I’m currently using 1Password but I’m no longer satisfied with it.

  • Fizz@lemmy.nz
    link
    fedilink
    English
    arrow-up
    37
    ·
    1 year ago

    Its open source, self host-able or cloud host and its had enough audits to say its fairly secure.

  • drifty@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    27
    ·
    edit-2
    1 year ago

    Top of the line, best of the best, nothing beats it. Especially if you self-host Vaultwarden, there is simply nothing that can compete. (Vaultwarden makes the 2fa component that is paid in Bitwarden free if you self-host it)

    • reflex@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Especially if you self-host Vaultwarden

      Out of interest, if you self-host, do you still have to pay for the “premium” BW features like TOTP-in-app?

      I was on standard BW for less than a month before moving everything to KeePassXC to have free TOTP.

    • speck@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Sorry, which is the gold standard, bitwarden or vaultwarden or are they something you use in tandem?

      • Scott@lem.free.as
        link
        fedilink
        arrow-up
        18
        ·
        1 year ago

        Tandem.

        BitWarden is the client. VaultWarden is the server-side, self-hosted component that emulates the official BitWarden cloud service.

  • QubaXR@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    I’m hearing a lot of good things about Bitwarden, especially from the Linux crowd.

    What I am curious about though is what’s in your opinion wrong with 1password - a solution I’m currently using too.

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      Because it’s closed source, there’s a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.

      For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it’s simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.

      • liara@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Going to play Devil’s advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.

        Heartbleed was introduced into OpenSSL source code in 2012 and wasn’t discovered and fixed until 2014

        • asap@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Absolutely, but it’s a probability game. Between those two options of BW and 1Password I’ll go with the choice that has the higher probably of safety.

    • glad_cat@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I use Bitwarden but there is nothing wrong with 1password. Both have been audited, and (IIRC) don’t have major security holes so far. 1password is more expensive but it’s not an issue.

      • zorbse@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        Some would argue that as 1password is proprietary it can’t be trusted as much as open source Bitwarden

      • QubaXR@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I started using 1pass after the audit by my former company’s itsec team. Just curious if there are some downsides (apart from the price) I’m not aware of.

  • ZenArtist@kbin.social
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    I’ll play the devil’s advocate here.

    Since bitwarden is a VC funded company, I’m wary of the enshittification that might take place in the future. Even though technically speaking, you can self-host the server via Vaultwarden, it is largely possible because the project has blessing of official devs. That can change dramatically in future.

    For something as important as your passwords, trusting a for-profit company might not be the best idea.

    Would love to know what the community thinks about this.

    DISCLAIMER: I love Bitwarden and use it daily, both for personal use and at work.

    • ebits21@lemmy.ca
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      While true, you can easily migrate your data elsewhere in such a scenario.

      If that changes they’re dead to me.

    • Logster998@sh.itjust.works
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      The VC money has gone to good though, like audits and open source code. A lot of the money they get is from company deals with bitwarden buisness anyway. As long as that works out, I can’t see them screwing over anyone while they have a money stream. If they do screw up, exporting to KeyPassXC is super easy anyway.

      • dngray@lemmy.oneM
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        KeyPassXC is super easy

        One of the things I dislike about KeepassXC is that it exports to a unstructured CSV file, whereas Bitwarden exports to JSON. It’s a lot easier to use something like jq to parse a JSON structure, if you want to import it somewhere as opposed to dealing with CSV files.

        I also found the importer for Keepass CSV in Bitwarden didn’t import my “notes” and I had to individually check that for each record.

  • paulcdb@kbin.social
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    The one question no-one has mentioned yet given it’s probably Bitwarden’s biggest security vulnerability…

    How strong is your password?

    Because ultimately that is EVERY password managers weakness! I’m also still skeptical about the abuse, is it passkeys or something that I’m going to guess will make it so much easier to do social engineering on so I’d personally never use it on a vault.

    • Bristlerock@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      It’s a good question. A vault is only as strong as the credentials required to access it.

      Bitwarden does have MFA support, though. If you’re using it without that enabled, you’re asking for trouble.

    • ebits21@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Same. I do use keepassxc (with KeePassium on iOS) for totp codes though just in case Bitwarden ever had an issue.

      Separate systems > combined

  • candyman337@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I switched from bitwarden to 1password because the password autofill was less intelligent.

    What’s your issue with 1password?

  • nevernevermore@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I’ve switched away from 1password to proton recently.

    it’s fine, it’s far less accurate than 1p was. Let this be a caution, 1password is great for user experience, I hardly noticed it because it always worked. Proton can’t see every login field, doesn’t know when to suggest a new password, won’t save passwords after it has suggested one, doesn’t update login credentials after updated passwords etc etc.

    I’m unsure about bitwarden in particular, but I can vouch for the fact that a less intelligent app might be a dealbreaker for some.

  • PublicLewdness@burggit.moe
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I use an unnoficial Bitwarden app on Ubuntu Touch. I would prefer KeePassXC or KeePassDX as my go to password managers but have found no reason to distrust Bitwarden thus far.

  • Vexz@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    It’s safe. I have a self-hosted Vaultwarden instance on my NAS for years now. I absolutely love Bitwarden.

  • bron@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Recently switched from KeepassXC to Bitwarden because of the cloud hosting ability (I was tired of having to sync my database file everywhere) and have no problems so far. I see Bitwarden recommended a lot, especially from places like privacyguides

    • ebits21@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I use Bitwarden for passwords, it’s just great.

      For totp I use a keepass database on the cloud. Each device needs a local key file to login to get the codes.