Blog

A Quick Guide to Using an Open Source Password Manager

Oct 3, 2024

•

Min Read

Protect Your Payments

Over 2.6 billion personal records^[1] were breached in 2021 and 2022, and fueled by the growing risk of this cyber threat, the demand for secure and reliable password management has increased. Among the various solutions available, open source password managers have gained popularity due to their transparency, flexibility, and community-driven development.

This guide explains what an open source password manager is, the benefits of using one, and recommendations to choose from. It will also explain how to protect your payment card details against online threats by using virtual cards.

Disclaimer: The information in this guide is accurate as of the time of writing. Visit the service providers’ official websites for up-to-date information.

What Is an Open Source Password Manager?

An illustration of a smartphone against a blue background, showing a login interface with two fields for sensitive information entry and a hand tapping the login button — *Source:* *Mohamed_hassan*

An open source password manager uses publicly available code to build and run its software, allowing users to view, modify, and distribute it. Unlike closed source password managers, whose code is proprietary and controlled by a single entity, open source password managers allow for community involvement and contributions.

There’s no inherent difference between open source and closed source password managers in how they work. Both varieties can:

Securely store user login credentials and other personal information, such as payment card details or secure notes, in an encrypted vault
Use master passwords for encryption and authentication
Protect user accounts via another form of authentication, such as biometrics or authenticator apps
Autofill login credentials
Eliminate the need to memorize multiple passwords
Reduce the risk of using weak or repetitive passwords

Benefits of Using an Open Source Password Manager

Users of open source password managers enjoy the following benefits:

Transparency and trustworthiness
Flexibility and customization
Cost-effectiveness

Transparency and Security

As their code is publicly available, users with technical expertise can audit open source password managers for vulnerabilities or potential malicious intent. Such transparency builds trust and confidence in the product's security.

Since open source projects are often community-driven, multiple developers can contribute to the code's development and maintenance. This can lead to continuous improvements and timely security updates.

Flexibility and Customization

Unlike closed source password managers, which limit users to the features and design provided by the service provider, open source password managers might allow for a degree of customization.

Users with the right technical skills can modify the code to add or remove features, change the design and interface, or integrate the app with other tools or services. They can also self-host the password manager for added control and security. This flexibility caters to individual needs and preferences, allowing for a more personalized user experience.

Cost-Effectiveness

Most open source password managers are free to use or have a strong free plan. Some might allow users to implement additional features on their own without requiring paid upgrades or addons. This makes open source password managers a cost-effective option, especially for users who have the knowledge required to make modifications.

An illustration of a red triangular signing showing an exclamation point, signifying caution — *Source:* *OpenIcons*

Potential Challenges of Using Open Source Password Managers

Despite the numerous benefits, open source password managers may have some limitations:

Technical expertise requirements
Lack of dedicated support
Vulnerabilities and security risks

Technical Expertise Requirements

Some open source password managers may require an understanding of command-line interfaces or programming languages to modify the code, add plugins, or troubleshoot bugs.

Users with limited technical knowledge could also find it challenging to set up a vault, configure encryption settings, and resolve compatibility issues with different browsers. Such users may want to consider open source password managers with user-friendly interfaces that can accommodate all levels of technical expertise.

Lack of Dedicated Support

As open source projects are community-driven, users may not have access to official technical support or customer service. In the event of a more serious problem, like a forgotten master password or a software bug, users may have to rely on community forums or other resources for assistance.

Some open source password managers whose development is led by companies might provide their users with more support and resources—albeit with paid plans.

Vulnerabilities and Security Risks

Hackers may exploit vulnerabilities in open source password managers, especially if the password managers have not been frequently updated or adequately secured. While the transparency of the code allows for quick identification and fixes of these vulnerabilities, it also gives hackers easy access to the code and a chance to find the vulnerabilities before the community does.

To rectify this issue, users should choose reputable, well-maintained open source password managers to minimize these risks.

