Linux Security

Top 5 Best Linux Password Managers

It’s easy to get lulled into a fall sense of security when using Linux, but the truth is that you’re only as secure as the weakest link in your cyber defenses. Considering that billions of passwords surface online every year, it’s clear that poor password management practices are the underlying cause of many successful cyberattacks.

The solution is simple: create a unique, strong password for each and every account, and store all your passwords in an encrypted database protected by a combination of at least two robust authentication mechanisms. How? With the help of a Linux password manager.

Benefits of Using a Password Manager

A password manager is a software application whose purpose is to securely store all login information in an encrypted database protected by a master password and, optionally, a secondary authentication mechanism, such as a fingerprint, time-based authentication code, or hardware token.

Since you have only one master password to remember, it doesn’t really matter how good or bad your memory is because anyone can remember one strong password, even if it’s over 10 characters long and looks like alphabet soup.

Every time you create a user account and are prompted to choose a password, you can come up with a random combination of letters, numbers, and special characters and tell your password manager to remember it for you. No more unreliable mnemonics and weak passwords.

Many password managers go way beyond password, allowing you to securely store important notes, contacts, and other information. If you choose a password manager that’s compatible with multiple operating systems, you’ll be able to access your passwords from any device.

Password managers can also remind you when it’s time to change your password and generate a new password for you, saving you from the potential consequences of data breaches, whose frequency and severity have been steadily increasing.

1. Bitwarden

Pros: Open source, multi-platform, two-factor authentication, audited, inexpensive.

Cons: Buggy Edge extension.

Since 2016, Bitwarden has been offering Linux users a polished open source alternative to proprietary password managers. You can use Bitwarden on almost any device and operating system. Even Tor Browser, Brave, and Vivaldi are supported. At the time of writing, the extension for Microsoft Edge is somewhat buggy, but we suspect that most of our readers don’t really care about a Windows-only web browser.

Let’s instead focus on the fact that Bitward provides a powerful, full-featured CLI tool to access and manage your Bitwarden vault straight from your favorite terminal emulator. You can even write and execute your scripts to take your password management to the next level.

The basic personal version of Bitwarden is free forever, but it allows you to share your passwords with only two users and organize your password vault with just two collections. To unluck unlimited collections and sharing with up to five other users, you can upgrade to the Family plan for $1 a month.

2. KeePassXC

Pros: Cross-platform, compatible with KeePass databases, local database storage.

Cons: Lacks built-in cloud synchronization.

If you’re a former Windows user, the chances are that you’re familiar with KeePass, a free and open-source password manager that runs only on Microsoft’s operating system. To bring KeePass to other platforms, Florian and Felix Geyer created a multi-platform fork using .NET / Mono, calling it KeePassX. Well, KeePassXC is a community fork of KeePassX, providing a nearly identical look and feel plus many new features and bugfixes.

The biggest difference between KeePassXC and Bitwarden is the fact that KeePassXC keeps all your password stored locally, encrypted with the industry-standard AES encryption algorithm using a 256-bit key. You can make your passwords accessible from anywhere by storing the encrypted database in the cloud.

Just like the original KeePass, KeePassXC supports a feature called Auto-Type. This feature allows users to define a sequence of keypresses for KeePassXC to perform automatically, such as {USERNAME}{TAB}{PASSWORD}{ENTER}. KeePassXC maintains compatibility with the KeePass 2.x (.kdbx) password database format and can also import the older KeePass 1 (.kdb) databases.

3. pass

Pros: Simple, gets the job done, uses GPG keys for encryption.

Cons: Exposed file names.

Password management doesn’t have to be complicated, especially if you embrace the Unix philosophy of combining existing software tools to accomplish great things.

pass combines GPG encryption with Git, a distributed version control system for tracking changes, to create a simple password manager that stores each password inside a GPG-encrypted file, which can be easily passed from computer to computer or hierarchically organized.

pass runs in the terminal, and you need to learn just a couple of simple commands to accomplish just about anything you could want from it. But if you would like some help, there’s a dmenu-based interface to pass called passmenu, as well as an Android application.

4. LastPass

Pros: Many two-factor authentication options, works everywhere, great free version.

Cons: Messy user interface.

LastPass is one of the most popular proprietary cloud-based password managers. It has been around since 2008, which is long enough to earn the trust of many users who were initially reluctant to store their passwords in the cloud.

In addition to its excellent multi-platform support and compatibility with a wide range of web browsers, the one thing that has really contributed to the popularity of LastPass is how generous its free version is. You get all basic features, including auto-fill passwords, LastPass authenticator, and the LastPass web browser extension.

The Premium version of LastPass includes one-to-many password sharing, 1 GB of encrypted file storage, priority tech support, additional two-factor authentication options, and the ability to fill in passwords on mobile devices—all for $3 a month.

5. 1Password

Pros: Ease of use, feature-packed, strong encryption.

Cons: Expensive.

1Password is a sleek and easy to use password manager with automatic password synchronization and built-in protection against data breaches. When 1Password discovers that a website has been breached, it automatically notifies all users of the problem, prompting them to change their passwords.

Unfortunately, this feature—and all other features for that matter—comes at a price: $2.99 a month when billed annually for the cheapest plan. To unlock family sharing and family account recovery, you need to upgrade to the Family plan for $4.99 a month when billed annually.

1Password complies with the most stringent industry standards and boasts such advanced security features as brute-force protection with PBKDF2, local secret key storage and others.

Conclusion

Each password manager featured in this article offers a unique approach to password management, and it’s up to you to decide which of them works best for you. Regardless of which password management you select, many of your past password management problems will instantly go away, and you’ll be able to rest assured knowing that all your accounts are protected with strong, unique passwords.

About the author

David Morelo

David Morelo

Content writer and copywriter, researcher, wannabe linguistic, part-time marketer, gym rat, sometimes annoying but always loving boyfriend.

I was born and raised in the Czech Republic, where I studied English and Japanese philology at the Palacký University in Olomouc, the second oldest university in the Czech Republic and the largest university in Moravia, one of the historical Czech lands.