I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:
- Host Vaultwarden on a VPS, or
- Use the free bitwarden service.
I want to know how they are in practical aspects.
While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.
On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?
I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!
Bitwarden is dirt cheap. I can never host and be as reliable as they are for that price.
I enjoy self hosting, but what tipped the scales for me in favor of using Bitwarden’s servers is that I’m 100% confident I’m not as good as hardening my system from being compromised as they are. The vault is going to be encrypted anyway, and I think there’s a lower chance of it falling into the wrong hands if it’s hosted with Bitwarden. Same reason I don’t self-host email.
Plus Bitwarden is a cool company and the product is open source, and the premium features are unreasonably low priced.
If I get hit by a bus, then the passwords for the things that my wife needs to settle things gets sent to her, and the infra isn’t something that I maintain and could be down.
Worth $10/yr, by far.
That is a service they offer? Man that’s amazing, I gues I am going to update!
I had a similar dilemma and just went with bitwarden because I don’t trust myself not to fuck up. Bitwarden can’t access the passwords without my master pw (afaik) so I feel safe knowing that. I use it on all my devices so it gets synced there and even if the service is down, I have my passwords.
I’ll self host it when I reach the next level of paranoia.
add keepassxc to the list. I’ve avoided it for the longest times because I remember the horror that was the OG keepass. this is modern software, minimal footprint (miniscule compared to bitwarden’s electron crap), easy to use, the db is one file that’s easily syncthing-ed around, browser extensions, etc.
