[cabbagesauce]

So, as expected this is the response from the BW people. No one got hurt, no one to be blamed. Grab a beer, turn on your Netflix and be happy.

Hello,

Thank you for contacting Bitwarden.

If you are receiving this message, you have contacted us about errors accessing your Bitwarden account. We would like to first apologize for any inconvenience.

Access should no longer be impeded when authenticating.

In our mission to continually strengthen services and protect Bitwarden users, we have employed many protections to that end. These are ever evolving and constantly being tuned. With these in place, there is potential for temporary false positives. The team is committed to refining and improving these protections.

We thank you for bringing this to our attention, and for your understanding. If you have any further questions, please let us know.

-The Bitwarden Team

[mistrial9]

In our mission to continually strengthen services and protect our brand we have employed many protections for our remote monitoring, control and IP...

what do people expect? all the wrong management are attracted to security products for exactly the reasons you suspected all along.. Lock-in is profits!

[doodlesdev]

There is no lock-in to Bitwarden, stop spreading FUD. I'm not really sure how long this is going to be like this with the VC money, but right now:

- Everything is open source - You get to self host - You get to export your database at any time - You don't even need to pay to use it if you don't want to

Are local password managers objectively more secure and reliable? Yes. Does that mean that Bitwarden is just an awful product by a money seething corporation that wants to lock you into their product and dime you till your last cent? Not so sure about that.

[n3t]

Let me quote some excerpts from their license FAQ[0]:

> With respect to the server software available under the Bitwarden License, production use requires a separate commercial agreement with Bitwarden

> The right to use the software in a production environment, or environments directly supporting production, requires a paid Bitwarden subscription

> The Bitwarden License does not qualify as an open source license under the OSI definition

[0]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ.... (permalink → https://github.com/bitwarden/server/blob/f848eb247767fbba8a4...)

[doodlesdev]

Vaultwarden [0] is under the GPL, which is probably the software you are going to run anyway since it's lighter. The server is basically only a dump pipe since encryption is done client side so there's no need to use the official one.

Also Bitwarden's software has multiple licenses, one of them being AGPL for the server and one of them being GPL for the client. The part of the code that's under the Bitwarden license which you have to pay for is SSO, SCIM and I think FIDO2 authentication as they use some Azure tools for all of these and as such they can't run on premises

Quoting from their license FAQ [1]:

> "In your GitHub repositories, how can I determine what license applies to a given software program?"

> "Each Bitwarden repository contains a LICENSE.txt file that spells out which license applies to the code in that repository."

> "In the case of the Bitwarden server repository, the files are organized into various directories. These directories are not only used for logical code organization, but also to clearly distinguish the license that a given source file falls under. All source files under the /bitwarden_license directory at the root of the server repository are subject to the Bitwarden License. If a file is not organized under the /bitwarden_license directory, the AGPL 3.0 license applies."

Vaultwarden offers those for free if you so wish, but there are no restrictions to self hosting Bitwarden.

[0]: https://github.com/dani-garcia/vaultwarden

[1]: https://github.com/bitwarden/server/blob/master/LICENSE_FAQ....

[cabbagesauce]

...not yet. Just as Authy was a nice TOTP software. Until they introduced their vendor lock-in TOTP format.

[doodlesdev]

Authy was never open source, nor self hostable, nor did it allow you to export TOTP tokens. You also don't have to use their own TOTP format if you don't want to, in fact I've yet to see any website that actually uses it. The equivalent to Bitwarden when it comes to managing 2FA would be something like Aegis, which is open source and has feature parity with Authy.

[0]: https://getaegis.app/

[remuskaos]

If the parent means the 7 digit style when referring to authys own topt format: Cloudflare and humble bundle use those. Thankfully Aegis also supports these.