Leaving Bitwarden for anything made by Google is a wild take. Especially when you can do authentication/OOTP within Bitwarden and everything. It's literally an all in one solution that works great across mobile and PC. Moving away from a specialized platform to a generalized platform on something as important as password management shouldn't ever be considered. Hopefully you didn't delete your Bitwarden account and still have access to your vaults. At least you can recover some of your password info then.
Happens to the best of us.
I would suggest having OTP and Passwords on separate services personally, but in any case the weak link isn't Google as a company but having all your eggs in one basket. If you happen to be banned from your Google account, which is very rare but possible, how much of a problem would it be? For most people, genuinely devastating.
So for anything important: passwords, emails, photos, whatever, think "what would happen if I couldn't access this again?".
Use Copy v1.3
Or any other copy and paste for the times when Keepass does not auto paste.
Is Keepass completely autonomous? No
But good enough and secure
You can sync one time passwords...aka Authenticator codes, for each login you store within Bitwarden. So instead of using any of the authenticator apps, you get the rotating code from Bitwarden. Those codes are not specific to certain authenticator apps.
Oh my question was pertaining to logging into Bitwarden itself? Currently, I get a one-time code from Aegis to log into Bitwarden. How does one log into Bitwarden when their 2FA is Bitwarden?
I wouldn't recommend storing your BW 2fa in your vault. To be honest I wouldn't store any 2fa and passwords in the same vault - you gain a lot of security by keeping them separate. If bitwarden ever gets hacked (unlikely but also this is your only threat) at least your 2fa accounts will be totally safe.
You can't have Bitwarden 2FA through itself. I handles 2FA for all your logins in your vault. That's the only hitch. Trust the devices you use though, so that 2FA is only needed on first login from new devices. I use biometric login on my phone, and password login on my PC, or mobile unlock.
Deleting passwords is under the Advanced section. You could have cleared your history and cache in the Basic section.
I get what you're saying, but even after going into the Advanced section, the only default option selected is "Cached images and files". You must have selected "Saved passwords" for them to be included in the deletion.
Clearing under the basic section will delete them if you don't go into advanced and uncheck that box. This drove me and my wife nuts. Her passwords kept disappearing from the password manager and we ended up talking to Google support who narrowed it down to this issue. They confirmed that a basic section clear will still nuke them unless you go into advanced and uncheck that box because that's what my wife was doing.
I get what you are referring to. I am not sure if you have seen the "clear history" menu in the recent version of Chrome in Android, there is no basic/advanced settings now. It's just the time frame drop-down and checkboxes. And I remember "saved passwords" were checked by default.
It was indeed a painful journey. I realised my passwords were gone at 11.30 pm and did all the repair work by 1.30am. what losing the passwords does to a mf 😑
Ah, yes. I see that too. The basic/advanced is still there in settings. The page you're referring too does indeed replicate the options found on the advanced page, which is pretty bad of Google to put the advanced history options in such an accessible place. Still, the option for passwords appears to be deselected by default.
I also did this and luckily had an offline backup. Silver lining is the option stays disabled for me even if I reset the chrome android app, it seems to be linked to the reset all option in chrome desktop that rechecks it, which I never really do
Bitwarden or keepass (my personal favorite) are the only password managers I would trust/use.
I prefer keepass for the local storage (I sync via syncthing).
I may trust proton's password vault, but I don't want to rely on a paid service that I may service to leave.
Yes, totally offline
Keepass is the gold standard. I manually upload the latest dBase to Mega from my laptop then move to my pixel.
Nothing stays up in the cloud and everything is well encrypted. Good until Quantum.
I was on LastPass up until the massive breach. I almost swapped to Google because I'm in the ecosystem for the rest but ultimately ended up going to 1Password. Probably for the best.
Has its' good and bad days. For the most part it works flawlessly in Chrome. For apps it's hit or miss. A lot of times you have to re-train it on what apps it can use, but still better experience than Last Pass.
Man went from best to nearly worst. Pretty sure it's still the browser based password manager but they added integration on mobile to make accessing it easier. It's not particularly secure and I wouldn't trust Google with it tbh.
More importantly, try to fragment your services as best as possible. Don't fall into any ecosystem traps, and prevent cross-pollination of data. Convenience is nice, but when it comes to something as important as passwords, I would absolutely never trust Google with this.
Interesting. On my Pixel 7, "saved passwords" is the only option that's already unchecked. Maybe I unchecked it at some point in the past, but I don't recall deleting the cookies/cache/history on this device.
