Which password manager to use?
-
-
Ignoring the security aspect of it Bitwarden is responsible for hosting a fault tolerant, highly available web app.
They have redundant networking, redundant servers, load balancers, redundant databases.
While you could host this yourself to these tolerances it's work and it's not free.
If you're using your password manager to the fullest you have a different password for every resource out there. It's more than a minor inconvenience if you get locked out of your passwords.
Their service is dirt cheap and it's absolutely worth every penny.
-
Vaultwarden is perfect imo
-
-
I use KeepassXC on desktop, KeepassDX on my phone and keep it all synced with Syncthing. Works great
-
Is VW audited in the same way that BW is?
-
I hear good thing about Vaultwarden, but the web UI is horrible.
Vaultwarden's web UI is very confusing, especially the search feature. And it's difficult to move items between folders/collection. The desktop app is available as DEB/RPM package but without auto-update, which isn't great.
Fon now I'm sticking to KeepassXC because the app my distribution has a package for it and allows auto-update. The UI works well, and it has decent browser integration.
-
The data stored on Bitwarden's servers is completely encrypted though, which means a breach will not yield useful data, unlike the plain text storage for LastPass.
-
Vaultwarden is not to be used in itself you can for example use the bitwarden app but with your vaultwarden server
-
Really I don't know, surely a bit less but in my opinion, not that much
-
Yes I agree. I was just offering a counter to the statement that Vaultwarden isnt as safe as Bitwarden. They both are encrypted but my vaultwarden instance is a lot less likely to experience a breach than Bitwarden. The guys with real skill are going after Bitwarden not me.
-
You're right. I was referring to the bitwarden app above. See https://github.com/bitwarden/desktop
It's an electron app, and there's no auto-update solution for DEB packages (ie no DEB repo for apt auto update).
Some people are probably happy with it, but I prefer KeepassXC which is more lightweight (ie not electron based) and can auto update via APT.
-
Hackers have increased their focus on cracking password managers by extracting data from RAM and registry, compromising local and cloud storage.
-
I'm not completely sure, but doesn't Bitwarden encrypt all data before it reaches the server? That means the server implementation is a bit less important. I guess you probably don't want to be leaking even encrypted databases though since there is a chance they could be cracked.
-
3rded moving from LastPass to Bitwarden and never looking back. I got out when LogMeIn got in.
