16 hours
You must log in or register to comment.
10 minutesIf anyone needs an alternative in a hurry and can’t be bothered to self host feel free to use https://pass.bitnet.dev/
I spun this up for me and my family but I don’t mind sharing with my extended online friends
You can also DM me if you want some space in our nextcloud instance, I’m pretty limited right now but I’m planning storage expansion pretty soon
Boy am I glad I self hosted … but sadly this means they’ll likely put a stop to that too eventually
- kepix@lemmy.worldEnglish2 hours
free tier is totally fine for 99% of people. if i want a cloud, i pay for a cloud. hike was totally forseeable. its an ass move tho to birry info in a blogpost noone ever read.
I get an email very close to renewal.
Not a great move in terms of transparancy. :/
- uuj8za@piefed.socialEnglish6 hours
Yeah, not handled well. They’re doing slimy corpo bullshit.
On the other hand, I like that they’re open source and don’t block stuff like vaultwarden.
I hope they can take the extra money and make the product better. Cuz I definitely don’t love Bitwarden, but it’s a better alternative than 1Password.
- palarith@aussie.zoneEnglish3 hours
On the other hand, I like that they’re open source and don’t block stuff like vaultwarden.
YET
Quite easy to fork the client.
Getting it to install through the various stores? Probably not.
- TotalCourage007@lemmy.worldEnglish4 hours
Better off using keepass or literally a Linux hosted Notepad at this point.
Lol for years I have been wanting to switch from KeePass to Bitwarden. Mainly cause the UX/UI felt nice to me.
My initial hesitance was that I didn’t love the idea of my passwords being on someone else’s servers. But I found out about Vaultwarden. So I kept my eye on it’s development and longevity. Now that it’s well established, I’d say I trust it now. Next I figured out a way to selfhost without exposing Vaultwarden to the public. Everything seems to be lined up for me to switch.
A few months ago, I decided it was time. After moving my passwords over and getting a flow working, I went to sort by most recent… Oh wait. You can’t sort by date. You can’t sort lol I sat with this for a few hours and reverted back to my trusted and working KeePass flow.
EDIT: This is one of the most voted feature requests. Also, it’s just table stakes! It’s crazy they don’t have this feature 😂
https://community.bitwarden.com/t/sorting-options-by-date-of-modification-addition-last-use-etc/2484
- 7 hours
Can someone please help me understand why you would want to have your passwords in the cloud? I’ve been using Keepass for about the past 15 years. I always just sync the db between computers/mobiles. Its never been an issue. Is having it in the cloud really that big of an advantage?
Not interested in selfhosting and risk a data breach.
It’s imple: Who is better equipped to combat a hack? You or Bitwarden?- HubertManne@piefed.socialEnglish4 hours
convenience. its integrated into the browser and easy to get going. I personally use it for “unimportant” logins. Mainly things that are not government or financial or such. My improtant ones I keep on an external drive that I only pull out for when im doing that type of stuff.
- WolfLink@sh.itjust.worksEnglish6 hours
Natural disaster -> no longer can access everything you have online, including bank and insurance accounts, at precisely the time you most don’t want to deal with that.
- 6 hours
Pretty much this. Cloud storage isn’t perfect, but it sure does make proper 3-2-1 backup hygiene easier. 3 backups, on 2 different mediums, 1 of them off site. Cloud storage accomplishes both the 2 and 1, because it is both a different medium and off site.
The fact that you can automatically sync remotely is a big bonus too, because off-site backups historically have a problem where they fall out of date without active attention. For instance, if you have a tape backup system stored in a warehouse across town, those tapes are only as up-to-date as the last time you took the time to drive across town and update them. But with cloud storage, you can automatically sync your folders to keep things up to date in near real time. Plus, your traditional off-site backup is only as secured from things like natural disasters if you’re willing to travel fairly long distances to make them. Those tapes in a warehouse across town won’t survive if the entire town is hit by a natural disaster like a wildfire or flood.
For instance, maybe I make an update on my laptop, and then want to access it on my phone. Even with SyncThing, my laptop and phone won’t sync with each other unless they’re able to find each other on the same network. If I’m not on a trusted network at the time, (e.g. I’m at work on my employer’s WiFi, or traveling and using hotel WiFi) that makes syncing difficult. But with cloud storage, they can both essentially use that as a relay. My laptop updates the cloud, and then my phone pulls that update. Now both devices are up-to-date without actually needing to discover each other on a trusted network.
