BitWarden
this post was submitted on 02 Mar 2024
282 points (96.4% liked)
Privacy
31876 readers
1 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
and/or Vaultwarden as a selfhosted alternative.
Vaultwarden is a great piece of self hosted server software, which meshes with Bitwarden software perfectly. And for people who can't self host, IMO Bitwarden gives you more than enough bang for your buck with their own hosting plans.
It's one of the few examples of software being open source and ethically making money regardless. (For comparison, Standard Notes has tried pretty hard to make sure non-paying users have an inferior experience even if they self-host literally everything.)
<$1/mo for bitwarden hosted premium is a no brainer for me
I was really disappointed about standard notes' plans. Took me forever to get everything set up to self host, only to find I couldn't even use markdown unless I bought a license? Silly.
load more comments
(1 replies)
I'm excited that the bitwarden phone apps are getting a brand new native version for ios and Android soon.
load more comments
(2 replies)
Tried, and not a fan of. The organizing features are kind of not what I expected. Sticking to KeepassXC for now.
I actually thought the organization stuff is pretty good, coming from keepassxc myself. The way we have it set up is that each of the members of our family all have VW accounts, and we have a common organization shared among us for stuff we all use (e.g. home devices). It's all in one installation, so it's pretty convenient. I don't think I can do the same as easily with keepass.
That being said, keepass is a really solid piece of software. I'd recommend it myself.
load more comments
(3 replies)
Is Keepass there? Good. Upvote.
Prefer KeepassXC but let's be honest, the best password manager is the only you actually use and keep using.
I would only use KeepassXC
Still using KeepassXC on desktop and laptop and KeePassDX on mobile.
I use Bitwarden for passwords. Just works so well.
KeepassXC and KeePassium for TOTP codes. I keep the database in the cloud but sync a key with Syncthing that’s needed to unlock the database on the devices themselves.
Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don't need to phone home to access passwords.
I do it exactly like that, except that im connected via vpn most of the time, since my pihole is also located in my lan
load more comments
(2 replies)
load more comments
(3 replies)
I like ProtonPass. It’s nice.
Same. The UI is pretty good and modern, they support TOPT and cards as well and the development is being done at a good pace.
load more comments
(1 replies)
Keepass + Syncthing is a great combination.
And with Syncthing's Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
the file is already encrypted so you aren't getting much more security
I also sync other stuff, so it's useful anyway.
And it hides file names and sizes by splitting things up, which puts one extra layer of difficulty for someone trying to find my passwords file to target. I have a much stronger password on the syncthing directory than my normal type-each-time password to open keepassxc.
KeepassXC & Syncthing
And I do keepassdx on Android, with a (phone-specific) database synced with syncthing
P.S. syncthing is fantastic: I hope more people consider hosting discovery servers and especially relays
load more comments
(1 replies)
I use keepass with my database on onedrive.
Then i connect every device to said onedrive account, copy the private key manually on each device that i need to use.
I secure my databse with said private key + a passphrase.
Might not be the best setup, but i feel like with passphrase+key i am secure enough to have the db file in the cloud.
you could encrypt onedrive with cryptomator
If you are into the command line, pass is also neat. You can even have your keys in a git repo and access it with a FOSS Android app (requires some dedication to set it up). It's very useful to feed passwords to scripts without hardcoding them in the source.
KeepassXC, Passbolt
KeePass for me. I keep my encrypted vault in my 2 factor encrypted gdrive. Get the best of both worlds. No traditional cloud that's a target for hackers and I have passes I can share across devices.
No mention of Enpass? Stores more than just passwords, can be synced locally over wifi or in the cloud without using Enpass servers.
It's not open source and they haven't had a security audit in a while AFAIK, I used to use it too but migrated to Proton Pass for these reasons https://discussion.enpass.io/index.php?/topic/404-security-audit/page/6/
load more comments
(1 replies)
KeePassXC my beloved
I really enjoy 1Password for easy vault sharing between family members. I was able to get my (not so technically literate) siblings and dad onto my family plan. Baby steps!
I love Dashlane, someone tell me why it’s bad.
I know they recently published the code for their clients, so that's a plus. But I can't find any independent audits for their architecture or clients.
While all mentioned options does have independent audits done.
load more comments
(2 replies)
Pass (Password Store)
Microsoft Excel file
Post-it notes on the monitor.
Under the keyboard for added security.
load more comments
(8 replies)
No love for Nextcloud Passwords or Passman? Both have plugins for Nextcloud and have Android Apps.
load more comments
(4 replies)
I've been using Proton Pass since it launched and I think it's really really good.
Positives:
- Nice integration with both desktop and mobile
- Integrated in the proton suite, which I was already using
- Allows you to generate an email alias for each login automatically. Websites will never have your real email and you can easily generate a new alias if one has been compromised
- Supports 2 factor authentication via TOTP, works really well
Negatives:
- No passkey support yet
- Free version only supports like 5 email alias
My favorites:
- Proton Pass
- Pros: Aliases, Proton integration
- Cons: No passkeys (yet), native desktop apps in beta
- 1Password
- Pros: SHH agent integration!
- Cons: Least open
- Bitwarden
- Pros: Most open, self hosting option
- Cons: least polished user experience
load more comments
(2 replies)
Vaultwarden
view more: next ›