I’m currently using 1Password but I’m no longer satisfied with it.
Its open source, self host-able or cloud host and its had enough audits to say its fairly secure.
Top of the line, best of the best, nothing beats it. Especially if you self-host Vaultwarden, there is simply nothing that can compete. (Vaultwarden makes the 2fa component that is paid in Bitwarden free if you self-host it)
Especially if you self-host Vaultwarden
Out of interest, if you self-host, do you still have to pay for the “premium” BW features like TOTP-in-app?
I was on standard BW for less than a month before moving everything to KeePassXC to have free TOTP.
Sorry, which is the gold standard, bitwarden or vaultwarden or are they something you use in tandem?
bitwarden via self-hosted vaultwarden is excellent
I’m hearing a lot of good things about Bitwarden, especially from the Linux crowd.
What I am curious about though is what’s in your opinion wrong with 1password - a solution I’m currently using too.
Because it’s closed source, there’s a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.
For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it’s simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.
Going to play Devil’s advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.
Heartbleed was introduced into OpenSSL source code in 2012 and wasn’t discovered and fixed until 2014
I use Bitwarden but there is nothing wrong with 1password. Both have been audited, and (IIRC) don’t have major security holes so far. 1password is more expensive but it’s not an issue.
Absolutely proprietary, which is why you’re hearing about bitwarden instead from the linux crowd.
It’s one of the first services I started to selfhost externally. I’ve not had a single problem with it, and it’s easily the best, most useful piece of software I host.
I’m not sure how 1password works with families, though I see it’s 5 dollars a month for 5 members. I can tell you that with bitwarden (and selfhosted vaultwarden) it’s super easy to manage passwords for your family through organizations. I have it set up so I have access to all my parents’ passwords, and I share access to relevant passwords with my partner, but I don’t have to clutter their password manager with hundreds of passwords for random crap they don’t need.
I’ll play the devil’s advocate here.
Since bitwarden is a VC funded company, I’m wary of the enshittification that might take place in the future. Even though technically speaking, you can self-host the server via Vaultwarden, it is largely possible because the project has blessing of official devs. That can change dramatically in future.
For something as important as your passwords, trusting a for-profit company might not be the best idea.
Would love to know what the community thinks about this.
DISCLAIMER: I love Bitwarden and use it daily, both for personal use and at work.
The VC money has gone to good though, like audits and open source code. A lot of the money they get is from company deals with bitwarden buisness anyway. As long as that works out, I can’t see them screwing over anyone while they have a money stream. If they do screw up, exporting to KeyPassXC is super easy anyway.
KeyPassXC is super easy
One of the things I dislike about KeepassXC is that it exports to a unstructured CSV file, whereas Bitwarden exports to JSON. It’s a lot easier to use something like jq to parse a JSON structure, if you want to import it somewhere as opposed to dealing with CSV files.
I also found the importer for Keepass CSV in Bitwarden didn’t import my “notes” and I had to individually check that for each record.
