this post was submitted on 21 Jul 2023
60 points (100.0% liked)

Privacy Guides

16776 readers
5 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

I'm currently using 1Password but I'm no longer satisfied with it.

top 30 comments
sorted by: hot top controversial new old
[–] Fizz@lemmy.nz 33 points 1 year ago

Its open source, self host-able or cloud host and its had enough audits to say its fairly secure.

[–] drifty@sopuli.xyz 23 points 1 year ago* (last edited 1 year ago) (2 children)

Top of the line, best of the best, nothing beats it. Especially if you self-host Vaultwarden, there is simply nothing that can compete. (Vaultwarden makes the 2fa component that is paid in Bitwarden free if you self-host it)

[–] reflex@kbin.social 6 points 1 year ago* (last edited 1 year ago)

Especially if you self-host Vaultwarden

Out of interest, if you self-host, do you still have to pay for the "premium" BW features like TOTP-in-app?

I was on standard BW for less than a month before moving everything to KeePassXC to have free TOTP.

[–] speck@kbin.social 2 points 1 year ago (1 children)

Sorry, which is the gold standard, bitwarden or vaultwarden or are they something you use in tandem?

[–] scott@lem.free.as 15 points 1 year ago

Tandem.

BitWarden is the client. VaultWarden is the server-side, self-hosted component that emulates the official BitWarden cloud service.

[–] QubaXR@lemmy.world 16 points 1 year ago (2 children)

I'm hearing a lot of good things about Bitwarden, especially from the Linux crowd.

What I am curious about though is what's in your opinion wrong with 1password - a solution I'm currently using too.

[–] asap@lemmy.world 15 points 1 year ago (2 children)

Because it's closed source, there's a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.

For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it's simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.

[–] liara@lemm.ee 7 points 1 year ago (1 children)

Going to play Devil's advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.

Heartbleed was introduced into OpenSSL source code in 2012 and wasn't discovered and fixed until 2014

[–] asap@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Absolutely, but it's a probability game. Between those two options of BW and 1Password I'll go with the choice that has the higher probably of safety.

[–] QubaXR@lemmy.world 2 points 1 year ago

Thanks, this answer in particular have me something to think about.

[–] glad_cat@lemmy.sdf.org 1 points 1 year ago (2 children)

I use Bitwarden but there is nothing wrong with 1password. Both have been audited, and (IIRC) don't have major security holes so far. 1password is more expensive but it's not an issue.

[–] zorbse@lemmy.blahaj.zone 11 points 1 year ago

Some would argue that as 1password is proprietary it can't be trusted as much as open source Bitwarden

[–] QubaXR@lemmy.world 1 points 1 year ago

I started using 1pass after the audit by my former company's itsec team. Just curious if there are some downsides (apart from the price) I'm not aware of.

[–] paulcdb@kbin.social 8 points 1 year ago (2 children)

The one question no-one has mentioned yet given it’s probably Bitwarden’s biggest security vulnerability…

How strong is your password?

Because ultimately that is EVERY password managers weakness! I’m also still skeptical about the abuse, is it passkeys or something that I’m going to guess will make it so much easier to do social engineering on so I’d personally never use it on a vault.

[–] Bristlerock@kbin.social 5 points 1 year ago

It's a good question. A vault is only as strong as the credentials required to access it.

Bitwarden does have MFA support, though. If you're using it without that enabled, you're asking for trouble.

[–] CCatMan@lemmy.one 1 points 1 year ago

Yeah, you need 2-factor yo.

[–] ShroOmeric@lemmy.world 6 points 1 year ago

Being using it for years, never had a problem..

[–] candyman337@lemmy.world 4 points 1 year ago (1 children)

I switched from bitwarden to 1password because the password autofill was less intelligent.

What's your issue with 1password?

[–] 9tr6gyp3@lemmy.world 4 points 1 year ago (1 children)
[–] domesticstreetcat@feddit.ch 1 points 1 year ago (1 children)
[–] 9tr6gyp3@lemmy.world 5 points 1 year ago (2 children)

Vaultwarden allows 1password self hosting?

[–] zorbse@lemmy.blahaj.zone 2 points 1 year ago

No, only Bitwarden self hosting

[–] domesticstreetcat@feddit.ch 1 points 1 year ago

Must have missed the context. I thought the question was for Bitwarden.

[–] nevernevermore@kbin.social 3 points 1 year ago

I've switched away from 1password to proton recently.

it's fine, it's far less accurate than 1p was. Let this be a caution, 1password is great for user experience, I hardly noticed it because it always worked. Proton can't see every login field, doesn't know when to suggest a new password, won't save passwords after it has suggested one, doesn't update login credentials after updated passwords etc etc.

I'm unsure about bitwarden in particular, but I can vouch for the fact that a less intelligent app might be a dealbreaker for some.

[–] PublicLewdness@burggit.moe 2 points 1 year ago

I use an unnoficial Bitwarden app on Ubuntu Touch. I would prefer KeePassXC or KeePassDX as my go to password managers but have found no reason to distrust Bitwarden thus far.

[–] domesticstreetcat@feddit.ch 2 points 1 year ago

Gold standard.

[–] bron@kbin.social 2 points 1 year ago (1 children)

Recently switched from KeepassXC to Bitwarden because of the cloud hosting ability (I was tired of having to sync my database file everywhere) and have no problems so far. I see Bitwarden recommended a lot, especially from places like privacyguides

[–] ebits21@lemmy.ca 2 points 1 year ago

I use Bitwarden for passwords, it’s just great.

For totp I use a keepass database on the cloud. Each device needs a local key file to login to get the codes.

[–] Vexz@kbin.social 2 points 1 year ago

It's safe. I have a self-hosted Vaultwarden instance on my NAS for years now. I absolutely love Bitwarden.

[–] Laice@lemmy.world 1 points 1 year ago

It's one of safety solutions out there

load more comments
view more: next ›