Buttercup is an open source password manager for Windows, macOS, Linux, Firefox and Chrome
There is no shortage in supply when it comes to password managers, but not all of them are open source.
Buttercup is a free password manager, which is open source and offers cross-platform support. Open source, at least in theory, gives everyone the opportunity to check the source code of applications or services to make sure they are clean, and to compile the applications manually.
Tip: check out Martin's review of his favorite password manager KeePass here.
ButtercupÂ is available for Windows, macOS and Linux, as a desktop application, for Firefox and Chrome as browser extensions and for Android and iOS. Every major operating system is supported by the password manager.
Buttercup encrypts the database in the .BCUP format using AES 256-bit CBC mode with a SHA256 HMAC (similar to what KeePass uses).
The best part about it is: you choose where the password vault is stored.Â The program does not store the password database in the cloud on company servers; options that it provides are to save the vault data locally on the computer or mobile device, or to save it online using one of the supported cloud services:
- Google Drive
So, privacy isn't an issue with Buttercup. But, for your own peace of mind, just make sure you have 2-factor authentication enabled on the cloud service you are using for the vault for that extra layer of security. Check out our Dropbox, Microsoft Account, and Google two-step verification guides.
The service supports popular third-party cloud providers as well as self-hosted solutions; the latter options are more difficult to set up but they provide better control.
How do we get started with the password manager? Desktop version or browser add-on? That's your choice. Click on the + button to add a vault, you can add as many as you want. Use one of the above mentioned options, to create a new vault. I chose to create one in Dropbox. Now to the vault.
Managing the vault
Buttercup can import an existing password database from the following programs/services.
- 1Password - .PIF
- KeePass - .KDBX
- LastPass - .CSV
- Bitwarden - .JSON
- Buttercup - .CSV
You can export your Buttercup database in the CSV format. Buttercup allows you to create groups which you can use to categorize your accounts.
Save logins (when you enter credentials)
Visit any website where you have an account and login, to see a "Save login" prompt. Doing so will allow the extension to store your credentials securely in your personal vault.
Save logins manually
To manually add an entry, open the vault, and click the "New entry" option. Enter the username, password, and URL in the respective fields and hit save.
Note: This wasn't working for me at all in the add-on. An issue on the GitHub page says that this was addressed recently. I tried re-installing the add-on in Firefox, and also tried the Chrome extension on Microsoft Edge Dev, but no dice. I tried this for a few days, and nearly gave up on this feature, but tried the desktop version to add new entries manually. It worked perfectly. This workaround might be a deal-breaker for some people.
This is the 2nd most important feature next to securely storing passwords in my opinion in any password manager. You need unique and strong passwords for each account, and Buttercups password generator delivers just that. It is available in the extensions and desktop programs.
Options that are available here include adding low and upper case letters, digits, space, and symbols, and you can also set the length of the password. I found the option to use "Words" (it generates random meaningless phrases) to be odd. Regardless of how bizarre the sentence appears to be I'd rather not have pronounceable content in my passwords; it may be an option if you need to remember the password though.
There are very few options in the program most of which are basic. You can use it to move logins from one group to another and for copying the password, username or URL to the clipboard. You can also store notes securely in Buttercup to protect them using strong encryption.
Note: Firefox warned me about the Buttercup installer saying "This file is not commonly downloaded."Â It probably has something to do with the program having few users.
Buttercup is not available in a portable for Windows and macOS yet, but a Linux version is available.
Buttercup Add-on + Settings
The add-on has options to create a new vault, open an existing one, a password generator; basically just like the desktop version. It does have a few extra features such as auto-fill to fill out login information automatically.
Click on the icon which appears in the username or password field and it opens a pop-up menu which lets you search for the entry you wish to use to fill the fields. The other invaluable feature is that you can set Buttercup to automatically lock the vault and define the time after which it should lock it.Â You can enable or disable a dark theme for the interface. And there's a Save option which you can set to show up when you fill up a form.
Buttercup mobile app
The Android app is bare-bonesÂ and only allows you add a remote archive. So, there is no way to create a new vault and store it on the device. It supports auto-fill and clipboard copying, however. I did not test the application for iOS.
Where it impresses
- The Buttercup add-on is brilliant, has a nice UI and is quite user-friendly. The option to store your vault in a location of your choice is good. The auto fill is handy too.
- The mobile app can be of help when you are away from your computer and wish to access your logins, but it cannot be used on its own.
- The desktop application is alright, but for one issue.
Where it falls short
- New entries aren't being saved by the browser extension.
- My major complaint is regarding the desktop program. While you can lock (close) an archive manually, there is no auto-lock option. So once you unlock an archive, it stays unlocked until you close it. This is a massive security risk, and I had to check the application multiple times to see if it was hidden. It is puzzling as to why the add-on has auto-lock, but the desktop version doesn't.
Yes, I know Buttercup is an electron based software, and I also know some of you love those. You can try the browser add-on if you want to, it's quite nice.
Buttercup's cloud service is quite similar to how I use KeePass across my devices. But I prefer the latter over any password manager, it's always been irreplaceable.
Buttercup is a cross-platform application that is pretty much available for every major system out there.Â The application has certain strengths such as the ability to store passwords locally or using cloud providers or self-hosted solutions. It falls short in the features department, especially the mobile Android version is lacking and not usable on its own.
The option to store the password database in the cloud may be useful but it is not a unique feature. Even services that don't support it natively support it to a degree provided that you sync data with your local devices.
All in all, it is an option if you are looking for a cross-platform open source password management solution.
Now you: which password manager do you use, and why?Advertisement