I am particularly protective of how I handle and store my passwords, so I am at the moment skeptical of Passman. It took me a few months to allow Nextcloud to store my password database and many months more to trust Keeweb. However, I participate in these Nextcloud betas whenever they come up and each time a beta comes out, or even sometimes just a point release, Keeweb won’t work and I can’t enable it. I recently saw Passman in the app store and I am interested in knowing the community’s thoughts on it and their level of trust with it handling your vaults.
Personally (trying not to hurt any feelings) I’d check and work on the source code. If you can’t do that then use a password manager that you can audit like https://www.passwordstore.org/
I am reading the code right now to the best of my ability however, I’m not well versed in JS. But I’d like other’s input too. Pass looks cool, but I already do have a local password manager that’s FOSS, I’m primarily looking at Passman as an NC based manager for just a few of my passwords for devices that I trust that I don’t have a manager on (such as a friend’s computer). Don’t worry about my feelings, I like solid input on this type of stuff I appreciate yours
Theres also keeweb: https://apps.nextcloud.com/apps/keeweb. Keepass itself got a security audit (https://www.ghacks.net/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found/), not sure about these webapplications.
I wouldn’t use it with any critical passwords (banking, mail, online-shopping, …), if it’s just for forums like this why not.
Hi tflidd, I currently do have keeweb on my server, but I am considering other options because as I said in post #1, I do NC betas each time they come out and there is never a build for the new stable until about a week or so after the release, leaving me without the app, and it seems passman is staying up on having an app ready in the betas (plus testing it with fake data, I like the features it has that keeweb doesn’t). I don’t use any critical passwords with online db managers, only a few where I’m willing to just accept the risks
I would also be interested in more opinions about Passmans security! I couldn’t find other websites with reviews on Passman - if someone knows any test, report or opinion about it, pls share here!
Maybe @brantje can tell you more about that.
Ask me anything =)
It’s been a little while since I noodled around with Passman, but I was wondering if there is a feature to export your Passman content to kdbx? One use case for this is if I want to go to a local-only method of password access (e.g. using KeePassXC only) or another use case being the wish to use Passman in conjunction with certain software like miniKeePass
New to Nextcloud (waiting for my Odroid HC1 to arrive in 2 weeks) and eager to use a self-hosted password manager.
I stumbled arount bitwarden and was asking myself if a collaboration to bring bitwarden to nextcloud couldn’t be a good idea… You both seem to have something for open source security, and a bigger crowd using this combined effort would mean more security and more publicity…
Just an idea, as I can’t really tell which of Passman or bitwarden is better and don’t know of the motivations behind each project…
Could be an awesome idea, however, their encryption differs from ours (well it’s both AES256 in the end, but upfront we both do some extra steps).
I can see the complication. My assumption the sole purpose of Passman is to operate server-side. Personally the issue for me is I can only access the DB from a desktop web browser (as far as I know). Otherwise I like what I see with Passman
Decryption / Encryption happens client side, so in the browser.
There is no way of doing this server side since server doesn’t know the key.
Right - and that’s what it’s all about - isn’t it? Nobody can get to your vault(s), since no one else than yourself holds the key(s). No downloaded client code, since it’s all in the webextension, which you load locally.