Most PRIVATE Password Manager

Last year I moved from Avira Password manager to Bitwarden. I really like the simplicity, open source and security of Bitwarden.

Hey, Dashlane engineer here, awesome video (sincerely, it's valuable and transparent, well done). Side note: Dashlane shut down the Password Changer feature due to maintainability costs and difficulties in scaling websites support over time

An incredibly digestible explanation of what I know is important to consider, but also of what I had no idea is important to think about.
I feel well equipped to now make an informed decision. Thanks a mil!

I am a self-hosting nerd and mainly use my own instance of Vaultwarden. That way I am in charge of security, and - even if it's a hassle - have full control. On the other hand, if something leaks or breaks, it's all on me.

Very well thought and helpful tips regarding security and management of passwords! I've used most of the password managers mentioned here--both the online and offline versions. I have tons of passwords and it was an eventuality for me to end up using one. Thank you for your continued efforts in bringing awareness in cyber security. 👍

This is sound advice, well thought out and presented. Thank you Naomi for providing this invaluable information to us user plebes. Keep up the good work.. 👏

Home run! Such a great video, flawless! I'm sending this to all my friends.

Finally catching up with you Naomi. It was another incredibly enlightening upload. Just brilliant and thank you once again.

Another superb video! I’m beginning to understand the differences among password managers. Mahalo.

Fantastic video! Every point I could hope for you to cover was well explained.

Providing a comprehensive review of the most prominent password managers and maintaining consistency is always welcome :D

This is probably the best video to explain password managers and how they work. Great job!

COOL! Appreciate all you and your team does. Always lots of good info!

I was waiting for this video since the 2FA video you published a couple of months ago. in the meantime, I decided for a PW manager and I'm glad to coincide with your suggestion based on my needs, I guess your previous educational videos worked for me, thanks!

this is an awesome video. thanks for breaking it down so it can be shared to others.
one of the best password managers for users at the time with regards to usability, convenience and security out of the box was 1password standalone version.
although it is not open source,
unlike bitwarden or keepass xc, it didn’t require setting up a dedicated server to sync across local devices.
it synced from a primary computer to other devices on the same local network. and you can change primary computers at any time. this limits your surface area of potential attacks by not requiring any cloud or even any always-on local server as a target for attackers. you can simply turn on your computer which devices sync to , unlock it, connect your devices to the same network, and then turn that off when you are done.
today this does not seem possible without putting way more extra work and dedicating a server for this function. it’s more steps and stuff you have to deal with when compared to how 1password did it all through software local syncing.
since 1password changed business models to force the cloud and a subscription model, the only option now is bitwarden or keepass xc on an encrypted volume for the same usability. keeping it off the cloud requires way more work / effort in setting up a local server in the form of something like nextcloud or other instance. then you can layer it with a docker container, vm, veracrypt or other encrypted volume, etc…
the point here is it gets more complex with more in-depth troubleshooting issues because there are far more moving parts. 1password standalone version was like 75% to 90% of the way there for users without further setups.
lastly, you didn’t mention strongbox and other various “accessories” but i also see that probably you wanted to keep things clear since it is already a very well done and detailed overview video.
perhaps a more advanced part 2 can delve in local db encryption, syncing and storage methods. linux is also a wildcard since there are more unique scenarios. also if the cloud has to be used for whatever reason, like business, there is now proton drive in the mix of other options. and cloud always requires some form of encryption method with a good way to sync them.

This was a seriously well done video with tons of useful information distilled in easy to understand language. Your examples and descriptions of things like rainbow tables and hashing, your overview of the lastpass issues, your description of how to create secure passwords were all spot on and solid from a security point of view, which is rare in videos like this. You could give this video to any level of user and they would come away with a solid understanding of the topics covered. I appreciated your discussion of the pro's and cons of the various password managers and where they might / might not be useful. It is very rare to see such a well done video on these topics. You earned a subscription and $20 donation from me.

