I've used Bitwarden for ages and it fits your needs very well. Sharing the login info will allow the rest of your family to access the passwords and TOTPs too. Bitwarden does charge for TOTP use, but Aegis is amazing to use along with Bitwarden. You could setup Aegis on your device and then, if you wanted someone else to have access, you'd just export the data so they could import it into their Aegis app.
Self hosting vaultwarden enables TOTP and other organizational features that standard bitwarden charges for.
Good to know, I didn't talk about self hosting as it seemed like OP was aiming for it to be through a cloud provider. Its rad Bitwarden has both options and security is top notch either way!
I mean I'm okay to self-host something if there's a secure and safe and automatically backed-up solution. But realistically that's just "3rd-party paid cloud" like DigitalOcean. I could run a service on the pi I use for files and minecraft, but I'd still have to figure out making sure the service is secure and backed-up.
edit: I guess hoping that vaultwarden-server was a nice easy package already sitting in the Debian apt repos was too much to hope for right?
edit2: wow lemmy really poops the bed at deleted replies with replies doesn't it?
Sorry OP, I was trying to do a few things at once. But found this which should be helpful https://vaultwarden.discourse.group/t/installation-for-a-noob/1609
One of the comments provides a step by step guide for setup. If this sounds reasonable, then you could do it all here and you'd have no need for Aegis!
I'm OP.
Yep, you sure are lol, I edit the previous comment and added a Debian install guide for Vaultwarden. My apologies for the mix up.
no worries, thanks.
KeePass.
It's got an app for basically all platforms, and you retain complete control over your data. Passwords go into an encrypted file, and you maintain that however you see fit.
I love Bitwarden and you can self host Vaultwarden. I'm not sure how OSS it is however.
It's going to come down to how much you trust the provider but I'd say bitwarden is pretty solid. I use it for stuff I'm not particularly concerned about (like disney+ or some random forum) and I use keepass for stuff that would be particularly bad if it was compromised like banking credentials, I keep backups of my keepass DB on separate physical media.
I also use a completely separate bitwarden account for all of my work accounts, keep that stuff separated, I only log into it from work devices and I never log into personal accounts from work devices.
This workflow raises the obvious question for me: why not use keepass for everything, if you're already using it for your critical high security stuff? Worse ergonomics?
I could do that but I only have a couple of things in keepass so it's easy to manage and backups are not very frequent. Bitwarden has EVERYTHING else and syncs across all my devices, if all that stuff was in keepass it would get combersome to generate backups every time I create a new entry or change a password. I could use nextcloud or something to sync the backup files but honestly this has worked well for me. I just setup keepass basically once, create a backup somewhere else, then use bitwarden for everything else.
Alternatively, plenty of people trust bitwarden completely. Honesty I'd trust bitwarden more than a self hosted solution that I'll likely neglect and probably fail to keep up with best practices because I barely got it working in the first place, also screw ISPs that use CGNAT, it's 2023, give me an ipv6 address already.
Try heylogin.com Read the docs to understand their system .. also not so technical people will love it, because of its easiness .
Sysadmin
A community dedicated to the profession of IT Systems Administration