I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.

qaz
link
fedilink
English
121d

A couple of questions

  1. How do you store a driver’s license in Bitwarden? Last time I checked they didn’t support file storage. Do you just put it in the cloud storage?

  2. Considering Bitwarden is E2EE, what would be the benefit of storing it at another company in case they are hacked?

@wth@sh.itjust.works
link
fedilink
English
421d

Storing Drivers Licence: Was answered elsewhere. Bottom line… Bitwarden seems like it can store other types of data. Note that I don’t use Bitwarden yet, but have experience with Enpass and 1Pass, both of which can store all sorts of data.

Why separate storage if Bitwarden is E2EE? You are placing all your trust in a single organization - Bitwarden. If they get hacked, then it is possible for the hackers to poison their software to deliver master passwords (hacks of s/w repositories has happened). I prefer to separate encryption from storage so a hack in both is required to get my data. Note that I do the same for offsite backups to Glacier/S3. I use Arq to do the backup and encrypt the files, then send them to S3 for storage.

The 2023 IBM Report on Cost of Data Breeches indicated that the average time for a company to discover a breech is about 200 days, and on average another 70 days to remediate. That keeps me up at night in my day job as security dude.

qaz
link
fedilink
English
2
edit-2
21d

I didn’t really consider the possibility of the client being compromised yet, good point.

@wth@sh.itjust.works
link
fedilink
English
120d

Lastpass was hacked and might have lost control of some data https://blog.lastpass.com/posts/2022/12/notice-of-security-incident

1Pass hasn’t been hacked directly, but they were affected by the Okta https://blog.1password.com/okta-incident/

(One of the most common vectors for hacks is through your vendors - see Target https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/)

Dropbox had an unauthorized access, but the seemed on top of it. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign

Dropbox also has had a more significant data breech, but a while ago. https://www.twingate.com/blog/tips/dropbox-data-breach#

Overview of all password manager breeches! https://bestreviews.net/which-password-managers-have-been-hacked/

@486@lemmy.world
link
fedilink
English
321d

How do you store a driver’s license in Bitwarden? Last time I checked they didn’t support file storage. Do you just put it in the cloud storage?

They do support file storage. I’ve been using that for years for storing small files related to certain accounts an such.

@wth@sh.itjust.works
link
fedilink
English
221d

Good to know, thanks. I haven’t actually started looking for the Enpass replacement yet, but it sounds like Bitwarden will be a lead contender.

qaz
link
fedilink
English
221d

I’ve apparently been missing this button for several years. Thanks!

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 214 users / day
  • 524 users / week
  • 1.16K users / month
  • 3.91K users / 6 months
  • 1 subscriber
  • 3.65K Posts
  • 73.6K Comments
  • Modlog