"The Quiet Renovation at Bitwarden" (it isn't good)
(blog.ppb1701.com)
PrivacyIf you are interested in privacy you are probably interested in password storage ... plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.
I just tested aliasvault and its pretty good. You can even just import your pre-enshitification Vaultwarden export file.
One thing I noticed though is that your entries must have a collection or else they don't export. But close to easy as pie to leave vaultwarden behind with their Nazi CEO.
Vaultwarden will survive. Since the client is open source, once they close the API and break compatibility of the clients with Vaultwarden, the old version of the app can simply be forked and rebranded. I also do hope that the KeyGuard app will continue to support vaultwarden as well since if bitwarden closes the API and makes a breaking change, as is likely to happen, it will break KeyGuard as well, but it will still work with VaultWarden for some time.
The real issue is that many people who are using Bitwarden aren't savvy enough to host Vaultwarden in a secure way. Many people are careless with things like secret keys and such and dont know how to properly secure a web facing app or a VPN into their local network. But anyone who self hosts should result learn those things anyway. This one just happens to be a particularly high risk since it contains all of your passwords for everything else.
This is why despite me self hosting some things I don't rely on vaultwarden. I'm a flawed person and my family has no idea about anything. I don't need to stretch my imagination very far to think of a handful of reasons why it would fail my situation. I'll gladly pay for a password manager to not have to deal with that.
I have nothing but good things to say about Proton Pass. Syncs across iOS, macos, PC & Linux, stores not just usernames & passwords, but short notes, product keys, & can generate temporary email addresses that can be disabled when they start receiving spam
TLDR: Self-host Vaultwarden
This is really disappointing... I figured the open source nature of Bitwarden would save it from enshittification but as the author says, in the end, the company doesn't need to keep it open source.
Time to recommend alternatives?!
Proton Pass is a valid option.
The author wrote a guide to self-hosting VaultWarden
https://blog.ppb1701.com/self-hosting-vaultwarden-taking-back-password-management-part-8-of-building-a-resilient-home-serve
How vulnerable is a VaultWarden setup to splash damage from BitWarden enshittery? I would go absolutely ham on VaultWarden if it's independant enough from this kind of move.
I’m already hosting VaultWarden locally and would also like to know. It seems like a project that could continue independently but I’d love to hear from someone with more information.
I mean, if you read the OP, it says at the end. The clients are Apache2 and can just be formed if the API starts drifiting.
Nothing has beaten KeePass for me so far. It takes a bit of setting up if you want your database to sync among all your devices, but in other aspects it's perfect for me
EDIT: In case you're curious, I use KeePassXC on PC, KeePassDX on Android, and Syncthing to sync the database.
Don't know if it has changed but there was a reason I went to vaultwarden. Syncing was a pain it is probably better now but not looking to go back.
What drove me (and my family) from KeePass to Bitwarden was the family sharing and survivor access.
Until KeePass supports these it's not really up to par with Bitwarden.
Especially digital legacy management is a must have for a well rounded password manager.
Same setup here, can recommend.
https://www.passbolt.com/
https://psono.com/
https://www.privacyguides.org/en/passwords/?h=psono#psono
How is psono? I've been looking to do secrets correctly in my lab for a while and its name has popped up a few times.
Keepassxc (linux, winblows, crapple) Keepassdx (AOSP, spydroid) Keepassium (SpIOS)
Privacy oriented self-hosting survival guide, where can I find one?
Need a remind me bot rn
