Thanks for all the comments. Currently I use KeepassXD/DX + Syncthing.
I hash my password with fingerprint on Android, keep a seperate database containing that one in another place for backup. Maybe thats stupid, but I cant type on a phone.
On Linux I use KWallet, store the Keepass password there, and have a shortcut fetching that password and inserting it into the Keepass wallet using KeepassXC. Works with one click too.
Problems
- all entries are either locked or unlocked
- to have autofill working, the app cant be killed (Android)
- also, all passwords need to be decrypted for it to work
I dont see that this is the best solution. Decrypted, maybe hashed metadata possible to detect autofill fields, and then selectively unlock the needed credentials, would be better.
No, it doesn’t. I just tested it. I restarted my phone to make sure Bitwarden is closed, Opened the browser and opened a website where I have an account. In the login mask where I was prompted to insert my credentials the little popup appeared and when I tapped on it Bitwarden opened. It wanted me to enter my Master-Password so I did just that and it opened the DB to offer me the entries for auto-fill. You can even set a preference to immediately lock the DB after a single use and to always prompt the Master-Password (+ 2FA (optionally)) if you want.
Edit: Hell, you could even make it completely sign you out after every single use so you’d have to re-enter your email address, Master-Password and TOTP for 2FA. Not even KeePass offers you that level of security because you don’t need a username for your DB.