@2something

Hi Fedi, I have been using @[email protected] since 2019, and been a premium subscriber for most of that time. Due to their recent hyping of AI, I am interested in switching away. In this post, I have gone through every single password manager on @[email protected] and compared them. The comparison is based around my use case and preferences, but I figure someone else might benefit from it too. I'm also very interested in any advice and recommendations y'all may have. I am currently limiting my search to password managers that have desktop apps. Arguably this is an unnecessary restriction: Bitwarden has a desktop app, but the vast majority of the time I just rely on the Firefox extension, which can even work offline. However, I occasionally clear my local Firefox data, so I feel a bit safer having passwords in a separate desktop app. $[x3 Current leader] So far I am liking Gnome Secrets (desktop) and KeepassDX (Android). However, there does not seem to be a way to get Secrets to autofill on websites. https://gitlab.gnome.org/World/secrets/-/issues/34 I'll give Bitwarden a few weeks to see if they can resolve their AI issues. If not, I'll probably suck it up and lose autofill. $[x3 Bitwarden's Response] I sent Bitwarden's customer service an email (using the email tied to my Bitwarden Premium account so they know I'm a customer). Here's what I asked them >Hi, I read the announcement about Bitwarden's MCP/AI Server, and I am deeply disappointed to see Bitwarden jumping on the AI hype train. >I have a few questions about Bitwarden's AI use that I hope you can answer. >1) Do you think it is safe to let an AI move and manipulate passwords? Even if it's a "local" AI, How can the AI can be trusted not to incorrectly copy or "hallucinate" an incorrect password? >2) You've repeatedly stated that the MCP is optional and separate from the "standard" Bitwarden clients and server. Can we trust that you will never, under any circumstance, inject AI into the main Bitwarden experience? >3) Are you using AI to develop the main Bitwarden clients and server? They responded quickly, but there response was not encouraging: > Thanks for your interest in the Bitwarden MCP project! This is a standalone project that is separate from all other Bitwarden products like Password Manager. The project is considered a proof of concept and not suitable for production use. >If you have any feedback on the MCP server, please join in on the discussion in our community forums : https://community.bitwarden.com >If you would like to contribute to the project or have an issue to report, please refer to the project GitHub repository: https://github.com/bitwarden/mcp-server Notice that they didn't actually answer any of my questions. (Also, I had already posted those same questions on the MCP thread in the Bitwarden forum, so "post on the forum" is not a helpful suggestion). Meanwhile, user grp on the BW forum pointed out that the Bitwarden Clients Github repository contains ["copilot instructions,"](https://github.com/bitwarden/clients/blob/a15b1741219129d60ad0d7ae0960aa5011d4bd9a/.github/copilot-instructions.md) so it seems like they are indeed using AI for development. All of which pushes me away from Bitwarden. Update: On 2025-08-07, I got another email response. This time, they did answer the questions. >1) Regarding the safety of using AI with passwords: The Bitwarden MCP (Managed Companion Process) server is designed to operate locally with a strict security-first approach. It maintains Bitwarden's zero-knowledge encryption model, meaning your vault data remains encrypted and secure unless explicitly decrypted by you. The AI agent does not bypass or weaken this model. However, we understand your concern—Bitwarden does not claim AI is infallible, and for that reason, we encourage users to use self-hosted, trusted AI models and to carefully consider any use case before allowing an AI agent to manipulate sensitive data. Use of the MCP server is completely optional. >2) Yes, you can trust that AI is not being introduced into the standard Bitwarden clients or services without user consent. The MCP server is entirely separate from the core Bitwarden experience. It's opt-in and runs independently. There is currently no plan to introduce AI functionality into Bitwarden's core clients or infrastructure, and any future changes would be communicated transparently and require user participation. >3) To your third question, Bitwarden does not currently use AI to develop or generate code for its main clients or server infrastructure. Our development processes remain human-driven, with security, reliability, and transparency as priorities. Their answer to the first question seems vague