this post was submitted on 20 Oct 2024
626 points (87.4% liked)

Technology

59358 readers
4018 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Humanius@lemmy.world 5 points 3 weeks ago* (last edited 3 weeks ago) (6 children)

It shouldn't even be that complex...

I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
All you'd need is a nice UI stringing it all together.

Edit: I'm not sure why people are downvoting me. Is that not what a password manager essentially is?

[–] wintermute@discuss.tchncs.de 31 points 3 weeks ago

Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

[–] xthexder@l.sw0.com 11 points 3 weeks ago

I've done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.

[–] LedgeDrop@lemm.ee 9 points 3 weeks ago

It's the "stringing it all together" that could be problematic.

If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same "database" ). You need something smart enough to gracefully handle this or atleast tell you about it.

I did the whole "syncing" KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole "it just works" with self-hosted bitwarden.

[–] AsudoxDev@programming.dev 6 points 3 weeks ago

That is the bare minimum of a password manager like Bitwarden.

[–] HereIAm@lemmy.world 6 points 3 weeks ago

I see it as it's easy to self host. But I'm not skilled nor rich enough to guarantee the availability of it. I don't want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.

I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.

But I might have to reconsider if Bitwarden is going a different direction that what I'm paying for.

[–] Boozilla@lemmy.world 3 points 3 weeks ago

Yup, thanks. Was thinking along these same lines.