this post was submitted on 08 Oct 2024
166 points (96.6% liked)

Selfhosted

40199 readers
884 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
166
Why self host a password manager? (programming.dev)
submitted 1 month ago by el_abuelo@programming.dev to c/selfhosted@lemmy.world
158 comments fedilink hide all child comments
 

I'm going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.

My questions are to those of you who self-host, firstly: why?

And how do you mitigate the risk of your internet going down at home and blocking your access while away?

BitWarden's paid tier is only $10 a year which I'm happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn't need any additional hardware.

you are viewing a single comment's thread
view the rest of the comments
[–] tux0r@feddit.org -5 points 1 month ago (2 children)

My questions are to those of you who self-host, firstly: why?

Would you give me your password database? I promise to encrypt it!

[–] Dark_Arc@social.packetloss.gg 2 points 1 month ago* (last edited 1 month ago)

If it was BitWarden where I can see the client side code ... and there wasn't a better option, quite possibly.

I give my ISP and many other places my BitWarden vault all the time and I just trust they're not recording the traffic and trying to decrypt it.

[–] el_abuelo@programming.dev 1 points 1 month ago (1 children)

No, because you're not the supplier of a password manager.

[–] tux0r@feddit.org -3 points 1 month ago* (last edited 1 month ago) (1 children)

A cloud password manager is a database with your passwords hosted on a stranger’s computer. Why wouldn’t I be just as trustworthy as any other stranger on the internet?

[–] el_abuelo@programming.dev 1 points 1 month ago (1 children)

If you can't see the difference for yourself, I won't be able to show you.

[–] tux0r@feddit.org -2 points 1 month ago (1 children)

There is no difference other than a shiny logo and a “contract” that promises you that the random stranger will take care. I promise that I will take care too.

If you still think there is a relevant difference, please tell me. To me, it looks like you don’t fully understand what a password manager stored on other people’s computers does.

[–] el_abuelo@programming.dev 1 points 1 month ago* (last edited 1 month ago)

Well they have an app for all the platforms i use, customer support, open sourced code, previous and existing customers that have experience and that recommend them freely, a track record of success, a verifiable business address, operations in a country whose legal system I recognise and offers me certain protections, the ability for me to pay using my preferred method of payment, and most important - not some willfully ignorant representative giving fallacious arguments against using a service.