- 2 hours
I’m currently (for the past 5 or six years) using a nextcloud server (remote) where I store the master. My desktop is typically where I make changes but sometimes on my mobile devices. No mater where I edit the database it gets synced. Knock on wood, but I’ve never had as issue.
- Trilogy3452@lemmy.worldEnglish6 hours
You can have both and keep a local copy via export once in a while. If the cloud goes down the also most likely your bank website. If you’re talking about other types of secrets then the first sentence will apply
- Clay_pidgin@sh.itjust.worksEnglish7 hours
It’s convenient, but not much moreso than keeping the encrypted file in your google drive or whatever and pulling it down once in a while.
- nutsack@lemmy.dbzer0.comEnglish6 hours
I’ve tried storing encrypted blobs including a keepass database on Google drive and I always end up with hundreds of conflict copies
- FauxLiving@lemmy.worldEnglish4 hours
Put the keepass database in a folder and use syncthing to sync that folder.
I just run syncthing on every device that needs my password and they all always have an up to date copy of the database.
- Clay_pidgin@sh.itjust.worksEnglish53 minutes
What do you use to encrypt the files to begin with? For apps that don’t have an encrypted backup option built in.
- FauxLiving@lemmy.worldEnglish4 minutes
Keepass encrypts the database with AES-256 by default so there is already a layer of encryption protecting your passwords.
If you use keepass and want to use a third party service to store your files there’s a way to setup an untrusted mirror which will encrypt the files before sending it to that client. That way you still have your files elsewhere (often on a VPS, seedbox or other host) but that host doesn’t have the unencrypted sync folder just in case you decide to put non-encrypted files in there too.
- shiftymccool@piefed.caEnglish13 hours
Get yourself a mini pc or old laptop and control your own future: https://github.com/dani-garcia/vaultwarden
- guy@piefed.socialEnglish12 hours
Would love to selfhost. However, I have no trust in my skills to secure my device in the same manner as a provider, and I do not wish my database to be compromised.
- Lucid5603@lemmy.dbzer0.comEnglish31 minutes
This might be a good option for you: https://elfhosted.com/
Use Tailscale. Don’t expose the port to the public. You’re good to go. On iOS, the Tailscale app allows for on demand joining of your Tailscale network (when you’re off from your home network for example). This makes it easy. On Android it’s not as direct, can use Tasker to achieve this, it’s not great. But there’s a feature request on their repo too.
Alternatively, there’s Netbird which behaves similarly. I haven’t tried it, but have read good things about it.
Neither are US based as well if that’s a concern for you. Tailscale is Canadian, and Netbird is German. Netbird is completely open source. With Tailscale, the CLI and Android apps are open source, and there’s an open source alternative to the control server called Headscale. But honestly, using their free tier is probably enough (for both services).
- XLE@piefed.socialEnglish6 hours
Would you be okay with synchronizing only when you’re on your own Wi-Fi network? If that’s the case, you don’t have to try exposing anything to the Internet.
You can also purchase a server online to install it on, but you’re going to get saddled with some kind of monthly fee there.
- boonhet@sopuli.xyzEnglish4 hours
Plus you’ll still have to pay at least some attention to security if you get a server.
- guy@piefed.socialEnglish10 hours
I have used KeePass, but Bitwarden is far more convenient when you have different devices
- village604@adultswim.fanEnglish8 hours
There’s a plugin that lets you store your database file in the cloud to solve this. Although I only used it for work because I use ProtonPass.
I’ve had my VPS exposed to the internet for a while and never been pwned. No professional experience. Use SSH keys, not password authentication. Use FDE if physical access is in your threat model. Use a firewall to prevent connection on internal-only ports.
Vaultwarden will store your passwords encrypted (obviously) so even if your database does get stolen, the attacker shouldn’t be able to read your passwords without your master password.
- ComradeMiao@lemmy.worldEnglish12 hours
I never get this excuse except for ignorance (not being mean to you)—you can export your entire db as a text file then encrypt it if you wanted. Also, if your server goes offline its offline first on all devices
- guy@piefed.socialEnglish12 hours
I mean that I don’t have the necessary knowledge to make sure no one can get into my network and server, and having my entire life thus possibly vulnerable is too risky. Heck, I can’t even get Caddy to work properly.
- 9 hours
Right there with you! Selfhosting Vaultwarden would be cool, but I barely know what I’m doing. I trust Bitwarden’s security knowledge and abilities way more than my own.
- 12 hours
My view on this is that I also do not trust a company to properly secure something so if it’s going to be a hack job I might as well attempt it myself!
