Offline Password Manager

[Helen Francke]

Nobecause I want more features like comments or date when the account was created, and not to be tied to an eco system of a device/company. Also, be able to have all the passwords in one encrypted container which I can copy off of my device to another device.

self hosting

not interested in it, but I am curious, is it like installing the normal version of Bitwarden on PC and then pressing a button to start the self hosting service, or is it more complicated than that?

You can get a portable version of the Bitwarden Desktop app for Windows here. However, you will still need to register an account before you can do any testing, and you should be aware that the Bitwarden apps only run in off-line mode if the device is disconnected from the internet when you launch the app, and that while in off-line mode, the app is read-only (i.e., you will not be able to add or modify any vault contents).

The thing is: Bitwarden is literally a cloud-based = NOT offline-password manager. If you so much want Bitwarden, my advice would be: think about using an online-password manager. Because - offline or online: the security not only depends on that decision.

If I had that need for wholly off-line I think I would use one of the good existing solutions like KeePassXC (as already frequently referenced) with Strongbox or StrongBox Zero on iOS, Android being SEP.

A design strength of Bitwarden lies in its secure use of cloud sync. While I am in a position to host my own instance I could see no identifiable (real) security improvement at all, just more maintenance effort, so I pay my $10 very happily for premium.

If it were to be implemented, it should be under an advanced setting. With a warning saying that if turned on. That it would be up to the user to keep backups. As if users want to change devices, or if their device gets lost or stolen, there is no way to recover that vault without some form of backup.

The reason being is that some users do not trust the cloud. Even though Bitwarden is really secure because of the zero knowledge architecture and the vault being fully encrypted, even though with all that security there is no way of knowing that a data breach would never happen in the future as nothing is 100% secure.

Granted it could take years with all the encryption used for the vaults and also if the user has a strong master password. But cyber security is always evolving and we can never know what the future holds in a decade. That is why Bitwarden should have a future proof option.

Here is the surprise, literally every person in my life hate it too, but tolerate it since it is hard to find, so they just buy those earbuds that have a rubber tip that needs to be shoved deep in there. Eventually when it is not sold or too expensive to buy, I will bite the bullet and buy it. but they are horrible in hot climate.

but I doubt Bitwarden would implement this because they make money from being online, and I get it, in this case there are less people like us, but I hope this subscription trap ends. I am willing to pay USD 50 for the premium option of having it offline.

I am personally waiting for it to get a few more updates for the fully offline mode to become stable and for some UI design tweaks. Then I may switch over to Buttercup to make it my main password manager.

My own self hosted bitwarden instance went offline for awhile recently and I was totally unable to login to my vault or access any of my passwords, either on mobile, firefox plugin, or desktop (linux) app. This is really concerning because the #1 time when I need access to my passwords is when my self-hosted servers are going offline.

As many others have mentioned in this three-year-old thread, many users perform maintenance to equipment while offline (or connected to VPN with no external network allowed) and must have login/read/write access to their vault.

I read near the start of this thread a Bitwarden employee mentioning how difficult it is to implement offline edit/resync. I can appreciate that, but I also know lots of other tools that must, do, and have implemented synchronization of offline edits with the online copy.

FYI I am in the exact same position.

I ended up sticking with keepass with a file replicated on a per customer basis over VPN for work purpose.

Ironically I was looking forward to support birwarden financially by promoting its use for our company but ended up having to stay with our old keepass.

This is a phenomenally horrible situation. Lost WAN overnight. PC was sleeping at the time and for some reason had logged out of BW. Could not get back into bitwarden to access a number of router/service passwords to troubleshoot network issues. Had NO idea that offline login was impossible if for whatever reason your device is logged off. This is truly making us have to rethink our whole choice to migrate to BW and we are re-opening our selection process.

In the case of an offline situation, imagine 5 persons do a password reset and update their offline version of the vault. Now, 5 instances of the same login appear when these people leave their no-internet locations.Given all the powerful group policy features of bitwarden, offline sync can quickly become really difficult.

