I find this move concerning, and wish that the Founder had looked for a new CEO that shared his values rather than a Private Equity and Mergers Expert.
Furthermore, the change to the GRIT motto is worrying. Trust is useless without Transparency when it comes to code and security.
Same question here. What are the best alternatives?
KeePassXC + Syncthing to sync passwords across devices
Alias vault seems the most feature complete and self hostable https://www.aliasvault.net/
I use keepassxc. It does the job.
I use Vaultvarden
But you still use the official BW client apps, correct?
Unless you forego usage of the clients and access Vaultwarden through the browser (removing accessibility and convenience especially on mobile), it is not an e2e replacement solution.
Are there any alternative FOSS clients/apps that work with Vaultwarden?
Edit: I see further down that the official client is open source, and would get forked in the event of any fuckery. So I’m sticking with Vaultwarden + Official client app approach for now.
I just use the webapp UI and don’t bother with the clients/extensions. Easy enough to just log in, copy/paste from there.
But yeah, the official client (and probably browser extension as well) would probably be forked if/when needed.
What about passkeys?
Coincidentally, I moved to self-hosting Vaultwarden last night, which is open source but compatible with Bitwarden. If you want a simple transition and are capable of hosting it yourself, that would be my recommendation.
I’ve been hosting it for a couple years now and question why it took me so long.
KeePassXC is the best FOSS option, but you’ll need to figure out self hosting if you want to sync the database between devices.
I use the built in ftp sync option with any file explorer that makes an ftp server on my phone.
or use syncthing, no hosting experience required
Syncthing on the phone seems to use up a lot of battery, though.
If you don’t need real time sync you can disable background use of the app. That’s what I’ve done, and I just open the app when I need to update. Probably a smarter way to do it, but it works for me.
As the database is encrypted in your device, you dont really need to self host. A keepass database in the Google cloud is not really problematic, although you should still choose a more private cloud provider.
make sure to use post-quantum encryption algs
Which algs would that be? ed25519 okay? Is that even an encryption alg? I’m not too hot with encryption.
And you can use a keyfile separate from the database for even more security. If the database is backed up on Google Drive and the keyfile is saved on a USB or in a (non-Google) email somewhere for the rare times you add a new device, your passwords should be safe even from keyloggers or Google themselves.
Syncthing is probably a simple fix.
Assuming you have a degoogle’d phone. The syncthing-fork devs announced that they aren’t going to certify for Google Play when that’s made a requirement in a few months
fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck fuck
https://f-droid.org/packages/com.chiller3.basicsync/
Ugh, I forgot about this. Aren’t you still going to be able to install apps from third-party marketplaces? I thought the plan was just that the phone was going to hassle you and require multiple hoops.
Yes, that’s the plan
I think other apps will require ADB to install
After initial wait period of 24 hours, which is intolerably dumb, you don’t need ADB.
Proton Pass.
I’m pretty sure that isn’t self hostable.
That’s true.