Libre Software and LibreSaaS password managers
Agaric uses the old-school open source KeePass encrypted password and metadata format to manage our passwords with various slightly more modern front-ends such as KeePassX and KeePassXC. To share this between multiple members on the Agaric team, we store the encrypted .kdbx file in NextCloud.
This is the industrial-strength approach many security people recommend.
But easier-to-use web-based password managers definitely have their place. Here’s a rundown of some options:
- BitWarden is the most robust solution with team features like collections and shared items and enterprise services like support, an audit trail, and password vault heath reports. It is full LibreSaaS with no proprietary pieces and its business model is primarily LibreSaaS but it has solid self-hosting documentation.
- passbolt is also fully libre software, advertises team features but seems very simple, most similar to (the proprietary) LastPass. As such it is what i’m most comfortable with, personally. It prioritizes a pay-for-local-install business model of making money from self-hosters but also has LibreSaaS plans.
- Kee Vault seems most similar to KeePass + a browser extension, but presumably more naturally integrated and with support. Honestly i’m not sure where it actually saves the passwords, and it doesn’t seem to promote any team features (sharing items or folders).
Totally free, local-install-based, and presumably therefore has no team features:
- Buttercup has applications for Debian-based and Red Hat based GNU/Linux systems, for Windows, for Mac, for Android, and for iPhone, and for Chrome and Firefox browsers (so far) but as far as i can tell from a quick perusal will not be synchronizing passwords between them? Except with NextCloud and such.
- LessPass does not store passwords at all, but rather generates a strong, secure password for each site and situation based on your master password. This is clever but makes it less useful for the use case of sharing logins as a group (although the need for shared logins has fortunately declined greatly, as almost all services now allow multiple accounts).
Otherwise lacking team features: