Bitwarden has never been breached AFAIK

Password managers are a HUGE target, and while I’m sure they do everything possible to prevent a breach from actually obtaining peoples passwords, vulnerabilities do happen.

That’s why I think self hosted Bitwarden or KeePass with a file are the way to go.

Regulatory requirements and management decisions.

Oh, you thought self-hosting was only for hobbyists? 🫠

Are you asking /r/selthosted what the point of selfhosting is?

It’s good if you like self-hosting stuff.

However, what I tell people is this:

If you know jack about security and how to lock down a machine that is running Vaultwarden, then it’s useless. You should go with Bitwarden.

If you’re looking to install it just to play around with, I would be very cautious about what you store there, unless you can lock the system down to where it’s not accessible by the outside internet and localized only to your network.

And I have redundant backups in place in case one decides to fail, which are all encrypted with GPG and a few other measures.

If you have it installed and not accessible to anyone else but you, it’s a fun project. I like using VW and BW.

The other bonus would be no one is going to look to target you specifically unless you’re turned into a target.

Whereas if BW were to be breached, it wouldn’t have anything to do with you.

However, BW utilizes encryption, so even if they did somehow manage to get in, they can’t read your passwords.

Can be safer. Can be worse.

A poorly configured self hosted vaultwarden can be a major security issue.

A properly configured one is arguable safer than hosting with a 3rd party. Lastpass taught me that one.

If you configure it to where it’s not exposed to the web, and only accessed through a VPN, like Tailscale. It can be quite robust.