• Allero@lemmy.today
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Because we only know what the client does, and have no clue on the server side of things, allowing Proton to do any manipulations with the data. Not ideal when you consider it for password storage.

          • Allero@lemmy.today
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            7 months ago

            Because non-obvious backdoors can be added to the client that break or circumvent encryption (looking at you, xz), stealing all of your passwords, and no one will be able to raise the alarm just by looking at the server code.

            Open-source backend allows to generally avoid this situation, while also potentially rendering you able to self-host if you’re paranoid.

            • refalo@programming.dev
              link
              fedilink
              arrow-up
              1
              ·
              7 months ago

              and you can control that

              Sorry, I meant “assuming one has complete control over the client source” where the remote cannot just change it on you.

              • Allero@lemmy.today
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                7 months ago

                I mean they can make a sneaky update to the client that introduces such changes.

                Sure, if you won’t update your client, this won’t affect you, but would potentially open you up to other security vulnerabilities.

                • refalo@programming.dev
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  edit-2
                  7 months ago

                  This was a real concern with MEGA back in the day (after Kim said you should no longer trust them) and a big reason why I prefer to use standalone client apps that I can control the source of.

  • ErilElidor@feddit.de
    link
    fedilink
    arrow-up
    59
    arrow-down
    1
    ·
    7 months ago

    Just give me a Linux client for proton drive please. I’m tired of manually uploading/downloading files 😐

  • /home/pineapplelover@lemm.ee
    link
    fedilink
    arrow-up
    49
    arrow-down
    2
    ·
    7 months ago

    I’ll still stick with bitwarden, but if I were to introduce someone very tech illiterate, I would probably recommend proton

    • cordlesslamp@lemmy.today
      link
      fedilink
      arrow-up
      19
      arrow-down
      3
      ·
      edit-2
      7 months ago

      I’m tech illiterate and been using Bitwarden for 3 years (premium), and honestly it doesn’t work very well on Android. Every time I need to enter a password, it’s completely hit-or-miss with Bitwarden. Half of the time it doesn’t even pop up. I’m using Xiaomi phone and tablet with stock rom (global version).

      Should I switch to Proton?

        • cordlesslamp@lemmy.today
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          Wow thanks, I have no idea. That’s great news. I’ll definitely wait for the native app. But in the meantime I’ll try out Proton as a “backup” just in case something bad happens to Bitwarden or my personal vault.

      • Doubletwist@lemmy.world
        link
        fedilink
        arrow-up
        10
        ·
        7 months ago

        I have the same issue with Keepass2Android. I think the issue is with Android itself rather than the password app.

      • /home/pineapplelover@lemm.ee
        link
        fedilink
        arrow-up
        8
        ·
        7 months ago

        Sometimes you have to long press on the password box and bitwarden might appear or a little “autofill” option may appear along in the 3 vertical dots pop up. Most of the time, Bitwarden auto pops up for me.

        I feel like if you’re already using Bitwarden and you’re talking to us on Lemmy, you’re not tech illiterate.

      • misc@lemmy.sdf.org
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        7 months ago

        Try the free version and switch to premium if you like it better than bitwarden.

        • cordlesslamp@lemmy.today
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          In terms of “Free version”, what would be better? What would you recommend if I were to use one as Premium (daily use) and the other as Free (for backup purpose)?

          • misc@lemmy.sdf.org
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            Idk its up to you really try both out and go with what you like and buy a premium for what you decide to use daily .

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        7 months ago

        Same problem on 1password.

        As a mobile developer I can tell you that working with Android keyboards has been a giant fucking pain in ass since inception to today.

        While I can’t speak specifically to why they both seem to have this problem, I wouldn’t be surprised if the OS is part of the problem.

        I wouldn’t be shocked that if someone had it working consistently, it might be because of the most heinous hacks, or private greylisted APIs or some other nonsense.

