I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.

  • schizo@forum.uncomfortable.business
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    I’m self-hosting a VaultWarden install, and I’m doing it because uh, well, at this point I’ve basically ended up hosting every service I use online at this point.

    Though, for most people, there’s probably no real reason to self-host their own password manager, though please stop using Lastpass because they’ve shown that they’re utterly incompetent repeatedly at this point.

  • april@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Because when whatever company gets a data breach I don’t want my data in the list.

    With bitwarden If your server goes down then all your devices still have a local copy of your database you just can’t add new passwords until the server is back up.

    • slackj_87@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 month ago

      Pretty much this. Combined with how easy it is to install VaultWarden (docker ftw), it was a no brainer for me.

      Also, my little home server is a WAY less juicy target for someone looking to steal and sell a bunch of passwords.

      Been running it for probably about 2 years now. No ISP outages but a couple self-inflicted ones. Didn’t even notice the outages in the BitWarden app/extension.

    • markstos@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      1Password’s security model guards against this. Even if they are breached, your passwords cannot be decrypted.

      You are more likely to screw up your own backups and hosting security than they are.

      • april@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 month ago

        LastPass said the exact same thing. I won’t be a big target like they will though.

  • Saiwal@hub.utsukta.org
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    vaultwarden syncs your passwords locally so even if your server is down the passwords remain available on your device. And it is a wonderful password manager, you can share passwords with your family, have TOTPs, passkeys.

  • Jeena@piefed.jeena.net
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I use KeePassXC and use syncthing to sync the database to each devise I own. This way I always have the newest version if the database everywhere and don’t need to worry about Internet access at all.

  • rhabarba@feddit.org
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 month ago

    My questions are to those of you who self-host, firstly: why?

    Would you give me your password database? I promise to encrypt it!

      • rhabarba@feddit.org
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        1 month ago

        A cloud password manager is a database with your passwords hosted on a stranger’s computer. Why wouldn’t I be just as trustworthy as any other stranger on the internet?

          • rhabarba@feddit.org
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 month ago

            There is no difference other than a shiny logo and a “contract” that promises you that the random stranger will take care. I promise that I will take care too.

            If you still think there is a relevant difference, please tell me. To me, it looks like you don’t fully understand what a password manager stored on other people’s computers does.