Dashlane is an impressive password manager that goes beyond basic password management. With advanced features like offline access, a VPN, and live dark web monitoring, it provides a comprehensive security solution. Plus, all paid plans come with a risk-free 30-day money-back guarantee.

I like how RoboForm offers the option of local-only storage, unlike most other password managers which require server synchronization. During my tests, I was able to use RoboForm offline, access my vault, and even make changes to my logins.

RoboForm is a cost-effective password manager with superior form-filling capabilities. Its offline mode, bookmark storage, and password sharing are really good. All RoboForm purchases come with a 30-day money-back guarantee.

The secure messaging app is my favorite Keeper feature. It uses end-to-end 256-bit AES encryption to protect all messages, ensuring complete privacy. I also like how it provides the ability to retract sent messages or set a self-destruct timer on them.

Additionally, importing passwords into Keeper proved to be exceptionally simple and convenient. The automatic import tool searches for all the accounts stored in your web browser and automatically adds them to Keeper. Keeper can also import passwords directly from LastPass, and while you have to use a CSV file for most other password managers, Keeper has very clear instructions on how to do this.

Keeper offers a free version with basic features, but its paid plans offer much more. The Keeper Unlimited plan, priced at PLN11.49 / month, offers unlimited password storage, secure record sharing, and access to the secure messaging app, among other features. The Keeper Family plan, which costs PLN24.59 / month, adds up to 5 licenses and 10 GB of secure file storage.

Sticky Password has all the basic password management features and adds some unique extras, like local Wi-Fi sync and a portable version of the program. Sticky Password also offers a 30-day money-back guarantee on all plans.

KeePass is a free open source password manager, which helps you to manageyour passwords in a secure way. You can store all your passwords in onedatabase, which is locked with a master key. So you only have to remember onesingle master key to unlock the whole database. Database files are encryptedusing the best and most secure encryption algorithms currently known(AES-256, ChaCha20 and Twofish).For more information, see the features page.

Is it really free?

Yes, KeePass is really free, and more than that: it is open source (OSI certified).You can have a look at its full source code and check whether the securityfeatures are implemented correctly.

As a cryptography and computer security expert, I have neverunderstood the current fuss about the open source software movement. In thecryptography world, we consider open source necessary for good security; we havefor decades. Public security is always more secure than proprietary security.It's true for cryptographic algorithms, security protocols, and security sourcecode. For us, open source isn't just a business model; it's smart engineeringpractice.

Bruce Schneier, Crypto-Gram 1999-09-15.

Hello!

I have been using Keepassxc and keepassdx on my pc and android respectively. But after reading about the vulnerability in keepass, and their devs refusing to fix or acknowledge it, I am looking for a good alternative. Nothing fancy, just a good, simple and secure password manager.

Thank you!

This is a very bad take. Security and privacy are not an on and off switch. If you think preventing access to your computer is the only security defense, I think you are mistaken. There are layers to security. Why use a password manager at all then? Just paste your passwords in a clear text file if you think the only defense should be access to computer.

Saying that they can plant a keylog, I can also say remove password from your pc, as, if someone can enter your house, they can plant a hidden camera, or a physical logger. That is what i meant by layers.

You cant even compare the attack surface of a operating system and just a software in it. It is dumb to rely solely on the security of an operating system which has millions upon millions of lines of code.

Exactly. My threat model requires a safe and secure password manager. Its the devs only job. Being a password manager dev, being responsible for encrypting my database properly, and then when alerted about the issue, saying to secure my pc, instead of fixing the issue is dumb.

On the Admin site within the Forgot My Password self-service workflow, go to the properties of the Reset Password in Active Directory step. Select the 'Allow users to reset passwords offline' option to enable users to use the offline password reset functionality provided by Password Manager.

3a8082e126