I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.

  • rhabarba@feddit.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    My questions are to those of you who self-host, firstly: why?

    Would you give me your password database? I promise to encrypt it!

      • rhabarba@feddit.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 month ago

        A cloud password manager is a database with your passwords hosted on a stranger’s computer. Why wouldn’t I be just as trustworthy as any other stranger on the internet?

          • rhabarba@feddit.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 month ago

            There is no difference other than a shiny logo and a “contract” that promises you that the random stranger will take care. I promise that I will take care too.

            If you still think there is a relevant difference, please tell me. To me, it looks like you don’t fully understand what a password manager stored on other people’s computers does.

            • el_abuelo@programming.devOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 month ago

              Well they have an app for all the platforms i use, customer support, open sourced code, previous and existing customers that have experience and that recommend them freely, a track record of success, a verifiable business address, operations in a country whose legal system I recognise and offers me certain protections, the ability for me to pay using my preferred method of payment, and most important - not some willfully ignorant representative giving fallacious arguments against using a service.

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 month ago

      If it was BitWarden where I can see the client side code … and there wasn’t a better option, quite possibly.

      I give my ISP and many other places my BitWarden vault all the time and I just trust they’re not recording the traffic and trying to decrypt it.