- cross-posted to:
- privacy@programming.dev
- technology@lemmy.world
- cross-posted to:
- privacy@programming.dev
- technology@lemmy.world
If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.
You must log in or register to comment.
if you were looking for an excuse to torpedo this abomination, here it is. hosting this gargantuan stack just for an encrypted csv file? at least the client (electron) gobbles up RAM like it’s free while being bug-compatible with whatever chrome version was current half a year ago.
sadly, news ain’t great on the other side of the fence - keepassXC dev is all-in on vibeshitting; latest non-polluted version is 2.7.9.; works fine and the stuff they’re working on is pretty far from essential. some unknown folks forked it but who’s to say what their expertise is.
never thought I’d disable my autoupdate timers but here we are. keep your eyes open.
Can you explain the issues with KeePass? Or is there another thread?
damn I just migrated to bitwarden a few months back :(
You still have some time to decide which route to go. If you’re on the free version, stay there, but start looking for alternatives.
Proton Pass is an option. KeePass with Syncthing works great, but it is a dramatically different and more involved workflow.
I am using both, and deleted my Bitwarden account yesterday the moment I heard about this.
Also, I can’t suggest enough that you export all your credentials to an encrypted json file every now and then, and store it on an offline storage device. This is important.
Hey Login seems promising Free for private users, hosted in germany and end2end
Why the hell is anyone using anything other than KeePass?
I use vaultwarden in my company - need to share some passwords/group with specific other users etc.
Doesn’t keepass only work on a single device? Meaning that you have to handle syncing the database file yourself. I prefer selfhosting vaultwarden. Maybe these changes will make me migrate to something else but for now I’m very satisfied with vaultwarden and the bitwarden client.
Yeah, I just leave the file in a NextCloud sync directory. All my desktops and laptops download it automatically, and it’s trivial to download to my phone. As an added bonus, my fucking password manager isn’t exposed to the open internet where every hacker who finds it is gonna wonder what’s inside.
As an added bonus, my fucking password manager isn’t exposed to the open internet
WireGuard 🥹
At that point, is it really easier than NextCloud? I don’t have to worry about forgetting to disconnect and wasting my VPS’s bandwidth or ruining my ping for games. On PCs and laptops, the file is immediately local, and on mobile, it’s easier to download an updated version of the database than it is to mess with the VPN.
Vaultwarden will survive. Since the client is open source, once they close the API and break compatibility of the clients with Vaultwarden, the old version of the app can simply be forked and rebranded. I also do hope that the KeyGuard app will continue to support vaultwarden as well since if bitwarden closes the API and makes a breaking change, as is likely to happen, it will break KeyGuard as well, but it will still work with VaultWarden for some time.
The real issue is that many people who are using Bitwarden aren’t savvy enough to host Vaultwarden in a secure way. Many people are careless with things like secret keys and such and dont know how to properly secure a web facing app or a VPN into their local network. But anyone who self hosts should result learn those things anyway. This one just happens to be a particularly high risk since it contains all of your passwords for everything else.
Just learned about KeyGuard. But I dislike their LICENSE:
All Rights Reserved
This is why despite me self hosting some things I don’t rely on vaultwarden. I’m a flawed person and my family has no idea about anything. I don’t need to stretch my imagination very far to think of a handful of reasons why it would fail my situation. I’ll gladly pay for a password manager to not have to deal with that.
Same! I self host a number of things, but I just didn’t trust myself with something as important as this. I had been paying for bitwarden even though the free plan was sufficient, just to show support. But obviously not if they go this route. I will also gladly pay for a password manager to not have to deal with that.
This is really disappointing… I figured the open source nature of Bitwarden would save it from enshittification but as the author says, in the end, the company doesn’t need to keep it open source.
TLDR: Self-host Vaultwarden
I have nothing but good things to say about Proton Pass. Syncs across iOS, macos, PC & Linux, stores not just usernames & passwords, but short notes, product keys, & can generate temporary email addresses that can be disabled when they start receiving spam
Nothing is stopping Proton from doing the same thing next week. And seeing how many people lock themselves in to Proton (by using all their services, Apple style), they have a strong incentive to also do some “restructuring” and spike prices.
I just tested aliasvault and its pretty good. You can even just import your pre-enshitification Vaultwarden export file.
One thing I noticed though is that your entries must have a collection or else they don’t export. But close to easy as pie to leave vaultwarden behind with their Nazi CEO.
VaultWarden != BitWarden!
I know. Either way I’m out unless they fork.
VaultWarden literally is a fork, what are you on about?
VaiultWarden is a new implementation of the Bitwarden API. It started from scratch, never was a fork. It’s possible they (or other people) will fork the Bitwarden client.
Fork means they don’t share. But its not like that.
Are you a bot? It doesn’t seem like you understand what you’re talking about.
Keepassxc (linux, winblows, crapple) Keepassdx (AOSP, spydroid) Keepassium (SpIOS)
Time to recommend alternatives?!
Proton Pass is a valid option.
Nothing has beaten KeePass for me so far. It takes a bit of setting up if you want your database to sync among all your devices, but in other aspects it’s perfect for me
EDIT: In case you’re curious, I use KeePassXC on PC, KeePassDX on Android, and Syncthing to sync the database.
Don’t know if it has changed but there was a reason I went to vaultwarden. Syncing was a pain it is probably better now but not looking to go back.
What drove me (and my family) from KeePass to Bitwarden was the family sharing and survivor access.
Until KeePass supports these it’s not really up to par with Bitwarden.
Especially digital legacy management is a must have for a well rounded password manager.
keepassXC supports passkeys though.
Same setup here, can recommend.
The author wrote a guide to self-hosting VaultWarden
How vulnerable is a VaultWarden setup to splash damage from BitWarden enshittery? I would go absolutely ham on VaultWarden if it’s independant enough from this kind of move.
I’m already hosting VaultWarden locally and would also like to know. It seems like a project that could continue independently but I’d love to hear from someone with more information.
I mean, if you read the OP, it says at the end. The clients are Apache2 and can just be formed if the API starts drifiting.
Do I understand correctly that there is no way to implement SSO on the self-hosted version?
Cloud version is for businesses not people, for some reason. But selfhosted is free of course.
How is psono? I’ve been looking to do secrets correctly in my lab for a while and its name has popped up a few times.
Privacy oriented self-hosting survival guide, where can I find one?
Need a remind me bot rn