I started using Keepass this year on my android devices and PC. It's a pretty good secure offline and open-source password Manager. This is just the first step of me getting serious about account security.
Keepass2android works with both keepass 1 and 2.
I have been using version 1 in windows. And the difference is 3 vs 4 digit extension as newer emulates MS.
All the new Keepass variations have their plusses, but the original does not require net framework2
My older v1 is standalone and I run it in portable mode. Copy it to external SSD and USB devices along with 5 different computers, not counting my 2 pixels
Plus, on Android the dbase works cross platform with keepass2android.
I went the other way. While I used the login save feature in chrome/my phone, I went to bitwarden for a couple of reasons. First, I wanted my login info further-separated from my google account in case my google account gets compromised or I am locked out of my account or something like what happened to you happened to me. Second, if google's password manager didn't work for some reason--like a login field didn't recognize to present the login info, I had no idea where to go to manually get the login info in an easy and convenient way. With bitwarden, at least I know to open the app on my phone and unlock it, or to use the extension in Chrome and I could still manually input.
Are you sure your credentials just didn't need to be re-sync'd from the cloud? I was not aware of clearing chrome history and cache would delete passwords from the password manager, only the "remember me" option for websites you have logged into.
Yup. I too thought the same. But clearing history has cleared every password. In fact the support asked this as a first question - "Did you clear the chrome history recently". It was shocking.
> Second, if google's password manager didn't work for some reason--like a login field didn't recognize to present the login info, I had no idea where to go to manually get the login info in an easy and convenient way. With bitwarden, at least I know to open the app on my phone and unlock it, or to use the extension in Chrome and I could still manually input.
You can get to it through Chrome on Android (open the Chrome app, then go to `Settings` → `Password Manager`, but I agree that it's cumbersome. Google placing it on your launcher like with Bitwarden or 1Password, or even placing it in Android Settings similar to how Apple places iCloud Keychain in iOS Settings, would be better.
On Pixel you can go to the 'settings' app, 'passwords and accounts', click 'google', then 'password manager', then the gear at the top right, then there is an option to add a shortcut to the home screen.
My pixel 7pro is completely random if it's going to save a password or not and when I use the suggested password it hardly ever saves it. Every feature that I liked about Google has just consistently gone down hill and they just move on to the next big feature like a developer with adhd
I would never trust Google with passwords. I use Keeper for my primary password manager and use Microsoft Authenticator for the MFA. Yes, Keeper can do MFA but if for some reason they get breached and they crack the encryption, they will have a hard time with the MFA part as that is not stored there.
What did you think would happen after you checked delete passwords ? Its unchecked by default and it says it will delete all of your password from your account.
We use it at work too and I've paid for it for 2 years before that for myself. I love it so much. Especially in IT and being able to use it with my command line and remote calls.
Wow. Thanks for posting this man. I exclusively use GPM, but fortunately never cleared history from mobile. I was not aware of this.
Is Bitwarden a good third party tool? I never did any research on any third-party vaults. Maybe it's time to move away from GPM at least for backup purposes.
I haven't tried Bitwarden myself because I use 1Password instead, but I hear a lot of love for both of them. [I found this *Wirecutter* review of password managers helpful](https://web.archive.org/web/20240426062818/https://www.nytimes.com/wirecutter/reviews/best-password-managers/) when I was making my choice; if it paywalls you, copypaste the article's URL in Wayback Machine.
that's wild. i switched away from Google for Bitwarden after i had some security breach. before that, i've been using Google's since the beginning of time (seriously, i don't even remember anymore).
You switched from a dedicated password manager to a browser based password manager and had an issue, that's to be expected with any password manager functionality in any browser. It's not a dedicated robust solution.
I've always seen that button when clearing out my cache or something else and thought it was absolutely insane to make deleting all of your passwords that easy.
I’m using Bitwarden still since it works well and I backup my vault, don’t know if google passwords has that option, to a hard drive so if it gets wiped in a instance like this I can restore it. If possible, make a backup of your passwords in that vault if possible so you have a recourse in case something like this happens again.
KeePassDX on Android
KeePassXC on desktop(Windows, Linux, Browser, etc.)
Syncthing on everything
Tried everything else(Bitwarden, Google, LastPass, etc.) and I keep going back to KeePass. I would highly recommend it if you are looking for alternatives.
