I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:
- Host Vaultwarden on a VPS, or
- Use the free bitwarden service.
I want to know how they are in practical aspects.
While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.
On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?
I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!
Wouldn’t these questions be as true of the VPS service that hosts Vaultwarden as of Bitwarden?
If my internet at home was better I would be selfhosting Vaultwarden and use a full vpn on my laptop/phone/tablet when leaving the house.
Now I’m using KeepassXC with my home pc as the true source and syncing copies of the database to my laptop and phone.
No, you don’t need to trust the VPS provider. The VaultaWarden password storage is encrypted, and the master password is never transmitted to the server. The passwords are decrypted only locally on your device.
How does that differ from Bitwarden?
To my knowledge it’s not supposed to differ.
If you trust that the client (which is open source) is doing what it’s supposed to do, security-wise I don’t think there’s a difference between self-hosting and using Bitwarden’s service.