I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.
My questions are to those of you who self-host, firstly: why?
And how do you mitigate the risk of your internet going down at home and blocking your access while away?
BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.
That’s largely why I haven’t self hosted either. But problems can be mitigated:
- regular, automated backups to something else (say, KeePass), encrypted with your master pass and backed up off-site
- host your PW manager on a VPS, or have the VPS ready to deploy a snapshot from offsite backup
- change your master pass regularly - limits the kinds of breaches that can impact you
- randomize usernames - makes it easier to detect a breach, because you can see if any of those were exposed without the org being breached
But honestly, my main reason is that I don’t trust my server to stay up 100%, but I do expect Bitwarden to. I also trust their security audits.
I’m self hosting Vaultwarden and my home server got killed by the hurricane, yet I can still access my passwords just fine on the app because it stores them locally encrypted on my phone from the last time it synced. I just can’t update or change anything until I can bring everything back on.
So, host your own shit you cowards, it’ll be fine.
I just… don’t see the benefit. I host videos so I can access video content even if my internet goes out, and it’s a lot cheaper than paying for streaming. I host my own documents because I don’t want big tech scraping all my data. I host my own budgeting software, again, because of privacy.
I could host Vaultwarden. I just don’t really see the point, especially when my SO and I have a shared collection, and if that broke, my SO would totally blame me, and I don’t think that’s worth whatever marginal benefits there are to self-hosting.
Maybe I’ll eat my words and Bitwarden will get hacked. But until then, stories like yours further confirm to me that not hosting it is better.