and doesn't actually answer. Their answer to the second question is exactly what I was hoping to hear. For the third question, their answer is what I wanted to hear...but it's also *wrong*. They are indeed using AI in development, as evidenced by their Github. This incorrect answer makes me wonder if I can trust the answer to the second question. So, what are the options I am considering? $[x3 Keypass with Nextcloud for syncing] This is the recommendation I see the most. Keepass stores all your passwords in a single local encrypted file, and expects you to use another program to sync. There are a lot of "keepass-compatible" apps to choose between. First, on Android, one Bitwarden feature I use heavily is "unlock with pin." Downloading my Bitwarden vault from the server requires entering my very long Bitwarden password plus 2fa. Unlocking my vault on my device to which I am already logged in only requires entering a short password. That's good, since entering my full password on my phone takes a long time. EDIT: The two that people seem to like are Keepass2Android (only on Google Play) and KeepassDX (on F-Droid). Both seem very nice and have quick-unlock features. On desktop, there seem to be fewer options. I see @[email protected] recommended a lot, but their Github says they allow AI-generated code contributions, so I don't think I can trust them not to lose my passwords. https://github.com/keepassxreboot/keepassxc?tab=readme-ov-file#generative-ai Edit 2025-07-22: Holy shit, KeepassXC has jumped on the "if you don't like AI you must not have used it enough" train. Stay away from them. https://fosstodon.org/@keepassxc/114895756589199844 https://archive.today/bYqTG Then there's Gnome Secrets https://flathub.org/apps/org.gnome.World.Secrets Which looks a lot better. However, it doesn't have a way to autofill on websites, and this issue has been open for a long time. https://gitlab.gnome.org/World/secrets/-/issues/34 Next up is AuthPass, which has both desktop and mobile apps and is keypass compatible. The desktop one seems to work well, but it has the same limitation as Gnome Secrets: no way to autofill passwords on websites. https://github.com/authpass/authpass/issues/41 Edit 2025-07-24: While it's not on Flathub, Keeweb is another Keepass-compatible desktop app, and it *does* have a browser extension that works with it for autofill. https://keeweb.info/ However, development of the app seems mostly stalled. I'll also mention the original Keypass, which is Windows software that works on Mac and Linux through Mono. It's not on Flathub, but it is in some distro repositories. I tried it and I couldn't get dark mode, which means I can't use it. $[x3 Nextcloud Passwords] Aside from using Nextcloud to sync a Keepass valut, there is also Nextcloud's native password manager. There appear to be three Android apps: 1) https://f-droid.org/en/packages/com.hegocre.nextcloudpasswords/ I am able to log in to this one with my Disroot Nextcloud account. However, I see a red banner at the bottom of the app saying "Cannot connect to server. Tap to retry." (Retrying regenerates the same banner). 2) https://f-droid.org/en/packages/es.wolfi.app.passman/ In this case I cannot even log in: entering my username and password produces >Network error: HTTP request failed with http status-code: 404 3) https://f-droid.org/en/packages/de.jbservices.nc_passwords_app/ This one I also can't log in, but there is no error message, I just get sent back to the login screen. I also tried logging into the desktop flatpak and I am seeing white text on white background. $[x3 KWalletManager] I have a rule that if I want to use my computer to do X, and there's a KDE app which does X, then I will give the KDE app a fair try. KDE has a password manager, so I have to at least consider it. The issue here is I can't figure out any way to sync it with Android. Can this be done? $[x3 Passky] I took a look at Passky. https://passky.org/download It's a service like Bitwarden: one company provides a desktop app, a mobile app, a browser extension, and a service to sync all of them. One thing to note is that it seems like all of their repositories have very little activity: The Android repository has had no commits for close to three years, the web vault has had no commits for close to two years, and the desktop repository (which is Electron) has had no commits since April 2024. That might not be a bad thing if it's working, but I don't think I'm qualified to assess the difference between "this software has unpatched security issues we aren't fixing" and "This software is working perfectly so we don't need updates." Their website has a broken link to Google Play, as the app seems to be delisted, but the do