I started using a password manager when I worked in client support for an outsourcing company. Needed to remember (or store) over 250 passwords for access to the various devices and systems which fell under my purview. I felt I needed something secure but with local-only storage of the passwords. Settled on B-folders. Only stored locally, but able to be synchronised over multiple platforms. It generates random passwords which can include upper and lower case characters, numbers and special characters. Storage of the passwords is local only, and synchronisation is manual-only and via local WiFi. Never had any issues with passwords being compromised. Old tech, but seems more secure than putting your passwords in the cloud.

great video naomi! i've been happily using bitwarden for the last 5-6 years.

I really love your channel. I do care about privacy and security . I learn alot from you from now on . Thank you

Great episode. These things should be mandatory subjects in school.

Great video Naomi. I wish you had spent some more time on the browser extension XSS threat surface and also on mobile apps for these password managers, e.g. KeePassium for KeypassXC and advice on using these stand-alone v/s credentials auto fill. Thanks again.

Excelent video! I've been pushing my frineds and family to password managers for the past year. I'm about to give a presentation to my company to push for change as well. I will be adding a lot of the information you gave here. Thank you so much!
Aslo, great to hear you on Micheal Bazzels podcast, that was a fun surprise listening on a flight las week.

I just got word Proton is releasing an open source code password manager. This is the one I’m waiting for. Great video. Thank you!

1Password also uses both a master password and a secret key, which is a 32 character alphameric key which adds 32^36 levels of entropy in case your vault is every captured.
I feel much more comfortable using a memorable master password for my private vault because of the additional entropy afforded by the private key.
Of course if your device is stolen and there's no protection on the device, the memorized secret key protection goes out the window.

It's the dance at the end for me. Haha Great content, as always!

Awesome video! Thanks for sharing this essential info so well! 😊🎉

Loved the dance and the strawberry vest jumper. Info was really clear as well thanks.

I've been complaining about LastPass forever because their interface was clunky and they hadn't made any changes in years. Well, they just released a new version and it is not completely and utterly UNUSABLE. Which is fine because it has finally given me the push I need to move to a better solution. This video was helpful so thanks!

EXCELLENT Video & channel!
Most helpful.
Thankyou 😊

After trying 1Password, Bitwarden, LastPass and KeePassXC - I decided on KeePassXC. It's open source, self- contained and can happily sit on your system without requiring a Internet connection. It has a ton of other features too.

Great video... I recommend open-source BitWarden which can be self-hosted on own VPS protected with own open-source VPN

Just the video is was waiting for, thanks for the video

Great stuff as always. I had to smack my forehead after watching this one. We use a password manager at work but I never thought about the home. Guess I'll be investing in one. Took your advice on Libre office and love it so now it's passwords.

Been using dashlane for a few years. Works good enough for me. I might change to bit warden when my subscription runs out.

Yoo, the xkcd comic actually appeared here. Nice. That's what inspired me to get password manager. Used to use lastpass, then migrated to BitWarden since I heard it's open source. Thank god I did. And it's a nice balance of convenience and security too. We also need more TOTP 2FA in general though. Or at least something more secure than SMS.

This is a great video. Thanks for sharing what you know with others. I love you what you do and share.

wow,i love your video !!!! thanks for the advice.very very interesting. im a new fan 👍👍👍

BTW 2fa Protection of your vault (download) access is easy but does not help against attacks like stolen vaults (like in the recent breach). Only tokens generating part of the encryption key would help here. Yubikey can do that with the HMAC mode but this requires a local/offline app to do it.

Good info. I also agree 2fa is needed too, as a (minimum) secondary layer of defense, but with family members, getting them to keep using it is problematic. I'm a bit of a paranoid about password security, so mine is a bit different than most users.

I left Lastpass for Bitwarden. Also changed my gmail, apple id and bank passwords.

For twenty years I've used passwords that I had to write down on paper. I make sure they're 26 characters, if possible, with numbers, lower case, upper case, and symbols. I also make sure there are no repeated characters, no reused passwords between accounts, and no clues to personal identity information, nor common phrases or media references, included in the password. But, for a long time I've been using a password manager with biometric security coupled with MFA.

Great video, thanks. Thorough job

Thank you for your videos and the work behind them. Thanks to these videos, I am almost completely away from Apple, Google and co. Keep up your great work.

Very informative, thanks!

