I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.

  • conorabA
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    Self-hosting removes the risk of somebody compromising Bitwarden’s servers and adding malicious javascript to send off your master password to a bad actor instead of just processing it locally like it’s designed to.

    • el_abuelo@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      I think the chances of such a breach are vanishingly small. I wonder if I’m right though.

      I think anyone capable of pulling off such a feat is not interested in my data, and probably more likely looking for government employee access etc…

      • conorabA
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        They don’t need to be interested though. You could conceivably dump all the password you collect in an attack and just start trying them automatically like you would any other breach. Find a bunch of bank accounts and your chances you getting away with millions are high. Not to mention: a breach like this means changing all your saved passwords to re-secure them which is a multi-day affair.