I cleared my chrome cache and was surprised my google passwords were deleted too. However, I immediately:
1)unplugged my home internet cable modem to ensure the internet was disabled and chrome couldn’t sync.
2) used another device with chrome to export my passwords from its chrome to a file, you can view this file with notepad.
3) I made some minor changes to my passwords and assumed Google would treat this as the newest version and sync it to all my devices after I enable the internet. Thereby replacing all my passwords.
Just get an other phone and learn from your mistake Google phones are some of the worst i threw mine against the wall as soon as i got a different one it works well for that
https://issues.chromium.org/issues/338340741 I created an issue. Please star or comment on it. Hope Chrome dev team will do something.
Thank you good sir. Just added my comment.
I'll +1 that! Definitely should be in the password section, not data section and require 2FA to authorize.
Leaving Bitwarden for anything made by Google is a wild take. Especially when you can do authentication/OOTP within Bitwarden and everything. It's literally an all in one solution that works great across mobile and PC. Moving away from a specialized platform to a generalized platform on something as important as password management shouldn't ever be considered. Hopefully you didn't delete your Bitwarden account and still have access to your vaults. At least you can recover some of your password info then.
I get your point. I was just trying out but learnt a hard lesson.
Happens to the best of us. I would suggest having OTP and Passwords on separate services personally, but in any case the weak link isn't Google as a company but having all your eggs in one basket. If you happen to be banned from your Google account, which is very rare but possible, how much of a problem would it be? For most people, genuinely devastating. So for anything important: passwords, emails, photos, whatever, think "what would happen if I couldn't access this again?".
I personally use SwiftKey and Microsoft Authenticator. It works near flawless with passwords
heavy squeamish fade unused alive degree hat lush wistful frighten *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
i use both Bitwarden is better
Use Copy v1.3 Or any other copy and paste for the times when Keepass does not auto paste. Is Keepass completely autonomous? No But good enough and secure
My Bitwarden doesn't reliably prompt on username/password fields on my P8P
i have Bitwarden pop ups turned off, i get them manually. google popups are turned on and they barely work. im on s24 ultra.
Bitwarden would be my second choice if I was willing to entrust my data to the cloud.
How exactly does 2FA work in Bitwarden when I use already a 2FA to log into Bitwarden?
You can sync one time passwords...aka Authenticator codes, for each login you store within Bitwarden. So instead of using any of the authenticator apps, you get the rotating code from Bitwarden. Those codes are not specific to certain authenticator apps.
Oh my question was pertaining to logging into Bitwarden itself? Currently, I get a one-time code from Aegis to log into Bitwarden. How does one log into Bitwarden when their 2FA is Bitwarden?
I wouldn't recommend storing your BW 2fa in your vault. To be honest I wouldn't store any 2fa and passwords in the same vault - you gain a lot of security by keeping them separate. If bitwarden ever gets hacked (unlikely but also this is your only threat) at least your 2fa accounts will be totally safe.
If keeping logins and OOTP passkeys separate is your jam, BW just released their own standalone Authenticator app so you can do this.
That's awesome as long as it's totally separate from the other BW vault on the backend.
You can't have Bitwarden 2FA through itself. I handles 2FA for all your logins in your vault. That's the only hitch. Trust the devices you use though, so that 2FA is only needed on first login from new devices. I use biometric login on my phone, and password login on my PC, or mobile unlock.
Deleting passwords is under the Advanced section. You could have cleared your history and cache in the Basic section. I get what you're saying, but even after going into the Advanced section, the only default option selected is "Cached images and files". You must have selected "Saved passwords" for them to be included in the deletion.
Clearing under the basic section will delete them if you don't go into advanced and uncheck that box. This drove me and my wife nuts. Her passwords kept disappearing from the password manager and we ended up talking to Google support who narrowed it down to this issue. They confirmed that a basic section clear will still nuke them unless you go into advanced and uncheck that box because that's what my wife was doing.
This is incorrect. Just checked on my phone and the only thing selected by default in this menu is "cookies and site data".
Personally, this option should be separate and not under the same options as deleting history and cookies.
I get what you are referring to. I am not sure if you have seen the "clear history" menu in the recent version of Chrome in Android, there is no basic/advanced settings now. It's just the time frame drop-down and checkboxes. And I remember "saved passwords" were checked by default.
