- cross-posted to:
- technology@lemmy.world
- linux@lemmy.world
- cross-posted to:
- technology@lemmy.world
- linux@lemmy.world
Bitwarden introduced a non-free dependency to their clients. The Bitwarden CTO tried to frame this as a bug but his explanation does not really make it any less concerning.
Perhaps it is time for alternative Bitwarden-compatible clients. An open source client that’s not based on Electron would be nice. Or move to something else entirely? Are there any other client-server open source password managers?
Can’t we ever have software that just keeps working? Password managers are like the new RSS readers.
- search around for a good one
- find a nice one and start using it
- they add stuff you didn’t want and slowly make it worse
- they’re bought up/ abandoned/ otherwise become unviable
Back to 1)
Well KeePass
The downside to Keepass is it is not self hosted, as in it’s designed to run locally per device. Yes, you can put the database file on a network and have multiple clients from different operating systems access the database, but you will end up with collisions and database issues. Ask me how I know.
Running cross platform Keepass (and it’s various forks) is absolutely doable, but it is not as seemless as BitWarden. I’m running self hosted VaultWarden and I’m hoping to run it for a long time as it’s much easier than Keepass.
Eh, I have used KeepassXC over multiple machines using NextCloud to sync it for years now and have never had any conflict.
This. I have been running it the same way for some time now. Even if you change something on one machine and something else on another nextcloud will just happily inform you of the conflict and then you can open both databases and cherry pick. Never had corruption issues.
For what it’s worth, I only ever had sync issues when sharing a database between devices with transient connectivity. Once I added an always-on instance of Syncthing into the mix, collisions were a thing of the past.
We’ve been using KeePass trouble-free for many years now, sharing a single database across more than 6 devices, with frequent use and modification.
Syncthing just announced they won’t develop their Android app anymore. 🫤
Noooo! Ugh, that’s so disheartening to hear but I can’t fault imsodin for his reasons. I sincerely hope that someone steps up to the plate, even if only for the F-Droid releases.
For anyone else interested, the discussion is taking place here:
https://forum.syncthing.net/t/discontinuing-syncthing-android/23002/7
Ah shit, I hadn’t heard that. Another one bites the dust because of Google’s Play Store insanity. Maybe SyncThing-Fork will continue? 🤞
Source: https://forum.syncthing.net/t/discontinuing-syncthing-android/23002
Edit: Aaand like 10 posts down in my feed https://lemmy.world/post/21070831 lol 😭
KeePassXC here, ÷1 for the exact same issue with the exact same solution (ST with an always-on “server”) 👍
Sure, you’re welcome to keep using the version you like, or to write or maintain one on your own. Or pay someone for their labor to do it for you.
But if you use something made out of someone’s good will, don’t rely on it for anything critical.
Money isn’t necessarily a factor. I’ve paid for many services that have made business or operating changes to the point of needing to separate and then there’s WinZip on the other side of things.
BitWarden already has lots of clients. There’s also VaultWarden for the server if you want.
This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.
I can only speak for myself, but I would never trust opaque, proprietary software to manage my credentials, especially in a networked environment. For me, that’s a total showstopper.
I’ve never had need to use Bitwarden or Vaultwarden as I’ve always been happy with KeePass, but this news would definitely have me choosing an alternative.
I always found it weird for people to recommend BitWarden … it just FELT like a company that’ll go completely off track sooner or later. And it did. Oh wonder. KeePass ftw!
BitWarden already has lots of clients.
Does it? I’d be very much interested to know. I’ve been looking for other clients before, because I didn’t like the sluggishness of the Electron client, but couldn’t find any usable clients at all. There are some projects on Github, none of which seemed to be in a usable state. Perhaps I have been missing something.
This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.
Nobody said that they can’t do that (although people rightfully questioned that their changes are indeed comatible with the GPLv3). I very much disagree that this isn’t a big deal, though.
I use Keyguard on my phone. Loving it so far. Mostly focused on Android but also available for all major platforms.
Keyguard is not open-source, only source-available.
Thanks, I haven’t seen that one before, but I’d really prefer an open source application.
deleted by creator
deleted by creator