I have been using Bitwarden for around 7~ years. Subscription for this long too, at 10USD p/year. I will be switching due to lack of transparency, and would love to hear others thoughts on this.
The linked article goes into further detail, but here is a small summary that very much concern me / are sus:
- that 10USD per year has gone up quietly . I just checked and I have no email telling me it’s increased. It renews in like 2 months, so this is good timing for me
- Originally Bitwarden had values as apart of the acronym “GRIT”. Gratitude, Responsibility, Inclusion, and Transparency. They have changed the last two words to “Innovation, Trust”
- There is now a new CEO, this was not announced and the only reason people outside of Bitwarden know is that someone saw this change on LinkedIn
- The free tier momentarily disappeared from their product page for about a month (april14-may14). People were likely still able to make free accounts during this period. Bitwarden says it was a marketing mistake
The price hike is one thing, but for me the acronym change is most concerning, which is why I will be looking at another password manger (probably keepassxc)
You’re quitting over some words? All this questionable shit and you’re quitting cause they changed an acronym? Sheesh…
They are quitting becuase they see another lastpass happening. The new CEO is a toxic private equity leech.
Last pass was not Foss though.
It’s true - apart from the price hike, Nothing really has happened. And yet I ask you, which are you more comfortable with:
- A company with closed communication, and still asks to be trusted at the end
- A company having open, transparent communication
In this case I don’t care. I selfhost. What Bitwarden does doesn’t affect me.
Lol… From Transparency to “Just Trust Me Bro”.
I know right. Even in an Enterprise environment why would trust be a better word to represent your values over transparency
although its advertised as self hosted & for companies, you can create a personal account on their server.
That’s cool I haven’t heard of that one. I personally will be avoiding Enterprise products from now on since Bitwarden
fair enough brother, Keepass + syncthing is a great alternative also
Just FYI there’s two KeepAssDX versions in FDroid: the square key and the round key logos. The round key is the Libre one you want, whereas the square one is aka the Google Play version. IzzyOnDroid mirrors the square one and it shouldn’t.
Are you sure it’s not the square key one you want? I just checked and that one is available from both Izzy and f-droid itself, whereas the round version is only available from Izzy (though that one has foss in the name and the other doesn’t)
The repo does mention “free” and “libre” apks and it would appear the only one available on Fdroid (as far as I can tell?) is the libre version.
Edit: I mention it because the official website has round logo, but this version doesn’t so not sure that’s a good indicator
Disappointing, but I’m still going to be running the free tier of Bitwarden for the time being. Thanks for the heads up.
The CEO apparently is a big private equity guy, and those bloodsucking ticks only know how to do one thing: Suck every last drop of money and goodwill from the company and its customers as quickly as possible.
Breaks my heart, I’ve been a massive Bitwarden advocate for years. Been happily paying for the individual paid plan. I’m now working on setting up KeyPassXC with syncthing.
Does KeyPassXC have passkey and TOTP support?
Yes. For passkey, you need to install the browser plugin and enable support in the preferences.
Both, yes
Do you know if I can get KeePass working on both PC and Android in sync with Syncthing?
I have been using it that way for years and it works well (for this scenario no problem). Only recently I switched from Syncthing to using mounted SMB share. I switched partly because of the Syncthing for Android maintainer switch (though I still think its safe) and because Syncthing sometimes didn’t sync on my Iodé custom rom and I got tired of having to open the app to sync.
I used to do that few years ago. It worked very well. Never had any issues. I’ve used KeePassDX on Android and KeePassXC on Linux.
In the same boat as you.
I don’t like how it’s changing, I also don’t like how the UI is changing and, sadly, as a EU citizen I can’t trust it any longer since it is made in the USA.
But I’m no hurry to switch. I mean, I won’t rush or worry about paying one more year subscription if I have to. I’ll try alternatives as long as I have too. So far, there is
- the Canadian 1Password and
- the non-synced/local but free to use KeepassXC that are standing out.
Both work with Linux.
non-synced/local but free to use KeepassXC
I sync it with Synching with no issues.
Interesting! What do you use to open it on your phone?
KeePassDX-libre
I am looking at aliasvault.net or keepassxc. Vaultwarden I’m not super interested in either as one of its big developers works at Bitwarden, they could be pressured to stop working on it etc. Potential conflict of interest
Aliasvault seems cool. I wonder how mature it is. Its the clients though that matter too when the wholr family is using it.