3 Recommended Open Source Password Managers

For users looking to secure their online accounts and personal information with an open source password manager, here are three recommendations:

Bitwarden
KeePass
Proton Pass

Bitwarden

Bitwarden encrypts user data with AES-256 bit encryption, the standard banks and government agencies use, before storing it in the cloud. Its zero-knowledge architecture and end-to-end encryption ensure that only the user has access to their data.

Other security measures the service provides include:

Bug bounty program—Bitwarden rewards users who find and report security vulnerabilities in the software, ensuring prompt fixes and continuous security improvements.
Third-party audits—On top of community audits by security enthusiasts, the service undergoes frequent security audits by reputable third-party companies to identify and fix potential vulnerabilities, ensuring user data safety.
Secure sharing—Users can securely share passwords, passkeys, credit card details, and secure notes with trusted family members, friends, or colleagues without revealing their master password.

Users with technical expertise can self-host Bitwarden, giving them full control over their data for maximum privacy.

KeePass

KeePass is a portable, lightweight, and highly customizable open source password manager. Users can carry it on their USB stick or other portable devices, allowing them to use it on different computers without installation^[2]. KeePass protects user data using AES-256, Twofish, and ChaCha20 encryption algorithms^[3] and supports a variety of advanced features^[2], including:

Password generator—KeePass enables users to generate long, complex, and unique passwords for their online accounts using customizable options such as length, character types, and exclusions.
Master password and key file—To unlock the password database, users can use a master password, a key file stored on their device, or a combination of both for added security.
Auto-type feature—Users can configure KeePass to automatically fill in login forms on websites or applications using hotkeys, preventing shoulder surfing or keyloggers from obtaining their passwords.
Robust export/import options—Allows users to export their data to various formats, including TXT, HTML, XML, and CSV, or import from other password managers.
Plugins—Users can enhance KeePass's functionality by installing plugins, such as browser integrations, password strength reports, and database synchronization tools, streamlining their password management process.

KeePass also supports password groups, tags, and search functions for better organization and quick access to specific credentials.

Proton Pass

Proton Pass's 256-bit AES-GCM encryption ensures user data remains secure and private. Independent security experts regularly audit the service and make the reports publicly available, adding transparency and credibility to the service's security measures.

Other notable security featuresinclude:

Pass Monitor—Proton Pass scans the dark web to check if a user's email address and password combinations have been compromised in any data breaches. It then alerts users to change their passwords, helping them avoid reusing compromised credentials.
Passkeys—Secure password alternatives that protect users against phishing and data breach risks by generating a unique login code for each service they use. Users can enable passkeys for services that support it instead of using their password.
Email aliases—Users can create unique, disposable email aliases for each online account, minimizing the risk of spam and identity theft.
Secure password sharing—Proton Pass allows users to share passwords with friends or family through a secure link. Users can set an expiration date or revoke access at any moment.

Users can autofill passwords, forms, and two-factor authentication passcodes on supported desktop and mobile devices with the Proton Pass browser extension.

Not Sure About Using Open Source Password Managers?

While open source password managers provide their users with opportunity for involvement and custom development, not everyone has the time or skills to fully benefit from this option. Proton Pass and Bitwarden bridge that gap, offering a streamlined service that combines features of open source and closed source software.

Users who are interested in fully supported password managers with out-of-the-box features might explore the following password managers:

Many browsers, including Edge, Firefox, Chrome, and Safari, come with built-in password management features.

An illustration of a person popping out of a laptop screen and carrying a bag with stolen credentials — *Source:* *s7akti*

Leverage Virtual Cards To Enhance Security Online

Password managers excel at protecting passwords, payment card data, and other sensitive information in their password vaults. However, they can't protect your data when you share it online. For example, if you use your card details to make a payment online, and the e-store platform suffers a data breach, hackers could steal and misuse your sensitive financial information.

To reduce the risk of card fraud when shopping online, consider using virtual cards. They come with a randomly generated 16-digit card number, expiration date, and CVV you can use at checkout, shielding your actual card details from potential theft.

