I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:
- Host Vaultwarden on a VPS, or
- Use the free bitwarden service.
I want to know how they are in practical aspects.
While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.
On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?
I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!
You must log in or # to comment.
Bitwarden is dirt cheap. I can never host and be as reliable as they are for that price.
If I get hit by a bus, then the passwords for the things that my wife needs to settle things gets sent to her, and the infra isn’t something that I maintain and could be down.
Worth $10/yr, by far.
I enjoy self hosting, but what tipped the scales for me in favor of using Bitwarden’s servers is that I’m 100% confident I’m not as good as hardening my system from being compromised as they are. The vault is going to be encrypted anyway, and I think there’s a lower chance of it falling into the wrong hands if it’s hosted with Bitwarden. Same reason I don’t self-host email.
Plus Bitwarden is a cool company and the product is open source, and the premium features are unreasonably low priced.
Maybe worth to mention that bitwarden also propose bitwarden.eu to host data in Europe. I’ve used bitwarden.com for years, and switch to bitwarden.eu a few month ago because of reasons, you know…
add keepassxc to the list. I’ve avoided it for the longest times because I remember the horror that was the OG keepass. this is modern software, minimal footprint (miniscule compared to bitwarden’s electron crap), easy to use, the db is one file that’s easily syncthing-ed around, browser extensions, etc.
I had a similar dilemma and just went with bitwarden because I don’t trust myself not to fuck up. Bitwarden can’t access the passwords without my master pw (afaik) so I feel safe knowing that. I use it on all my devices so it gets synced there and even if the service is down, I have my passwords.
I’ll self host it when I reach the next level of paranoia.
One little bonus for using Vaultwarden is that you get access to premium features for free. But still, I put availability much higher when it comes to password management, so I would go with paid Bitwarden. That is what I did before moving to Keepass.
The Bitwarden clients cache your data locally. So even if your Vaultwarden goes down, you’ll still be able to access your passwords. Just not sync new ones or make changes.
I self host vaultwarden and its great. Its an easy self host, and in my experience, it has never gone down on me.
That being said, my experience is anecdotal. If you do go the vaultwarden route, realize that your vault is still accessible on your devices (phone, whatever) even if your server goes down, or if you just lose network connectivity. They hold local (encrypted at rest) copies of your vault that are periodically updated.
Additionally, regardless of the route you take you should absolutely be practicing a good 3-2-1 backup strategy with your password vault, as with any other data you value.
