If you modify a password on machine A and a different on on machine B, resolving the conflict requires manually exporting both to XML, manual merging, etc. It's a real pain.
Keepass 2.x handles merges for you just fine. The mono version of Keepass 2.x is ugly and a little clunky compared to KeepassX or the windows version of 2.x, but it's good enough.
I only use my machines to log on to services, can't bring myself to trust anyone else's machine.
Unless that VPS you run Owncloud on is hosted on hardware you have under your own control, it is not on your own machine. The acronym VPS ('virtual private server') is a bit of a misnomer as it is not as private as it may seem since anyone with access to the supervisor will have access to your virtual-not-so-private-server.
Lastpass (http://lastpass.com/) has been my holy grail of vital cross-platform apps for many years now, as I've switched from Linux to Mac and back and forth and always with the Windows. Sure, it's a browser plugin, but it works just as well with Chrome and Safari (and probably Firefox and, <gulp>, IE). Their touch-unlockable iOS app is just icing on the cake. I'm not getting a dime for this endorsement. It's just been a real lifesaver, for such an important application category (at one time, as a sysadmin, I had 650 passwords in the vault), and I never have to worry about what platform I'm running at the moment.
It's too bad that LastPass feels like a highschool project by a dude and a couple of friends.
Zero consistency between the browser plugin, the vault, the app, and the mobile app. Even within the vault there's little consistency between different panes.
I'd like to believe that they know what they're doing crypto-wise, but damn that UX feels mickey-mousey. Even something as simple as using up/down over the autocomplete list misbehaves.... ;(
... and don't get me started on Basic Auth support on Chrome OSX
I found LastPass terrible from a UX perspective. Sure it must claim a lot of checkboxes on a feature sheet, but the applications/plugins/website are buggy and inconsistent with each other. It only works well when you use it for the narrow purpose of automatic website logins. Throw any other password at it, or dare to try a different workflow, and the whole thing just crumbles.
I only use it because I have to at work. 1Password is much more convenient.
That is also my experience. LastPass is pretty good if you use it with website logins, with everything else not.
However I think that is something that could easily be improved once the guys over at LastPass realize they must invest more in the UX. I for myself did already open a support ticket for that. If everybody would do this, this might raise the attention.
On the other side it's not so bad from a functional only perspective and the pricing is fair - I'll give it a chance and stay another few months with them.
I've read multiple independent audits of the LastPass client (such as http://www.martinvigo.com/a-look-into-lastpass/) that haven't found any major issues, and for the issues they do find the LastPass team has always responded promptly. On the server side, LastPass's service is basically just encrypted blob synchronization, so the software doesn't particularly matter.
I note this above but want to emphasize the fact that lastpass-cli supports the lastpass two factor options. For anyone looking for a tool like this for use both in browser and in scripts, it's great to have two factor natively supported in both places.
I'm using pass on OS X and Linux (synced via Dropbox). It's an open source terminal based password manager and uses GPG under the hood. I don't have a mobile client, but the amount of times I've needed a password on mobile when I don't have my laptop around are far and few between.
The documentation was a bit lacking when I started, so I wrote an article with instructions:
I use the same and store the gpg private key in a yubikey neo.
The neat thing with yubikey neo is that I can use it with android phone using openkeychain and nfc. This pairs neatly with an app named password store that syncs my pass-database using git + ssh leaving my private key secure.
I think that argument would affect many desktop password managers as well. Also, LastPass in particular supports a Firefox extension that works with Firefox mobile.
It worked fine for me for when I had to use Ubuntu heavily (2013-2015). Sure I didn't get the browser auto-fill, but at least I could access my database.
1Password, by far, is my favorite password manager.
Just discovered a new password manager yesterday that I didn't have time to review (try, trust ...) : http://enpass.io/
It seems to be available for every platform possible.
Even if I'm perfectly happy with keepassx, I'll problably give it a try for its prettier interface.
Something I like with 1Password is the UX, browsers plugins works really good and with the same UI as the application. After a try, It's painful to migrate from 1Password to lastpass...
I moved from 1Password to LastPass for a few reasons not related to UX:
1. Platform support: 1Password only supports Windows and OS X. I use more than those, and want to maintain the ability to jump between platforms at will.
2. Pay twice for OS X and Windows. Seems extortionate.
3. Browser support: I want to be able to try out browsers. At the time I made this decision, 1Password actually reduced the number of browsers they support.
I actually run the windows latest version of 1Password under Wine on Ubuntu 14.10 and it works perfectly. I just use the app GUI, not the browser addon so I cannot comment on that.
This article is the perfect example of why not to use Linux on the desktop. A lot of fiddling around that eventually leads to a result that is far inferior to what you'd get just using OS X or Windows.
... for a product that the developers don't support on that platform.
It's strange that you say "this is why you shouldn't use linux", when the article leads off by saying that the author doesn't like OSX anymore (for unspecified reasons). It seems that the author doesn't consider it 'far inferior', and considers OSX inferior enough to look for a replacement.
And the more people who take up linux, the greater the demand for proper linux support. Scaring users away with your FUD doesn't help things. 'Unsupported software' was a similar argument against OSX until a few years ago, if you recall.
It can be if you want to use tools not designed for linux. I use keepass (http://keepass.info/) on linux and android and find it to be equivalent to 1 Password on Mac. It is in the Fedora repos (and I assume most others) and so easy to install.
The problem I have with KeePass is that it doesn't integrate with my browser well. LastPass does marginally better (it has an extension but I'm not loving it). There's a Firefox extension for KeePass called KeeFox, but it needs KeePass to be open and running all the time, which is annoying to me because it needs an extra window.
I've used keepass ona a daily basis. Auto type failed with my usage patterns - essentially I have multiple entry points per site (enterprise app) and each has a different titlebar text.
I've switched from OS X a few months ago and I'm actually happier with KeePassX than with 1Password. I hated AgileBits for the 4.0 bloat redesign which made everything slower (this is a constant on OS X it seems). I have a pretty simple use case with KeePassX (no sync) and here are the solutions I've found to problems mentioned in this thread. Hope they're helpful!
Hide KeePassX's window:
Just open the settings, click the first two checkboxes ("system tray icon", "minimize to tray instead of taskbar") and add `keepassx -min` to your login script. It'll ask for your password and disappear.
Title bar:
KeePassX does use the browser title bar and it's sometimes not reliable. It's easily fixable, though. Install a Greasemonkey plugin to your browser and add scripts such as this one:
I like how I could type "gmail" in Alfred and have 1Password do everything for me. I was able to reproduce that with a bash script that I call from my own launcher and it works just as well, if not faster.
I'd be interested to see the kind of hoops one would have to go through to run Linux-only software on Windows with a reverse-engineered frontend made by a single guy on his free time.
There are plenty of valid arguments about Linux on desktop, but this is not one of them.
If you use firefox on the desktop and on android you can easily sync your passwords for anything browser related without any third party extensions and without trusting unencrypted data to a 3rd party.
Also, I only use my machines to log on to services, can't bring myself to trust anyone else's machine.
For android use, I have Keepass2Droid (https://keepass2android.codeplex.com/)