Buttercup

Free & open-source password manager for Windows/Mac/Linux

Buttercup is a password manager for everyone - It's easy to use, highly secure and available everywhere. To top it all off, it's free and open-source! We've built Buttercup because we wanted something better for ourselves and have been lucky enough to be able to share it with our peers. Join us in making password management better.

Discussion
Would you recommend this product?
1 Review5.0/5
After some time using other password managers both in personal and professional environments, by colleague and friend Sallar and I decided that what we really wanted from our password managers didn't exist. There's no solution that, for free, offers credentials synchronisation across every platform with support for merge conflicts and a choice in hosting environments. For those and many other reasons, we built Buttercup: Buttercup is a cross-platform credentials manager that aims to make authenticating yourself on multiple devices as easy as possible. Being open-source, Buttercup draws strength from the community which helps to keep it up-to-date and secure. It’s also free. Using a cloud storage provider of your choice, you can host your password archive remotely so that it can be accessed from anywhere. Buttercup supports a wide range of services - most of which are free to use as well. Buttercup’s secure archives are encrypted with modern algorithms using very strict standards for password derivation, IV and salt generation and packing. Buttercup stores no user identifiable information and any offline storage of login information is always kept encrypted by the user’s master password. Buttercup's direction, in the long term, will be that of free software for personal use or within small teams. We want to support Buttercup full time, and for that to happen we aim to form a business model around licensing large-scale application of Buttercup to organisations that need shared credentials and tiered security.
@perry_mitchell Hi Perry, may I know the difference with bitwarden?
@naythiha_ @perry_mitchell took a look at bitwarden, haven't used it before and after looking at bitwarden's home page, it seems the biggest difference is that buttercup stores the data on local disk with option to sync with a third party cloud service, but bitwarden stores in their cloud. Vote for buttercup. I never used bitwarden so correct me if I am wrong.
@shantianyun Thanks Jerry. It's right. 🙂👍
@shantianyun @naythiha_ I also haven't used Bitwarden, but it looks quite nice. As I've always hosted by own cloud storage, having sync support with common *free* providers was a must. File storage makes it easier to either store offline or within a sync'd folder (Dropbox etc.).
@perry_mitchell Thanks Perry. 👍I have used 1Password with Dropbox but now on their cloud for some reasons. It's really useful to have a file. I intend to use free password managers for my employees who are not knowledge workers but they need credentials for the HR app like BambooHR for time off requests and messenging apps like FB Work Chat. 🙂
Well done guys, looking forward to iOS app and extentions (also, would be great if you release a SDK for third party apps integrations like 1Password does). Did you guys consider autofill security issue when designed buttercup? Lastpass had same issue a while back
Maker
@hadifarnoud Thanks Hadi. We already have extensions for Chrome and Firefox, and the iOS app is underway. @perry_mitchell can tell you more about the autofill security.
@sallar @hadifarnoud @perry_mitchell I am curious about the autofill security as well. @perry_mitchell Looking forward to hearing from you.
@shantianyun @hadifarnoud Of course. Form autofilling can be a serious security concern especially on fraudulent sites - stolen credentials is something we want to protect against. Currently we don't do any autofilling, but we allow users to select the credentials they want to be filled. This still isn't foolproof and would-be hackers could possibly still abuse the popup to gain secret information. This was going to be part of our browser extension refactor, but I've made it into a critical task here: https://github.com/buttercup/but... Right now I see it being of low risk, but of course you should check it out for yourself and make your own decision. We will be improving this area asap in the mean time :)
Looks nice, Electron?
@csaba_kissi Yes - Electron has been a fantastic tool to get us into the cross-platform area from first release. Similarly, we'll be using React Native for our mobile application to achieve a similar goal :)
A mobile app is planned? I'm on iOS
Maker
@oplante Yes! Absolutely. We are working on the mobile clients right now.
@sallar @oplante what's the progress for the mobile client? Any approximate release date?
@shantianyun @sallar @oplante We've only just commenced with the development, and crypto (with sufficient speed) is tricky. We'll announce an estimated date when we've made more progress :)
@perry_mitchell @sallar @oplante Great. Looking forward to your progress.
I will be testing your app with Keybase private folder, so I can share company password with my partners.
@francisperron That's really cool! I'm on keybase too. It's a great platform for sharing small files, and our archives are compressed and should remain quite small.