You might have encountered a few advertisements the past year trying to sell you a password manager. Some examples are LastPass, 1Password, or Dashlane. A password manager removes the burden of remembering the passwords for all your websites. No longer do you need to re-use passwords or use easy-to-remember passwords. Instead, you only need to remember one single password that can unlock all your other passwords for you.
Bitwarden Plug In
This can make you more secure by having one strong password instead of many weak passwords. You can also sync your passwords across devices if you have a cloud-based password manager like LastPass, 1Password, or Dashlane. Unfortunately, none of these products are open source. Luckily there are open source alternatives available.
Bitwarden Send (One-to-One Text and File Sharing) Text Sharing: Text + File Sharing: Text + File Sharing: Sync all of your devices: Shared Items-Unlimited: Secure Password Generator: Encrypted file attachments-1 GB Personal: 1 GB+ Personal 1 GB+ for Org Items: Encrypted Export: Premium Features: Upgrade Required: Bitwarden Authenticator (TOTP. Bitwarden Web Vault.
Open source password managers
These alternatives include Bitwarden, LessPass, or KeePass. Bitwarden is an open source password manager that stores all your passwords encrypted on the server, which works the same way as LastPass, 1Password, or Dashlane. LessPass is a bit different as it focuses on being a stateless password manager. This means it derives passwords based on a master password, the website, and your username rather than storing the passwords encrypted. On the other side of the spectrum there’s KeePass, a file-based password manager with a lot of flexibility with its plugins and applications.
Each of these three apps has its own downsides. Bitwarden stores everything in one place and is exposed to the web through its API and website interface. LessPass can’t store custom passwords since it’s stateless, so you need to use their derived passwords. KeePass, a file-based password manager, can’t easily sync between devices. You can utilize a cloud-storage provider together with WebDAV to get around this, but a lot of clients do not support it and you might get file conflicts if devices do not sync correctly.
This article focuses on Bitwarden.
Running an unofficial Bitwarden implementation
There is a community implementation of the server and its API called bitwarden_rs. This implementation is fully open source as it can use SQLite or MariaDB/MySQL, instead of the proprietary Microsoft SQL Server that the official server uses.
It’s important to recognize some differences exist between the official and the unofficial version. For instance, the official server has been audited by a third-party, whereas the unofficial one hasn’t. When it comes to implementations, the unofficial version lacks email confirmation and support for two-factor authentication using Duo or email codes.
Let’s get started running the server with SELinux in mind. Following the documentation for bitwarden_rs you can construct a Podman command as follows:
This downloads the bitwarden_rs image and runs it in a user container under the user’s namespace. It uses a port above 1024 so that non-root users can bind to it. It also changes the volume’s SELinux context with :Z to prevent permission issues with read-write on /data.
If you host this under a domain, it’s recommended to put this server under a reverse proxy with Apache or Nginx. That way you can use port 80 and 443 which points to the container’s 8080 port without running the container as root.
Running under systemd
Bitwarden Portable Usb
With Bitwarden now running, you probably want to keep it that way. Next, create a unit file that keeps the container running, automatically restarts if it doesn’t respond, and starts running after a system restart. Create this file as /etc/systemd/system/bitwarden.service:
Now, enable and start it using sudo:
Success! Bitwarden is now running under system and will keep running.
Adding LetsEncrypt
It’s strongly recommended to run your Bitwarden instance through an encrypted channel with something like LetsEncrypt if you have a domain. Certbot is a bot that creates LetsEncrypt certificates for us, and they have a guide for doing this through Fedora.
After you generate a certificate, you can follow the bitwarden_rs guide about HTTPS. Just remember to append :Z to the LetsEncrypt volume to handle permissions while not changing the port.
Photo by CMDR Shane on Unsplash.
Most of the Password Manager tools available to download offer at least one plan free of cost. However, in case you don’t want to pay for their paid plans and need full control over your data, there are a few best open-source password managers to install and use. They are not just limited to one platform only, we can use them on Windows, Linux, macOS, Android, or iOS without paying any penny.
When everything is almost moving towards online, we are performing more and more registrations to subscribe to various services whether it is Netflix or Banking. Thus, everyone can’t remember all passwords they have used to signup unless they use a similar kind of password. However, using the same password for all the crucial online services will make the user more prone to get hacked. Therefore, it is necessary to use some password manager that helps us to manage our credentials securely while we just focus on our work rather than remembering them.
Are open-source password managers safe?
Yes, of course, one can trust reputable and regularly updated open-source projects such as KeePass, Bitwarden, and Passbolt. Moreover, if you are using the self-hosted option of open-source password manager then all your data will be with you only. Well, the setup complexity will be there. And if one is still worried about safety, then think about the paid options where everything is in the control of some third party. If they want they can spy on someone’s data, however, this has not happened so far with any of the popular paid or premium solutions. Thus, yes, the open-source password managers are secure. Furthermore, community support of an active project mitigates the chances of loopholes.
Let’s have a look at some top security-focused open-source tools to manage passwords, not to use in only 2020 but also for the upcoming 2021.
Contents
1. Bitwarden– Open Source
Bitwarden is one of the best open-source password managers that can easily compete with other propriety software in this category. You can consider it a good alternative to LastPass in the free and open-source group.
The best thing about this tool is its wide range of support to various platforms such as Windows 10/8/7, macOS, Linux; as a browser extension to Chrome, Opera, Tor, Firefox, Brave, Vivaldi, Edge, and Safari. Including a web version to use directly on any web browser to manage stored data. Furthermore, as most of the time, we use our smartphones for web browsing, thus, the BitWarden is also available as an app for Android and iOS platforms.
