Thing is, a large percentage of internet-connected users might have two or more devices. The simplicity offered by a cloud (be it hosted or selfhosted) password manager is a huge benefit.
And unless you’re already running a syncthing-like service for something else, setting it up just for a password manager when other services provide it out of the box, is not worth the hassle usually.
I use KeePass on like… I dunno 5-6 devices? They all sync together via Syncthing. No server needed. My keepass db is just one of the things synced this way.
The whole ecosystem can be used for free. But like… tip your open source devs yo.
Syncing happens pretty quickly with Syncthing. So conflicts in the keepass DBs are very rare (maybe once a year if I’m impatient after a change on a different device). But they do happen, I’ll give you that. Some restraint (wait for sync) and checking (this is where sorting by modified helps!!!) what’s the latest change helps.
Everyone has some kind of cloud service tho no? The database is encrypted so you can even sync it over googles cloud if you dont have nextcloud or syncthing.
I use one for work and the other for personal. They are both great, with slightly different convenience/security tradeoffs imo. Big fan of both, don’t know why it has to be one or the other for an OSS credentials manager
Edit: part of what you’re paying for with BW is first-class native apps
It is a reason, and a fine one. I certainly don’t pay for a subscription for my work stuff. I’ve told them we should have enterprise secrets management and shown them what that looks like. Not my problem anymore, and I have KeePassXC to handle everything I’m responsible for for work
If you can’t selfhost, then you can have your keepass file in your personal cloud. Many basic cloud services are free and the password file itself is encrypted so the cloud provider can’t access your passwords.
I use keepassXC for work and I only use it on one machine at a time. I don’t have any experience syncing it around to multiple devices, so you might have a better perspective than I do on that.
For personal use, I self host vaultwarden and use it on my desktop and Android phone. I’m able to use the bitwarden app just fine on my phone, even when I turn on airplane mode and am unable to sync.
The person you’re replying to already gave you one: it’s free.
Second: its not a prime target for attack like centralized, hosted webservices are. See: LastPass being cracked and people’s login data stolen… Twice.
Yes, it is cryptographically superior to LastPass, and attempts to design around their flaws - but the threat still exists because its a very tasty target on the open internet for cybercrime.
My little Keepass DB synched over personal VPN by Syncthing? Much harder to find a vector for attack. But it does require more moving parts and maintenance.
Vaultwarden, self-hosted is free as well. And since it’s not using the Bitwarden infrastructure, you’re only as exposed as your own network anyway.
But you can still use all the standard Bitwarden apps and extensions on any device, you just need to point it at your server. Easy to set up for friends and family as well. No need to try and teach them about VPNs, setting up syncthing, etc.
Keepass is free?
Thing is, a large percentage of internet-connected users might have two or more devices. The simplicity offered by a cloud (be it hosted or selfhosted) password manager is a huge benefit.
And unless you’re already running a syncthing-like service for something else, setting it up just for a password manager when other services provide it out of the box, is not worth the hassle usually.
I use KeePass on like… I dunno 5-6 devices? They all sync together via Syncthing. No server needed. My keepass db is just one of the things synced this way.
Works pretty well.
These are the apps I use:
Desktop (Linux & macOS): KeePassXC Andrdoid: KeePassDX iOS: KeePassium
The whole ecosystem can be used for free. But like… tip your open source devs yo.
Syncing happens pretty quickly with Syncthing. So conflicts in the keepass DBs are very rare (maybe once a year if I’m impatient after a change on a different device). But they do happen, I’ll give you that. Some restraint (wait for sync) and checking (this is where sorting by modified helps!!!) what’s the latest change helps.
Everyone has some kind of cloud service tho no? The database is encrypted so you can even sync it over googles cloud if you dont have nextcloud or syncthing.
I run mine on a free dropbox account. its faster to set up than downloading keepass…
IMO Keepass and Bitwarden aren’t exactly the same, as the latter has cross-device sync built-in.
I use one for work and the other for personal. They are both great, with slightly different convenience/security tradeoffs imo. Big fan of both, don’t know why it has to be one or the other for an OSS credentials manager
Edit: part of what you’re paying for with BW is first-class native apps
On an individual level, you only need one or the other. But which one is best for you may be different than which one is best for me.
20 bucks are kind of a reason tho?
It is a reason, and a fine one. I certainly don’t pay for a subscription for my work stuff. I’ve told them we should have enterprise secrets management and shown them what that looks like. Not my problem anymore, and I have KeePassXC to handle everything I’m responsible for for work
I can’t think of a reason to choose Keepass over Vaultwarden.
If you can’t selfhost, then you can have your keepass file in your personal cloud. Many basic cloud services are free and the password file itself is encrypted so the cloud provider can’t access your passwords.
Yeah this is true. FolderSync for cloud and Syncthing for p2p should work nicely.
I can.
I realise now that I can think of one too. Which is that you don’t need to host it anywhere if you use something like Syncthing.
Also available offline, all the time in your hands.
Bitwarden works offline. Obviously can’t save to the server, but reading from what’s already on your local machine works just fine.
Isn’t it easier then just to use a (keepass) file? Also we carry phones around where we need secrets, too etc.
I use keepassXC for work and I only use it on one machine at a time. I don’t have any experience syncing it around to multiple devices, so you might have a better perspective than I do on that.
For personal use, I self host vaultwarden and use it on my desktop and Android phone. I’m able to use the bitwarden app just fine on my phone, even when I turn on airplane mode and am unable to sync.
The person you’re replying to already gave you one: it’s free.
Second: its not a prime target for attack like centralized, hosted webservices are. See: LastPass being cracked and people’s login data stolen… Twice.
Yes, it is cryptographically superior to LastPass, and attempts to design around their flaws - but the threat still exists because its a very tasty target on the open internet for cybercrime.
My little Keepass DB synched over personal VPN by Syncthing? Much harder to find a vector for attack. But it does require more moving parts and maintenance.
Each have their pros and cons.
I think you misread. Lastweakness was talking about Vaultwarden which is a 100% FOSS reimplementation of bitwarden that you self host.
Vaultwarden is open source: https://github.com/dani-garcia/vaultwarden
Every pro you listed is applicable to Vaultwarden as well. But I assume you misread it as Bitwarden.
Vaultwarden, self-hosted is free as well. And since it’s not using the Bitwarden infrastructure, you’re only as exposed as your own network anyway.
But you can still use all the standard Bitwarden apps and extensions on any device, you just need to point it at your server. Easy to set up for friends and family as well. No need to try and teach them about VPNs, setting up syncthing, etc.
I can’t think of a reason to choose Bit/Vaultwarden over Keepass.
Shared passwords
Easy to do on Keepass
Not really
Yes and more easily
Lol, no.
lol yes
It’s just one database file
so is bitwarden. i dont get your argument here. bitwarden does a lot more for free than keepass
Person I replied to said it’s 20 bucks tho.