TL;DR: Never use your browser’s built-in password manager, it has absolutely 0 security. I use KeePass, DX on mobile and XC on laptop with the supplement of Syncthing to access the latest version of the vault from both devices and backing the vault up to MEGA cloud, which has a memorable account password, just in case of unpredictable events. It can’t be bruteforced from all ends, thanks to Argon2 decryption algorithm, which you need to enable manually.
My journey on this began when I wasn’t aware of the privacy online, was happily using Chrome’s built-in password vault on mobile and Edge’s on laptop. Until I learned how Stealers work on Windows (programs that can read your browser cookies, bookmarks, password, etc.) Then I found out that password vault is a part of account sync, therefore it needs to be sent somewhere like Microsoft’s/Google’s servers. “It’s okay, because they’re encrypted, right?” Little did I know that they’re stored in a plaintext .csv file in both browsers. That’s the reason why I stopped using them.
But I loved the concept of password managers and started looking for alternatives that:
- Store the data encrypted
- Don’t share it over Internet
- Have the same autofill expirience
All popular managers I could find were having 1 concern - they’re all cloud based. You’re never sure what goes on on the server side of things.
Then I found a magnificent solution with all 3 criterias passed - KeePass. There was a lot of choice for the clients, and the one I chose was keepass2android (offline). Yeah, pretty attracting name. The UI definitely wasn’t the best, which is the reason I went to KeePassDX, but both worked and I haven’t encountered any bugs in them. The same database (that’s how password vaults are called in KeePass) works no matter from what client you use it.
But there was just 1 minor inconvenience - the lack of sync. By that time I started to use my laptop more frequently and manually typing 64 symbols long passwords (now I don’t know why I went full maximum with the randomizer, since bruteforcing passwords on websites is a long-gone issue) became uncomfortable I started to use Syncthing to have my latest database on both devices.
Realising that I could lose my database forever without proper backups I probably made a debatable decision - backing it up to MEGA cloud, basically to someone else’s computer. It has a memorable, not reused password. But if the tipping point happens, at least I would know what to do.
Have I violated the second premise? Yes, but at least I know where, how and what is being sent to the cloud. Database is useless without the key anyways.
Could it be bruteforced by the ops? There’s a key derivation function for the master key called Argon2, which is designed to be slow. For example it can only process 1 request per second (configurable) and considering that bruteforcing tries millions if not billions passwords in the run Argon2 significantly increases the time it takes. Though bruteforce is absolutely random: it can either go on for centuries (if the computer will even live for that long) still with no avail or unlock it first try. Yet Argon2 is not the default option on most clients for some reason. Maybe the variety of users’ hardware is the reason.