Bitwarden VS vaultwarden

Here's another cool free trick for anyone. If you use Bitwarden they sneakily introduced a Generator for their desktop app for "Username" before it was just passwords.

While not every site has adopted passwordless logins, a better way to secure your accounts that still use passwords is by using a password manager like Bitwarden or 1Password. They help you create strong, unique passwords and remember them easily. Most password managers come with autofill features that make it easy to use across devices.

Bitwarden

I was looking through the Bitwarden server repository (https://github.com/bitwarden/server ) and was surprised to see that no comments (xml or otherwise) were availible.

Is this normal in an entreprise setting? I thought it was standard to comment every public member (Visual Studio warnings).

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

I've taken a liking to using a self-hosted Bitwarden instance via vaultwarden, and it's been a pretty good experience. The vaultwarden server is only accessible through my Tailscale network for extra security.

https://github.com/dani-garcia/vaultwarden

On Bitwarden, at least for now, it's mostly Open Source … for techies, for the server-side, there's Vaultwarden which is easy to self-host and with self-hosting of FOSS software you achieve true data sovereignty.

https://github.com/dani-garcia/vaultwarden

I'm an EU citizen and I worry about the US as well, but we need to be careful about this migration to EU services, as in some areas the European alternatives aren't good enough and people will go back to Big Tech, instead of preferring a FOSS solution that happens to have US dependencies.

Vaultwarden [1] if you want to keep using the Bitwarden clients but with a different backend. You can also use KeePassXC and self-hosted cloud instance to sync your database between devices [2]

[1] https://github.com/dani-garcia/vaultwarden

[2] https://keepassxc.org/docs/#faq-cloudsync

not to be rude, but vaultwarden setup is fairly straightforward for an advanced user:

1. Point your domain's DNS at your server

2. Create data directory

3. Run the Docker command

https://github.com/dani-garcia/vaultwarden

Old versions of vaultwarden broke recently (for just about everyone?) due to incompatible changes on the iOS client.

Breakage is not ideal, but here's how they handled the second, more subtle compatibility break:

https://github.com/dani-garcia/vaultwarden/issues/5069

I haven't worked up the courage / time to back up my database and upgrade the docker container; will probably get to it this weekend. However, I can't imagine using bitwarden with the official server (too bloated to be trustworthy), or with their cloud thing. I got burnt by lastpass. I'm not putting my passwords in a giant high-value target again.

Vaultwarden is an unofficial Bitwarden server implementation that implements many of the Bitwarden APIs required for most functionality, ideal for self-hosted deployments where running the official resource-heavy service is undesirable.