When we talk about storing data it is not just limited to only passwords, the user can save their Credit cards and other important identification documents along with secure notes. Moreover, there is no limit on storage items.
Well, teams or enterprises having technical sound people can set up their own server to host Bitwarden for syncing and storing items.
However, if you are using the Bitwarden cloud server, then Encrypted file storage will not be there in free to use plan. Here are some important features available in the Bitwarden password manager – Secure Password Generator, Two-step login, Cloud host, Self-host option, Sync all of the devices and item storage (Logins, Notes, Cards, Identities).
Whereas those want some extra advanced features such as 2FA, YubiKey, U2F, Duo; Vault health reports, Priority support, Encrypted file storage, and more… They can go for paid plans. Here is this open-source password manager GitHub page link. Also, learn how to install Bitwarden on Linux or use it as Browser Extension.
2. Passbolt
If you are looking for a self-hosted open-source password managerGitHub project for your Team, then try out Passbolt.
In case you don’t want to set up your own server to host this project, the Passbolt cloud option is there. However, that is a paid one, and a user has to bear a cost of 9 Euros per 3 users. So, basically, the cloud option is for those looking for an enterprise password management solution.
14 days trial option is available for Cloud-hosted Passbolt.
Well, coming back to the open-source version which is the main topic of this article. It is completely free and offers password management, users and group management, Granular password sharing, Import/export (CSV, Xls, kdbx), browser extensions & CLI; Open API; Installation scripts, docker container, and Community support.
It is licensed under APGL and the user can integrate it in Browser using an extension or extend it further using JSON API. The biggest benefit is all your Teams’ secret data will be on your own server not in some third party’s.
3. KeePass Password Safe
KeePass Password is another offline Password Manager that stores all your data on the local machine or remote server that you have chosen to do that while installing it. In terms of the device, it is a bit restricted as compared to the other two open-source password solutions mentioned above. Also, syncing between multiple devices will not be there out of the box, however, the user can add that with the help of KeePass plugins such as KeeCloud, KeeAnyWhere, KeePassSync, KeeGoogleSync, and more… Also, whatever the credential you save on it will remain on your local machine.
The interface of KeePass is quite classic and one can easily understand its working. It is available for Windows 10/8/7 and servers. Furthermore, the portable version of KeePass can add further security, just put it in the USB drive and only plug it into the Windows system where you want to access the credential, bank details, or other information.
Being one of the oldest open-source password manager projects, it supports a wide range of formats to import and export passwords. Even from various popular freemium solutions such as Dashlane and LastPass. To extend its functionality, a wide range of plugins are available for Backup, Synchronization, Import & Export, Cryptography & Key Providers, Automation & Scripting, and more.
Although officially it is available for Desktop OS, being open source there are fork versions are also available for Android and iOS smartphones & tablets.
We can install KeePass 2 on Ubuntu with just one single command. To use it on Web browsers, KeeWeb is available.
Few key features Strong Security (Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm), Multiple User Keys; Export To TXT, HTML, XML and CSV Files; Easy Database Transfer; Intuitive and Secure Clipboard Handling; Strong Random Password Generator; Auto-Type, Global Auto-Type Hot Key; Drag&Drop and more…
4. PSONO– Self-hosted solution for teams
PSONO is a multi-level encryption password manager with enterprise features. It offers a true end to end encryption for password sharing, followed by SSL and storage encryption. PSONO uses Curve25519 and Salsa2with the help of NaCl “Networking and Cryptography library”.
The software is written in Python and just like Passbolt, the users easily install it on their own servers or cloud. The source code of the password manager is available at GitLab.
To access the server, the user can use the various PSONO clients such as Web client, Android, and browser extensions for Chrome & Firefox. Dedicated Docker images for quick setup of PSOSN is also available.
If we talk about the available versions of PSONO, there are three- Community version, Enterprise Edition limited, and Enterprise Edition for big companies.
Community and Enterprise Edition limited versions are available to use free of cost. The EE limited edition which is meant to use free of cost for the small teams comes with some extra features such as LDAP & SAML SSO, Audit Logging, Compact Enforcement, and Basic support but with a restriction of 10 users.
Those who are interested in Enterprise Edition for big companies, they have to pay 2 euro per month (billed manually); suitable for Teams with a minimum, 25 users.
Well, if you are a startup and have a developer team then it would be not very much difficult to adapt and make the PSONO to full fill the password managing demands.
Nevertheless, if you are an individual or small team and don’t want to set up your own server then it is possible to use the PSOSON server to save passwords. For that just like any other password management provider service, the user has to register on the official website.
5. Padloc– Password Manager
Padloc is also a Githubpassword manager project that can be installed by the user on their own premises. However, they also provide their own cloud service with various plans, like Bitwarden they also offer a free plan but with some limitations which is it can store up to 50 passwords, credit cards, and other items up to 2 connected devices. If you want more than that on the developer’s cloud then you have to go for Premium, Family, Team, or business plans.
The client apps for the Padloc server are available for Windows, macOS, Linux, Android, iOS along with an extension for Google Chrome and Firefox.
Closing thoughts on Best Open-Source Password Managers
Those days are gone when open-source projects were not enough capable to compete with proprietary services. Now, we can easily compare them with some well-known services such as Dashlane and Lastpass. The benefit of using an open-source software manager is transparency, we can audit the source code and even can modify it as per our requirements, and above that the community support. Yes, indeed when it comes to the self-hosting of such projects then setup complications would be there especially for those who don’t have a technical background.
Open-source password managers also use complex encryption algorithms along with multi-step authentication tools to offers high security. So, any startup or enterprise that wants to host all credentials on their own server can use them.