Conversation
Notices
-
Embed this notice
Hobbs (cmhobbs@pleroma.asn.mobi)'s status on Thursday, 01-Sep-2022 23:37:45 JST 
Hobbs
Anyone have experience self hosting @bitwarden in a secure manner that's accessible for "normal" people? I really need a shared password manager for my family and passing around keepassxc files just doesn't cut it, especially because they use phones more than traditional computers. Making them all use VPNs is certainly out of the question.
I have severe anxiety about putting all my passwords and OTP up in the cloud. I have hundreds of entries in keepassxc. That'd take days to rotate everything and even then I think some can't be saved.
Perhaps a smoother solution is to just keep using keepassxc and then figure out something with bitwarden where only the shared and lower risk passwords are stored there?
Advice and boosts appreciated.-
Embed this notice
Bitwarden (bitwarden@fosstodon.org)'s status on Thursday, 01-Sep-2022 23:37:35 JST 
Bitwarden
@thor @cmhobbs If it helps, we also partner with security researchers at HackerOne as part of a bug bounty program, and undergo regular third party audits.
-
Embed this notice
Thorwegian ❄️ (thor@berserker.town)'s status on Thursday, 01-Sep-2022 23:37:36 JST 
Thorwegian ❄️
@bitwarden @cmhobbs i wish i personally knew a person who actually went and checked through the source code of BitWarden. also, i am running binaries downloaded off the Chrome store. i was not able to inspect the source code. you have to take a lot of things on faith unless you go through a hell of a lot of work.
PublicLewdness repeated this. -
Embed this notice
Bitwarden (bitwarden@fosstodon.org)'s status on Thursday, 01-Sep-2022 23:37:38 JST
Bitwarden
@cmhobbs @thor To see what the Bitwarden team does to keep your information secure, check out https://bitwarden.com/tips/#can-anyone-insert-code-into-the-bitwarden-codebase
-
Embed this notice
Hobbs (cmhobbs@pleroma.asn.mobi)'s status on Thursday, 01-Sep-2022 23:37:43 JST
Hobbs
@thor @bitwarden great point, thanks! -
Embed this notice
Thorwegian ❄️ (thor@berserker.town)'s status on Thursday, 01-Sep-2022 23:37:44 JST
Thorwegian ❄️
@cmhobbs @bitwarden well, if you trust their software, and you picked a good master key, the people who run that cloud server couldn't access your passwords even if the tried.
if you don't trust their software and think it's malicious, using your own server won't help you, since the software could be sending the passwords elsewhere without your knowledge.
-
Embed this notice
All GNU social JP content and data are available under the