Many open source software have started to take a good position in many sectors, such as open source ERP, open source speech recognition and open source survey software. However, some of the most important of these are the security and privacy sectors. People simply don’t want to entrust proprietary for-profit solutions with their data, and hence, want better free software to solve this issue.
Open source password manager are more recommended than proprietary ones for many reasons:
- The availability of the source code ensures that there are no known backdoors or built-in vulnerabilities in the software.
- Anyone can have their own server instance (The place where to host their passwords databases) on any place, rather than depending on the service provided by the proprietary provider.
- Most of them are also free in charge.
Today, we are going to walk through 9 open source password managers that you can depend on.
What is a Password Manager?
A password manager is a special program that stores all the credentials of the websites/services you use, encrypts them and stores them securely in a safe place, and then allows you to access those passwords any time you want using what’s known as a “master password”.
Without the master password, no one can access those credentials.
The program would allow you to add/remove/modify records of your credentials per website/URL. You can think of it as an encrypted vault to store your sensitive information, and the master password is the key to open that vault.
Why Do you Need a Password Manager?
People use password managers so that they don’t have to remember all the usernames/passwords of the websites they visit. Instead, they can just remember 1 password, and then access all the other passwords whenever they need. In addition to that, this allows you as a user to increase the length and the complexity of the passwords you use, because now, you no longer have to remember them, so you can make your Facebook’s password something like
21#^#Y3#^2h281+_0H^I@F!##YU&^ with no problem.
Also, some password managers offer other features that you can use. E.g: Auto-fill (automatically fill the passwords when you open the URL in your browser), synchronization between devices, team storage (sharing passwords between multiple people), smartphone integration, various types & tools of encryption, emergency codes.. And so on.
Traditionally, there are many closed-source proprietary password managers, and there are those which are open source. In today’s article, we’ll see 9 open source password managers that you can use to secure yourself.
Top Open Source Password Managers
One of the oldest and most famous open source password managers out there. KeePass’s initial development started in 2003 and licensed under GPL. It’s written in C# and the .NET framework, so you can guess that it mainly targets Windows operating system, as it doesn’t provide official binaries for Linux distributions for example (it works on Linux, but the binaries are contributed by 3rd parties and not official, using Mono).
KeePass offers strong security features, such as full encryption for the entire database file using AES standard and SHA-256 algorithm, memory protection for the running KeePass process, and multiple key files support. It also supports auto-typing (Which is a feature that allows you to open Facebook.com in your web browser, and then using KeePass, the username/password fields will be filled automatically), as well as importing passwords from other password managers in more than 35 various formats, and supports exporting its own database in many formats like CSV, TXT, XML and others. KeePass supports a modular plugins system to extend its functionality, as well as a translatable user interface for more than 40 languages.
KeePass can be downloaded as a portable standalone application that runs without installation, so that makes it less hassle to use. There are also so many 3rd-party and community ports and forks of KeePass, which allows it to run on other systems such as android, iOS, Linux and BSD. The database is actually nothing more than just 1 file, you can move it or take a backup of it however you please.
One of the things that you may not like about KeePass is that that its user interface is quite old. This can be something normal for many power users, but if you are a newbie, or looking for a shiny password manager, that doesn’t use a classical Windows-XP-like interface, then KeePass isn’t what you are looking for.
This is a fork of the previous KeePass, with the difference of aiming to mainly supporting Linux. Its development started back in 2005 and it’s licensed under the GPL license.
KeePassX mostly offers the same features as KeePass, and you can search for it right now in your Ubuntu/Fedora/Mint/Debian/openSUSE/Arch..etc distribution’s repositories and probably find the latest version there. KeePassX also works on Windows and macOS.
The difference between KeePass and KeePassX, however, is that the latter is mainly meant to be cross-platform, which is why it was rewritten using the Qt toolkit. Unfortunately, this made it incapable of supporting plugins (so you can’t install KeePass plugins for example on KeePassX).
You can read more about KeePassX or download it.
As you can guess from its name, TeamPass is an open source password manager that is mainly built to address the need of password sharing between team members. Say you are in work where you need to share, store and secure many confidential credentials, but of course, you don’t want to use traditional methods or email, TeamPass solves this problem for you.
It’s written in PHP as a web application, and uses the Defuse library for its encryption. It also supports 2-factor authentication, and uses the AES-256 standard.
TeamPass allows you to choose who has access to what, so for example, you can limit who can read or modify certain passwords among others. TeamPass can also be used to share files or folders. It works on Windows and Linux, as a client-server software.
You can read more about TeamPass from its official website.
Another web-based password manager for teams. Psono works in a client-server hierarchy, and the server is written in Python. The source code is released under the Apache 2.0 license.
Psono features a very beautifully designed web interface for interacting with the system. Through it, you can manage users, passwords, and generate general health reports about the status of your server and the passwords stored in it. In addition to that, Psono has a small nice feature that allows you to see whether the current password you are viewing has been compromised or not. It does that using the haveibeenpwned.com API. If your password has been compromised, it will notify you about it.
It also supports multi-encryption, 2-factor authentication, password synchronization between devices, PGP support, file & folders sharing, multiple storage locations such as Google Cloud/Azure/AWS, and auto-filling. Psono also provides some browser extensions for both Chrome and Firefox, which makes it very easy to use it on daily basis.
If you are talking about features, and you want a full-tank power password manager, then you are searching for Bitwarden.
Bitwarden depends on a centralized managed vault to manage the passwords of all its users, so you’ll have to create a free account (or paid one) to use Bitwarden. After that, you can access that vault from any device you want. The good thing about Bitwarden is that it provides a client for everything; Windows, macOS and Linux, and also provides browser extensions for Chrome, Firefox, Opera, Safari, Tor, Vivaldi, Brave, and hell even for Edge! Even more than that, it provides clients for android and iOS, and also a CLI version that allows you to manage your passwords from the command line. The latter also works on Linux, Windows and macOS. There’s also a web version that allows you to access the vault from anywhere and any device.
Of course, one point of concern can be about the security of your passwords since they are stored on the servers of Bitwarden? They answered this question in their FAQ:
Since your data is fully encrypted and/or hashed before ever leaving your local device, no one from the Bitwarden team can ever see, read, or reverse engineer to get to your real data. Bitwarden servers only store encrypted and hashed data. This is an important step that Bitwarden takes to protect you.
If you still don’t want to use their servers, then no problem; You can deploy your own instance of Bitwarden server and use it to store your passwords, because it’s open source.
Check more about Bitwarden or download it from its official website.
You can also deploy KeeWeb as a server instance if you want, so that you can have your own centerlized place to sync your passwords and access them on any devices.
Other Open Source Password Managers
- 8. JPasswords: If you are a Java lover, then you’ll like this one. JPasswords is an open source password manager written entirely in Java. Works on Windows, but doesn’t provide official binaries for Linux or other operating systems. Like any other password manager, it encrypts data in SHA-256, and offers storing password in groups and subgroups, supports importing & exporting to CSV format, beside many other features. The downside of it can be however, is that its user interface is very classical and traditional.
- 9. LessPass: A browser addon to manage your passwords from inside the browser. Works on android and iOS too. LessPass is considered to be simple in its features and design, but nonetheless, does the basic job of safely storing your passwords and synchronizing it between devices.
You may additionally check these open source command line password managers if you are avid lover of the Linux command line.
As you should have seen by now, there are so many open source password managers with very cool features to choose. For me as a tech person, I don’t think that I need to pay for a premium password manager, as those open source/free solutions are more than enough for me.
Personally, I use Bitwarden for most of my data.
I would be happy to know your choice of what password manager you use.