Thanks for the great content and help Naomi

YOU are brilliant.....you make your presentations in a way where he Average Joe can understand (most of) the content. I am technically-challenged, and don't understand all of it, but I like your style!😁😁😁

Thanks for the excellent video!

I like the way you call your passwords manager "Madoffpasswords" classic love all your stuff. 🤣😅 Keep it up Naomi.

+1 for Bitwarden

Great video Natalie

Hi Naomi, Tom Sparks (another TH-camr) spoke well of you so I recently started watching your video’s, man he wasn’t kidding, very well informed (and high quality) love your quad9 video and your videos on password managers… I recently ran across this new password manager called STASH PASSWORD (I am not paid by them, I’m just a regular paranoid internet user) I was really impressed by there product (alternative way of password management) but I’ve never seen any main stream TH-camr do a review on them so I’m still up in the air about making the purchase. Would love to see an honest review on them!

Great video, thanks. What about password managers such as Samsung Pass or Microsoft Authenticator, and some similar ones?

I personally use the original keepass, I find the use of complex triggers really helpful, but I have also used keepass xc in the past and is a really polished open source password manager that I definitely recommend !

I am still using 1Password 6 which offers WiFi sync to iPhones and iPads (even with 1Password 7 on those devices). My local computers synchronize 1Password via NAS. Works great and I don’t have to pay a monthly fee.

I followed you on Odysee as soon as I saw your pop up, nice work!

I really like your videos Naomi!

I use a password manager for web sites that don't involve financial information. For banks, credit cards, etc. I keep long random complicated passwords in an encrypted text file. When I need to log in, I decrypt the file, copy and paste the login information as needed, and then wipe the decrypted file.

Very useful, Naomi.

I've been using different password managers like Bitwarden, Yoti, and hPass which is from Hacken a trusted Web3 security company founded in 2017. The 3 password managers above are the 3 that I've liked the most out of the different password managers I've used. I have been thinking about moving from a cloud password manager to a self hosted one. I know Bitwarden does have a self hosted option but I also prefer that hPass uses a generated seedphrase like a crypto wallet and is from a Web3 security company.

Love the end dance!

If you use KeePass (or one of its forks), your vault (a single file) is saved on your PC (and for 99.99999% of us, it will be a small file -- only a few MB in size).
To avoid a catastrophe, make a copy of your vault (copy that file) to a different storage device, such as a USB drive, and keep that USB drive unplugged after you make the copy.
This way, if you are hit with ransomware, or similar, you will still have your vault available to you from your USB drive, and that drive was kept safe because it was disconnected from your compromised PC.
Also consider keeping another copy of your vault at a friend or family member's residence. This will protect you in the event of a burglary (where both your PC and USB drive get stolen) and in the event of a fire.
As long as you use a strong, unbreakable master password, you can store your vault file with anyone -- including cloud storage. But remember that if someone steals your PC, they might be able to use it to gain access to your cloud storage account and delete your files. So make sure you have a copy of your vault file kept somewhere that it will always be available to you.

Id also suggest getting a yubikey

Love the dance at the end! 😄

I enjoy KeePass - it is one of the only PW managers which can set expiration dates for passwords, as well as advance notification when an expiration is approaching. This was huge for me since I have many websites and databases that require password access - all with different expiration dates and varying lengths of time between resets. Now I get that advance warning and NEVER have a password expire and lock me out! Any inconvenience is far outweighed by this feature alone.

Also, consider crashes and breaks of your browser that forces you to reinstall ist. If you're lucky, the passwords stored in the built-in manager are still there, if not (e.g you decide to apply a clean uninstall and delete all data including configurations etc.), all your passwords are lost forever. Sure, this can happen to your external password-manager too, but honestly, this never happened to me in 20 years of using such software.

As password manager vaults age, they become less secure as computer science advances. Lastpass did not increase the key derivation iterations for older vaults (it has to be done client-side), and those vaults are exposed now to brute force attack. I'd like to see an automatic vulnerability test & conversion utility, only requiring the users consent for conversion steps. That might be hard to implement across all platforms.

22:15 - Yay, The End Dance!

I use passwords made from words in Irish Gaelic. So far so good.

I dig the dance 😊. Thanks for the info.

