Follow

Lastpass or Bitwarden the concept is almost the same. You have to trust them and you are exposing your data to extra riscs by sending them your data.

But do you really need them? Probably not.

Why not Keepass + Syncthing or Myki and sync between your devices?

Phone + Desktop/Laptop + NAS

@epical I would switch to keepass if I knew of a way to export my bitwarden database to it

@joeligj12 I believe you can just export from Bitwarden to json format and then import that file to Keepass.

@epical I'm using keepass since years. I got introduces to it in the first company.

Nowadays I use my own nextcloud to sync the database between devices.

@epical Though you do have to trust them less with your passwords than, say, Dropbox with your files. Those password vaults are password-encrypted.

Though personally I don't feel a need for syncing, I use GNOME's keyring via "LockBox" for elementary OS.

@epical Well, I largely favor the freedom that choosing a Bitwarden (with its very decent security properties, including an audited end to end encrypted storage) server offers over some shiny security features of Myki.

Of course Keepass + SyncThing is an all-winner, yet hardly accessible to non-experts.

@epical I tried SyncThing (for other reasons) last year, and the fact that it straight-up refused to work for me under any circumstances is a big motivation for me to continue using Lastpass.

I can confirm that Lastpass has no visibility into my data with them, because the last time I sought technical support from them, I couldn't get it. They were unable to help without my master password, which I had lost. The only way forward was to just blow my account away and start fresh.

However, there remains the risk of infrastructure outages (which I've also experienced with them). Still, that risk poses a lower expense to me than the time investment (read, debugging) SyncThing and managing my own infrastructure.

@epical I agree with the sentiment but the technical barrier for entry with KeePass is one not easily overcome for the average person who can barely use a password manager to begin with.

I personally use KeePass and Syncthing but there's no way I would set them up for my mother and expect her to use them while I'm not there. Bitwarden is much simpler and more trustworthy than LastPass while remaining open source. If it comes to it, I could very easily host an instance myself and just move her database over. Because of that, I don't think it's quite fair to say LastPass and Bitwarden are "almost the same"; being able to host it yourself is a massive plus on Bitwarden's side.

@epical

Lastpass and Bitwarden illustrate the importance of usability.

Keepass is a great security implementation, but it is only a small part of the whole thing the avarage user needs:

1. A password-store (all have this)
2. Browser plugins (keepass' is so-so)
3. Sync between devices (syncthing is non-trivial to get to work)

For me a private Bitwarden install is the best setup.

#usability is important for security

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.