Addressing community concerns raised following a recent update to the project’s contribution policy, KeePassXC’s developers explain that AI helps with code reviews and small pull requests, but never appears in the KeePassXC codebase.
https://linuxiac.com/keepassxc-clarifies-ai-policy-used-only-in-development-never-in-the-app/

#keepassxc #passwordmanager #opensource

Addressing community concerns raised following a recent update to the project’s contribution policy, KeePassXC’s developers explain that AI helps with code reviews and small pull requests, but never appears in the KeePassXC codebase.
https://linuxiac.com/keepassxc-clarifies-ai-policy-used-only-in-development-never-in-the-app/

#keepassxc #passwordmanager #opensource

There is a pad explaining the process (thanks @jmaris)

https://pad.softwarefreedom.net/pad/#/2/pad/view/uJAiNHWU7XUlErGMwS9Z2OzStjlXZqMSnD+zJ2Y7unI

The current #ETSI standards are written in Markdown and separated by the software class, like #Browser #PasswordManager or #VPN

Here, contributors can read them and open issues if things are unclear, overly restrictive or could be otherwise improved:

https://labs.etsi.org/rep/stan4cra

Non-commercial #FOSS is excluded, so this would be relevant for commercial projects (which can be fully free software).

There is a pad explaining the process (thanks @jmaris)

https://pad.softwarefreedom.net/pad/#/2/pad/view/uJAiNHWU7XUlErGMwS9Z2OzStjlXZqMSnD+zJ2Y7unI

The current #ETSI standards are written in Markdown and separated by the software class, like #Browser #PasswordManager or #VPN

Here, contributors can read them and open issues if things are unclear, overly restrictive or could be otherwise improved:

https://labs.etsi.org/rep/stan4cra

Non-commercial #FOSS is excluded, so this would be relevant for commercial projects (which can be fully free software).

There is a pad explaining the process (thanks @jmaris)

https://pad.softwarefreedom.net/pad/#/2/pad/view/uJAiNHWU7XUlErGMwS9Z2OzStjlXZqMSnD+zJ2Y7unI

The current #ETSI standards are written in Markdown and separated by the software class, like #Browser #PasswordManager or #VPN

Here, contributors can read them and open issues if things are unclear, overly restrictive or could be otherwise improved:

https://labs.etsi.org/rep/stan4cra

Non-commercial #FOSS is excluded, so this would be relevant for commercial projects (which can be fully free software).

Hi Fedi,
I have been using @bitwarden@fosstodon.org since 2019, and been a premium subscriber for most of that time. Due to their recent hyping of AI, I am interested in switching away.

$[x3 Update 2025-07-14]
So far I am liking Gnome Secrets (desktop) and Keepass2Android (Phone). However, there does not seem to be a way to get Secrets to autofill on websites.
https://gitlab.gnome.org/World/secrets/-/issues/34

I'll give Bitwarden a few weeks to see if they can resolve their AI issues. If not, I'll probably suck it up and lose autofill.

Options I am currently considering are Nextcloud Passwords , KWalletManager, and a Keepass-based password manager synced using Nextcloud. I have questions and concerns about each, and I'm hoping you can address my concerns for at least one of these three options, or suggest something else.

Before getting into those, I'll just say I also considered and rejected Proton Pass, on the grounds that
a) The server software is proprietary,
b) Logging in requires a Captcha. I can pass the captcha, but I'm always afraid that I will fail it.
c) The CEO has said and done bad things,
d) The company is also into AI.

So, what are the options I am considering?

$[x3 Keypass with Nextcloud for syncing]
This is the recommendation I see the most. I have three concerns: two regarding use on Android and the other on desktop.

First, on Android, one Bitwarden feature I use heavily is "unlock with pin." Downloading my Bitwarden vault from the server requires entering my very long Bitwarden password plus 2fa. Unlocking my vault on my device to which I am already logged in only requires entering a short password. That's good, since entering my full password on my phone takes a long time.

Keepass doesn't seem to have a native feature like this, but I can sort of replicate it by having a strong password for my Nextcloud account and a weak password for my keepass file.

