Lastpass or Bitwarden the concept is almost the same. You have to trust them and you are exposing your data to extra riscs by sending them your data.
But do you really need them? Probably not.
Why not Keepass + Syncthing or Myki and sync between your devices?
Phone + Desktop/Laptop + NAS
@joeligj12 I believe you can just export from Bitwarden to json format and then import that file to Keepass.
@epical I'm using keepass since years. I got introduces to it in the first company.
Nowadays I use my own nextcloud to sync the database between devices.
@epical Though you do have to trust them less with your passwords than, say, Dropbox with your files. Those password vaults are password-encrypted.
Though personally I don't feel a need for syncing, I use GNOME's keyring via "LockBox" for elementary OS.
@epical Well, I largely favor the freedom that choosing a Bitwarden (with its very decent security properties, including an audited end to end encrypted storage) server offers over some shiny security features of Myki.
Of course Keepass + SyncThing is an all-winner, yet hardly accessible to non-experts.
@epical I tried SyncThing (for other reasons) last year, and the fact that it straight-up refused to work for me under any circumstances is a big motivation for me to continue using Lastpass.
I can confirm that Lastpass has no visibility into my data with them, because the last time I sought technical support from them, I couldn't get it. They were unable to help without my master password, which I had lost. The only way forward was to just blow my account away and start fresh.
However, there remains the risk of infrastructure outages (which I've also experienced with them). Still, that risk poses a lower expense to me than the time investment (read, debugging) SyncThing and managing my own infrastructure.
Lastpass and Bitwarden illustrate the importance of usability.
Keepass is a great security implementation, but it is only a small part of the whole thing the avarage user needs:
1. A password-store (all have this)
2. Browser plugins (keepass' is so-so)
3. Sync between devices (syncthing is non-trivial to get to work)
For me a private Bitwarden install is the best setup.
#usability is important for security
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.