One downside is that i’ll have no more passkeys. The vault syncing, i can do via SyncThing.
Why not Bitwarden?
It really depend on your threat model, Proton Pass is fine. Of course a self-hosted or local solution will be more privacy friendly but at the cost of being responsable for security and good backups (3,2 1 rule).
There is no black or white regarding privacy. You want to ask yourself what you want to protect from and is the investment worth being sovereign ?
Wdym by “threat model” ?
I have used KeePassXC for years. I also use Syncthing which syncs files via my wifi for all devices, including KeePass.
I use KeepassXC on my computer and Keepass2Android on my phone. Passkeys work fine and are synchronized across my Synology.
I know it’s not your question, but have you checked out Bitwarden or the alternative Selfhosted Vaultwarden. Bitwarden supports passkeys and vault syncing, and if you are offline you can still access your vault.
https://bitwarden.com/passwordless-passkeys/
Bitwarden also released a AIO selfhosted docker image, but last I checked it’s still not in “official release” status.
I think proton is the most blocked by governments group of services in the entire world. To have a backup in .kbdx file sounds at least like a good idea.
Do both local and cloud backup using keepass or keepassxc, use dropbox or g drive, or private cloud. The .kdbx file is already encrypted when at rest.
I can’t daily drive both.
What do you mean daily drive both? You can just upload the keepass file to Dropbox and gdrive, its encrypted in the unlikely event of a security breach
I’ve been using Strongbox since 1Password switched to subscription only and it’s been good. It’s based on Keepass and supports all the normal password manager stuff (TOTP, passkeys, etc):
https://strongboxsafe.com/personal/
I use the desktop and mobile apps, and keep my vault stored in my iCloud account so everything is always synced real time without relying on a third party cloud (yes, I know I’m still relying on Apple for that).
KeePass then you have your own file instead of relying on a third party. And you are free to sync it how you wish , syncthing is great . I left proton earlier since I don’t trust them , but never used the proton pass at all.
There have been too many data breaches from cloud-based services to trust another one. I have a Proton account for email and online storage, but I won’t use their password service because it’s cloud based.
https://blog.lastpass.com/posts/notice-of-recent-security-incident
Lastpass leaked their password database in 2022, and bad actors are still using it to access peoples files, stealing passwords and hundreds of thousands of dollars in crypto.
DON’T trust anything important to cloud-based storage or services. Use Keepass. Use Syncthing if you need to keep the database on multiple devices.
(I see other comments using Dropbox. Dropbox = cloud. Don’t store anything security related in the cloud.)
Isn’t protonpass E2EE?
So was LastPass. But when they’re source code leaked, turned out their encryption method was crappy. Just because something is encrypted doesn’t mean that it’s safe.
The key is that proton pass and bit warden and keypass are open source and have all passed independent security audits.
