• Haha@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I’m interested in vaultwarden, what do you think about self hosting it?

        • Revan343@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I’ve never tried it, but from what I’ve read it isn’t too difficult; it is something I’d like to eventually get set up. I expect you’d want either a static IP address or a dynamic DNS service to access it remotely.

          You can also self-host the main bitwarden implementation, vaultwarden is just generally preferred because it’s much lighter-weight, mostly because it’s written in Rust instead of Typescript

        • redcalcium@lemmy.institute
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          It’s super easy to self host (assuming you’re familiar with docker), doesn’t take too much server resource, and will give you access to features normally gated behind bitwarden subscriptions. Way better then the official self-hosted version. The main disadvantage is while it’s open source, the code hasn’t been audited yet, which might be a deal breaker for people obsessed with security.

          • Haha@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Yeah I read it’s a bit double edged but would anyone ever want to audit a open source software that can Take over a paying one?… might just take the jump.

            • redcalcium@lemmy.institute
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              It’s actually starting to get common for open source password manager to get audit, often free of charge by a security company. Whether the project actually compete with a commercial project doesn’t seem to matter because the goal is to assess security.

              KeePassXC was recently audited for example: https://keepassxc.org/blog/2023-04-15-audit-report/

              1Password, another popular opensource password manager, has also been audited: https://support.1password.com/security-assessments/

              Bitwarden (including the selfhosted component) has also been audited: https://bitwarden.com/help/is-bitwarden-audited/

              So it’s not really strange for people expressing interest to get vaultwarden audited.

                • redcalcium@lemmy.institute
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  KeePassXC doesn’t do any cloud syncing stuff. If you want your vault to be available on multiple devices, it’s up to you how to achieve that (e.g. by putting the vault database file inside dropbox/gdrive/nextcloud, etc). Some people prefer this approach because they don’t trust centralized vault services.

                  1Password and BitWarden are competitors and offer largely similar services (e.g. syncing your vault across all devices you own). BitWarden paid service is cheaper though, so it’s more popular. Note that bitwarden free account is already good enough, the paid service offers some convenient features which actually pretty nice to have though, such as storing TOTP data in your vault.

                  VaultWarden is an alternative implementation of bitwarden server. If you’re into self-hosting and want to host bitwarden vault on your own server, you can install it in your own server. It implements almost all bitwarden features, even those that only available in the highest subscription tier.

    • redcalcium@lemmy.institute
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I have migrated to bitwarden years ago, but still curse myself why I didn’t immediately delete my lastpass account back then before the breach.

    • _number8_@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      using passwords you can remember instead of An8sdfd8h4indf!id8 just because it’s harder to brute force

      • TheFogan@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Passwords you can remember is a problem if you have multiple sites.

        While I love XKCDs HorseBatteryStaplerOkay! strategy… that works well for 4-5 passwords, if you have 20+ passwords you’ll pretty much wind up re-using, and if it turns out one of the 20 sites had garbage protection and gets fully hacked, any sites you used the same is also going to be vulnerable.

        Personally still gotta say go with keepass or bitwarden (selfhosted if possible).

      • Haha@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        It’s not just about the password you can remember it’s being able to patch your securities in case of a hack/malware or attack; Remembering a password is low on my list at that point

    • purplemonkeymad@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      If you are worried about people getting ahold of your vault if the company has a breach, then keepass and come up with you own system of syncing the file. It’s a local file so is always under your control.