[542458]

Bitwarden is open-source though? This is about the hosted version of it, which has a free tier. But you can run the same software on your server at home if you want, for free.

(That said, I am also concerned about the direction Bitwarden is taking. I just think this shows that even OSS projects can have direction/rugpull issues.)

[alt227]

> But you can run the same software on your server at home if you want, for free.

Whats to say this will still be true if the company gets sold?

[xienze]

The fact that Vaultwarden exists?

[alt227]

How long after a public sale will Bitwarden clients keep compatible with Vaultwarden? The new owners could put a check in all clients on the first day of ownership if they wanted, and Vaultwarden would immediately be obselete and useless.

[GCUMstlyHarmls]

I wonder if Bitwarden shit on everyone, how long it would take for Vaultwarden specific clients to appear. A browser extension would be pretty simple, app store apps are a bit more complicated because of the pay-to-play aspects.

[alt227]

The problem is once Vaultwarden clients appear, then Vaultwarden becomes its own complete system and is no longer able to rely on the good reputation of Bitwarden. Plus developing clients for multiple browsers and OSes is a lot more difficult than just keeping a back end up to date.

If they went this path I think I would jump ship to a paid service.

[YFriedman]

The Bitwarden client is FOSS, so Vaultwarden could fork it.

[donmcronald]

As soon as they break compatibility with the official clients, it becomes much tougher. Even though the current versions can be forked, the whole system is set up to work against any kind of grassroots effort to maintain an open source version.

Apple and Google being the gatekeepers for all mobile app distribution is a real pain point. Without the clout of a big brand name the risk of being unable to distribute apps goes up.

[happymellon]

Except that we do have Vaultwarden, so those who haven't already switched still have an option.

[alt227]

Vaultwarden relies on the goodwill of Bitwarden to allow it to use its clients for compatibility. I would wager a new owner looking for money would block that pretty soon after buying the company.

[lern_too_spel]

The clients are open source. If Bitwarden removes the ability to select the server, people will just fork the clients.

[alt227]

Again, for how long? The answers to all the questions seems to be the same. If Bitwarden was sold they could remove all of this free functionality and interoperability with 3rd party clients immediately.

Then you could say well Vaultwarden will work with these forked clients, but then you are placing your security into the hands of multiple different open source maintainers and vaultwarden then has nothing to do with Bitwarden and becomes some random back end + some random 3rds party clients.

[rcxdude]

Sure, but vaultwarden as a system would be entirely usable, I don't think a lot of it is really relying on the bitwarden compatibility for much more than a little convenience.

[Cyan488]

You're right, though the friends and family that I would feel the need to recommend a password manager to aren't the type that would self-host their own servers.

[maineldc]

So what would you recommend to your friends and family that need a password manager? Genuinely curious.

I pay for a service for my family because I need reliable and easy for my wife and daughter to use it.

[stevesimmons]

  - KeePass files synced between laptop and phone on OneDrive, DropBox, etc
  - KeePassXC on Windows and Mac
  - Keepass2Android mobile client
  - Browser integration on mobile. 
  - On laptop, I prefer no browser integration; Copy username and password with Ctrl+B and Ctrl+C

[yencabulator]

Ctrl+B? Tmux or screen or something like that?

[opan]

Seconding this. I use KeePassXC on my PC, KeePassDX on Android (available on F-Droid), synced with Syncthing. Works very well.

[girishso]

Slightly off topic, I use KeePassXC on Mac and browser integration almost never works for me. It never picks up the usernames, passwords for me, even if the entry has the url in it.

[drfloyd51]

A small notebook.

Unhackable. Yours forever.

Use words based passwords to make entry easier.

Suffers from physical presence security hacks. I argue those are far less frequent than online hacks.

Wouldn’t recommend for people who are comfortable with Password managers.

It is super easy to explain to people how to use it. And some security is better than none.

[whatevaa]

Extremely hackable on travel.

[drfloyd51]

Shoot. I didn’t think of the TSA.

And wow… just even the cops.

I am more worried about “lawful” “government” “agencies” stealing my crap than actual criminals. And that makes me sad.

[Cyan488]

I've paid for and recommended Bitwarden. For years it's operated along a stable trajectory. I was confident in its security record. Vaultwarden is an escape hatch I'm in a position to set up for my family as a last resort. Almost any reputable password manager is more secure than reusing the same passwords or storing everything in a note file.

What I stopped doing so frequently could be described as "evangelizing" or "endorsing". I no longer actively tell people that I think they should use X, instead, if someone asks, I say "I use X, and it's worked for me so far".

[pigeons]

The server is only recently free, if indeed it is at all. I don't remember when or if that changed, because for most of its life it was definitely not free (open source).