Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
My preferred password manager is Bitwarden, which is open-source and zero-knowledge (as in, if you lose your master password, even the company can't get it back for you, since they don't have any "master key" on people's password databases). Another solution is KeePass, which is as free and open-source as you can get (the risk is that you have to figure out cloud storage and sync yourself). Some people even use both in tandem, preferring one to back up the other in some doomsday scenario.
My preferred password manager is Bitwarden, which is open-source and zero-knowledge (as in, if you lose your master password, even the company can't get it back for you, since they don't have any "master key" on people's password databases). Another solution is KeePass, which is as free and open-source as you can get (the risk is that you have to figure out cloud storage and sync yourself). Some people even use both in tandem, preferring one to back up the other in some doomsday scenario.
With that said, it's a very good thought to make sure that the software you're using is actually secure before trusting it. Personally, I think it's safe to use GnuPG and KeePass/Bitwarden, which have all been audited by the likes of Cure53, but if you're really paranoid, you could always use a formally-verified implementation of your desired algorithm (many are supplied in HACL*, for example)... In this case, I use the term "formally-verified" to mean that the implementation is mathematically proven to guarantee the properties of the algorithm (i.e., there are no "bugs" that affect output at the implementation level)...