The Quiet Renovation at Bitwarden - ByteHaven - Where I ramble about bytes
blog.ppb1701.com
Back in March, I wrote about Bitwarden doubling their Premium price — and specifically how they did it. Buried in a feature announcement. Priced in fake...

If you are interested in privacy you are probably interested in password storage … plus I wanted everyone to know about the inevitable future enshitification of this product. Spread the word and replacement recommendations are welcome too.

  • potustheplant@feddit.nl
    4·
    1 day ago

    You need two apps though and I personally have more faith in vaultwarden being stable than nextcloud.

    Glad your “fucking” password manager isn’t exposed to the internet. Mine isn’t exposed either since I use tailscale to access it. Your comment leads me to believe that your NextCloud instance IS exposed to the internet. Wouldn’t that mean that if a hacker gets access to your account they could also get your keepass file as well?

    • AHemlocksLie@lemmy.zip
      2·
      1 day ago

      I just typed out a response to most of this, and rather than repeat all that, I’ll copy a link here https://lemmy.zip/comment/26557132

      A lot of it can be summed up in that compromising Vaultwarden means everything is screwed while compromising NextCloud is mainly a minor inconvenience. It provides neither information about the database’s password nor any avenue to attempt to intercept the password.

      • potustheplant@feddit.nl
        2·
        23 hours ago

        EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

        I replied to that comment. You’re assuming that compromising vaultwarden is somehow easier than compromising nextcloud. No idea why. Intercept the password where? I’m using a local client and only syncing the vault. You seem to be pretty unfamiliar with how vaultwarden works.

        • boonhet@sopuli.xyz
          1·
          20 hours ago

          EDIT: Forgot to mention the worst part about KeePassXC. It’s vibecoded crap.

          Is RiiR still all the rage? Perhaps it’s time to oxidize KeePass. There are a few libraries for kdbx files and at least one ready-made CLI.

        • AHemlocksLie@lemmy.zip
          1·
          23 hours ago

          No, I’m assuming that compromising NextCloud is less devastating than compromising Vaultwarden, so I’m taking a calculated risk that my database’s password is secure enough to offset the slightly increased risk of access to the encrypted database because I don’t always get to choose all the software I get to use in every environment I work with, so I might have to use the web client if I can’t get the local client.

          As for you only using the local client, congrats, we don’t always get to choose what we use outside the home.