Password Manager (Bitwarden)

I am currently using KeepassXC and it works great … BUT I would like something less involved, something easy. I was looking around recently but Lastpass and a few others I don’t really like the idea of because of their closed nature. You can’t really tell if it is secure, you have to trust them on that. That’s when I found Bitwarden.

So the thinking is a service with automatic cloud sync and apps on anything (open source ones at that even) and not having to deal with the keepass files myself anymore, that sounds way easier to me. And that fits because I’m a lazy fuck! :grimacing::+1:

But I’d like to know from you, do you know of drawbacks or risks specifically with Bitwarden?

2 Likes

I use Bitwarden, overall I like it and the feature set, especially after they had a audit done.

If you are ok with using their servers, then it is great.

If you are into self-hosting and want to run the server backend yourself, there are a couple of caveats. The first is that it has a hard dependency on MSSQL server 2017 which is non-free software. The second it that it requires a key. The key is free(at least right now), but it means the server it dependent on their servers being up. Also, it means that IMO, the server is not free/libre software, but it is open source.

There is an alternative server by a third party, but I don’t know how well it works.

2 Likes

I’ve been meaning to try it out for a while. I currently use 1Password because my clients like it (100% Mac users) and their support has been very good, but I’m always down to try FOSS alternatives where possible.

There was a concern that they had never been audited by a 3rd party (something you do find in the closed source options), but I believe they did make that happen. So that’s nice. Hopefully that recurs on an ongoing basis.

1 Like

Oh wow, that sucks and seems completely unnecessary.

So, basically their servers are the login server for your account which then tells your client where to find the database? Is that it?

I would probably not self host anyway. So it doesn’t really bother me. But good to know. :+1:

Well, they are open to someone contributing support for another database. https://github.com/bitwarden/server/issues/10

I think you still have to do it yourself, the key is for allowing/not allowing paid features mainly.

1 Like

Huh, that seems like paying for a service without the benefit of the service then. Well, at least that one part of the service.

But yeah, I just wanna login and be done.

I’ve run both Bitwarden, and bitwarden_rs, and bitwarden_rs is far more appropriate for home users. It can run with a fraction of the resources, I’ve never been prompted for a key, and swaths of people use it.

1 Like

I switched from keepass to Bitwarden, and it works really well for me.
It integrates with my browser on destkop (ubuntu, has a snap available) and phone (iphone, can fill in passwords, requires password)

I had been keeping my keepass file in various places, but found it harder to keep in sync in some devices, where bitwarden is pretty easy (obvs, cos it phones home)

One funny thing; if you make a password in Bitwarden, and “add” it to firefox, it just stores a bunch of dots… but thinks it;s a valid password… so not a good idea to mix-and-match

2 Likes

@lawrencesystems, not sure how often you log in here, but I just watched your video on Bitwarden, and didn’t see any mention of this. Is the @TheCakeIsNaOH , living up to his name?

Yes, it does have a dependency on MSSQL Sever which I did find to be an odd choice but I did not mention it in my review.

1 Like

So, I’ve run a test account for a while and moved on to using it for some secondary accounts over the last week or so. I’ll give it a bit more time but I really like it. Will probably move my main stuff over to bitwarden as well.

I might keep an offline keepass archive somewhere as a backup though.

Thanks everyone. :slightly_smiling_face::+1:

2 Likes

I have the docker install running behind an existing reverse-proxy (nginx) and it was extremely straight forward. I was able to easily add extensions to all my browsers and apps to my phone, then import from my browsers (Vivaldi) with ease. I even added credit card info and “identity” stuff and it autofills perfectly. Also, If I’m using something that doesn’t have access to an app/extension, I can always go to bitwarden.domain.com and get the info that way.

I haven’t been using it for that long, but I haven’t had any issues what so ever

3 Likes