I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
I feel like switching to self hosted vaultwarden was one of my best moves of the year
Was good while it lasted. Thanks for getting me off LastPass. See ya
reading this as someone who migrated the rest of the household to Bitwarden literally yesterday: 😒
Why the fuck does everything that’s good turn to shit? This world sucks. This timeline sucks.
it’s all motivated by the accumulation of wealth = capitalism
It’s not a timeline. It’s just the world we keep making. The only one.
As long as they don’t enshittify the mobile apps and browser extensions, I’m neither surprised nor concerned. Vaultwarden exists.
And if they do ruin the client end, I expect third-party alternative clients, or a wholly new alternative, will appear soon enough.
(Yes, yes, “b-but KeePass!” folks… I’ve been there.)
The standard unix password manager, people.
There’s almost no password manager to it.
Mobile?
deleted by creator
Goddammit.
Where do I go if I want to move? Must have free tier and cloud sync (or when my devices are online they sync automatically). Suppose I’m gonna look into proton.
I use Dashlane myself. It’s free tier is 10 logins which is a bit of a joke.
I like Keepass and do use it for my non-critical stuff. I sync using syncthing
“You either die the hero, or you live long enough to become the villain”
Enshitification marches on.
Why does every good thing always have to go to shit. Sigh.
Is it that time when I say “oh shit!” and starts to look at alternatives? I’ve seen this scenario a hundred times already and I’m tired.
I don’t have the patience to switch to alternatives until they make a change that actually affects the usability of the tool.
This is absolutely a red flag though.
Just FYI, you can export your Bitwarden database to plain text and import that with KeePassXC
All the attachments, though… man this is going to be such a pain :/
Same question here. What are the best alternatives?
I use Vaultwarden
But you still use the official BW client apps, correct?
Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.
Are there any alternative FOSS clients/apps that work with Vaultwarden?
Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.
I just use the webapp UI and don’t bother with the clients/extensions. Easy enough to just log in, copy/paste from there.
But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.
For now
I use keepassxc. It does the job.
KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
make sure to use post-quantum encryption algs
Which algs would that be? ed25519 okay? Is that even an encryption alg? I’m not too hot with encryption.
Syncthing is probably a simple fix.
Assuming you have a degoogle’d phone. The syncthing-fork devs announced that they aren’t going to certify for Google Play when that’s made a requirement in a few months
Ugh, I forgot about this. Aren’t you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.
I think other apps will require ADB to install
And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.
Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.
I’ve been hosting it for a couple years now and question why it took me so long.
Proton Pass.
I’m pretty sure that isn’t self hostable.
That’s true.
1Password took investor funding, moved to subscription and focusing on corporate.
Bitwarden heading the same way. Great…
Run.
ProtonPass is run by a non-profit if you have to move to another hosted solution.
Otherwise there’s multiple self-hostable options, including plain file sync options.
Use this example as learning experience that the type of the firm you’re buying a service from is very important as it changes whose interests it puts first, second and last.
Non-profits do not always remain non-profits, and can become for-profit entities. Being a non-profit is not a reason to move to proton IMO, but Proton should be a decent temporary option if Bitwarden becomes aggressive to the open-source ecosystem.
ugh… This is worrying.
All good things come to an end at some point I guess.
