@ScottMortimer I'm always kinda sceptical about bitwarden.. just like any cloud-based password store, it just doesn't *feel* right to store your passwords on one server, it feels like you're giving too much power over yourself to the same entitiy

@metalune
Understand the concern, but just know that their security controls are probably better than yours. Do what makes you feel better.

@metalune @ScottMortimer you can self-host bitwarden, it doesn't need to be cloud-based

@XxAlexXx @metalune @ScottMortimer Or pass, and have a git repo wherever you want. Passwords are gpg-encrypted, how do others work? Do they actually store the passwords?

@taamas @metalune @ScottMortimer In Keepass, you have a master password and it will open a file inside your computer which is a database which contains all your passwords so you are the one with the control of your own passwords

@XxAlexXx @taamas @metalune @ScottMortimer Sounds like Safe in Cloud which uses the technique. But Safe in Cloud are not open source + it is based in Russia.

Anyway. Self-hosted Bitwarden from Bitwarden themselves or with bitwarden_rs, your data are stored on your computer. And on top of that, you have complete control over your data no matter where you are + be able to have shared items if you want to. Priceless 😊

@edgren @taamas @metalune @ScottMortimer if you don't like cloud solutions at all, then choose keepass. Nothing will go out of your computer if you choose it. Everything will be stored in the computer.
Main con being that everything is stored locally so if you lose your computer u lose all your passwords

@XxAlexXx @edgren @metalune @ScottMortimer Yo could backup and/or share the files with other devices where you need access to your passwords.

@metalune @ScottMortimer
This might sound strange but I store hints to my passwords, I never post passwords in password managers. So if my password is 'maxwell123' is type 'm123'

@ScottMortimer@infosec.exc Definitely my choice for some years now. 👍

@ScottMortimer im trying Kaspersky Password Manager, more affordable here in Brazil, was tempted to try self hosted passbolt, but they don't have mobile yet.

@ScottMortimer Hooray! Let's hope they shoot themselves in the foot and cause a mass migration to Bitwarden.

@ScottMortimer
I suggest KeePass for the users.

Works perfectly on Windows, Linux, Android and I guess Apple as well.

@ScottMortimer I find a combination of KeepassDX (or one of the many Keepass compatible open source softwares) plus Syncthing to sync my password db across all my devices works well. I have a "master" device that Syncthing won't change, and KeepassDX can merge dbs if you somehow get your db changed on two slaves at the same time. Auto fill works on the mobile app (mostly), and there is autotype in desktop and mobile app if the autofill doesn't work for you. No cloud.

@ScottMortimer glad I migrated from LastPass to Bitwarden last year, it was fairly painless to import. Had friends who had issues importing though.

@ScottMortimer Yup and the migration is supper easy and simple. Took me about 5 minutes following the instructions here: bitwarden.com/help/article/imp

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.