BUTTERCUP
Take full control of your passwords
Nick Peers reveals how to get started with Buttercup, a password manager that puts you firmly in control of your sensitive data.
Everyone needs a strong password manager, but you’re usually forced into one of two E camps: a local-only password manager that keeps your passwords off the internet, but causes friction when you want to access them on different devices; or a cloud-based password manager that works seamlessly across all of your mobile and desktop devices, but requires you to store your passwords online.
Given the rise in websites being hacked – parts of LastPass were compromised as recently as August 2022, although the company stressed no vaults were at risk, due to its zero-knowledge policy around master passwords – you’d be forgiven for being wary about trusting your vault to a third party.
OUR EXPERT
Nick Peers has over 1,100 pieces of secure information stored in his password manager. Clearly a clean-out is needed. Good luck getting him to actually commit to it.
One workaround is to use our favourite password manager, the open source Bitwarden, in a self-hosted environment. It involves a fair bit of work, though – the simplest option is to install Vaultwarden in a docker environment on your file server with reverse proxy and subdomain for full functionality. Alternatively, you could employ the services of this month’s featured password tool, Buttercup (https://buttercup.pw).
Buttercup offers you the best of both worlds: you can run it as a standalone password manager, but it’s also capable of being run on a mobile device (Android or iOS) and even as a Firefox or Chrome-based browser add-on. While your desktop and browser extensions can work with a locally stored file, you have to store your vault in the cloud if you want to access it on mobile devices, but you get to choose which service to use, while your password vault is wrapped in an extra layer of 256-bit AES encryption on top of whatever encryption is applied by your storage provider.
Get set up
Buttercup is supplied as an AppImage or Homebrew package. For the purposes of this tutorial, we’re choosing the path of least resistance, so head over to https://buttercup.pw and click Linux (AppImage) to download it somewhere suitable, such as your Home directory. Once done, right-click the AppImage in Files and choose Properties > Permissions tab (or just Properties in Ubuntu 22.10) to set the magic Allow Executing File As Program flag.
MIGR ATE FROM ANOTHER PASSWORD MANAGER
If you’re looking to switch password managers, the good news is that Buttercup can import from a wide range of services. There’s direct support for Bitwarden (JSON and CSV), KeePass (XML), LastPass (CSV) and 1Password (1PIF), plus generic support for CSV.
Sadly, things aren’t as simple as exporting your file and watching it magically import into Buttercup via Current Vault > Import. The developers are struggling to get this feature working properly (see https://github.com/butter cup/buttercup-desktop/issues/1017 for details), but you may have success with the following approach.
First, after attempting any platformspecific options, export your vault in CSV format. Then open it and reformat it so only four columns of data are kept: title, username, password and url, making sure those are the names in the first row (case-sensitive). Save the file and you should now be able to import it into Buttercup via the CSV (CSV) method provided.
One extra thing: with files containing hundreds of entries, you may find Buttercup keeps appearing to become non-responsive while importing the file – simply click Wait until it completes. Alternatively, split your file into multiple batches of, say, 300-400 logins and import them separately. On the downside, each imported file is placed in its own folder, and while you can move folders around quickly, you can’t move more than a single login item at once.