Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Smut

macrumors newbie
Original poster
Jun 29, 2010
16
2
Hi macrumors community,

i am looking for a password manager that fullfills privacy/security related requirements:
Must:
sync via own server (e.g. webdav/ownCloud)
no cloud storage!
no account reset via cloud!
Supported OS: iOS, MacOS, Windows
strong encryption (e.g. AES masterpassword)
iOS Password AutoFill integration
Easy to use

Optional:
one time cost - no subscription
open source
Linux support


there are so many tools out there and even more blog posts -_-. Maybe the best solution is lastpass with LAN/WLAN-Server. But i think the subscription is too expensive. Maybe ill reconsider if there arent any other options.

thx for your input.
 
i am looking for a password manager that fullfills privacy/security related requirements:
Must:
sync via own server (e.g. webdav/ownCloud)
no cloud storage!
no account reset via cloud!
Supported OS: iOS, MacOS, Windows

These are conflicting requirements, privacy-security vs remote synching. If you sync via your own server when away from home that means opening up your home network for the devices to get the latest changes. Personally I wouldn't want to have to keep up on a day to day basis on all of the security issues that would be involved. Much prefer a secure provider (such as 1Password) who have tons of people who are dedicated to working on security 24x7. They are going to identify and contain new threats much faster than I would.
 
  • Like
Reactions: Mr. Heckles
These are conflicting requirements, privacy-security vs remote synching. If you sync via your own server when away from home that means opening up your home network for the devices to get the latest changes. Personally I wouldn't want to have to keep up on a day to day basis on all of the security issues that would be involved. Much prefer a secure provider (such as 1Password) who have tons of people who are dedicated to working on security 24x7. They are going to identify and contain new threats much faster than I would.
I Setup a certificate based VPN and since it is my occupation I can handle it very well. It took Dropbox 4 years to understand they lost all passwords.
with network architecture and multilayer authentication the threat can be minimized.

thx for the input so far :)
 
I wouldn't want to have to keep up on a day to day basis on all of the security issues that would be involved.

For those who handle server stuff on a regular basis, it's not much of a burden. Most of the time security updates can even be automated so there's little attention required.

Much prefer a secure provider (such as 1Password) who have tons of people who are dedicated to working on security 24x7. They are going to identify and contain new threats much faster than I would.

For most people this is the best route, for sure. But also consider that 1Password by the nature of who they are and what they do is a pretty large target. Contrast that with some random person on the Internet who has a private server only accessible via a VPN with a certificate (i.e. not much of a target because it requires a large effort to compromise for the very little gain of one person's files). In fact, if the VPN is something like OpenVPN it can be configured to not even reply to connection attempts unless they include a cryptographic signature, effectively making the server invisible on the Internet. A very small target, and difficult to find through random scans.

I Setup a certificate based VPN and since it is my occupation I can handle it very well.

👍

KeeWeb doesn't really do auto-fill for something like iOS, but it uses an open standard (KeePass) and supports a myriad of fields in addition to username and password; such as one-time passwords, notes, etc. It can work as an offline web app and it has a desktop counterpart. It supports syncing through WebDAV and a variety of other methods.

The only downside is that it runs in a web browser, which I deem to be a weak point since there always seems to be some vulnerability with those. 🤷‍♂️
 
  • Like
Reactions: HDFan
Another vote for Enpass. I am using it for like 4 years now. Reliable software, I sync through my own server (WebDAV). Has all the features I need.
 
  • Like
Reactions: Smut
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.