  • jelloeater - Ops Mgr@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    7 months ago

    I’ll take KeepassXC and KeepassDX + SyncThing, just works and I don’t have to ever rely on someone else for my most sensitive data.

    • Dyskolos@lemmy.zip
      link
      fedilink
      arrow-up
      5
      ·
      7 months ago

      This. At least until i find a better solution than syncthing. But keepass(xc) all the way.

        • Dyskolos@lemmy.zip
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          7 months ago

          Problem is, i want to exclude third parties. I’d prefer a direct heavily encrypted connection directly to my server. Definitely not a cloud somewhere, especially not google & co.

          Nextcloud is way too blown up and vulnerable for me. I really only need file-synching. Got servers working for the other stuff like caldav.

          • qpsLCV5@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            i use Termux and just scp/rsync my stuff around.

            ideallyi’d use Unison sync inside termux, but it hasnt been packaged and i dont know the first thing about ocaml, so it’d be hard for me to make the needed adjustments to package it.

            • Dyskolos@lemmy.zip
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              Termux/Rsync is nice and all, but not really a comfy fire’n’forget-solution like syncthing.

              And today i heard the first time of unison sync. So i have no opinion at all here, but thanks for the hint.

    • barbara@lemmy.ml
      link
      fedilink
      arrow-up
      25
      ·
      edit-2
      7 months ago

      When it launched the apps were more modern than bitwarden. If bitwarden hasn’t improved since, then it’s still the same

          • Lad@reddthat.com
            link
            fedilink
            arrow-up
            5
            ·
            7 months ago

            Bitwarden is excellent but i have a few nitpicks on Android.

            I wish I could change the “Username” field to “Email address” because it kind of annoys me having email addresses under usernames. I’d also like to add things to favourites or folders without having to go into edit mode on every entry individually. Same with adding notes. The app has trouble following the system theme and doesn’t always autofill reliably for me, meaning I sometimes have to go into the app and copy/paste my passwords manually.

            Other than that, the UI is just a bit ugly compared to some other password managers,

            • ayaya@lemdro.id
              link
              fedilink
              English
              arrow-up
              8
              ·
              7 months ago

              Try Keyguard, it is open source and much nicer than the regular Bitwarden app. Do not use the version from the Play Store though, get it directly from Github.

                • ayaya@lemdro.id
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 months ago

                  I did not realize that. That explains why it’s not on F-Droid. Really unfortunate but at least it can still be publicly audited.

              • kratoz29@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                7 months ago

                Huh, this is the first time I heard about this, thanks for sharing!

                Do not use the version from the Play Store though, get it directly from Github.

                Why? I use Vaultwarden with Bitwarden from the Playstore is there anything wrong with it?

                • ayaya@lemdro.id
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  7 months ago

                  The version on the Play Store requires a “premium” subscription for some features but the Github release gets those for free.

                • starman@programming.dev
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  7 months ago

                  There is no guarantee that play store build contains the same code as GitHub repository. Ideally you’d need to compile apps yourself.

                  But most of the time stuff like vaultwarden is trustworthy enough.

        • JackGreenEarth@lemm.ee
          link
          fedilink
          English
          arrow-up
          22
          ·
          7 months ago

          Weren’t they planning to change it from Microsoft’s Android UI, it’s just taking a while, as they have to rebuilt it from scratch? I thought I saw something about that.

        • Apollo2323@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          21
          arrow-down
          6
          ·
          7 months ago

          There is nothing wrong with it. Why people always want things to be changing? What really important feature are you missing?

            • hackitfast@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              Looks like everything is essentially in the same spot UI wise, but with a native application that hopefully gets moving a lot faster.

              I’ve noticed that currently on Bitwarden, for auto fill it takes 6-7 seconds just to get authenticated with fingerprint and fill in the username and password field. That should hopefully be down to like 2 or 3 seconds.

