Solved What is your preferred solution for password management on your NAS?

Currently reading
Solved What is your preferred solution for password management on your NAS?

NAS Newbie

Subscriber
456
89
NAS
DS220+, DS918+, RS1219+
Operating system
  1. Windows
Mobile operating system
  1. Android
I've read through @Rusty's Bitwarden/docker solution, but I was wondering if anybody else uses any other solutions for hosting passwords on their NAS? I'd like something that both my wife and I can access remotely, as right now we are one of those awful people who uses some variation of the same password for everything, and I'd like to put an end to that. However, I suck at remembering passwords, so I want to have them locked down but accessible on my NAS somehow. I prefer to host my own password vault on my NAS as I feel as though the true cloud-hosting options that are out there are prime targets for the bad guys.
 
363
94
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
Before Rusty's solution I was using KeePass and stored database on my NAS. Not ideal solution, but it was working for me.

Currently, I couldn't be more happy with my self-hosted Bitwarden. I recommend you that. You can also share it with your wife.
 

Rusty

Moderator
NAS Support
4,466
1,288
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
As @wwwampy said it is possible to use it with multiple users with no problem. BW is a password manager server, meaning that depending on your clients each can install bw client and register on your server to use it.

Also accessing it locally or remotely can be done by configuring it via reverse proxy.
 

Telos

Subscriber
1,919
637
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
Before Rusty's solution I was using KeePass and stored database on my NAS. Not ideal solution, but it was working for me.
FYI... There are docker images for KeePass. I haven't tried these.
 
385
78
NAS
RS820+, DS718+
Operating system
  1. Windows
Mobile operating system
  1. iOS
Will BW autofill uid/passwords on the computer and mobile device?
 

Rusty

Moderator
NAS Support
4,466
1,288
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Will BW autofill uid/passwords on the computer and mobile device?
Yes, it will. There are desktop (browser plugins), as well as mobile apps for it. I enter 0 credentials manually since using BW.
 

fredbert

Moderator
NAS Support
Subscriber
3,009
1,190
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Right, grabs helmet and ducks for cover, I use 1Password and it's not managed from the NAS. This might sound like an advert but it's just because I've used it for so long and had no issues (so far). I'd have looked at BW if I'd heard of it before and hadn't already got 1P setup with the family.

Prior to this I used SplahID on Palm OS and Mac, and it was a chore to keep synchronised. I migrated to 1Password after getting it in one of the software bundle sales about 10 years ago. Initially sync was local or WiFi to iOS, then I used via Dropbox (cos the 1P vaults were encrypted) and I could add items to a shared vault for my wife.

Since then I moved to the 1P family account (early sign-up got 7 users and 2GB storage) and now everyone has their own vault and we have shared vaults between my wife and me and each one of the kids, plus also a family vault ... helps to securely pass info since 'mum' is organised and manages us all :)

Don't use it just for passwords, all my software licences are in there and it's a TOTP app too.

We can still use local, WiFi and Dropbox within the various apps, if we don't want to use the 1Password cloud storage.

Cons:
  • the mobile apps have limited locations for vaults: local to them (un-sync), Dropbox, 1P cloud.
  • it uses a third party cloud, so trust is required ... though they are responsive to discuss their implementation and the security philiosophies behind
Pros:
  • subscription includes access to all apps (inc browser plugins) for all platforms for all users... no excuses for not using it.
  • price-wise it's similar to BW for what we use.
  • works well on Mac and is pretty good on PC too.
  • separate vaults for projects / whatever with access control.
The validation is that my family do use it, which isn't the case for everything I suggest!
 

Rusty

Moderator
NAS Support
4,466
1,288
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Fair point @fredbert. Personally, I haven't used a password manager before I got serious with BW. Now I can't live without it :D. Ofc the main benefit is that its all local, accessible to all devices and support multiple vaults/users. That's all that I need. Another benefit is that it's also not just a password manager so I'm considering moving some more data into it (considering there is no limitation to storage).
 
363
94
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
FYI... There are docker images for KeePass. I haven't tried these.
Yes, but I find BW much better, not to mention how easy it's working on mobile. KeePass is more complicated to use on mobile.
 

jeyare

Subscriber
2,035
665
NAS
Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
a logical algorithm in my head :cool: for every password creation.
But I need to check Rusty’s BW because my head is older every day and my wife sometime is asking me about - did you forget it? Especially during anniversary.
 

Telos

Subscriber
1,919
637
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
My main gripe w/BW is the incessant logins. I'd like this to run in the background, and to terminate on logout/shutdown/reboot. Presently it's all or none.
 

Rusty

Moderator
NAS Support
4,466
1,288
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
My main gripe w/BW is the incessant logins. I'd like this to run in the background, and to terminate on logout/shutdown/reboot. Presently it's all or none.
How do you mean exactly @Telos?
 
@Telos: would MFA remedy the problem you see with bitwarden?

For instance a YubiKey can be used easily registered in bitwarden and used with your desktop app and browser plugin. If you have a NFC enabled mobile phone, you can use a YubiKey NFC with your smartphone. An initial login on a device will become impossible without they YubiKey...
 

Telos

Subscriber
1,919
637
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
How do you mean exactly @Telos?
If I'm using Firefox. I have to re-enter the Master Password frequently during the day. None of the settings except "Never" prevents this (otherwise I need to leave Firefox open at all times). My Master Password is long and complex, so the need to re-enter it each time I close the browser is tiresome.

I prefer BW to run in the background of my PC and "lock" only when I lock my PC or log out.
 
363
94
NAS
DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. iOS
I prefer BW to run in the background of my PC and "lock" only when I lock my PC or log out.
So you manually copy username and passwords to your sites?
 

Rusty

Moderator
NAS Support
4,466
1,288
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
So you manually copy username and passwords to your sites?
Think its about opening up the bw initialy after a lock period has passed not about using accounts inside the vault.
 

Telos

Subscriber
1,919
637
NAS
DS418play, DS213j, DS3622+, DSM 7.1.4-11091
So you manually copy username and passwords to your sites?
No. I use the browser extension (but not autofill on page load). And deal with the lock parameter. The BW developer has stated previously that there is no option otherwise. Maybe Chrome's "run in the background" feature will solve this (IDK), but for Firefox, there is no option.

Other pwd programs have apps that run apart from the browser and their browser extensions communicate to the running program. But BW extension communicates directly to server, so the local Win app is relatively useless apart from vault management.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I've been running docker-ce via Debian as a host on VMM for a few weeks now and I have to say I'm very...
Replies
0
Views
440
A second example of a lower spec NAS working as a Plex server: Recently setup my old DS215j as a test...
Replies
19
Views
1,680
This is pretty much what I was trying to figure out with syno chat. I'll look into rocket chat. thanks...
Replies
4
Views
12,418
I know this is an older thread, but I have an update. I am now able to actually connect to the Synology C2...
Replies
4
Views
463

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top