[aborsy]

The difference is that Bitwarden is webapp, thus serves you code in real time. The server could serve bad JavaScript to a particular user. You have to trust the server.

Also, there is a chance of data breach. The 2FA and hardware keys are bypassed in this case. It’s all your master password.

[vinckr]

>The 2FA and hardware keys are bypassed in this case. It’s all your master password.

Not sure I follow. When my master password is breached, attackers would still need to have my hardware key (which I obviously don't keep in the cloud), right?

[gchamonlive]

In case of a password breach, yes, but the comment you are responding to refers to a data breach, where somehow the attacker dumps raw database data, which is still encrypted but only by your master password, afaik.