, I think I'll buy one. What do you think about the Bluetooth capability of the coming version? Is it a security risk? Also this might be a stupid question, but can the device store and fill in passwords for games and the like? Might as well go all in...
Nope. You can turn it off, firstly, and only turn it on when you need it. Secondly, the database is encrypted with a security key which is stored solely in the secure element of the smartcard(s) you use with it: if the smartcard isn't in the Mooltipass, it's impossible to decrypt the database. Thirdly, if the card is in the Mooltipass, you need to unlock by physically interacting with the device and inputting a four-digit hexadecimal PIN; you get three chances, and then the secure element on the card is wiped - and with it the decryption key for the database. (This, incidentally, is why you're given multiple cards: create a backup and store it safely!) Fourthly, if you've inserted the smartcard and entered the correct PIN, each password request is only fulfilled when you physically press the button on the side of the Mooltipass (or tap on the table, if you've enabled knock detection.) The latter is a feature I like and the default behaviour of the older Mooltipasses; the new Bluetooth one has an optional "simple mode" which does not require physical interaction once it's unlocked. Makes it more like a software-based password manager - in that it instantly fills in password requests from websites - but does weaken the security a little. You can turn it off and go back to the old way, tho'. It can store any passwords you like (up to 31 characters in length for the older models, a limitation that's lifted in the new one.) You can even store SSH keys and files on it (until you run out of storage - the Mini has an 8Mb/1MB chip in it), which are encrypted in the same way as the passwords. If you're using the Mooltipass in a supported browser, it will do things like credential capture (prompting to save new credentials to the Mooltipass) and auto-fill; if you're using an unsupported browser, non-browser software, or a mobile device (pending the completion of Android and iOS clients for the thing) it effectively acts like a keyboard: use the scroll wheel to run through your list of saved credentials, find the one you want, select it, and it'll type your username and password for you. If you're really in a pinch, you can plug it into a USB battery or phone charger (or use the internal battery in the BLE model) and instead of typing the password it'll just display it on-screen for you to type yourself. If you don't like that functionality, it's again something you can turn off (tho' I leave it on.)
For those who are interested, the Mini BLE has a kick starter page. A link can be found off the main site https://www.themooltipass.com/
I use Keeper personally, they have a good app for Android, plugins for FF and Chrome as well as a good web interface, and import/export tools to get you set up. It does all I need really (not sure about Mac support though?) The constant up-selling of other services is a tad annoying for a service I already pay for, so they aren't exactly in my best books.