If you're looking for customization features in addition to robust security, opt for an independent virtual card provider like Privacy.

Secure Your Financial Information With Privacy

Privacy is a BBB-accredited service provider that allows you to generate virtual cards after connecting your bank account or debit cards to your Privacy account. You can use Privacy Cards instead of your regular payment cards, knowing that your underlying financial information is safe in case of merchant server breaches.

As a PCI-DSS-compliant company, Privacy employs strict security measures to safeguard your financial details. It employs AES-256 encryption to secure your data in transit and at rest, and it uses firewalled servers to protect against cyber attacks. You can also enable two-factor authentication via email, SMS, or authenticator apps for your Privacy account.

Privacy Virtual Card Types and Their Features

Privacy lets you create three types of cards:

Card Type	Features
Single-Use Cards	These cards are designed to become invalid shortly after completing the first transaction. They're ideal for one-time purchases on unfamiliar websites and those you don't plan on visiting again.
Merchant-Locked Cards	These cards "lock" to the first merchant they're used at and can only be used for transactions with that specific vendor. They are ideal for subscriptions and shopping at your favorite online stores.
Category-Locked Cards	These cards limit transactions to a specific merchant category, like groceries or travel, and block charges outside that predefined category or above the limit. They're useful for budgeting and managing expenses for specific categories.

Privacy allows you to pause or close your virtual cards, stopping further charges. You can also set spending limits on your Privacy Cards, and Privacy will decline transactions that exceed the authorized amount.

A cropped photo of a person in a white dress shirt, holding a payment card in one hand and a smartphone in the other — *Source:* *Tima Miroshnichenko*

Additional Convenience Features for Smooth Card Management

To facilitate seamless card management, Privacy offers the following convenience features:

1Password Integration—Privacy integrates with 1Password, allowing you to create and manage your cards within the password manager’s browser extension.
Privacy App—Available for Android and iOS devices, the mobile app lets you manage your cards, monitor transactions, and set limits on the go.
Privacy Browser Extension—Compatible with Edge, Chrome, Firefox, Safari, and Safari for iOS, this extension generates virtual cards on demand and autofills your payment details for faster checkouts.
Card Notes—Add helpful notes to each card, such as the merchant's name or the next date the card is expected to be charged.
Shared Cards—You can share Privacy Cards with family members or trusted friends, giving them access to the funds while maintaining complete control over the card and any spending limits you've set.

How To Join Privacy

To get started with Privacy, follow these four steps:

Sign up for a new account
Provide the required information to verify your identity
Connect your Privacy account with a bank account or debit card
Request and generate your Privacy Cards
‍

Privacy offers four plans:

Plan	Features You Get
Personal	Free for domestic transactions, this plan comes with 12 new cards each month. You can generate Single-Use and Merchant-Locked Cards, pause or close cards, set spending limits, and access the mobile app and browser extension.
Plus	At $5 per month, this plan includes all Personal features and lets you generate 24 new cards every month. You get access to Category-Locked Cards, custom card notes, and the Shared Card feature. You also gain access to Priority support and Live Chat, available Monday through Friday, 9 a.m. to 5 p.m. ET.
Pro	The plan costs $10 per month and comes with more cards—36 new cards each month. It also includes fee-free foreign transactions and a 1% cashback on eligible purchases of up to $4,500 per month.
Premium	Costing $25 per month, this plan includes everything in the Pro plan and comes with 60 cards per month.

References

^[1]Apple. https://www.apple.com/newsroom/pdfs/The-Continued-Threat-to-Personal-Data-Key-Factors-Behind-the-2023-Increase.pdf, Sourced September 4, 2024

^[2]KeePass. https://keepass.info/features.html, Sourced September 4, 2024

^[3]KeePass. https://keepass.info/help/base/security.html, Sourced September 4, 2024

‍

Privacy — Seamless & Secure Online Card Payments

Checkout securely online by creating unique virtual card numbers for every purchase. Avoid data breaches, unwanted charges, and stolen credit card numbers.