I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.
My questions are to those of you who self-host, firstly: why?
And how do you mitigate the risk of your internet going down at home and blocking your access while away?
BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.
Would you give me your password database? I promise to encrypt it!
No, because you’re not the supplier of a password manager.
A cloud password manager is a database with your passwords hosted on a stranger’s computer. Why wouldn’t I be just as trustworthy as any other stranger on the internet?
If you can’t see the difference for yourself, I won’t be able to show you.
There is no difference other than a shiny logo and a “contract” that promises you that the random stranger will take care. I promise that I will take care too.
If you still think there is a relevant difference, please tell me. To me, it looks like you don’t fully understand what a password manager stored on other people’s computers does.
Well they have an app for all the platforms i use, customer support, open sourced code, previous and existing customers that have experience and that recommend them freely, a track record of success, a verifiable business address, operations in a country whose legal system I recognise and offers me certain protections, the ability for me to pay using my preferred method of payment, and most important - not some willfully ignorant representative giving fallacious arguments against using a service.
If it was BitWarden where I can see the client side code … and there wasn’t a better option, quite possibly.
I give my ISP and many other places my BitWarden vault all the time and I just trust they’re not recording the traffic and trying to decrypt it.