I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
Was good while it lasted. Thanks for getting me off LastPass. See ya
reading this as someone who migrated the rest of the household to Bitwarden literally yesterday: 😒
Goddammit.
As long as they don’t enshittify the mobile apps and browser extensions, I’m neither surprised nor concerned. Vaultwarden exists.
And if they do ruin the client end, I expect third-party alternative clients, or a wholly new alternative, will appear soon enough.
(Yes, yes, “b-but KeePass!” folks… I’ve been there.)
The standard unix password manager, people.
There’s almost no password manager to it.
Why the fuck does everything that’s good turn to shit? This world sucks. This timeline sucks.
It’s not a timeline. It’s just the world we keep making. The only one.
it’s all motivated by the accumulation of wealth = capitalism
Where do I go if I want to move? Must have free tier and cloud sync (or when my devices are online they sync automatically). Suppose I’m gonna look into proton.
I use Dashlane myself. It’s free tier is 10 logins which is a bit of a joke.
I like Keepass and do use it for my non-critical stuff. I sync using syncthing
“You either die the hero, or you live long enough to become the villain”
Enshitification marches on.
Why does every good thing always have to go to shit. Sigh.
Is it that time when I say “oh shit!” and starts to look at alternatives? I’ve seen this scenario a hundred times already and I’m tired.
I don’t have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.
This is absolutely a red flag though.
Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC
All the attachments, though… man this is going to be such a pain :/
Same question here. What are the best alternatives?
I use keepassxc. It does the job.
I use Vaultwarden
But you still use the official BW client apps, correct?
Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.
Are there any alternative FOSS clients/apps that work with Vaultwarden?
Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.
I just use the webapp UI and don’t bother with the clients/extensions. Easy enough to just log in, copy/paste from there.
But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.
For now
KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
make sure to use post-quantum encryption algs
Which algs would that be? ed25519 okay? Is that even an encryption alg? I’m not too hot with encryption.
Syncthing is probably a simple fix.
Assuming you have a degoogle’d phone. The syncthing-fork devs announced that they aren’t going to certify for Google Play when that’s made a requirement in a few months
Ugh, I forgot about this. Aren’t you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.
I think other apps will require ADB to install
And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.
Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.
I’ve been hosting it for a couple years now and question why it took me so long.
Proton Pass.
I’m pretty sure that isn’t self hostable.
That’s true.
1Password took investor funding, moved to subscription and focusing on corporate.
Bitwarden heading the same way. Great…
Run.
ProtonPass is run by a non-profit if you have to move to another hosted solution.
Otherwise there’s multiple self-hostable options, including plain file sync options.
Use this example as learning experience that the type of the firm you’re buying a service from is very important as it changes whose interests it puts first, second and last.
Non-profits do not always remain non-profits, and can become for-profit entities. Being a non-profit is not a reason to move to proton IMO, but Proton should be a decent temporary option if Bitwarden becomes aggressive to the open-source ecosystem.
ugh… This is worrying.
All good things come to an end at some point I guess.
hope this does not fuck up my vaultwarden hosting.
Narrator: …but it did.
I’m amazed that vaultwarden has maintained such fantastic compatibility with bitwarden. …but all it takes is one api with an obfuscated “signed request” to bring it all down.
No?
I get that clients might break, but the web portal running inside vaultwarden isn’t gonna suddenly stop working.
Vaultwarden itself is self-contained. An API change won’t do anything to it.
Then it creates the opportunity (need) for an open sourced client, if that ever happens, I’m confident the community will come together and make one using the currently known API calls.
The current (at least android) client for bitwarden is already open source (GPL 3).
I wasn’t certain what the bitwarden clients were licensed under.
…but if they’re all GPL, then yeah - it’ll just get forked. Just like terraform vs opentufu. Just like MySQL vs MariaDB - it’s a tale as old as time (unfortunately).
Vaultwarden has a backend encrypted db and web server, with it’s own API. The bitwarden clients are currently opensource so there could be a fork for the browser extension, and desktop client. Unlike 1Password, there is a good opensource base.
Same
