this post was submitted on 12 May 2024
1047 points (98.2% liked)
Open Source
31358 readers
155 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I get the thought, but your phone can also have a security breach at any moment, ESPECIALLY because normal user error is by far the weakest and most often exploited attack vector.
Bitwarden's vaults are also encrypted with the option for even stronger argon2id encryption. Bitwarden themselves can't access them or reset them. It is open source and most importantly, audited. KeypassXC has only had one audit ever. (Though that passed and I would also definitely recommend keypassXC, it is great software security-wise)
The database is stored, encrypted, once on their server and once to each device you sync to, so it is available locally.
Even if they had a security breach, by design the assailant couldn't access your database any more than they could access your keypass database.
You can also self-host it which would bring it exactly to the level of keypassX variants as far as attack surface.
Not to mention with bitwarden, you will also only need one key. That is the whole point of a password manager.
"It is available locally and a lot better..." is simply untrue. They are both great options. Just whatever works best for the person. Bitwarden has a ton more QoL options and enterprise options, plus separate, shared password databases and such for families and companies. Again, just as secure.