I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.

  • Zorsith@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    22
    ·
    2 months ago

    Password management is the one thing i don’t plan to self-host, on the grounds of not putting all my eggs in one basket. If something goes wrong and all my shit is fried or destroyed, I don’t want to also fuck around with account recovery for my entire digital existence.

    Plus, if something is breached, im more likely to hear news about Bitwarden than I am about compromised server and/or client versions in a timeframe to actually be able to react to it.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      That’s largely why I haven’t self hosted either. But problems can be mitigated:

      • regular, automated backups to something else (say, KeePass), encrypted with your master pass and backed up off-site
      • host your PW manager on a VPS, or have the VPS ready to deploy a snapshot from offsite backup
      • change your master pass regularly - limits the kinds of breaches that can impact you
      • randomize usernames - makes it easier to detect a breach, because you can see if any of those were exposed without the org being breached

      But honestly, my main reason is that I don’t trust my server to stay up 100%, but I do expect Bitwarden to. I also trust their security audits.

      • BaroqueInMind@lemmy.one
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        2
        ·
        2 months ago

        I’m self hosting Vaultwarden and my home server got killed by the hurricane, yet I can still access my passwords just fine on the app because it stores them locally encrypted on my phone from the last time it synced. I just can’t update or change anything until I can bring everything back on.

        So, host your own shit you cowards, it’ll be fine.

        • aksdb@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          2 months ago

          Bitwardens local cache does not include attachments, though. If you rely on them, you have to rely on the server being available.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          I just… don’t see the benefit. I host videos so I can access video content even if my internet goes out, and it’s a lot cheaper than paying for streaming. I host my own documents because I don’t want big tech scraping all my data. I host my own budgeting software, again, because of privacy.

          I could host Vaultwarden. I just don’t really see the point, especially when my SO and I have a shared collection, and if that broke, my SO would totally blame me, and I don’t think that’s worth whatever marginal benefits there are to self-hosting.

          Maybe I’ll eat my words and Bitwarden will get hacked. But until then, stories like yours further confirm to me that not hosting it is better.