Comment

Comment on Concerns Raised Over Bitwarden Moving Further Away From Open-Source

The big issue isn’t using it, it’s syncing it.

User A used KeePass to order pizza and changed the Papa John’s(heaven forbid) password while they were at it, on their desktop.

syncing: “oh! This file changed! Neat!”

User B picks up their phone and wants to order Papa John’s at work. They try, but the password isn’t right. Huh. They check KeePass. No issues. They go to change the password because they think something is wrong.

(All the while, they never thought to see if syncthing had been woken up in the background lately)

They change the password, update KeePass,

syncthing opens later, goes: "Oh, hi, User B’s phone! I have a ne- Oh! You have a new password file too!!? Small world! I’ll take both!

Now there’s two files, two users who think they both made corrections to a password, syncthing thinking nothing is wrong, and someone has to now merge the newer KeePass file over the old ones by hand and realize what happened, but the bigger problem is, no one knows anything is wrong yet.

well, it’s just pizza.

As an example. Imagine an insurance app, or a banking app, or the DMV… It gets old.

source

Sort:hotnew top

kill_dash_nine@lemm.ee ⁨3⁩ ⁨weeks⁩ ago
Ah yeah, the fun of how that works. I recall that I had previously set up WebDAV to try to simplify my source of truth but I think that was just with the original KeePass app, not KeePassXC. I also wasn’t trying to share passwords among multiple people but I do recall having issues when I was using Dropbox to sync to my phone since I would have to actually make sure Dropbox had updated the copy of the file which required me opening the app at the time.

source
ilmagico@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
I use KeePassXC on desktop and Keepass2Android on, well, android, and sync via nextcloud. They all seem to handle syncing correctly, merging changes made on one side, or showing a notification about a conflict, and KeePassXC can definitely merge the two “conflicted copies” together reliably with a couple of clicks (yes, a no-click solution would be better, I know, but it’s not “manual”). Keepass2Android integrates directly with nextcloud and seems to handle it fine.

The situation can definitely be improved but it’s not so bad for me. Also, two different people should probably use two different database files and not share passwords ;)

Not sure how syncthing handles conflicts, it’s been many years since I tried it.

source