          • xionzui@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            A few for me:

            • Automatically updating entries with app or URL information if they didn’t match and you had to manually search for them. You have to copy the URL, leave the browser, open the app, search for the entry again, and manually add the URL in the current version.
            • Better defaults in the app like which group you log in to or which collection new entries are added to. Keeping all your entries added to a shared collection is a constant chore right now.
            • Better keyboard functionality. It’s basically impossible to navigate with a keyboard on PC right now. Keepass has a global auto type hotkey which made it so you hardly even had to open the app.
    • Friend of DeSoto@startrek.website
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      I don’t think protonpass has auto fill even on browser extension.

      Or maybe I’m too stupid to figure it out. I ran side by side against bitwarden which I love. Could not figure out a way that didn’t make me manually c/p the creds.

    • ReakDuck@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      I use both and am afraid that I will lose the passwords in Proton Pass as Its a service they can restrict me of.

      I should startto copy some accountd that I dont have yet in keepass but keepass is still the master holder

      • IllNess@infosec.pub
        link
        fedilink
        arrow-up
        4
        ·
        7 months ago

        I’m not really sure what happens if Proton bans your account for any reason but Proton Pass does have offline access. I assume if you turn off internet access, you can still get all your passwords.

        • circular@lemmy.ml
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          Bitwarden has a really nice CLI that lets you backup your vault easily. I personally run bw export --format json --raw every few week so if for some reason I lose the “cloud” access, I can still migrate to self hosted or a different password manager. (Or you may choose to self-host to begin with)

          • ReakDuck@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            The danger with self hosting is that police can always steal everything from you.

            Felt weird hearing story of my ex that the german customs office just stole their Laptop and Phone. She couldn’t show me pictures and she hadn’t any backups or smth.

            I am afraid this could happen to me too when they suspect something but are wrong at the end. At the entire time I will not have access to my drives of my server and maybe they accidentally break them. Not sure if they will believe me that its a raid 1, I can imagine them stealing everything without questioning.

              • ReakDuck@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                I wonder how to comfortable sync a 2TB drive and take it with you.

                Additionally. I dont do backups. I only sync devices. Except for Phone pictures which are uploaded and deleted from the phone. I think there should be a second device that keeps data

  • Binzy_Boi@supermeter.social
    link
    fedilink
    arrow-up
    16
    ·
    7 months ago

    Neat, I’m personally gonna keep with KeepassDX, but it’s good knowing that there’s some more variety popping up in the mobile market.

    • Evotech@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      7 months ago

      Very much agree

      I use protonmail and very happy with that, so much so I pay for it.

      But I would not place my mail and all my secrets in the same spot.

  • Napain@lemmy.ml
    link
    fedilink
    arrow-up
    22
    arrow-down
    16
    ·
    7 months ago

    for the love of god use a free open source app like keepass, this is a untrustworthy company

  • Adderbox76@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    Long time Bitwarden user. Never been steered wrong. One of the few apps that I pay for premium not because I need the extra features, but because I value it enough to support the devs financially

  • peregus@lemmy.world
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    7 months ago

    They need to focus on providing quality services instead of quantity. The ProtonMail webmail is a shame: multiple selection lost if you click just outside the checkbox because that will open the email, emails that just after have been deketed reappear in the inbox and don’t get me started on the search 🤢!

    P.s. I’ve double commented because I’ve just realized that I’ve written the other comment in Italian 😆, sorry.

    • Willy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      7 months ago

      the password manager kinda sucks too. credit cards are in a category that you have to delete the name of the site you’re visiting in order to see. sometimes I question why I’m paying for the thing. lastpass was way better 10 years ago.

  • peregus@lemmy.world
    link
    fedilink
    arrow-up
    6
    arrow-down
    6
    ·
    7 months ago

    Hanno iniziato da un po’ di tempo a fornire troppi servizi, dovrebbero focalizzarsi di più a sistemare quelli che hanno. La webmail di Protonmail è un abominio: perdita di selezione multipla aprendo un’email, email che ricompaiono subito dopo averle cancellate, ricerca…stendiamo un velo pietoso!