- guy@piefed.socialEnglish10 hours
Understandable! However I’d rather have the provider tell me that they were hacked and my data compromised than me being hacked and never finding out because I have no clue to look 😆
- AbidanYre@lemmy.worldEnglish5 hours
Unless you go out of your way to make it available to the internet, it will only be available on your local network, and you’re a much smaller target than the cloud provider.
- 6 hours
Yes, it includes things like a TOTP manager, text file storage, family sharing, etc… Nothing super groundbreaking, but it’s some quality of life stuff that plenty of people have been happy to pay less than a dollar per month for.
20$/year is still cheap compared to other password managers, but yeah, the lack of transparency is worrying.
- Sunspear@piefed.socialEnglish14 hours
Thing is, a large percentage of internet-connected users might have two or more devices. The simplicity offered by a cloud (be it hosted or selfhosted) password manager is a huge benefit.
And unless you’re already running a syncthing-like service for something else, setting it up just for a password manager when other services provide it out of the box, is not worth the hassle usually.
- 12 hours
Everyone has some kind of cloud service tho no? The database is encrypted so you can even sync it over googles cloud storage if you dont have nextcloud or syncthing.
- 11 hours
What? I think you dont understand at all how this works. The database of any password manager is an encrypted file. When you open your password manager and type in the master password it opens that file and decrypts its contents for you and only saves them to memory. It doesnt actually decrypt the file on the drive. When you close the application it doesnt need to be encrypted again. This is exatly the same for all password managers, the only difference is that with web based ones the database file sits on bitwardens server instead of on your harddrive. You are just changing the location of the database, nothing else. Keepass also automatically saves a backup version of the database to a location you can specify and even if you dont you still have better redundancy than with bitwarden because the file sits both in your cloud storage and on each of your devices.
only one password to rememebr as the keepass master key is the encryption key.
keepass database is just a file that you sync using dropbox/gdrive/onedrive/nextcloud/seafile/owncloud/etc.
I run mine on a free dropbox account. its faster to set up than downloading keepass…
IMO Keepass and Bitwarden aren’t exactly the same, as the latter has cross-device sync built-in.
- lagoon8622@sh.itjust.worksEnglish12 hours
I use one for work and the other for personal. They are both great, with slightly different convenience/security tradeoffs imo. Big fan of both, don’t know why it has to be one or the other for an OSS credentials manager
Edit: part of what you’re paying for with BW is first-class native apps
- AbidanYre@lemmy.worldEnglish1 hour
Big fan of both, don’t know why it has to be one or the other for an OSS credentials manager
On an individual level, you only need one or the other. But which one is best for you may be different than which one is best for me.
- Asetru@feddit.orgEnglish3 hours
Big fan of both, don’t know why it has to be one or the other for an OSS credentials manager
20 bucks are kind of a reason tho?
- lagoon8622@sh.itjust.worksEnglish3 hours
It is a reason, and a fine one. I certainly don’t pay for a subscription for my work stuff. I’ve told them we should have enterprise secrets management and shown them what that looks like. Not my problem anymore, and I have KeePassXC to handle everything I’m responsible for for work
- lastweakness@lemmy.worldEnglish15 hours
I can’t think of a reason to choose Keepass over Vaultwarden.
If you can’t selfhost, then you can have your keepass file in your personal cloud. Many basic cloud services are free and the password file itself is encrypted so the cloud provider can’t access your passwords.
- pulsewidth@lemmy.worldEnglish14 hours
The person you’re replying to already gave you one: it’s free.
Second: its not a prime target for attack like centralized, hosted webservices are. See: LastPass being cracked and people’s login data stolen… Twice.
Yes, it is cryptographically superior to LastPass, and attempts to design around their flaws - but the threat still exists because its a very tasty target on the open internet for cybercrime.
My little Keepass DB synched over personal VPN by Syncthing? Much harder to find a vector for attack. But it does require more moving parts and maintenance.
Each have their pros and cons.
I think you misread. Lastweakness was talking about Vaultwarden which is a 100% FOSS reimplementation of bitwarden that you self host.
- callmemagnus@lemmy.worldEnglish14 hours
Vaultwarden is open source: https://github.com/dani-garcia/vaultwarden
- lastweakness@lemmy.worldEnglish13 hours
Every pro you listed is applicable to Vaultwarden as well. But I assume you misread it as Bitwarden.
- halcyoncmdr@piefed.socialEnglish13 hours
Vaultwarden, self-hosted is free as well. And since it’s not using the Bitwarden infrastructure, you’re only as exposed as your own network anyway.
But you can still use all the standard Bitwarden apps and extensions on any device, you just need to point it at your server. Easy to set up for friends and family as well. No need to try and teach them about VPNs, setting up syncthing, etc.
