[jmux]

vaultwarden is great, but password managers are security critical software that need consistent maintenance and constant updates.

if bitwarden is acquired and the new owner decides an open source version of their product is not a business necessity, without someone actively supporting the salaries of engineers it’s unlikely to continue to be secure for much longer.

[joecool1029]

> vaultwarden is great, but password managers are security critical software that need consistent maintenance and constant updates.

You’re acting like this isn’t the case already with vaultwarden? (and it’s easier to host as well, making for easier updates) https://github.com/dani-garcia/vaultwarden/releases

[therealpygon]

Is it possible that you are assuming they are referring only to Vaultwarden itself? Half of the equation is a server component compatible with every app produced by a company, the other is every app that is produced by a company. If the company decides to stop being compatible (by changing their own communication), what are you left with besides the built-in web interface and a handful of “maybe-compatible, maybe-secure” apps?

Security updates aren’t just about the vault. What does having a fancy locking system mean if the moment you open the door everyone can just walk in?

Most people just want a product to do what it says from all their devices, and don’t care about any of this stuff. As such, they are more inclined to simply move to yet another least-friction mature ecosystem.

Vaultwarden as an alternative is a bit like suggesting a third-cousin who homebrews beer in a trash can knows a viable alternative as a nationwide replacement for Budweiser, because they both happen to use the same shape of bottles. I’m sure some family and friends might go along, but everyone else is just going to pick a new common brand that is similar to what they had, not start brewing their own beer. Some will…for a while.

The best thing about self-hosting your password vault is that you can be naive about how many times it has been compromised without detection.

(I’m not against self-hosting things — I’m against acting like it is a realistic alternative for average people who almost never have the skills to implement it securely.)

[hgoel]

But since it's already open source and popular among tech savvy people, they have to weigh any attempts at increasing profits against the risk of losing customers to a fork.

[nerdsniper]

They will make the wrong decision.