Everyone needs a strong password manager, but you’re usually forced into one of two E camps: a local-only password manager that keeps your passwords off the internet, but causes friction when you want to access them on different devices; or a cloud-based password manager that works seamlessly across all of your mobile and desktop devices, but requires you to store your passwords online.
Given the rise in websites being hacked – parts of LastPass were compromised as recently as August 2022, although the company stressed no vaults were at risk, due to its zero-knowledge policy around master passwords – you’d be forgiven for being wary about trusting your vault to a third party.
OUR EXPERT
Nick Peers has over 1,100 pieces of secure information stored in his password manager. Clearly a clean-out is needed. Good luck getting him to actually commit to it.
One workaround is to use our favourite password manager, the open source Bitwarden, in a self-hosted environment. It involves a fair bit of work, though – the simplest option is to install Vaultwarden in a docker environment on your file server with reverse proxy and subdomain for full functionality. Alternatively, you could employ the services of this month’s featured password tool, Buttercup (https://buttercup.pw).
Buttercup offers you the best of both worlds: you can run it as a standalone password manager, but it’s also capable of being run on a mobile device (Android or iOS) and even as a Firefox or Chrome-based browser add-on. While your desktop and browser extensions can work with a locally stored file, you have to store your vault in the cloud if you want to access it on mobile devices, but you get to choose which service to use, while your password vault is wrapped in an extra layer of 256-bit AES encryption on top of whatever encryption is applied by your storage provider.