- Telodzrum@lemmy.worldEnglish11 hours
I can’t think of a reason to choose Bit/Vaultwarden over Keepass.
- lastweakness@lemmy.worldEnglish13 hours
I realise now that I can think of one too. Which is that you don’t need to host it anywhere if you use something like Syncthing.
- besmtt@lemmy.worldEnglish12 hours
Bitwarden works offline. Obviously can’t save to the server, but reading from what’s already on your local machine works just fine.
- Mihies@programming.devEnglish12 hours
Isn’t it easier then just to use a (keepass) file? Also we carry phones around where we need secrets, too etc.
- lyralycan@sh.itjust.worksEnglish12 hours
I set up a simple sync service with FolderSync (similar to Syncthing) on Android for my family, that preserves their mobile files on a server hosted SMB share. Haven’t even looked at storage encryption though. You can’t underestimate a simple yet effective solution, sometimes so simple it flies under the radar.
- terabyterex@lemmy.worldEnglish12 hours
so is bitwarden. i dont get your argument here. bitwarden does a lot more for free than keepass
- Brickfrog@lemmy.dbzer0.comEnglish12 hours
The link is from February 1st, about a blog post in January. I clicked here thinking Bitwarden just raised their subscription price again haha.
- 15 hours
While the increase is not a huge deal because the total is still cheaper than alternatives, the thing that irks me is how they did indeed just announce it via a blog post titled “Bitwarden launches enhanced premium plan: Complete online security for everyone”. This reads like there’s going to be free, premium and premium+ at best, and “we are just adding more stuff to the premium” at worst, not implying a price bump, at least to me. I did not get my renewal email yet, so can’t confirm whether or not they don’t even mention the annual price, but rather just the monthly one. Another thing that kind of bothers me is that they list “Vault health alerts” as a new thing, while it’s always been there. While “Phishing blocker” just seems like a feature outside of the scope of a password manager.
All in all, double the price in exchange for x5 more storage and x2 more hardware keys is fine to me, but I hope they improve their communication and actually properly inform users of upcoming pricing changes.
I had my renewal email come through today. Here is what is says: Your Bitwarden Premium subscription renews in 15 days. The price is updating to $1.65/month, billed annually. As an existing Bitwarden customer, you will receive a one-time 25% loyalty discount for this year’s renewal. This renewal will now be billed annually at $14.85 + tax.
- ramble81@lemmy.zipEnglish9 hours
That’s the one I got too.
Just note if your company uses Bitwarden enterprise, you’re eligible for a free personal license. (Unless they changed that)
- orclev@lemmy.worldEnglish11 hours
Interesting. I also had mine come through but it had a different message:
Your Bitwarden Families subscription renews in 15 days. The price is updating to $3.99/month, billed annually.
Questions? Contact [email protected]
It seems there’s a few variants of the message depending on which product you have and not all of them mention the annual price.
- MagicShel@lemmy.zipEnglish16 hours
TBH, $10/year is a small price not to have to get my wife to change again after lastpass. She is not equipped to deal with enshittification.
- halcyoncmdr@piefed.socialEnglish13 hours
If you do any sort of self-hosting, take a look at Vaultwarden. All the premium functions for free.
Before my entire network setup changed recently for unrelated reasons… I had Vaultwarden running on my home server (TrueNAS) and a free Cloudflare account with a tunnel to my home server and a $5/year domain. Worked for my parents easily and no longer had to worry about the big infrastructure being targeted.
- MagicShel@lemmy.zipEnglish13 hours
Possibly but the main thing we find useful is the OTP generation. This means we can both use shared accounts without having to ask the other for a code. That’s probably an edge case, and not enough sites support it, but it’s really nice for the ones that do.
I doubt that is available in self-hosting but I’d be happy to be wrong about that. I have a raspberry pi serving up a couple of local things and I could register a domain if I had a use case for connectivity outside the house.
- halcyoncmdr@piefed.socialEnglish13 hours
That is totally available self hosted. Nothing is blocked. In fact that’s why I originally switched, reducing unnecessary monthly costs.
OTP codes for websites as well as all the MFA options for Vaultwarden itself. It also supports organizations, so you can share info between multiple accounts on your server. Emergency access, and even a web vault client.
Everything the paid Bitwarden does as far as I’m aware.
Worth pointing out that Vaultwarden refuses service when you connect to it without HTTPS, meaning wherever you host it you also need to set up some way of providing it with SSL certificates. As a newbie to self-hosting myself, this has tripped me up quite a bit.
