[8589934591]

I used pass (unix passwordstore) before. I found it extremely comfortable when I'm working with just my system. I did find the inconvenience of setting it up cross platform when it depends on my gpg key. How do people access their gpg keys in phones or a new laptop for example? Do you store it somewhere online? How do you make sure not to lose the gpg key? When I got my new system now, I forgot to backup my key and lost my previous passwords. This is the only challenge(?) I face. Other than that I love everything about pass.

Now I'm testing waters with bitwarden. I like the cross platform functionality so far and the self hosting option. I also like that I just need a master password and don't have to worry about keeping any extra keys safe. I'm not a security expert so I'm not sure whether encrypting before syncing with bitwarden servers is actually safe (this is what bitwarden does afaik). I'm yet to try out their cli option. I also wonder what would happen to my passwords if it shuts down abrubtly. Do I have a backup/copy of the passwords somewhere? This is something that concerns me, where I feel pass is superior. Maybe if there was an option for pass, to use passphrase for encryption rather than gpg, that'd be really cool (maybe not good security wise? I'm unsure on this aspect)

I also liked that when I add the URI of the website login, it gives the icon for it too. Bitwarden's user experience is top notch. I recommended my parents to try it out, except for a few basic questions they were up and running within a few minutes. That's something I really appreciate.

If anyone has self hosted bitwarden, how do you make sure that it is safe from attacks? I'm still exploring this option. Bitwarden uses azure and lets the MS team take care of managing the infra (I'm guessing this includes taking care of attacks).