For context, in my password manager I had tried formatting some of my entrees so that it would contain the usual username and password, but instead of creating whole new entrees for the security questions for the same account, I just added additional fields in the same entree in order to keep things a little more tidy.
I was not expecting that doing so would result in later being shaken down by Proton to pay even more money just to access the same few bytes of fucking text I had trusted them with. This is sleazy as fuck and I am dropping these idiots entirely.
Download BitWarden and be done with it.
Keepass is tried and true, I’m going back to Keepass.
Welcome back 👍
If you can, just self-host vault warden (compatible with bit warden and supported). Gets your data out of the cloud entirely.
I’m with you, but the hosted subscription is miles more secure than I can make my installation, and at $10 per year probably cheaper than the electricity to self host. Plus it supports the devs.
But I do make regular backups in case I need to migrate.
What is your backup process like? Still haven’t figured this one out. Not sure if it makes sense to export encrypted where I can only access My vault with the same account, or unencrypted but then leaving it open and exposed somewhere or in multiple places.
Unencrypted, and it stays local.
Your first point is debatable. You still have to trust them to be that secure, and you can’t verify that. If they are ever breached, it’s literally the worst case scenario. You can self-host their solution, but only in the enterprise tier (6$ per user per month). Also BitWarden is a target woth attacking, I am not. BitWarden hosts thousands of instances worthy of being attacked individually. A personal VaultWarden instance of “Mike and Molly Peterson” isn’t exactly an attractive target. I do think they are pretty secure, but a single mistake with these stakes can have immense consequences. LastPass was also breached repeatedly, with a similar buiseness model.
The second point about electricity wouldn’t be true in my particular case, as the server for self-hosting it is running anyway. Running VaultWarden or not doesn’t change the power usage noticably. Obviously this is different for someone who doesn’t just have a server at home running anyway.
Side note: I’m not actually running a personal VaultWarden instance, as my personal requirements are being met just fine with KeePass files. We do run an instance at work, but it isn’t world-accessible (internal access only).
I think their prices have increased, but it’s still a good deal
https://bitwarden.com/pricing/
Whats the price for though? Im cancelling my plan as all I ever used was OTP codes. The rest is free.
Apparently the price increase happened yesterday; I hadn’t heard anything about it until just now. Gave me the push I needed to switch to self-hosted vaultwarden in like 15 minutes. Very pleased with how simple the docker compose and export->import were. I’ll note that I’m running it privately on my local network, which I’m assuming should work fine as my devices enter that network semi-frequently and should keep everything synced up(?).
If you want a nice way to elevate the usability of your setup use Tailscale (or self-host Headscale) and run your devices on a VPN.
My devices are never not on my “LAN”, they maintain a VPN connection and access my local services as if they’re wired in. Remote pihole, multimedia streaming, password management etc are all covered by this one solution without needing to deal with reverse proxies and certificates.
Yeah, it’ll work fine. It syncs occasionally but you can also force a sync. Just make sure you backup somewhere (with an encrypted backup you can do it anywhere, even Google drive without privacy issues) incase of fire or wtv. If you’d like online access you could also setup wireguard with a route to it.
Giving money to yanks though
KeepassXC and syncthing, free and easy
1password if you want to give money to Canucks.
1password is decent nowadays I think, but for a long time it was apple-only nonsense, it’s proprietary and the web interface/app interface used to be confusingly different from one another.
Why are you suggesting self hosting vaultwarden instead of self hosting bitwarden?
Self hosting BitWarden still means it’s accessbile for them and/or from them.
You also have no way to audit their security from what I understand. VaultWarden is FOSS, if you want to, you can go check. And it does get checked by people with the competence to check this do every now and then.[Edit: I forgot that BitWarden is actually souce-available as well, while not being FOSS that’s still better than most solutions]. I just prefer full FOSS whenever possible. I prefer it not be a black bos I just happen to run on my own server.If you self host VaultWarden, the instance can just be not accessible from the internet, and only from behing a VPN. Obviously this is inherently much safer. If that’s possible with the self-host option I don’t know, but even just for licensing the local instance will have to be able to reach their servers (possibly be reachable from their servers, too). I did see they got an “offline deployment” option for air-gapped servers, but haven’t looked into what limitations that entails.
Additionally, you’re still within their licensing model. So for certain features you need to have a not-free account (like even just more than 2 people).
And like others said, VaultWarden is much lighter on resources in general and you aren’t limited in what you can and can’t do (users, collecitons, auth-options, …).
It’s much lighter on the resources while having the exact same functionality.
Bitwarden disables some features if you self host, even if you pay the $15/year.
You can even self host it… And easily export your data from their hosted solution to your own.
Bitwarden doesn’t do any of the stuff that makes proton pass extremely usable. You can’t easily manage logins and create them on the fly with custom emails in bit/vaultwarden. That is by far the most valuable feature of proton pass IMO, the seamless integration with simplelogin is just so damn convenient.
Bitwarden has an integration with simplelogin too. Enter an api key and it can generate random aliases on the fly.
Where? I can’t seem to find that option anywhere in my bitwarden app
Edit: NVM found it, it’s just hidden by several clicks before it’s an option.
You can do that in bitwarden