I am a long-standing KeePass user, but I find its browser integration and Android apps a bit ropey, and certainly harder work than a cloud-based solution such as Lastpass or Bitwarden. I have been trying both of those, and they are so much more convenient, but I do worry about how vulnerable they may be to attack.
I know these solutions talk of end-to-end encryption as a way of ensuring security, and I think I understand that in principle, but don't know enough about it to assess how foolproof it really is. I know they keep a copy of my password database on the cloud, but then I do that anyway by having my KeePass database file on cloud storage. Maybe the difference is that both the cloud storage password and the database password would be required to access my KP DB, but only one set of credentials would be required to access my Lastpass account (for example)? I've seen suggestions that if Lastpass (et al) were hacked, the data would be useless as it's all encrypted - is it really as straightforward as that?
The other consideration for me is that I like to maintain versioned backups of my KP DB, so not only do I have a local backup of the whole DB, but I can roll back to several versions ago if I realise there's an integrity problem with the DB. I don't know any (automated) way of doing that with Lastpass or Bitwarden (though I have only tried the free versions thus far).
I would be interested to know people's views on all of this, as at the moment I'm very tempted by the convenience of a cloud solution (with native Android app and Firefox & Chrome extensions) but just can't decide if it's really a good idea (though I know millions of people have depended on them for a long time!).
I know these solutions talk of end-to-end encryption as a way of ensuring security, and I think I understand that in principle, but don't know enough about it to assess how foolproof it really is. I know they keep a copy of my password database on the cloud, but then I do that anyway by having my KeePass database file on cloud storage. Maybe the difference is that both the cloud storage password and the database password would be required to access my KP DB, but only one set of credentials would be required to access my Lastpass account (for example)? I've seen suggestions that if Lastpass (et al) were hacked, the data would be useless as it's all encrypted - is it really as straightforward as that?
The other consideration for me is that I like to maintain versioned backups of my KP DB, so not only do I have a local backup of the whole DB, but I can roll back to several versions ago if I realise there's an integrity problem with the DB. I don't know any (automated) way of doing that with Lastpass or Bitwarden (though I have only tried the free versions thus far).
I would be interested to know people's views on all of this, as at the moment I'm very tempted by the convenience of a cloud solution (with native Android app and Firefox & Chrome extensions) but just can't decide if it's really a good idea (though I know millions of people have depended on them for a long time!).
Facebook
Twitter
Instagram