Hello everybody,
I’m looking for a password manager that I can share with the three other associates in my company. I often hear people around here talk about KeePass and Bitwarden, but I found several different options for each and I’m not sure how to choose. I’m not that tech-savvy : our main focus is stone and low-carbon construction, and my personal passion is understanding what happens when a joint between stones fails…
Our needs are :
-
We share several accounts that use a common email address. When a password is changed, it needs to be updated automatically for everyone.
-
We also have individual accounts. It’s not an issue if other associates can see those passwords, as they’re strictly for professional use.
-
We need the passwords to be synchronized across devices, so we’re willing to pay for a suitable solution.
Any help is welcome !
Edit :
First, thanks for all the answers.
After reading all the contributions I realised that for the moment we need something that works out of the box as we don’t have a freelancer to help us anymore. When we find one we will consider changing the password manager, and many other things !
I will try to make a table with the pro and cons of the various solutions I will study from now on and to post it here.
So with all the insights my new criteria are :
- various vaults (one shared, and individual ones),
- Probably european,
- Low maintenance : works out of the box, synchronised by the provider (for the moment)
again, thanks a lot. I’ll keep you updated
Edit 2 :
I made a comparison table of the solutions hosted by the provider analysed so far :
| Name | Proton Pass | 1Password | Padloc | Bitwarden | Dashlane | Passbolt |
|---|---|---|---|---|---|---|
| Essentials | Business | Team | Team | business | ||
| Shared vault | Yes | Yes | Yes | Yes | Yes | Yes |
| Company location | Switzerland | Canada | Germany | US | France | Luxembourg |
| Company server provider | Proton | Amazon | DigitalOcean | Microsoft Azure | Amazon | GCP (google) |
| Open source | Yes | Not clear | Yes | Yes | Partially | yes |
| Linux client | Yes | Yes | Yes | Yes | No | yes |
| Price / user | 4.99 € | 6.99 € | 3.49 € | 4.00 € | 6.00 € | 4.5€ |
To be clear, I don’t use linux… yet. But I will probably not use it at work before a long time
Edit 3 : I updated the table with passbolt.
Passbolt enterprise is hosted in their own server, but the business version is hosted by google
Here are some password managers that are either based in Europe or are Open Source: https://buy-european.net/en/category/password-managers
Thanks, I forgot to mention this, but I’d feel much more comfortable with something that cannot be forced to send my data to the US (I’m in Europe). Unfortunately, the best options mentioned so far in this thread are not based in Europe, but I’ll look into this list.
Do you mean the us government or just into us jurisdiction?
I’m pretty sure that even with a service based in another European nation whose servers are in that nation you couldn’t rely on either…
You are certainly correct.
For now we are looking for a solution that works out of the box as we don’t have time and energy for maintenance, but I realise this has drawbacks.
As I said elsewhere for the past 8 years a friend of mine used to help me with technical stuff as a freelance, but he found a full time job recently and I haven’t found/looked for a replacement yet. When I do I’ll consider self hosting the password manager.
Oh I wouldn’t self host that, all I was trying to do was examine what business or compliance reason you might have for wanting to stay out of servers in us jurisdiction or not use a service that might be subject to us laws.
Oh ok. In fact the reason I’d prefer it to be in the EU is more a “the US and its tech is in a downward autoritarian spiral so the less service I have there the better” thing. It’s more a moral stance than a practical thought. But of course my country is in the same spiral (a few years late) and my mother’s family is from another EU country that went to shit a while ago…
If it’s simply putting your money where your mouth is then that’s perfectly good.
If you’re worried about being in the crosshairs of that intelligence apparatus it would be good to limit what information stays outside the encrypted vault of whatever password manager you choose no matter where the service is based or servers are located.
The mullvad port forwarding takedown is a great example of legal denial of service if you’re wondering to what extent these different agencies collaborate across oceans and borders.