Suggestion: Passward Manager - BitWarden #376
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I think bitwarden should be listed under Password Managers here.
For privacy features I know:
Maybe @kspearrin can elaborate a more on the privacy aspect of bitwarden over other competitors.
I think a comment on this is warranted. None of the current three suggestions will replace the most common password manager LastPass, but BitWarden can (and is designed to). Master Password relies on you remembering site address and username, KeePass is not in the browser (unless you install extra software with the usability advantages and security disadvantages implied), LessPass seems to be essentially the same as Master Password, and there seems to be several others like it.
I am not saying BitWarden deserves a place among the three, but from the descriptions it does seem to warrant place no. 3 more than LessPass. But then again maybe LessPass is a better choice for number 1 as it has syncing for complex passwords.
I never got why you guys need a password manager in Browser. And if this isnt bad enough, its in Cloud.
I cant recommend both
@beerisgood Multi-users, multi-devices, multi-platforms.
Easy to use for everybody.
I use Bitwarden since it has been introduced by Kyle (Bitwarden's dev) on Reddit.
@Primokorn: KeePass can do that too. Even without a browser.
Of course the program is needed then
I would like to put forward Bitwarden again to be added to the password managers on privacytool.io.
To build apon the reasons already given, here are mine:
Being able to self host is a great feature and the iSO app can be used with self hosting.
While KeePass is also open source, it uses Google Authenticator which no longer is.
For Bitwarden, I use (and would also recommend) FreeOTP so it remains open source.
2a. Trust in Google (and others) around privacy and rights has gone right down due to FOSTA
The support provided by Kyle is really good. He is quick to get back and provide help and keep it evolving.
I am not saying it should replace KeePass but it seems to be giving it a run of its money and winning.
On privacy tools.io's reddit, followers have also tested and liked Bitwarden.
They just released a desktop app for those who want it.
Even if its a mention, they seem to be hitting more rights than most. I also did a check on the site this time too.
https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fvault.bitwarden.com%2F
Thanks for your time.
Just a Privacy Fan - Not a Developer
@swr7hr what? Keepass doesn't use any Google stuff
Bitwarden is a fantastic project with a lot of potential to overtake Keepass & KeepassXC from a User Interface perspective. It just has a much better GUI and has a dedicated app for most platforms out there. It additionally has the ability to self host, Which is a major attribute to its dedication to privacy. Unfortunately the default is to host on Bitwarden's cloud, Which is a big negative. However it is end to end encrypted, which you can prove due to the application client being open source.
For now I don't believe privacytools.io should be recommending Bitwarden until it has undergone an Independent Third Party Security Audit. Once it has had one and passes, Then I think it has earned a spot on the privacytools.io recommended list.
Many of the users who follow privacytools.io are already using Bitwarden and can verify it as a very good and privacy respecting Password Manager. But regardless, It still needs a proper Security Audit.
Unrelated: I would remove Brave Browser from the "privacytools.io recommended list" until a time when it has undergone a Independent Third Party Security Audit.
@ProgressiveArchitect, security audit of Bitwarden complete: https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33
Can anyone create a PR?
@Shifterovich I can implement this. Which place should it take in the recommendations?
Seems like it's cloud-based but with client-side encryption? I personally use KeePass and LessPass, I've never used Master Password. I'd replace either Master Password or LessPass, since they both do the same thing. That way we will have all 3 types there.
I suggest:
Or maybe switch the first two?
I agree, use whatever order for LessPass and KeePass to make it aesthetically pleasing (I suspect the LessPass color will work great with
primary).Okay, I will implement this. You can assign me to this issue.
@Vincevrp This repo might help: https://github.com/bitwarden/brand
@Vincevrp I can't assign non-collaborators unfortunately. Nevermind. @kspearrin thanks.
To be honest this is the first audit that I've ever given a quick glance. I guess 11 identified problems is a low number. But the conclusion is kinda worrying for me.
@Aquakor I am the lead developer of Bitwarden and was intimately involved in the security audit mentioned. I can understand that those two paragraphs may seem a bit concerning out of context. To provide more context, there were several points discussed between the Bitwarden developers and the auditing team about how we could redesign specific features (ex. organization user confirmations) so that the crypto implementations would be stronger and more resilient against certain attack vectors. A consensus was reached and that is what is being referenced here about re-designing things.
The purpose of an audit like this is to find issues. When issues are found, that is a good thing. We want to find problems so that they can be fixed. What would be bad is if we found issues that could not be properly fixed, or an abnormally large number of issues, neither of which was the case with Bitwarden. What I can tell you is that all issues referenced in this audit have already been resolved in very short order (the audit was only completed just last week), with relatively simple fixes, and that Bitwarden is even safer to use today than it was before.