Thinking about moving back to #bitwarden after months of #pass
I enjoy the idea of plaintext files and pure pgp, but
- the hassle of setting up a new computer
- the hit-miss integration with Firefox on linux
- the impossible integration with Firefox on windows
- the leaking of metadata through the directory structure
I am just not sure it's worth it anymore. Security is not simply about cryptography. It's also about ease of use. If too complicated, you'll just start working around the system.
@yarmo yes, try bitwarden, you won't look back. i moved to bitwarden a few years ago, after lastpass started charging me, a premium user, multiple times, then doubled the price, and i said that's enough. i registered a bitwarden hosted account first, then later installed my own server. the only issue i experienced while moving data from LP to BW was improperly converted ampersands in some password.
@themactep I am already using and paying for bitwarden as my backup password manager. I'm simply thinking about promoting it back tot "main" password manager.
Never used Lastpass, avoided that hot garbage right from the get-go.
@yarmo they were good at the beginning, like really good. agile to fix bugs, trying to improve much. then they sold the project, and the shitstorm began.
@yarmo I can highly recommended to use pass and bitwarden as a combo.
Bitwarden is perfect for web passwords but at the same time subject to browser security. So for passwords that are used frequently and can be easily recovered, perfect match.
Pass on the other hand is perfect for scripts, automation and low frequency secrets like 2FA recovery keys. Also, due to being outside of the browser context it's also ideal for high security passwords especially when using smartcards.
@sheogorath good point, I like that reasoning.
@yarmo I actually elaborated on the topic a while ago:
https://shivering-isles.com/Why-I-use-multiple-password-managers
Just in case you didn't read already ^^ but above is the TL;DR :D
@sheogorath @yarmo hey guys, looking for a password manager, too, here & the joint approach sounds nice. Could you post a link to pass? Not exactly the easiest thing to google...
@srs @yarmo https://passwordstore.org
It's written in Bash and uses GnuPG and git to manage passwords and logins. There are various extensions and implementations of it.
@sheogorath @srs @yarmo nice discussion. and that is a nice blog post too. i use pass and it's great for me and enough. except when sharing credentials with other people and groups. have tried to look into selfhosting (cloud is for me an absolute no-go) bitwarden for that but it's pretty involved. had big hopes for bitwarden_rs but it depends on docker for building the debian package (c'mon... wtf).
@sheogorath @yarmo btw gopass is the maintained follow up for pass.
@jerger
Note that gopass is incompatible to pass and the maintainers are ignorant about bug reports.
@sheogorath @yarmo
@musicmatze @sheogorath @yarmo
Can't confirm. We use both gopass and pass in a very spread and automated environment. Core functions are compatible atmo.
Our bugreports and PRs are handled very nice, discussion around was friendly and fast.
What's your problem in detail?
@yarmo 😅 I've integrated pass nicely on my workflow after... years using it... directly from terminal (bash autocomplete) with no browser plugins, and
app.
👍 Yes, it might not be the most convenient in some situations, but I keep it sync with #nextcloud so new devices are not a problem
good luck with #bitwarden
@yarmo I've been enjoying bitwarden a couple months, and I like financially supporting an open source project.
Keepass in Seafile worked well for the pas few years, but browser integration with bitwarden is just miles ahead.
They also have a CLI that could perhaps be used for automation tasks, but iirc the vault unlock process was a bit onerous...
@yarmo Thank you! I have the same mess. But I started with pass (gopass). I like the idea, since it's so simple. But setting up the client on each device, getting pgp keys everywhere... I think I will move to bitwarden as well. But for small groups who need to share passwords or secrets in general, I think pass is a straight forward alternative.