The concern I have with doing this is that it would mean the folks who run my Nextcloud server, or anyone who hacks them, would have access to my password vault encrypted with a fairly weak password. Is this something I should be worried about? Is there a way to use a strong password for my Keepass vault without needing to take a long time to type it every time I need to log in to anything?

Note that I don't think I can use biometrics. I don't have clear fingerprints, and my phone (Pixel 6a) doesn't AFAIK support face ID.

Next up is the question of which Keepass-compatible apps to use, on both desktop and Android. There seem to be a lot of choices on Android and I have no idea how to narrow it down.

EDIT: The two that people seem to like are Keepass2Android (only on Google Play) and KeepassDX (on F-Droid). Both seem very nice.

On desktop, there seem to be fewer options. I see @keepassxc@fosstodon.org recommended a lot, but their Github says they allow AI-generated code contributions, so I don't think I can trust them not to lose my passwords.
https://github.com/keepassxreboot/keepassxc?tab=readme-ov-file#generative-ai

Then there's Gnome Secrets
https://flathub.org/apps/org.gnome.World.Secrets
Which looks a lot better. However, it doesn't have a way to autofill on websites, and this issue has been open for a long time.
https://gitlab.gnome.org/World/secrets/-/issues/34

$[x3 Nextcloud Passwords]

Aside from using Nextcloud to sync a Keepass valut, there is also Nextcloud's native password manager. There appear to be three Android apps:

1. https://f-droid.org/en/packages/com.hegocre.nextcloudpasswords/

I am able to log in to this one with my Disroot Nextcloud account. However, I see a red banner at the bottom of the app saying "Cannot connect to server. Tap to retry." (Retrying regenerates the same banner).

2. https://f-droid.org/en/packages/es.wolfi.app.passman/

In this case I cannot even log in: entering my username and password produces
>Network error: HTTP request failed with http status-code: 404
3) https://f-droid.org/en/packages/de.jbservices.nc_passwords_app/

This one I also can't log in, but there is no error message, I just get sent back to the login screen.

I also tried logging into the desktop flatpak and I am seeing white text on white background.

$[x3 KWalletManager]
I have a rule that if I want to use my computer to do X, and there's a KDE app which does X, then I will give the KDE app a fair try. KDE has a password manager, so I have to at least consider it.

The issue here is I can't figure out any way to sync it with Android. Can this be done?

$[x3 Passky]
I took a look at Passky.
https://passky.org/download

It's a service like Bitwarden: one company provides a desktop app, a mobile app, a browser extension, and a service to sync all of them. One thing to note is that it seems like all of their repositories have very little activity: The Android repository has had no commits for close to three years, the web vault has had no commits for close to two years, and the desktop repository (which is Electron) has had no commits since April 2024. That might not be a bad thing if it's working, but I don't think I'm qualified to assess the difference between "this software has unpatched security issues we aren't fixing" and "This software is working perfectly so we don't need updates."

Their website has a broken link to Google Play, as the app seems to be delisted, but the do have an f-droid app.
https://f-droid.org/en/packages/com.rabbitcompany.passky/
Their website has a broken link to Google Play, but it seems they do have an f-droid app
https://f-droid.org/en/packages/com.rabbitcompany.passky/
In addition to a verified flatpak.

$[x3 Pwsafe]
Then there's Password Safe
https://pwsafe.org/

Much like Keepass, it stores all passwords as a single encrypted file and expects you to use another program to sync. There are iOS and Android apps that are compatible.

The trouble here, as with Keepass, is getting the desktop app to autofill on websites. It does nominally have an "autofill" feature, but it can't detect when the site you are viewing corresponds to an entry: you have to open the desktop app, search for the relevant entry, open it, and then click "autofill." It's a lot less convenient than clicking the icon for Bitwarden's browser extension.

#PasswordManager #AppRecommendation #Bitwarden #Keepass #KWalletManager #Nextcloud #passky #pwsafe

Bitwarden costs me a mere €12 per year. Given all the value I get from it it would be absurd not to pay for it.

