Recommended password manager

I have been using KeePass2Android for a couple of years and it has never let me down. I use Keepass on Linux Desktop and Windows Desktop too.

How does everyone sync there kee file. I assume nextcloud has a app for windows and mac that you can sync with e cloud.

You can use the official Nextcloud client or rclone.


I have been using KeepassXC, and the various compatible plugins and apps for password management. However I became tired of the bugs. When the plugin fails to insert the full password into a login then its not working.

So looking for alternatives I am tending towards Enpass and Bitwarden. Both cover the full range of systems (I need Android and iOS, Linux Mac and Windows coverage). They have both been independently audited, and seem to be actively supported. They both support TOTP (which I would like to have). The pros/cons I see are:

Enpass: Passwords stored off line, using any of a range of cloud servers to sync passwords. It is possible to set-up multiple field logins (e.g. my airline frequent flier needs member number, name and password to log in). Exodus lists no trackers. However it is closed source.

Bitwarden: Open source. However passwords stored on their server, and a hashed master password is also stored there (this is the main concern for me), also according to Exodus the app has trackers.

As many here are well tuned in to privacy / security I would appreciate any thoughts or comments.

In Keepass, under settings > auto-type, you can increase start and typing delay. I had the same issue you described occasionally and updating these values a little bit solved it while still making logging in fast and easy for me.

Other than that, I have only used Bitwarden. It’s easy to use and sync but still prefer Keepass for the same concerns as you.

1 Like

Bitwarden had an security audit in 2018. This crowdfunded audit has shown no major issues.

Some other sources state the developers have patched most of the non critical issues immediately.


I recommend Bitwarden to anyone, for the less technical its super easy to setup for them (hosted) and for more tech minded + your main concerns can easily be fixed by self-hosting it. Also if you get the app from either IzzyOnDroid or Official Bitwarden F-droid repo’s it contains Zero trackers :grin:

1 Like

What about exporting Bitwarden’s database into other password managers? In the case of Keepass, I can be sure that my existing keychain is compatible with dozens of managers that implement the same .kdbx format.

Thank you for the replies so far.

@b3pio Thanks for pointing out the tracker free versions for Android. I still need to use iOS as well so that still has trackers. As for self hosting, I don’t have the time to run self hosting with adequate security monitoring.

@e.follower I am testing both enpass and bitwarden and had no issues transferring between them. In fact keypass is the most difficult to import into as it does not have “presets” for importing from elsewhere.

Why do i need an account? i want less accounts. So no-go for me.

You may well discover that Bitwarden is the one account you actually need…I even use it as a bookmark keeper, and have cleared all my browsers bookmark links, reducing yet again the amount of data inadvertently shared and tracked. I also enjoy how I can walk up to any safe computer, and access my Bitwarden on web without downloading any app. Cheers!

1 Like

Well it appears BOTH Enpass and Bitwarden are off the list. I started testing both using a desktop, then decided I should try the mobile app to see if that influences my decision. This is where the trouble started!

Enpass: To use on a mobile need to get a license. I don’t object to that but it uses Google Play store to make the purchase. There is someone on the Enpass forums trying to use it with /e/ and having issues. Enpass uses the email address to identify who is registered but it may need play store to confirm that you are the purchaser. I will have to see how it evolves, but not looking good.

BitWarden: I went to Izzy on Droid to get the tracker free version and found that it relies on Google Mobile Services. So not really tracker free.

At the moment I am looking at going back to KeePass unless someone can suggest something which works well across all platforms and is tracker and Google free.

1 Like

Funny, I’m using bitwarden on a pixel 2xl with grapheneOS (so no google services or gapps and also no microg) and it runs without issue. Can you show me where its relying on g-services? I tried wireshark my network to find something… and nothing?

If you go to the Izzy on Droid website and search for BitWarden. On there click “Details”. It lists that there is a non-free dependency. Click on “15 Libraries detected” near the bottom of the page. This lists one of the libraries as “Google Mobile Services” in bold font. You can also click on the small “i” information symbol and part of that text states: “Be aware this usually goes along with transferring at least parts of your personal data to the Google network.”

To me this is a “I am not installing this on my device” situation.

According to the full description:

Google Mobile ServicesⒹ (Development Framework)

Google Mobile Services in terms of the Android library refers to Google Play Services, a proprietary background service and API package for Android devices which is not part of the Android Open Source Project (AOSP). The library does not contain those services (i.e. it usually requires the Google Framework, often referred to as „GApps“, being installed on the device), but allows an app to communicate with them. Be aware this usually goes along with transferring at least parts of your personal data to the Google network.

So, sounds to me that the library is of no use if Play Services are not installed. At the same time it very well may be used, for whatever reason, if microG is in use and offers that service. So b3pio is okay on his setup but we may not be.

1 Like

Have you tried Keepass2Android? I haven’t had any issues with it in the few years I’ve been running it, other than sync issues against a Nextcloud server that were resolved by moving my password database elsewhere (a basic nginx WebDAV directory with password protection).

@marcdw Yes that would explain why b3pio is not seeing any activity but it carries a warning.

@salfter My issues have been at the desktop level which is my main use of passwords. I found that a fresh install in windows fixed most (possibly all) issues on that desktop. Will need to do some investigation on the Mac.

The problem, on Linux anyway, is not on Keepassxc’s side. One mustn’t use ‘sloppy’ window selection. It must be set to ‘click’. Otherwise there’s no way for Keepassxc to know where to paste on ‘Ctrl-Sh-v’.
As suggested below Keepass2Android uses the same encrypted database. I go back and forth all the time… like now in order to login to reply here.

I am also using Keepass2 on my Samsung SIII with /e/ installed, it takes getting used to on the mobile but works well. The secret for me was to sync to the .kdbx file on my Nextcloud, when installing.

How do you do that? just to know the amount of effort, if one day I decide to move from Lastpass that I like but is not open-source