I don’t have the self hosting maturity to share my db across my devices yet. I need to get on that.
Comment on You probably can't trust your password manager if it's compromised
COASTER1921@lemmy.ml 14 hours agoThese attacks are more around the encryption and all require a fully malicious server. It sounds like Bitwarden is taking these seriously and personally I’d still strongly prefer it to any closed source solution where there could be many more unknown but undiscovered security concerns.
Using a local solution is always most secure, but imo you should first ask yourself if you trust your own security practices and whether you have sufficient hardware redundancy to be actually better. I managed to lose the private key to some Bitcoin about a decade ago due to trying to be clever with encryption and local redundant copies.
Further, with the prevalence of 2FA even if their server was somehow fully compromised as long as you use a different authenticator app than Bitwarden you’re not at major risk anyways. With how poorly the average person manages their password security this hurdle alone is likely enough to stop all but attacks targeted specifically at you as an individual.
chocrates@piefed.world 14 hours ago
W98BSoD@lemmy.dbzer0.com 11 hours ago
If it’s critical, don’t self host it. It’s not worth it.
I know people will argue; I just need something that works and that I don’t have to worry about patching.
AbidanYre@lemmy.world 13 hours ago
With vault/bitwarden the client handles that sharing for you.
philpo@feddit.org 6 hours ago
Personal recommendation: Start with a selfhosting support software like Casa, Yuno or (my recommendation) Cloudron. Start hosting the app there with frequent backups and occasionally export into regular Bitwarden as a failsafe.
And when you are comfortable switch over to properly self hosted Vaultwarden.
philpo@feddit.org 6 hours ago
Just adding: Passkeys do migitate a lot of these issues as well.