Posted by: Rob Lemley 1 month, 2 weeks ago
LastPass is great and does a good job at what it's meant to do. Help people like my Mom manage a bunch of passwords across multiple devices. That said, it doesn't meet my possibly overzealous standards, so I looked for another solution.
- Passwords need to be available across all of my devices. Currently this includes Linux and Android.
- Synchronization across devices has to just happen without me thinking about it.
- Needs to integrate nicely with my web browser. For me this is mostly Firefox.
- Passwords must be stored on only my devices.
- An open source is preferred.
Requirements 1-3 are met nicely by LastPass, and for most people that's enough. However, I don't trust anyone when it comes to passwords, and LastPass has had problems in the past.
Another issue with LastPass is that's it's synchronization relies on their servers. Their servers could go down, or LastPass could go away completely. Hopefully you have local backups of your password database if that happens. If I recall correctly, the backups you download from LastPass are unencrypted CSV files. You would be responsible for storing the backup safely. Also, it's unclear whether or not the LastPass browser extensions continue to work if the LastPass servers go away. In the end that means you'd be looking for a new password management solution on the fly, and no one wants to do that.
I decided to go with storing the passwords in a KeePass database. KeePass is written for .NET, but works on Linux and Mac systems through Mono. Not everyone particularly likes Mono (myself included), so the open source community has come up with several derivatives that use the same database format. The KeePass Wikipedia page has a good list of these derivatives.
On my Android phone, I'm using KeepShare Lite. KeepShare supports PIN or fingerprint unlock, a custom keyboard for password entry, and is open source. There is also a full version that adds write support if you need it.
KeePassXC does not support synchronization itself to keep code simple. You can store your KeePassXC database on cloud provider like Dropbox, or even your own "cloud storage" like Nextcloud.
For the synchronization piece, I'm using Syncthing. Syncthing continuously synchronizes files between two or more computers and replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Syncthing is a daemon running in the background on your computer. It comes with a built-in web interface for configuration, or you can use one of the native GUIs like Syncthing-GTK. There is also an Android app.
Once you've installed Syncthing and optionally one of the GUIs like Syncthing-GTK you'll need to configure it. Syncthing-GTK has a first-run wizard to get you started.
The wizard will look for the syncthing daemon, and tell you if it can't. Then it generates the keys for your computer. Finally, you have to configure the WebUI.
Syncthing-GTK requires the WebUI to be running, as that's how it communicates with the Syncthing daemon. I highly recommend setting it to only listen on localhost unless you have a compelling reason not to.
The left side of the Syncthing-GTK GUI displays your shared folders. The right side displays computers that you are connected to.
Add a shared folder
Click the icon, and select Add Shared Folder.
- Set the Folder Label to KeePass
- Set the Path
- Set the Rescan Interval
Personally, I'm not changing passwords that often, and even when I do, it's unlikely that I will need a fresh copy on my other devices right away, so I set the Rescan Interval to 10 minutes and disable Monitor filesystem for changes.
Add another device
On a second computer, get Syncthing-GTK up and running and add a shared folder like before. Then get the Device ID by clicking the icon, and select Show ID.
Back on the first machine (really either of them, but my screenshots go this way), click the icon, and select Add Device.
Enter the Device ID from the second machine and give it a nice name. At the bottom of the window, check off the shared folder you set up above.
Here, machine #1 is "asspirate" and machine #2 is "kikaider". Click Save and you should see the new device show up.
You'll notice that it says "Disconnected".
If you click the title bar where it says the name of the device ("kikaider" in this case), it should expand and connect. Be patient, it takes a minute or so sometimes.
On the other device (kikaider) you should get a popup in Syncthing-GTK:
When the borders turn green, your device is connected.
You should also get a popup like this:
When you click Add, the next screen is the "New Shared Folder" screen from earlier.
Set the "Folder Label", "Path" and rescan options. If your folder paths are different between your two computers, make sure you're entering the right path on the right machine.
After Syncthing restarts, your main screen should show the new device, and the folder you're syncing in green.
Part two of this post will be getting KeePassXC up and running, and Part three will be setting up KeeShare.Share on Twitter Share on Facebook