#security #passwordManager

@Tutanota

Yes, password managers are important, and so is digital sovereignty — especially in these troubling times. That’s why it’s crucial to choose a password manager that operates outside the jurisdictions of the United States, Russia, and China

Heylogin — Germany, Europe
https://www.heylogin.com

pCloud Passwords — Switzerland Europe
https://www.pcloud.com/pass.html

Locker Password Manager — Vietnam, Asia
https://locker.io

#PasswordManager #DigitalSovereignty #Passwords

Are you using a password manager from
@1password, @bitwarden, @dashlane, #EnPass, #iCloud Passwords, @KeeperSecurity, #LastPass, @nordpass @protonprivacy or @roboform ?

Then you better check this and make sure that your web browser extension is up to date: https://marektoth.com/blog/dom-based-extension-clickjacking/

#cybersecurity#InfoSec #passwords#PasswordManager

Why security experts recommend standalone password managers over browser-based options

https://bitwarden.com/blog/beyond-your-browser/

#passwords#PasswordManager #cybersecurity

Why security experts recommend standalone password managers over browser-based options

https://bitwarden.com/blog/beyond-your-browser/

#passwords#PasswordManager #cybersecurity

Hi Fedi,
I have been using @bitwarden@fosstodon.org since 2019, and been a premium subscriber for most of that time. Due to their recent hyping of AI, I am interested in switching away.

$[x3 Update 2025-07-14]
So far I am liking Gnome Secrets (desktop) and Keepass2Android (Phone). However, there does not seem to be a way to get Secrets to autofill on websites.
https://gitlab.gnome.org/World/secrets/-/issues/34

I'll give Bitwarden a few weeks to see if they can resolve their AI issues. If not, I'll probably suck it up and lose autofill.

Options I am currently considering are Nextcloud Passwords , KWalletManager, and a Keepass-based password manager synced using Nextcloud. I have questions and concerns about each, and I'm hoping you can address my concerns for at least one of these three options, or suggest something else.

Before getting into those, I'll just say I also considered and rejected Proton Pass, on the grounds that
a) The server software is proprietary,
b) Logging in requires a Captcha. I can pass the captcha, but I'm always afraid that I will fail it.
c) The CEO has said and done bad things,
d) The company is also into AI.

So, what are the options I am considering?

$[x3 Keypass with Nextcloud for syncing]
This is the recommendation I see the most. I have three concerns: two regarding use on Android and the other on desktop.

First, on Android, one Bitwarden feature I use heavily is "unlock with pin." Downloading my Bitwarden vault from the server requires entering my very long Bitwarden password plus 2fa. Unlocking my vault on my device to which I am already logged in only requires entering a short password. That's good, since entering my full password on my phone takes a long time.

Keepass doesn't seem to have a native feature like this, but I can sort of replicate it by having a strong password for my Nextcloud account and a weak password for my keepass file.

The concern I have with doing this is that it would mean the folks who run my Nextcloud server, or anyone who hacks them, would have access to my password vault encrypted with a fairly weak password. Is this something I should be worried about? Is there a way to use a strong password for my Keepass vault without needing to take a long time to type it every time I need to log in to anything?

Note that I don't think I can use biometrics. I don't have clear fingerprints, and my phone (Pixel 6a) doesn't AFAIK support face ID.

Next up is the question of which Keepass-compatible apps to use, on both desktop and Android. There seem to be a lot of choices on Android and I have no idea how to narrow it down.

EDIT: The two that people seem to like are Keepass2Android (only on Google Play) and KeepassDX (on F-Droid). Both seem very nice.

On desktop, there seem to be fewer options. I see @keepassxc@fosstodon.org recommended a lot, but their Github says they allow AI-generated code contributions, so I don't think I can trust them not to lose my passwords.
https://github.com/keepassxreboot/keepassxc?tab=readme-ov-file#generative-ai

Then there's Gnome Secrets
https://flathub.org/apps/org.gnome.World.Secrets
Which looks a lot better. However, it doesn't have a way to autofill on websites, and this issue has been open for a long time.
https://gitlab.gnome.org/World/secrets/-/issues/34

$[x3 Nextcloud Passwords]

Aside from using Nextcloud to sync a Keepass valut, there is also Nextcloud's native password manager. There appear to be three Android apps:

1. https://f-droid.org/en/packages/com.hegocre.nextcloudpasswords/

I am able to log in to this one with my Disroot Nextcloud account. However, I see a red banner at the bottom of the app saying "Cannot connect to server. Tap to retry." (Retrying regenerates the same banner).

