This is a most excellent place for technology news and articles.
Why does every good thing always have to go to shit. Sigh.
Is it that time when I say "oh shit!" and starts to look at alternatives? I've seen this scenario a hundred times already and I'm tired.
Same question here. What are the best alternatives?
KeePassXC is the best FOSS option, but you'll need to figure out self hosting if you want to sync the database between devices.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
Syncthing is probably a simple fix.
Assuming you have a degoogle'd phone. The syncthing-fork devs announced that they aren't going to certify for Google Play when that's made a requirement in a few months
Proton Pass.
I'm pretty sure that isn't self hostable.
Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.
I don't have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.
This is absolutely a red flag though.
Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC
1Password took investor funding, moved to subscription and focusing on corporate.
Bitwarden heading the same way. Great…
ugh... This is worrying.
All good things come to an end at some point I guess.
oh great, now I have to research what the next best alternative is
Run.
ProtonPass is run by a non-profit if you have to move to another hosted solution.
Otherwise there's multiple self-hostable options, including plain file sync options.
hope this does not fuck up my vaultwarden hosting.
Same
Ah shit, here we go again…
If you're looking for alternatives and you don't care about automatic device syncing, I have been enjoying using keepassxc
If you have a cloud storage provider, and you save your keepass database to it, then you also get automatic syncing for all devices that can connect to that cloud.
I wonder if Vaultwarden is safe.
I'm also curious of this, but I also don't fully understand what everyone is assuming is going to happen next? I don't like this but why is everyone saying run now?
At a best guess it's because up until now Bitwarden was conducting public audits.
This meant people could check their work and also highlight problems if they were found.
That's part of being fully transparent.
Changing that language may mean changing that transparency and that's bad because it means the public will have a harder time holding the company accountable if something is wrong.
is proton pass good?
Yes. If you’re looking for a cloud solution, Proton Pass is quite good. I switched from Bitwarden about 6 months ago. Works great.
Completely agree. I couldn’t be happier with Proton Pass.
Anyone have any idea how this affects Vaultwarden, if at all?
I think the short answer is that it doesn't. VaultWarden is currently open source, and no private equity organization can put the genie back in the bottle. If things get really bad then someone would likely fork the open source bits and maintain a pure open source version, in which case there would likely be a procedure to migrate existing VaultWarden installs to the purely open source successor. I don't think VaultWarden users need to be overly concerned at this point.
It won't stop them from trying though. Just look at what Bambu is doing.
The fork would have to be a browser integration as the bitwarden extensions and desktop apps are the closed source bitwarden part. Vaultwarden as the backend self-hosted db and webapp is opensource.
I wonder how much the new choice of CEO was up to the founder versus the venture capital investors. I’m assuming the investors had the main input.
It's not self-hosted but it does the trick; I use 1Password. Plus they're Canadian not American, so that's another benefit.
I use Pass, and I’m tired of laughing at all these posts. Now I’m just ‘oh, again, what a surprise!’
My passwords are gpg-encrypted and stored in a git repository. The only improvement I can do is to migrate to my own server instead of GitLab (which I setup like a decade ago), but there’s some inertia as GitLab just works for now. And I see no real point of doing so.
The structure is open, but you can encrypt it with the external tools if needed. I have zero understanding of the attack vector when my password file name is Gmail or Proton or Server/1. Good luck doing something with it.
Moved to proton pass a while ago. Bitwarden support is just shit.
