security-checklist
security-checklist copied to clipboard
brianlovin
Password manager: KeePass(XC/D/…)
Is actually open-source compared to things like 1Password and does not have the security problems of web applications.
- for Windows/Linux/MacOS: https://keepassxc.org/
- for Android (Google Play & F-Droid): https://github.com/Kunzisoft/KeePassDX
- iOS: MiniKeePass: https://itunes.apple.com/us/app/minikeepass/id451661808
- website: https://keeweb.info/ (can also be integrated/self-hosted, e.g. with Nextcloud)
- (as open-source, many other integrations, such as legacy keepass that only runs on Windows though)
So I'm pretty sure this is the iOS one: MiniKeePass
This is a fork with Ads, $0.99 In App Purchase to remove Ads, and Dropbox Sync (I used it myself for awhile works great): KeePass Touch
However, there's some controversy over GPL violations with KeePass Touch: https://github.com/MiniKeePass/MiniKeePass/issues/606
It's not open source but I recommend KyPass because you can two way sync with a vault saved to Dropbox or Google Drive: https://itunes.apple.com/us/app/kypass-4-password-manager/id1258708743
While I appreciate the spirit of KeePass, I think we need to make a call about how approachable this is for a non-technical user. In general I'm trying to skew Security Checklist to be as beginner-friendly as possible. Looking through these links, KP feels like a more advanced use tool.
For example, this is the download section:
What exactly is wrong about the download section? Just looks as any other download of a tool you'd find online.
Agree with @brianlovin "Binary bundle" should just be "Download". Most people won't know what most of the terms on this page are for: Binary Bundle, Homebrew Cask, PGP signature, SHA-256 digest
@brianjking @jgallias Feel free to suggest this here: https://github.com/keepassxreboot/keepassxreboot.github.io
Comparison of 1Password's UI. Not saying Kee's isn't possible to figure out, it's just not approachable.
So it is really only the download button? Come 'on…
That said, they have their reasons for that layout, e.g. providing these homebrew cask packages, which you cannot get for 1Password.
Also, as said, this thing can be easily™ fixed, it may e.g. just need one "recommend (big button) download". So better judge the application's itself, not some website.
So it is really only the download button? Come 'on…
The experience that they decided on informs us how they think of their target audience and their consideration for usability. So yes, it's a big deal and we can learn quite a bit about products based on how they help people onboard during step 0 of the flow.
OK, I submitted a new issue to keepassxc as suggested to improve the language and layout of the download buttons for macOS and Windows: https://github.com/keepassxreboot/keepassxreboot.github.io/issues/48
Yes, UX and usability should be part of our considerations when recommending something or not. Maybe it shouldn't be a deal-breaker, but that doesn't make the concern invalid, trivial, or a waste of time.
Hi you might want to check out Bitwarden, a free and open source app which is actually easy to figure out, even for beginners
I have replaced iCloud Keychain with Bitwarden Works like a charm
https://bitwarden.com
