[freeplay]

Bitwarden is better, but Vaultwarden (the self-hosted version written in Rust) is the absolute best option. Host it yourself on a free tier VM in one of the clouds, configure a backup solution, and never worry about it again. And you don't need to trust anyone with your passwords.

Use tailscale if you want to get fancy and keep it off the public internet or go the easy route and install fail2ban and expose it via public IP.

[fletchowns]

> Host it yourself on a free tier VM in one of the clouds, configure a backup solution, and never worry about it again. And you don't need to trust anyone with your passwords.

> Use tailscale if you want to get fancy and keep it off the public internet or go the easy route and install fail2ban and expose it via public IP.

This isn't exactly a slam dunk, considering you now have to be knowledgeable about how to secure a machine that is on the internet and stay up to date with security patches which even tailscale itself isn't immune to: https://news.ycombinator.com/item?id=33695886

[Gatsky]

Can you give some idea why Bitwarden is better?

[xienze]

Open source, self hosted. Has the nice bells and whistles like browser and mobile plugins.

[Barrin92]

free for personal use, open source, cloud synced, no device limits. and as OP mentioned different server implementations if you want to host it yourself. No idea why people stick to any of the proprietary solutions.

[pprotas]

You have no idea why people don’t want to self-host a service? Or don’t have the knowledge to do it (securely)?

[Barrin92]

You don't need to with Bitwarden, you can if you want to. Like Lastpass by default Bitwarden store and syncs your passwords online.

[mobiuscog]

I would prefer to not self-host as none of my family (who rely on passwords) are technical, and if anything should happen to me, they would be stuck.

[jacooper]

Fully end to end encrypted. The other side to that is there is no account recovery.

[Tijdreiziger]

How much should you worry about security with a setup like this? I have reasonable Linux skills, but I wouldn’t want my VM to get pwned because I forgot to update it.

[xienze]

Honestly I don't even bother with hosting it in a cloud instance. I host Bitwarden on my home network, and whenever one of my devices opens the Bitwarden browser plugin or mobile app (at home), it will automatically sync everything. From that point on you can continue using Bitwarden without it needing to connect to the server.

So on one hand, I lose the ability to sync when I'm not on my home network. On the other hand, I don't change anything in my Bitwarden server _that_ often, and if I do, I can just quickly do a sync on whatever devices and I'm good to go. With the added benefit of not opening myself up to the outside world.

[zzzeek]

and what if your TV or thermostat, with access to your private network, gets compromised? do you have that machine locked down good enough to protect against an inside-the-firewall attack?

[xienze]

Stuff like that goes on a different VLAN that can only talk to the outside world (or not, depending on the case) and not the rest of the intranet.

[zzzeek]

Here's where I get a little more naive....do you....have one VLAN that's your "normie" network that your WIFI access points expose to all the devices, then the other VLAN is...only within the wired network, so if your phone wants to get to your bitwarden, it's always going out the wifi out the gateway first and back in, kind of thing?

right now all my "services", which are not bitwarden-level sensitive, are all on the same network as whatever crap I bought at home depot. I have an edgemax router and there is a third NIC I've never used, so I guess I'd finally plug a switch in there! ok. next project I guess

[fletchowns]

> How much should you worry about security with a setup like this?

One should be extremely worried about it

[aesh2Xa1]

You can “self-host” using a service like Cloudron or (if they’ll still manage it for you) Sandstorm.io.

https://blog.cloudron.io/sharing-passwords-with-teammates/