this post was submitted on 20 Oct 2024
619 points (87.2% liked)
Technology
59457 readers
3027 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Goddammit. It's getting to the point I'm going to have to figure out how to write my own app for this.
It shouldn't even be that complex...
I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
All you'd need is a nice UI stringing it all together.
Edit: I'm not sure why people are downvoting me. Is that not what a password manager essentially is?
Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.
I've done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.
It's the "stringing it all together" that could be problematic.
If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same "database" ). You need something smart enough to gracefully handle this or atleast tell you about it.
I did the whole "syncing" KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole "it just works" with self-hosted bitwarden.
That is the bare minimum of a password manager like Bitwarden.
I see it as it's easy to self host. But I'm not skilled nor rich enough to guarantee the availability of it. I don't want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.
I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.
But I might have to reconsider if Bitwarden is going a different direction that what I'm paying for.
Yup, thanks. Was thinking along these same lines.
Thank you for the update! I would like to keep using it. I've been very happy with Bitwarden both as a password manager and a TOTP authenticator. I have even recommended it to my boss as an enterprise solution for us to use at work, and so far we are planning on replacing our current password database solution with Bitwarden.
Unfortunately, with "enshittification" being so common these days, it was very easy to believe they were also going to the dark side. I will remain cautiously optimistic after learning it was a packaging bug.
Here's a link to the post on X (yes, I hate X, too) in case anyone else is doubtful:
https://x.com/Bitwarden/status/1848135725663076446
Yeah, I was worried about it too. I've become pretty cynical when it comes to everything becoming enshittified, but I'm hoping they stick to their word.