[ZuLuuuuuu]

We have SSO + 2FA in place, and would like to use Bitwarden for the rest of the password management. But for a company around ~50 people, the pricing feels too expensive, considering the only purpose is to manage a few passwords. So for now we are using Keepass which is kind of painful, but free. We would probably be willing to pay ~2$ per user per month, but instead it is 6$ if you want Bitwarden to work integrated with your SSO which means 3600$ per year.

[afavour]

Pricing is truly annoying with password managers. I know this is an edge case but I volunteered for my kid’s school PTA and discovered to my horror that all the passwords were stored in a single Google Sheet. But the pricing for the number of users we were looking at (a very small core number of staff but a large number of volunteer parents) made pretty much every password manager service unaffordable, even with non profit discounts. Per seat pricing doesn’t work out for everyone.

We ended up using Dashlane because its free tier allows sharing between users but the administration is so much more work than it needs to be.

[forty]

Hi! could you please explain what is this admin work that is bothering you? Thanks! (working at Dashlane, and happy to forward feedback to product team. I'll already forward your comment on pricing)

[afavour]

It’s not really your fault, it’s us bending your free tier into something it isn’t intended to be. Maximum number of passwords shared, only logging in to one device at a time etc.

It’s a really weird edge case but eye opening for me as someone who is usually in a very well resourced tech environment. Google offers a great free tier for non profits and in the ideal world we’d have a password manager that plugs into our Google organization without a second thought. But that’s a premium tier feature and any money not spent on enriching the kids education has to be justified to the nth degree. We have people who are go-tos for a two factor auth code because their phone numbers are the ones attached to the accounts… people will go to surprising lengths!

There isn’t a good business case for it as such but volunteer organizations (as opposed to well resourced non profits) would make good use of a free tier and it would generate goodwill with people who are sometimes responsible for purchasing decisions in their day jobs.

[woleium]

You could self-host bitwarden on a $5 a month instance (or free-forever, if you choose to trust oracle or gcp), and then put TOTP 2fa into your bitwarden instance. Still requires a little maintenance on the instance, but this can be 99% automated.

[afavour]

Yeah, the thought has occurred to me. But I’m only going to be there for a few years, the responsible thing is to do something that’ll survive long after I’m gone.

[SoftTalker]

I've volunteered for and served on the boards of several small, youth-oriented nonprofits. They all had this weird idea that you can't spend any money on operational stuff. Yeah I get that you want to minimize it, and you should. But payments for necessary services should just be part of the budget. There is overhead to running these orgs and not every penny can go straight through to the kids. If you make things a PITA for the volunteers, eventually you won't have any volunteers. People are giving their time freely to help, but most are busy and don't want to f*ck around with complicated solutions that waste that time.

[bzmrgonz]

A strength that is often overlooked at NGO's is their people power, so don't forget to leverage that. For instance, cctv, each unit, each chief and his 4 indians, could simply use wyze to monitor their immediate environment, worst case scenario, the chief leaves in a bad way and someone else has to reprogram the wyze cams to a new chief. Same with passwords, if you don't want to pay for centralized admin, then create multiple self-sufficient micro-environments with one central IT as tier 2 for advise and rescue. Think of it as vlans, but in admin terms. This method, opens up a lot of free tiers out there for each tribe/unit to leverage, as long as IT/CENTRAL, get's informed of the master-pwd (ex. bitwarden etc.).

[Sat_P]

Completely agree. The kind of people I've encountered in non-profits and charities as an IT Sales Professional over 20 years is that they expect great products and services should be as close to free as possible. They don't seem to understand that the tax breaks and incentives are there precisely to help soften the costs of running such an organisation. To expect even MORE than that from vendors is unrealistic. I watched an interview with Naveen Jain (Viome CEO) on a podcast once and he said that a non-profit entrepreneur or CEO is more often than not "just a sh*tty entrepreneur". I couldn't agree more based on my experience selling tech since 2001!

[afavour]

Oh, I totally agree. But I’m in the minority in that view and have come to accept that it’s just the nature of the beast.

[Melatonic]

Why not just use something like Keepass in this scenario for free (forever) ?

[coder543]

I know very little about PTAs, but... why would a PTA need to share passwords anyways, instead of having separate logins?

[afavour]

Immediate example that comes to mind: there’s a paid-for Canva account that multiple people need to use. Can’t use separate logins because then you’d need multiple subscriptions.

[woleium]

This is in breach of the tos though, right? Great example to set for the kids.

[bzmrgonz]

Moral argument is that a PTA are part time organizations and if canva doesn't cater to that business model, then shared credentials is fair use, commercial and for profit use is a horse of a different color.

[afavour]

Pretty sure the kids aren’t aware of the PTA’s use of Canva.

[MrDrMcCoy]

Why not self-host Vaultwarden? It implements most functionality and supports the standard Bitwarden clients with virtually no resource requirements.

[teekert]

Was going to suggest the same, of course you're taking matters into your own hands, so know what you are doing, but it's free, very light weight and supports "organizations" as a way of sharing passwords between people. I have hosted it for my family for years and was very happy with it (until I switched to Proton Family, now doing ProtonPass).

And you get all the excellent Bitwarden apps and extensions to go with it.

[trinsic2]

You trust Proton with that data?

[teekert]

I certainly do, I have not seen anything yet that makes me reconsider. They have always answered to concerns well. They pass security audits.

Sure I'd prefer a Linux Proton Drive client over a BTC wallet, but nobody's perfect.

[caeril]

> I have not seen anything yet that makes me reconsider

Proton will pwn you if Interpol smiles at them the right way. This is common knowledge.

[freehorse]

These is non-sense. They do not do anything more or less than any company does, they do not have access to decrypted data (so they cannot share it and havent done so obviously), and I bet in most of the discussion here interpol is not in people's threat models.

[teekert]

That is indeed bs. They gave up some IP addresses in accordance with local laws.

Why are you saying this? To justify your own use of free big tech services at the cost of all your data? Proton services have been audited, Proton staff cannot access your encrypted data. Whereas we know from Snowden et al that your data in most public clouds is readily available to the world police. Make a pic of your kid's private parts for medical reasons and people have found out the difference. My pictures are encrypt before they go to Proton Drive.

If Apple starts on-device scanning to see if I'm a criminal while I sleep, I'll be on GrapheneOS several days later, but still a happy Proton user.

[ZuLuuuuuu]

I'll look into it, thanks!

[chickahoona]

Ever tried Psono? (I am Sascha, the main developer behind it)

It has SSO / encryption / self hosting / ... and even the enterprise version is free for up to 10 users and if you need more you only pay €2.5 / user / month.

[rdl]

Passkey support (I know it's a pain) would be great...

[patrakov]

Use Vaultwarden then

[ZuLuuuuuu]

I'll check it out, thanks!

[razakel]

We went with self-hosted Passbolt. Free, open source, and based on PGP. Only downside is having to explain PGP to the less technical users...

[mkesper]

This is really a HUGE hurdle. Sadly even many developers don't understand it fully / mess it up a few times..

[jraph]

We use passbolt too, I'm not sure I ever had to mess with pgp once.

It seems to work well / just works.