Another reminder to not put all your eggs in one basket. Maybe this will convince me to self-host my password manager.
vaultwarden is perfect. go ahead and host it!
In 2015 when Lastpass was purchased by Logmein was what convinced me to move to Keepass and ultimately KeepassXC. Syncthing on Linux, Android and Windows, a complex password and separate key file provide multiple layers of security. It works reliably and provides easy access to login information on any device.
I'll have to look at it again, but the last time I did, the inconvenience of it not being integrated with my browser kept me away. Bitwarden has been audited, is open source, and can be self hosted.
Better yet keep it all offline
Nah, the UX of a browser extension is really nice, especially since it seamlessly syncs between my phone, work computer, personal laptop, and personal desktop.
That said, I would never put cryptocurrency keys in the cloud, that stays offline. But bank accounts have insurance and most other important services have MFA, so just moving my passwords to a self-hosted server is good enough for me.
I'm not too sure that the relative additional security, considering most people's threat models, really justifies this much inconvenience. YMMV I guess.
Another reminder to not put all your eggs in one basket. Maybe this will convince me to self-host my password manager.
vaultwarden is perfect. go ahead and host it!
In 2015 when Lastpass was purchased by Logmein was what convinced me to move to Keepass and ultimately KeepassXC. Syncthing on Linux, Android and Windows, a complex password and separate key file provide multiple layers of security. It works reliably and provides easy access to login information on any device.
I'll have to look at it again, but the last time I did, the inconvenience of it not being integrated with my browser kept me away. Bitwarden has been audited, is open source, and can be self hosted.
Better yet keep it all offline
Nah, the UX of a browser extension is really nice, especially since it seamlessly syncs between my phone, work computer, personal laptop, and personal desktop.
That said, I would never put cryptocurrency keys in the cloud, that stays offline. But bank accounts have insurance and most other important services have MFA, so just moving my passwords to a self-hosted server is good enough for me.
I'm not too sure that the relative additional security, considering most people's threat models, really justifies this much inconvenience. YMMV I guess.