cross-posted from: https://infosec.pub/post/42164102
Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…



How do you recommend people sync between devices? What about devices that, for security reasons, do not allow flash drives or any external device to be plugged in?
Syncthing is great for syncing things like keepass dbs
Works on iOS?
There is Synctrain and Möbius Sync. They are not perfect due to iOS restrictions on apps running in the background, but they work well enough as long as I occasionally open them to make sure they sync.
KeePass features a built-in synchronization mechanism. I store my password file on google drive for ease of access on multiple devices. I set up triggers (on save, on custom button) to sync between the local copy and the cloud copy, using this guide: https://keepass.info/help/kb/trigger_examples.html#dbsync
Not a turnkey solution, but once setup it works like a charm.
Sadly this functionality is not included in KeepassXC, so I continue to use the original Keepass for this reason, but I agree, my setup is the same and I’m very happy with it.
I have my keepass file in a samba share on my raspberry pi running wireguard. But it’s easier just using nextcloud. Anyway, the file is encrypted.
At that point, why bother with the setup of samba shares and nextcloud or syncthing or whatever else and not use VaultWarden with its built in sync over WireGuard/TailScale?
deleted by creator
So, absolutely no difference in security compared to having a properly secured self-hosted VaultWarden instance. Gotcha.
deleted by creator