[throwaway8581]

Because of the way bitwarden works, I think as long as the client is secure, compromise of the server is not a major concern except for data loss. Your vault is encrypted client-side.

The real threat is that someone takes control of the bitwarden browser extension and pushes a malicious update.

[vbezhenar]

> The real threat is that someone takes control of the bitwarden browser extension and pushes a malicious update.

That's why I don't use any KeePass extensions. I just don't trust browser enough to be able to get any of my passwords.

I'm thinking about writing my own extension which will communicate with KeePass in a way that suits me (basically: when I'm pressing button in browser, it'll popup KeePass window with search field filled with server domain. Then I can either auto-type password from KeePass or copy it to clipboard, either way I'm only using KeePass and browser extension have no way to get any information.

[fencepost]

I think there's a relevant xkcd about this, though technically it's about standards.

I'd absolutely use KeePass for a long term storage password vault (with appropriately obscure reminders so I could recall the password), but the ecosystem of many unofficial free implementations for integration into browsers, phones (IIRC), etc. makes me twitch.