Vaultwarden is a nice self hosted bitwarden alternative
github.com/dani-garcia/vaultwarden
Some prefer using KeepassXC and sync the database between devices
www.ctrl.blog/…/keepass-vs-bitwarden-server.html
Comment on Concerns Raised Over Bitwarden Moving Further Away From Open-Source
solsangraal@lemmy.zip 2 months ago
so what’s the best pw manager?
anamethatisnt@lemmy.world 2 months ago
ilmagico@lemmy.world 2 months ago
+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox… or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.
Based on this news, I think I made the right choice back then when I decided to go with KeePass.
kill_dash_nine@lemm.ee 2 months ago
As someone who used to use KeePass, went to LastPass, and then Bitwarden (Vaultwarden), I finally got my non-tech literate wife to use Bitwarden. I’m concerned that KeePass might end up being more difficult if it comes down to it. I believe that KeePass had some sort of browser integration but it really has been a long time since I used it so who knows the current state. Curious how browser integration is today.
GhiLA@sh.itjust.works 2 months ago
The big issue isn’t using it, it’s syncing it.
User A used KeePass to order pizza and changed the Papa John’s(heaven forbid) password while they were at it, on their desktop.
syncing: “oh! This file changed! Neat!”
User B picks up their phone and wants to order Papa John’s at work. They try, but the password isn’t right. Huh. They check KeePass. No issues. They go to change the password because they think something is wrong.
(All the while, they never thought to see if syncthing had been woken up in the background lately)
They change the password, update KeePass,
syncthing opens later, goes: "Oh, hi, User B’s phone! I have a ne- Oh! You have a new password file too!!? Small world! I’ll take both!
Now there’s two files, two users who think they both made corrections to a password, syncthing thinking nothing is wrong, and someone has to now merge the newer KeePass file over the old ones by hand and realize what happened, but the bigger problem is, no one knows anything is wrong yet.
well, it’s just pizza.
As an example. Imagine an insurance app, or a banking app, or the DMV… It gets old.
ilmagico@lemmy.world 2 months ago
I use KeePassXC’s browser integration daily and it works pretty well with Firefox (linux), well enough that I’m not complaining, but I cannot compare it with Bitwarden cause I never used it. On Android I use Keepass2Android and works well with autofill, but again, I can’t really compare it.
Something tells me Bitwarden works better, just by virtue of being a commercially supported product, but I have no complaints with KeePassXC & Keepass2Android (KeePassDX works well on android too). Original KeePass desktop client was never great though.
winterayars@sh.itjust.works 2 months ago
Vaultwarden is Bitwarden–at least for now, this change may push them apart.
oaklandnative@lemmy.world 2 months ago
Proton Pass is open source and the company that runs it recently reincorporated as a Swiss non-profit to ensure their privacy mission can’t be bought out by venture capitalists etc.
ChillPill@lemmy.world 2 months ago
Keepass? No cross device support, you need to manage that yourself through something like Google Drive…
ilmagico@lemmy.world 2 months ago
What do you mean “no cross device support”? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available…
As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that’s a feature, not a limitation :)
hedgehog@ttrpg.network 2 months ago
Do any of the iOS or Android apps support passkeys? I looked into this a couple days ago and didn’t find any that did. (KeePassXC does.)
ilmagico@lemmy.world 2 months ago
From a quick search, Keepass2Android doesn’t have it, not clear if they’re working on it: github.com/PhilippC/keepass2android/issues/2099
KeePassDX similarly has an open issue, not clean when/if it will be implemented: github.com/Kunzisoft/KeePassDX/issues/1421
Good to know about Strongbox on iOS, though I’m on android so no bueno for me.
anamethatisnt@lemmy.world 2 months ago
Keepass2Android doesn’t have it yet, but seems to be working on it
github.com/PhilippC/keepass2android/issues/2099Strongbox seem to have their implementation done for iPhone
strongboxsafe.com/updates/passkeys/ilmagico@lemmy.world 2 months ago
I don’t use passkeys so I don’t know. Maybe I should research into passkeys, what’s the benefit over plain on (long, randomly generated) passwords?
solsangraal@lemmy.zip 2 months ago
lol that’s what i used before i switched to bitwarden-- didn’t have any complaints, but the database key file thing was kind of a pain
Marthirial@lemmy.world 2 months ago
Agh, gross.
winterayars@sh.itjust.works 2 months ago
Honestly, it’s Bitwarden right now. This move signals their intent to change that, though.
solsangraal@lemmy.zip 2 months ago
so the “no longer open source” means they’ll be moving to a saas model or something? i’m not super cybersecurity savvy but bitwarden is what i use
winterayars@sh.itjust.works 2 months ago
No, technically they already are SaaS company. That’s mostly how they make their money.
Also it should be noted “no longer open source” doesn’t mean they’ve done a “our code is now closed and all your passwords are ours” rug pull like some other corporations. This is a technical concern with the license and it no longer meets proper FOSS standards (in other words, it has a restriction on it now that you wouldn’t see in, for example, the GPL).
So by and large the change is very minimal, the code is still available, it’s still the best option. However, this does matter. It may be a sign of the company changing directions. It’s something they should get pushback about.
dustyData@lemmy.world 2 months ago
The SDK was never FOSS, and was never under the GPL. Hence why they can add the text mentioned in the article. You don’t get to change the text of a FOSS license to begin with. It isn’t unheard of for text like this to be part of proprietary software that integrates with and uses FOSS licenses.
That said, this is concerning, but whether it changes BW’s FOSS state is a matter of legal bickering that has been going on for decades.
sugar_in_your_tea@sh.itjust.works 2 months ago
From the update, it looks like they consider it a bug, which they’re working to resolve. Let’s see how they resolve it before jumping to conclusions.
Shirasho@lemmings.world 2 months ago
It means we have less insight on what they are doing with our passwords.
winterayars@sh.itjust.works 2 months ago
It doesn’t mean that in this case, except perhaps very indirectly.
solsangraal@lemmy.zip 2 months ago
great…