have an f-droid app. https://f-droid.org/en/packages/com.rabbitcompany.passky/ Their website has a broken link to Google Play, but it seems they do have an f-droid app https://f-droid.org/en/packages/com.rabbitcompany.passky/ In addition to a verified flatpak. $[x3 Pwsafe] Then there's Password Safe https://pwsafe.org/ Much like Keepass, it stores all passwords as a single encrypted file and expects you to use another program to sync. There are iOS and Android apps that are compatible. The trouble here, as with Keepass, is getting the desktop app to autofill on websites. It does nominally have an "autofill" feature, but it can't detect when the site you are viewing corresponds to an entry: you have to open the desktop app, search for the relevant entry, open it, and then click "autofill." It's a lot less convenient than clicking the icon for Bitwarden's browser extension. $[x3 Lesspass, LPTK, and other "Stateless" Password managers] Lesspass https://www.lesspass.com/ And the compatible LPTK https://flathub.org/apps/me.ogarcia.lptk work by generating a password using a one-way function from your lesspass password and username. They do not actually store the generated password. It sounds like a nice idea, but there does not seem to be a way to import all the passwords I already have. Other "stateless" password managers which work in the same way and have the same limitation include: Elescoute's Password https://flathub.org/apps/io.gitlab.elescoute.password Password Calculator https://flathub.org/apps/com.bixense.PasswordCalculator qMasterPassword https://flathub.org/apps/io.github.bkueng.qMasterPassword Master Key https://flathub.org/apps/com.gitlab.guillermop.MasterKey $[x3 Proton Pass] This is the one that is probably closest to Bitwarden in features. Unfortunately, it has several issues. a) The server software is proprietary, b) Logging in requires a Captcha. I can pass the captcha, but I'm always afraid that I will fail it. c) The CEO has said and done bad things that would require a content warning if I got into them here (if you choose to look it up yourself, CW: US Politics). d) The company is also into AI. $[x3 Passy] Not to be confused with Pass**k**y. This is another offline password manager which expects you to use another program to sync. It uses its own format, but it can import or export vaults to and from Keepass. Passy *does* have an associated browser extension which allows autofilling on desktop websites. There are two limitations that stop me from whole-heartedly jumping onboard with Passy. First, while it can store TOTP keys, it doesn't seem to have a way to generate TOTP codes. Or maybe it does, and I just can't figure out how. I opened a question about it on Github. https://github.com/GlitterWare/Passy/discussions/156 EDIT 2025-07-25: They responded that Passy can actually generate TOTP codes, so my complaint in the preceding paragraph is wrong. Secondly, I have a bunch of my passwords organized in folders. Importing them to Passy seems to remove the folders and doesn't seem to provide a way to readd them. $[x3 Goldwarden] This is an alternate client for Bitwarden: it is not actually an alternative to Bitwarden. $[x3 Enpass] https://flathub.org/apps/io.enpass.Enpass This is another local password manager...except it's also proprietary and requires a subscription to use, even fully offline. Their website claims >Most personal password managers store your data on their servers, but not Enpass. You stay in control always by storing your data in your personal cloud such as iCloud, Google Drive, OneDrive, Dropbox, Box, or NextCloud. However, I installed it and couldn't figure out how to start storing data locally without agreeing to their terms of service and making an account on their server. The whole thing seems awfully suspicious. $[x3 Other] Secrets Manager https://flathub.org/apps/io.github.tobagin.secrets Key Rack https://flathub.org/apps/app.drey.KeyRack Password Secure https://flathub.org/apps/io.github.mihnea_radulescu.passwordsecure Gnome Seahorse https://flathub.org/apps/org.gnome.seahorse.Application Polypass https://flathub.org/apps/io.github.polypixeldev.Polypass Revelation https://flathub.org/apps/info.olasagasti.revelation Passvault https://flathub.org/apps/de.finnik.PassVault All apparently lack ways to sync to Android. (Passvault's website links to a Google Play app, but the app in question is no longer on the Google Play store and also apparently isn't on F-Droid.) #PasswordManager #AppRecommendation #Bitwarden #Keepass #KWalletManager #Nextcloud #passky #pwsafe #Lesspass #LPTK

past puzzle

Errate das gesuchte Jahr mit Hilfe von 4 historischen Ereignissen. Ein von Wordle und Geschichte inspiriertes Spiel.

Bluesky