the_forgotten

joined 1 year ago
[–] [email protected] 1 points 1 year ago

The problem I had when I tried it out last (2 years ago?) was you could only generate passwords when connected to the server. Internet in my region is spotty, so I can't reliably always have access to the server.

Other thing, not mentioned here, is how easy it is to share passwords. They also didnt at the time have a great user story for a common use case: 2-4 people who share all their passwords (me, my wife, and her parents). Setting up an org and multiple users was a bit of a pain, but that was a couple years ago, maybe it's better now!

[–] [email protected] 1 points 1 year ago

I am most impressed with how much it just works. Make duplicate passwords? Just works. Share with multiple users? Duplicate key entries? Just works. Want to store or reorganize your DB, change encryption or share with someone else? Just works. Want to use it from your phone, your laptop, your server CLI? There's probably an app, and it probably just works too.

It's such a precious thing, a good DB design paired with good apps (KeepassXC is amazing). Not a lot of tools like that around.

[–] [email protected] 2 points 1 year ago (1 children)

I just wonder how easy it would be to sync between clients, KeePass style, because you also have to send your GPG keystore around to all your clients too, right?

[–] [email protected] 1 points 1 year ago

The issue I found with this approach is that the other big reason to use VaultWarden is for multi-user support. However, then each of your users need the same VPN setup, which can be hard to manage if you support a non-techie or Luddite.

Exposing it to the internet isnt safe, but it's more accessible then setting up VPNs for everyone with proper routing and stuff. The actual Bitwarden service isn't that expensive last time I checked, and I think it's probably the best, simplest solution if you need to support multiple technophobes.

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (11 children)
  • If you only use Linux CLI and live in the terminal: pass
  • If you also use a phone or windows desktop, and already use a reputable syncing service (nextcloud, synching, etc.): keepassXC
  • If you have an always on server, internet accessible that maintains 5-9s of reliability and regular working backupa: host VaultWarden
  • If nothing above applies: use Bitwarden SaaS.

My big problem with VaultWarden/Bitwarden is there are some things (making new passwords) that can only be done while connected. This means exposing your server to the internet and making it highly available. Also, since it's a single point of failure, you need good backups. If your server goes down, you're read only until you create a new instance, which might take a while.

I've been using KeepassXC for about 6 years, synchronized with Syncthing. The database is synced to all my devices and my wife's, and a few satellite devices my friends own in encrypted Syncthing folders. It's easy to merge conflicts if we both make entries at the same time. My database will likely outlive me at this point. I even got my Luddite in-laws using it (alas, synced through Google Drive). Highly recommended.