2. https://f-droid.org/en/packages/es.wolfi.app.passman/

In this case I cannot even log in: entering my username and password produces
>Network error: HTTP request failed with http status-code: 404
3) https://f-droid.org/en/packages/de.jbservices.nc_passwords_app/

This one I also can't log in, but there is no error message, I just get sent back to the login screen.

I also tried logging into the desktop flatpak and I am seeing white text on white background.

$[x3 KWalletManager]
I have a rule that if I want to use my computer to do X, and there's a KDE app which does X, then I will give the KDE app a fair try. KDE has a password manager, so I have to at least consider it.

The issue here is I can't figure out any way to sync it with Android. Can this be done?

$[x3 Passky]
I took a look at Passky.
https://passky.org/download

It's a service like Bitwarden: one company provides a desktop app, a mobile app, a browser extension, and a service to sync all of them. One thing to note is that it seems like all of their repositories have very little activity: The Android repository has had no commits for close to three years, the web vault has had no commits for close to two years, and the desktop repository (which is Electron) has had no commits since April 2024. That might not be a bad thing if it's working, but I don't think I'm qualified to assess the difference between "this software has unpatched security issues we aren't fixing" and "This software is working perfectly so we don't need updates."

Their website has a broken link to Google Play, as the app seems to be delisted, but the do have an f-droid app.
https://f-droid.org/en/packages/com.rabbitcompany.passky/
Their website has a broken link to Google Play, but it seems they do have an f-droid app
https://f-droid.org/en/packages/com.rabbitcompany.passky/
In addition to a verified flatpak.

$[x3 Pwsafe]
Then there's Password Safe
https://pwsafe.org/

Much like Keepass, it stores all passwords as a single encrypted file and expects you to use another program to sync. There are iOS and Android apps that are compatible.

The trouble here, as with Keepass, is getting the desktop app to autofill on websites. It does nominally have an "autofill" feature, but it can't detect when the site you are viewing corresponds to an entry: you have to open the desktop app, search for the relevant entry, open it, and then click "autofill." It's a lot less convenient than clicking the icon for Bitwarden's browser extension.

#PasswordManager #AppRecommendation #Bitwarden #Keepass #KWalletManager #Nextcloud #passky #pwsafe

Well, great. Now @bitwarden is going to ad AI bullshit to their services. I left Bitwarden a few months back for different reasons but I'm kind of glad that I did. I switched to @1password@1password.social. If they add AI to their services (are they already?), I'm just going to call it quits on all of them and just move completely to @keepassxc@fosstodon.org. I can simply just host my own with Keepassxc and not have to worry about any AI crap. I'm using Keepassxc now but not for everything. That might change in the very near future.

https://nerds.xyz/2025/07/bitwarden-mcp-server-secure-ai/

#passwordmanager #privacy #security

If you have been looking for a password manager giving you full control over your data, KeePassium for iOS and macOS is a fantastic option.

https://www.privacyguides.org/articles/2025/05/13/keepassium-review/

#KeePassium #KeePass #PasswordManager #KeePassXC #Privacy #Security #Password #iOS #macOS #PrivacyGuides #Article

A list of Digital Service Providers outside the jurisdiction of the United States of America.

https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

This is a group project, so feel free to reach out if you have any suggestions, or learn any new information.

#Vpn #Email #Dns #Domain #Messenger #WebHosting #PasswordManager #WebSearch #SearchEngine #OperatingSystem #PaymentProcessing #UsJurisdiction #Project2025 #UnitedStates #Privacy #Security

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides#KeePassXC#Privacy#Security#PasswordManager#Passwords#FOSS

New Privacy Guides article 🔐✨
by me:

If you want to keep your password manager local-only, KeePassXC is a great solution!

It's free,
Open-source,
Easy to install and use,
Doesn't require an account,
Works on Linux, macOS, and Windows,
And the team is here! 👉 @keepassxc

Here's how to set it up with a YubiKey: https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/

#PrivacyGuides#KeePassXC#Privacy#Security#PasswordManager#Passwords#FOSS