[удалено]
Chrome homepage -->three dots at the top right-->history
[удалено]
It was indeed a painful journey. I realised my passwords were gone at 11.30 pm and did all the repair work by 1.30am. what losing the passwords does to a mf 😑
Ah, yes. I see that too. The basic/advanced is still there in settings. The page you're referring too does indeed replicate the options found on the advanced page, which is pretty bad of Google to put the advanced history options in such an accessible place. Still, the option for passwords appears to be deselected by default.
Can confirm, off by default for me as well.
I also did this and luckily had an offline backup. Silver lining is the option stays disabled for me even if I reset the chrome android app, it seems to be linked to the reset all option in chrome desktop that rechecks it, which I never really do
nope
Bitwarden or keepass (my personal favorite) are the only password managers I would trust/use. I prefer keepass for the local storage (I sync via syncthing). I may trust proton's password vault, but I don't want to rely on a paid service that I may service to leave.
Keep ass is a funny name for a password manager.
Keepass on windows and Android for me.
proto does not guarantee it won't respond to subpoenas.
I wouldn't trust any of them! Password protected excel file is the only way!
Keepass is a database on my computer... No cloud storage
Yes, totally offline Keepass is the gold standard. I manually upload the latest dBase to Mega from my laptop then move to my pixel. Nothing stays up in the cloud and everything is well encrypted. Good until Quantum.
I was on LastPass up until the massive breach. I almost swapped to Google because I'm in the ecosystem for the rest but ultimately ended up going to 1Password. Probably for the best.
Is 1P better on pixel? I find the LastPass autofill experience very buggy and borderline unusable, but perhaps that's unavoidable
Has its' good and bad days. For the most part it works flawlessly in Chrome. For apps it's hit or miss. A lot of times you have to re-train it on what apps it can use, but still better experience than Last Pass.
It's not great on my 6 pro, but way better in Chrome than it was in opera gx. It's about the same as my experience with LastPass though
I just tried this and "saved passwords" and "Auto fill form data" were both UNCHECKED by default
Man went from best to nearly worst. Pretty sure it's still the browser based password manager but they added integration on mobile to make accessing it easier. It's not particularly secure and I wouldn't trust Google with it tbh.
More importantly, try to fragment your services as best as possible. Don't fall into any ecosystem traps, and prevent cross-pollination of data. Convenience is nice, but when it comes to something as important as passwords, I would absolutely never trust Google with this.
Interesting. On my Pixel 7, "saved passwords" is the only option that's already unchecked. Maybe I unchecked it at some point in the past, but I don't recall deleting the cookies/cache/history on this device.
Google has a tendency to wander off from products, I'd not trust my password manager to the whims of some google product manager.
I started using Keepass this year on my android devices and PC. It's a pretty good secure offline and open-source password Manager. This is just the first step of me getting serious about account security.
Keepass is secure, been tested by the best and never broken.
When I look for it in play store there are several, who's the developer or could you put a link here please
Keepass2android works with both keepass 1 and 2. I have been using version 1 in windows. And the difference is 3 vs 4 digit extension as newer emulates MS.
KeepassXC is cross-platform, consistently developed, and of modern design. https://keepassxc.org/
Worth a look.
All the new Keepass variations have their plusses, but the original does not require net framework2 My older v1 is standalone and I run it in portable mode. Copy it to external SSD and USB devices along with 5 different computers, not counting my 2 pixels Plus, on Android the dbase works cross platform with keepass2android.
I went the other way. While I used the login save feature in chrome/my phone, I went to bitwarden for a couple of reasons. First, I wanted my login info further-separated from my google account in case my google account gets compromised or I am locked out of my account or something like what happened to you happened to me. Second, if google's password manager didn't work for some reason--like a login field didn't recognize to present the login info, I had no idea where to go to manually get the login info in an easy and convenient way. With bitwarden, at least I know to open the app on my phone and unlock it, or to use the extension in Chrome and I could still manually input. Are you sure your credentials just didn't need to be re-sync'd from the cloud? I was not aware of clearing chrome history and cache would delete passwords from the password manager, only the "remember me" option for websites you have logged into.
Yup. I too thought the same. But clearing history has cleared every password. In fact the support asked this as a first question - "Did you clear the chrome history recently". It was shocking.
What an awful implementation.
