If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.
Yeah I’m done with cloud providers for this shit, I’m going all in for Keepass
if you were looking for an excuse to torpedo this abomination, here it is. hosting this gargantuan stack just for an encrypted csv file? at least the client (electron) gobbles up RAM like it’s free while being bug-compatible with whatever chrome version was current half a year ago.
sadly, news ain’t great on the other side of the fence - keepassXC dev is all-in on vibeshitting; latest non-polluted version is 2.7.9.; works fine and the stuff they’re working on is pretty far from essential. some unknown folks forked it but who’s to say what their expertise is.
never thought I’d disable my autoupdate timers but here we are. keep your eyes open.
What do you mean by “gargantuan” stack? I have a single docker container for vaultwarden that was very easy to set up and it uses less than 100mb of ram.
Not sure about the client claims though. I haven’t really looked into it that much. Are you saying all versions of the client and extensions of BitWarden have issues?
This is really disappointing… I figured the open source nature of Bitwarden would save it from enshittification but as the author says, in the end, the company doesn’t need to keep it open source.
How will this affect vaultwarden? I’ve been using it for 5 years and absolutely love it. I’m worried that I’ll need to switch to something else though?
I still wish there was something where it had better syncing conflict management than KeePass but wouldn’t make you unable to do anything or randomly make your passwords completely inaccessible if you or your server went offline like Bitwarden.
I run vaultwarden at home without access to it from the outside world and once the sync is done I can be offline without issue.
For me it gives me read-only access most of the time, but sometimes something happens and then it becomes completely inaccessible. Which is why due to being in the middle of a move right now I exported the entire database to my laptop so that if this happens I don’t lose access to all my accounts for the two weeks my server is in transit.
damn I just migrated to bitwarden a few months back :(
I’ve been using it for years. But I have been waiting for this day to come. Because it always comes at some point without fail.
It’s a very easy migration from Bitwarden to a self-hosted and OSS Vaultwarden, if you have means to self-host. Appreciably, many don’t want to self-host their own apps and I’m not defending Bitwarden’s enshittification at all. It comes for all tech at some point :(
I would say that Vaultwarden might not be the best introduction to self hosting given the critical nature and sensitivity of the data. And if you do maybe block the admin page from external sources.
It comes for all tech at some point :(
Not sure if all tech, but definitely the ones that just want to grow grow grow. A counterexample (so far) is the Obsidian team.
thanks for all the suggestions - i’ve since moved to proton pass, not sure if I want to self host this aspect of my security stack - but will be watching closely
Is is time block headlines with “quiet”? Its like AI decided that word gets the most clicks and its showing up everywhere.
I guess I need to go back to a handy notebook.
Amen!
Cloud version is for businesses not people, for some reason. But selfhosted is free of course.
Privacy oriented self-hosting survival guide, where can I find one?
Need a remind me bot rn
Why the hell is anyone using anything other than KeePass?
- I want to get to my passwords on multiple devices. 2. Bitwarden has a nice feature where you can set up a trusted person to be able to get into your account by sending you an email and if you don’t respond “no” after a set period of time, they get access. This can be very valuable if the you are incapacitated or dead and that (trusted) person needs to take care of things using your passwords. Are those things available in KeePass, if so, great and I’ll have another look!
Doesn’t keepass only work on a single device? Meaning that you have to handle syncing the database file yourself. I prefer selfhosting vaultwarden. Maybe these changes will make me migrate to something else but for now I’m very satisfied with vaultwarden and the bitwarden client.
The one that has had multiple hacks. I’m good mate.
Do you have a source on these hacks for KeePass?
thanks!
edit: oh it’s phishing via ads, you could say OBS Studio has been ‘hacked’ in the same way
the second case assumes your computer is already compromised, I think at that point a RAM dump with my master password would be the last of my problems
