Password manager

Paflechien

Good morning. in terms of security and privacy of password managers you advise rather brave with synchronization or 1password, on Android. Up until now I've been using 1P but after reading Travis Ormandy's review on managers I'm just wondering why I keep paying...

Paflechien

The big advantage of brave is that it can also replace youtube and has a built-in translator.

[deleted]

You can use KeepassDX and sync it with any app that supports Storage Access Framework (SAF)

Paflechien

[deleted] I asked between the level of security and privacy between 1P and brave

turmoil2750

bitwarden is the best

Paflechien

Yes, but I'm not asking for the best for you. Everyone is going to tell me what they prefer? I just want to know which is better in terms of security and privacy between 1P and brave (password manager).

[deleted]

Paflechien I just want to know which is better in terms of security and privacy between 1P and brave (password manager).

1Password (by AgileBits Inc.): If you want end-to-end encryption

Brave (by Brave Software, Inc.): If you need something open-source and don't care about backups (You can only synchronise between devices)

itsjpb

Paflechien

can i ask why you're insistent on these two options? even Tavis' article suggests keepass as a best option.

between your two, my concern with brave as an option is that it locks you into their web browser, which won't do you much good with android apps. you probably already saw it, but 1pass developers did respond directly to Tavis' article here with some reasonable points.

Paflechien

[deleted] Passwords are not encrypted on brave?

[deleted]

Paflechien It doesn't really matter because Brave is not storing your passwords on their server, but the thing is you won't be able to backup your passwords, but only sync with other device(s?)

Paflechien

[deleted] I have an old device that I use as a base for synchronization.

Paflechien

My threat model has changed since yesterday, I'm retired and I'm looking for the most practical system, keepass is very good but you have to open the keyboard, enter your fingerprint, choose the corresponding password and then press the Magic keyboard buttons. I've used it offline for many years, but now I want a system with as little interaction as possible.

N1b

I'm not experienced in the technical details, but from what you describe as your threat model Brave seems perfectly fine (between your two options), especially since you have a backup solution and don't feel like paying money.

If you want to add security, you could salt your passwords (add a few characters so your password manager doesn't know the whole thing) and use 2FA wherever possible (my recommendation for a free solution would be Aegis).

Paflechien

N1b I just wanted to know if it's secure, if the sync between the device is encrypted, if something is on the brave servers or whatever, if the brave manager is encrypted... anyway, is it secure?

[deleted]

Paflechien Consider reading this Sync FAQ article by Brave

[deleted]

Paflechien [deleted]

Paflechien

[deleted] thanks

Paflechien

I'm reading the description of chromium, I don't understand everything but I think that when vanadium allows to import the passwords and when it allows the autofill service, a large attack surface will be removed, in users will no longer have to worry about which manager to choose

GrapheneLover

Just remember that storing passwords in the browsers password manager is not really safe for security vs storing your passwords in KeePass. In malware the first thing they always hit is your browsers password manager and autofill it is in every current malware. Also if someone got physical access to your device they could just get your browser passwords vs KeePass which would need a passphrase to access it. I'd recommend if you're using the browser way only store less valuable sites on it and not your banking websites and important sites on it, keep those for a password manager and always use 2FA on your accounts. Aegis is a very good 2FA app.

Paflechien

I made my choice after a whole night of research, I will stay on brave. you can close. thank you all