this post was submitted on 28 Sep 2023
2272 points (98.1% liked)

Memes

45189 readers
1472 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
2272
Reddit is dead. Long live the Fediverse. (lemmy.ml)
submitted 11 months ago by [email protected] to c/[email protected]
315 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 11 months ago (1 children)

Yeah I read it’s a bit double edged but would anyone ever want to audit a open source software that can Take over a paying one?… might just take the jump.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

It's actually starting to get common for open source password manager to get audit, often free of charge by a security company. Whether the project actually compete with a commercial project doesn't seem to matter because the goal is to assess security.

KeePassXC was recently audited for example: https://keepassxc.org/blog/2023-04-15-audit-report/

1Password, another popular opensource password manager, has also been audited: https://support.1password.com/security-assessments/

Bitwarden (including the selfhosted component) has also been audited: https://bitwarden.com/help/is-bitwarden-audited/

So it's not really strange for people expressing interest to get vaultwarden audited.

[–] [email protected] 0 points 11 months ago (1 children)

What is the diff between keypads, 1password and vailtwarden?

[–] [email protected] 1 points 11 months ago (1 children)

KeePassXC doesn't do any cloud syncing stuff. If you want your vault to be available on multiple devices, it's up to you how to achieve that (e.g. by putting the vault database file inside dropbox/gdrive/nextcloud, etc). Some people prefer this approach because they don't trust centralized vault services.

1Password and BitWarden are competitors and offer largely similar services (e.g. syncing your vault across all devices you own). BitWarden paid service is cheaper though, so it's more popular. Note that bitwarden free account is already good enough, the paid service offers some convenient features which actually pretty nice to have though, such as storing TOTP data in your vault.

VaultWarden is an alternative implementation of bitwarden server. If you're into self-hosting and want to host bitwarden vault on your own server, you can install it in your own server. It implements almost all bitwarden features, even those that only available in the highest subscription tier.

[–] [email protected] 1 points 11 months ago

Thank you very much. Vault warden it is!