Hello everybody,
I’m looking for a password manager that I can share with the three other associates in my company. I often hear people around here talk about KeePass and Bitwarden, but I found several different options for each and I’m not sure how to choose. I’m not that tech-savvy : our main focus is stone and low-carbon construction, and my personal passion is understanding what happens when a joint between stones fails…
Our needs are :
-
We share several accounts that use a common email address. When a password is changed, it needs to be updated automatically for everyone.
-
We also have individual accounts. It’s not an issue if other associates can see those passwords, as they’re strictly for professional use.
-
We need the passwords to be synchronized across devices, so we’re willing to pay for a suitable solution.
Any help is welcome !
Edit :
First, thanks for all the answers.
After reading all the contributions I realised that for the moment we need something that works out of the box as we don’t have a freelancer to help us anymore. When we find one we will consider changing the password manager, and many other things !
I will try to make a table with the pro and cons of the various solutions I will study from now on and to post it here.
So with all the insights my new criteria are :
- various vaults (one shared, and individual ones),
- Probably european,
- Low maintenance : works out of the box, synchronised by the provider (for the moment)
again, thanks a lot. I’ll keep you updated
Edit 2 :
I made a comparison table of the solutions hosted by the provider analysed so far :
| Name | Proton Pass | 1Password | Padloc | Bitwarden | Dashlane | Passbolt |
|---|---|---|---|---|---|---|
| Essentials | Business | Team | Team | business | ||
| Shared vault | Yes | Yes | Yes | Yes | Yes | Yes |
| Company location | Switzerland | Canada | Germany | US | France | Luxembourg |
| Company server provider | Proton | Amazon | DigitalOcean | Microsoft Azure | Amazon | GCP (google) |
| Open source | Yes | Not clear | Yes | Yes | Partially | yes |
| Linux client | Yes | Yes | Yes | Yes | No | yes |
| Price / user | 4.99 € | 6.99 € | 3.49 € | 4.00 € | 6.00 € | 4.5€ |
To be clear, I don’t use linux… yet. But I will probably not use it at work before a long time
Edit 3 : I updated the table with passbolt.
Passbolt enterprise is hosted in their own server, but the business version is hosted by google
You can look into VaultWarden,
an open source self-hostable fork of BitWarden.https://github.com/dani-garcia/vaultwarden
There are also free community instances available which you can use, however then you will depend on them for reliable uptime and security.
I looked into VaultWarden recently, and I would be hesitant to use it for a business. In the latest release, you cannot create an organization because of a bug in the web ui (https://github.com/dani-garcia/vaultwarden/issues/6638), and the fix has not been released because their build pipeline is broken (https://github.com/dani-garcia/bw_web_builds/pull/224). I get it is the holiday break, but hosting it seems to require some hands-on maintenance.
I use this it works great for my entire home network and it has a mobile app meaning I can use the same passwords across all my devices. But boy do I have the nagging feeling im going to lose all my passwords one day somehow.
We use 1Password for exactly this. It has team vaults, and supports MFAs, mobile, browser, desktop, etc. been very happy with it for last few years.
Thanks, I didn’t know about this one.
Do you know how they are on the moral side? The solution doesn’t seem open source, but I guess there are others things to look at.
Can’t say on that one. For us it was a matter of features and price- it’s pretty reasonable and very well supported. I can understand your other considerations, they just weren’t #1 for our team.
I vote for bitwarden. I’ve used it for years and think its one of the best password managers.
At my work we use roboform. Its functional and not a bad choice, but bitwarden is better IMO.
I think Bitwarden withorganizations will fit your needs.
Thanks. The difference between the 2 enterprise offers is unclear to me. I sent them a mail.
I use keepass and put the database on a free dropbox account so it syncs with everyone who uses it and then back it up to the work server.
It takes like 2 min to set up.
Doesn’t that mean everyone has admin access to the full database and all accounts? You’re putting full trust in everyone that no one will make a mistake, or purposefully sabotage the db or accounts.
We also have individual accounts. It’s not an issue if other associates can see those passwords, as they’re strictly for professional use.
Individual accounts should not be accessible by others. Especially things like email, someone can abuse that really bad. You also have to trust that everyone with access to not share the data with everyone else, because at some point their going to stay logged in somewhere. Or they will give the password to someone because its easier than signing them in all the time.
Philosophically yes, but it’s not always avoidable. Where I am a small business owner has to work with numerous dysfunctional government agencies, banks and other institutions that are all stuck in the 1990s from a security point of view. And managing the shared secrets isn’t nearly as painful as trying to deal with the godwawful SMS based 2FA that they all force on you.
