Comment on Concerns Raised Over Bitwarden Moving Further Away From Open-Source
Boozilla@lemmy.world 1 week ago
Goddammit. It’s getting to the point I’m going to have to figure out how to write my own app for this.
Snowpix@lemmy.ca 1 week ago
Boozilla@lemmy.world 1 week ago
Thank you for the update! I would like to keep using it. I’ve been very happy with Bitwarden both as a password manager and a TOTP authenticator. I have even recommended it to my boss as an enterprise solution for us to use at work, and so far we are planning on replacing our current password database solution with Bitwarden.
Unfortunately, with “enshittification” being so common these days, it was very easy to believe they were also going to the dark side. I will remain cautiously optimistic after learning it was a packaging bug.
Here’s a link to the post on X (yes, I hate X, too) in case anyone else is doubtful:
Snowpix@lemmy.ca 1 week ago
Yeah, I was worried about it too. I’ve become pretty cynical when it comes to everything becoming enshittified, but I’m hoping they stick to their word.
Humanius@lemmy.world 1 week ago
It shouldn’t even be that complex…
I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file. That could entirely be self-hosted with off the shelf open source applications stringed together.
All you’d need is a nice UI stringing it all together.
wintermute@discuss.tchncs.de 1 week ago
Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.
xthexder@l.sw0.com 1 week ago
I’ve done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.
LedgeDrop@lemm.ee 1 week ago
It’s the “stringing it all together” that could be problematic.
If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same “database” ). You need something smart enough to gracefully handle this or atleast tell you about it.
I did the whole “syncing” KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole “it just works” with self-hosted bitwarden.
HereIAm@lemmy.world 1 week ago
I see it as it’s easy to self host. But I’m not skilled nor rich enough to guarantee the availability of it. I don’t want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.
I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.
But I might have to reconsider if Bitwarden is going a different direction that what I’m paying for.
AsudoxDev@programming.dev 1 week ago
That is the bare minimum of a password manager like Bitwarden.
Boozilla@lemmy.world 1 week ago
Yup, thanks. Was thinking along these same lines.