I use a Corsair Padlock stick with a database with all my passwords, it's very convenient, if I have to work on somebody's computer and connect straight to my server, to get software If needed. Only downside is that I have to use a USB extension cable, to handle the stick, if it's in a computer, it isn't handy.

Keepass original is the best, period. My 26 years as a Computer Systems Security Officer for the U.S. Military provided me with the chance to test every PW manager that popped up. Online managers are by far the least secure. After I retired from the military, I worked for a private company with multiple locations. We ran Keepass offline at each location. The PW manager data file was stored on a local NAS protected by Security Key access. It was backed up daily to an immutable storage device. Only certain personnel had access to the keys which were stored in a safe when not being used. The keys had to be signed in and out by the Security Office. All passwords used by the company were centrally controlled and generated. It was a little inconvenient at times but we had no data breaches due to stolen or hacked passwords.

Thanks for the dance, actually good food for thought.

pass is a hidden gem. It works from the command line.

I like Mr. Snowden's passphrase idea. I like to use the craziest anagrams I can find for the phrase I've chosen.

Great video. Super content, very well presented. New follower here

Recommended password managers are secure until they aren't. LastPass was recommended by Steve Gibson (Security Now!) a long time ago. Recently they did an episode on how it was broken.

Dealing with all the passwords has always been a royal pain. I don't trust any of the password keepers but it looks like things are getting out of hand but least you've got a good list of them here to look into. Thanks for the dance bit as well.

You dont know how much i have waited for a video like this!😄 Ive used KeepassDx on my phone and one day i saw the file with all my passwords missing.. I suppose i might have deleted it by accident but i really doubt that.. Luckly, before knowing anything about privacy i stored some of my passwords on SamsungPass and they are still there, some of them.. Every since that incident im inclined toward using a cloud based PM but i feel like an offline PM would be a better over all privacy choise.

I have been using Enpass password manager and highly recommend it it’s an off-line password manager system although you can choose your own storage places to sync it to, but not with Enpass company by itself does not give you the option to store your vault on their servers

Great video! ♥♥♥

very informative, and the strawberries keep the focus ;)
i personally use 1Password due to its reputation and the Family/team features which allows extremly complex passwords to be shared between all sorts of people on different levels of tech usage, which makes them stand out dramatically.

Apparently a sheet of paper is the safest way to store passwords

informative content, thumbs up

Thank you 😊😊

From browsing your merch I'm now pondering the idea of Dredd Pirate Roberts having a skyscraper headquarters...

now that proton added a password manager they have a good all rounder package. It's new so it's not as refined but with time it will surely become one of the best options

Love your content. Thank you for helping us survive this Privacy/Security Jungle.
One question, have you done any research on or have any good suggestions for the best privacy laptops? I use Linux at home and would like to move from my macbook to a linux based Laptop but am unsure about the security implications (broad options and preferences, but wondered if you had done any research on this topic?) Thanks again and keep up the encouraging work

The bits of entropy calculation can vary depending on the size of your wordpool. Words drawn from specialist fields will be stronger than words drawn from Ogden's 800.

can i just say, i love the end dance

Great video.

Haven't watched yet (I will) but just wanted to know if you have any thoughts on Keeper? I did a bit of homework when I signed up just under a year ago, and it seemed to be a solid choice, but I find it's now missing from a lot of reviews (including this one) so am wondering if I ought to try another instead of renewing?

I use vanilla Keepass since I only use on Windows, haven't tried KeepassXC but I hear it's almost as good (with added functionality of being cross-platform/OS). I used to use Lastpass a long time ago but I'm REALLY glad I stopped..
Offline / Keepass just seems so much smarter. It's a little annoying not having it online but I'd rather offline only and less risks.

Thanks for the video and the dance))

Great videos, can you say how does Apple key chain rate as a password manager.?

Having and end-dance. Nice touch haha

Glad I subscribed.

Using password fillers or browser extensions can be more secure because they can enter the password directly through the browser API rather than through the clipboard or keyboard methods, which are easier to log from.

Thank you.

Thank you this is the best post attack total look ever. Clear detailed. Thank you. One that is always ignored is Google password manager. Is it junk. I know you said anything better than zero. However as you said unlocking phone gets access to 1st level of passwords... help????

Thanks Naomi.