Ehm how about everyone has their own outlook business account and then y’all just share an alias? Or just use forwarding or sth?
Sorry, I wasn’t as clear as I thought… I’m not suggesting they all share their individual email accounts. I’m saying that the need to share login credentials for all sorts of online accounts is pretty common and hard to fully avoid. Aliases work fine for that sort of thing, but you are still sharing credentials to a common account, and it’s still a massive PITA for 2FA.
Well… We also have some bad practices that I need to fix. For some providers, the login is one of our email addresses and everyone uses it. We also share email accounts but we were not really meticulous so far… I’ll change that.
So we need a password manager with shared vaults as well as individual vaults.
I use bitwarden. My non techi family has also embraced it. I thinknits quote good and reasonably priced.
I’ve used Dashlane and 1password in the past, and I prefer Bitwarden. But probably several commercial options get it done.
I’m not sure keepass will deliver the works everywhere simplicity you probably need.
If you’re not opposed to something hosted outside of your control, 1Password is pretty good. Syncs across devices, has user management, vaults can be shared with other users, and it’s available everywhere.Never mind, this is the privacy community. I don’t think 1Password fits if you want a self hosted solution.
You’re correct, 1pass fits all of the criteria but not the community!
Well it seems I screwed up on this end : after reading all the comments here I think we’ll chose something hosted by the provider : We don’t have much time to invest in the issue, and we are not very competent if the thing needs maintenance.
For the past 8 years a friend of mine used to help me with technical stuff as a freelance, but he found a full time job recently and I haven’t found/looked for a replacement yet.
I have just the thing:
Just dropping in to say that 1. your job sounds awesome, have always been low key fascinated with natural building techniques myself, and this sounds similar. And 2., I am currently solving this problem with a spreadsheet at my job, and have been mumbling about a real password manager for quite a while, so I will make use of your findings :)
Hi, hope the table will help you. A good part of my job is fascinating right now, but it’s still a job, and there’s a lot of stress due to logistics and delays. Our main focus is finding a way to build today at a reasonable cost using materials from a time when wasting energy was not the norm. Because of that, we work on many projects using stone and try to find solutions that make stone construction cheaper and adapted to modern needs. Stone is indeed a natural material, but we use it with a very industrial approach: the larger the stone blocks, the less expensive the installation on site. Of course, even though this occupies our thoughts, most of the time we are doing common work for the renovation of old buildings (in the best cases) or sometimes uninteresting new buildings.
Passbolt might be a good fit. https://www.passbolt.com/
Thanks, it’s almost perfect. I’ve added it to the table. The only drawbacks are that the business version is hosted by Google, and that even though Luxembourg is in the EU, it’s still considered something of a tax haven… but so are the swiss alternatives like proton…
Dashlane is my favorite
Here are some password managers that are either based in Europe or are Open Source: https://buy-european.net/en/category/password-managers
Thanks, I forgot to mention this, but I’d feel much more comfortable with something that cannot be forced to send my data to the US (I’m in Europe). Unfortunately, the best options mentioned so far in this thread are not based in Europe, but I’ll look into this list.
Do you mean the us government or just into us jurisdiction?
I’m pretty sure that even with a service based in another European nation whose servers are in that nation you couldn’t rely on either…
You are certainly correct.
For now we are looking for a solution that works out of the box as we don’t have time and energy for maintenance, but I realise this has drawbacks.
As I said elsewhere for the past 8 years a friend of mine used to help me with technical stuff as a freelance, but he found a full time job recently and I haven’t found/looked for a replacement yet. When I do I’ll consider self hosting the password manager.
Oh I wouldn’t self host that, all I was trying to do was examine what business or compliance reason you might have for wanting to stay out of servers in us jurisdiction or not use a service that might be subject to us laws.
Oh ok. In fact the reason I’d prefer it to be in the EU is more a “the US and its tech is in a downward autoritarian spiral so the less service I have there the better” thing. It’s more a moral stance than a practical thought. But of course my country is in the same spiral (a few years late) and my mother’s family is from another EU country that went to shit a while ago…
If it’s simply putting your money where your mouth is then that’s perfectly good.
If you’re worried about being in the crosshairs of that intelligence apparatus it would be good to limit what information stays outside the encrypted vault of whatever password manager you choose no matter where the service is based or servers are located.
The mullvad port forwarding takedown is a great example of legal denial of service if you’re wondering to what extent these different agencies collaborate across oceans and borders.