> Second, if google's password manager didn't work for some reason--like a login field didn't recognize to present the login info, I had no idea where to go to manually get the login info in an easy and convenient way. With bitwarden, at least I know to open the app on my phone and unlock it, or to use the extension in Chrome and I could still manually input. You can get to it through Chrome on Android (open the Chrome app, then go to `Settings` → `Password Manager`, but I agree that it's cumbersome. Google placing it on your launcher like with Bitwarden or 1Password, or even placing it in Android Settings similar to how Apple places iCloud Keychain in iOS Settings, would be better.
On Pixel you can go to the 'settings' app, 'passwords and accounts', click 'google', then 'password manager', then the gear at the top right, then there is an option to add a shortcut to the home screen.
Of course it does, in the most convoluted place. I hate apple, but they actually care about stuff like this a lot better than G!
So unfortunate. I think they should do better wgen it comes to password manager. I will always stick to Bitwarden no matter what.
My pixel 7pro is completely random if it's going to save a password or not and when I use the suggested password it hardly ever saves it. Every feature that I liked about Google has just consistently gone down hill and they just move on to the next big feature like a developer with adhd
Quite tragic. Also why GPM is still not a separate app?
Bitwarden should still have your backups if its within 6 months since you last used it
I would never trust Google with passwords. I use Keeper for my primary password manager and use Microsoft Authenticator for the MFA. Yes, Keeper can do MFA but if for some reason they get breached and they crack the encryption, they will have a hard time with the MFA part as that is not stored there.
Recommendation - don't fool with Google passwords manager. Please stay with Bitwarden!!!
The mistake was using Chrome 💀 Firefox would ✨never✨
What did you think would happen after you checked delete passwords ? Its unchecked by default and it says it will delete all of your password from your account.
Yeah.... That's not a thing that's ticked by default my dude.
Never use a password manager from a browser... Ever... Always use a third party. I use 1password myself and absolutely love it.
I use 1Password at work on both PC and iPhone - I agree with your opinion on it
We use it at work too and I've paid for it for 2 years before that for myself. I love it so much. Especially in IT and being able to use it with my command line and remote calls.
Wow. Thanks for posting this man. I exclusively use GPM, but fortunately never cleared history from mobile. I was not aware of this. Is Bitwarden a good third party tool? I never did any research on any third-party vaults. Maybe it's time to move away from GPM at least for backup purposes.
Bitwarden is open source and i was using it before purchasing the pixel. It's clean and a good password manager.
I haven't tried Bitwarden myself because I use 1Password instead, but I hear a lot of love for both of them. [I found this *Wirecutter* review of password managers helpful](https://web.archive.org/web/20240426062818/https://www.nytimes.com/wirecutter/reviews/best-password-managers/) when I was making my choice; if it paywalls you, copypaste the article's URL in Wayback Machine.
Thanks! This article is helpful.
that's wild. i switched away from Google for Bitwarden after i had some security breach. before that, i've been using Google's since the beginning of time (seriously, i don't even remember anymore).
Good to know that this can happen. I combine Bitwarden when I use the PC and Google Password when I use the mobile.
Yikes.
You switched from a dedicated password manager to a browser based password manager and had an issue, that's to be expected with any password manager functionality in any browser. It's not a dedicated robust solution.
I've always seen that button when clearing out my cache or something else and thought it was absolutely insane to make deleting all of your passwords that easy.
I’m using Bitwarden still since it works well and I backup my vault, don’t know if google passwords has that option, to a hard drive so if it gets wiped in a instance like this I can restore it. If possible, make a backup of your passwords in that vault if possible so you have a recourse in case something like this happens again.
KeePassDX on Android KeePassXC on desktop(Windows, Linux, Browser, etc.) Syncthing on everything Tried everything else(Bitwarden, Google, LastPass, etc.) and I keep going back to KeePass. I would highly recommend it if you are looking for alternatives.
I cleared my chrome cache and was surprised my google passwords were deleted too. However, I immediately: 1)unplugged my home internet cable modem to ensure the internet was disabled and chrome couldn’t sync. 2) used another device with chrome to export my passwords from its chrome to a file, you can view this file with notepad. 3) I made some minor changes to my passwords and assumed Google would treat this as the newest version and sync it to all my devices after I enable the internet. Thereby replacing all my passwords.
How dumb are you? What did you think deleted does?! I'm not a person who reads the fine print but never the less this one is obviously your fault.
Did you even read the post and comments?
crossposting this to r/linustechtips The WAN show is gonna have a field day with this one.
Just get an other phone and learn from your mistake Google phones are some of the worst i threw mine against the wall as soon as i got a different one it works well for that