Just about every centralized service will be breached at some point. At least they have a cybersecurity team and everybody got notified and can act accordingly. If you choose another just because they haven’t been hacked, it’s just a matter of time. I think they’re still a viable option, just be ready to react to notices like these.
Personally, I chose the self-hosted route, but that comes at the cost of maybe never knowing if you get breached until its too late.
I’ve never tried it, but from what I’ve read it isn’t too difficult; it is something I’d like to eventually get set up. I expect you’d want either a static IP address or a dynamic DNS service to access it remotely.
You can also self-host the main bitwarden implementation, vaultwarden is just generally preferred because it’s much lighter-weight, mostly because it’s written in Rust instead of Typescript
It’s super easy to self host (assuming you’re familiar with docker), doesn’t take too much server resource, and will give you access to features normally gated behind bitwarden subscriptions. Way better then the official self-hosted version. The main disadvantage is while it’s open source, the code hasn’t been audited yet, which might be a deal breaker for people obsessed with security.
Yeah I read it’s a bit double edged but would anyone ever want to audit a open source software that can
Take over a paying one?… might just take the jump.
It’s actually starting to get common for open source password manager to get audit, often free of charge by a security company. Whether the project actually compete with a commercial project doesn’t seem to matter because the goal is to assess security.
If you are worried about people getting ahold of your vault if the company has a breach, then keepass and come up with you own system of syncing the file. It’s a local file so is always under your control.
What is wrong with last pass?
All vault data has been stolen in the past, and while the data is encrypted, apparently the encryption is not strong enough and there are reports that some of the vault has been decrypted by hackers: https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
Just about every centralized service will be breached at some point. At least they have a cybersecurity team and everybody got notified and can act accordingly. If you choose another just because they haven’t been hacked, it’s just a matter of time. I think they’re still a viable option, just be ready to react to notices like these.
Personally, I chose the self-hosted route, but that comes at the cost of maybe never knowing if you get breached until its too late.
Which you recommend then?
I have migrated to bitwarden years ago, but still curse myself why I didn’t immediately delete my lastpass account back then before the breach.
Then I shall go to bitwarden
using passwords you can remember instead of An8sdfd8h4indf!id8 just because it’s harder to brute force
Bitwarden, or vaultwarden if you want to self-host it
I’m interested in vaultwarden, what do you think about self hosting it?
I’ve never tried it, but from what I’ve read it isn’t too difficult; it is something I’d like to eventually get set up. I expect you’d want either a static IP address or a dynamic DNS service to access it remotely.
You can also self-host the main bitwarden implementation, vaultwarden is just generally preferred because it’s much lighter-weight, mostly because it’s written in Rust instead of Typescript
It’s super easy to self host (assuming you’re familiar with docker), doesn’t take too much server resource, and will give you access to features normally gated behind bitwarden subscriptions. Way better then the official self-hosted version. The main disadvantage is while it’s open source, the code hasn’t been audited yet, which might be a deal breaker for people obsessed with security.
Yeah I read it’s a bit double edged but would anyone ever want to audit a open source software that can Take over a paying one?… might just take the jump.
It’s actually starting to get common for open source password manager to get audit, often free of charge by a security company. Whether the project actually compete with a commercial project doesn’t seem to matter because the goal is to assess security.
KeePassXC was recently audited for example: https://keepassxc.org/blog/2023-04-15-audit-report/
1Password, another popular opensource password manager, has also been audited: https://support.1password.com/security-assessments/
Bitwarden (including the selfhosted component) has also been audited: https://bitwarden.com/help/is-bitwarden-audited/
So it’s not really strange for people expressing interest to get vaultwarden audited.
What is the diff between keypads, 1password and vailtwarden?
If you are worried about people getting ahold of your vault if the company has a breach, then keepass and come up with you own system of syncing the file. It’s a local file so is always under your control.
Repeatedly have data stolen and data leaks. Fuck them. Also bait and switch to a one device or pay.
deleted by creator