That’s true, but as long as I have it hosted locally and it keeps working I’m fine with it. I have really gotten used to the bitwarden client simply working on all the devices/browsers.
Exactly. We can just fork it, if the need ever arrives.
There’s no reason for is to suffer through a more clunky solution when this is all open source.
Totally agree. I’ve been a multi-year paying customer of bitwarden for the family, always happy with their service, especially when compared with the 1pass I use at work. But that CEO avatar picture alone gives me enough bad vibes, let alone his credentials, the acronym change, so yea I too reckon I’ve been putting off the switch long enough now.
I came from keepass, can’t go back there, even if I now have syncthing set up everywhere. Also, how would that work for the family, you force everyone to set up their own file and hope they manage it well? Highly doubtful.
I saw aliasvault pop up too, this last week. Haven’t looked into it yet, and although a great contender, it’s probably too young to seriously consider.
These are the alternatives according to selfh.st/apps :
- Vaultwarden
- Password Pusher
- KeePassXC
- Passbolt
- Infisical
- OpenBao
- YeetFile
- AliasVault
- OrigamiVault
Anyone here had some bad experiences with any of these?
Switched from keepassxc to vaultwarden a while ago (mostly due to the horrible syncing experience, and to use the same password manager as my family so I could help out better).
It’s a selfhosted and open source version of the Bitwarden server, you’ll use the (open source) Bitwarden clients. So its all features of Bitwarden plus full transparency
oh so if Bitwarden eventually locks down their app, the folks over at vaultwarden could just spin up their own f-droid app?
Yes, the clients (Desktop, Web, Browser, Mobile, CLI) are published by Bitwarden under GPL3 license, so you can always fork them.
Bitwarden could delete the repos, but the code is out there.
vaultwarden allows you to keep using the bitwarden client i think, just with your own server. should be the most seamless for the family.
Good point, that is a big factor indeed, ease of migration. Vaultwarden should get bonus points for this, so I’ll be sure to add it to the list of alternatives to try out. Thanks!
If bitwarden went completely rotten could they cease and desist vault warden?
I’d asked a similar question. Basically, the response I got was: if the something goes sideways, the community can hard fork all their clients and use vaultwarden as a server (their current licenses would allow that).
Another suggestion was that you can always use the web ui bundled with vaultwarden directly (heh, I’ve been using vaultwarden for years and I don’t think I ever used the web ui - just the applications, CLI, browser extension).
vaultwarden has an uncertain future with the new bitwarden management – we would need bitwarden apps that use vaultwarden apis rather than bitwarden. I suppose if bitwarden breaks api compatibility that might happen.
KeepPassXC is what I was using before – it’s like keepass. It has browser integration, but syncing is problematic, and it doesn’t have biometric unlock.
if bitwarden breaks api compatibility that might happen
I should think so too. I’d expect a big race to start, like with the kbin/lemmy apps after the reddit api fiasco.
I’m using boost for lemmy btw. It was a great reddit client back in the day, and when the api change was announced they switched to lemmy pretty quickly.
still in beta (stable) but im using aliasvault for a couple of months now and i don’t have any issues
still in beta
any idea when they will release a major version?
Is AliasVault here for the long term?
Yes. We build AliasVault with a long-term vision, not with a quick exit in mind. The product is never “done”; we keep developing, improving, and refining AliasVault continuously to give users the best possible experience over the long term.
Our spiritual predecessor, SpamOK.com, has been running since 2013. That is more than 13 years of uninterrupted service helping people fight spam and protect their privacy online. The same long-term mindset applies to AliasVault.
That does inspire confidence, so I’ll add it to the list!
Password Pusher is no password manager, only for securely sharing information.
Running on Vaultwarden, though that still depends on the official BitWarden Clients. Works great though, and can be selfhosted on pretty small machines. Very satisfied with it.
Passbolt was not on my radar when I was in the market for a new password manager, but would be a serious consideration today.
If considering a self hosted alternative, remember that backups are your responsibility then as well.
Good point about the backups. I snapshot the important VMs daily on Proxmox, I reckon that should suffice for this, right?
I use the 3-2-1 rule.
It’s not a backup if it’s stored in the same place as the original
Exactly what i do but have replication across machines and save the VM backup resository on external hard drive in different building. Outside garage.
Migrated to Keepass shortly before the price increase ( not because of it) just for the reason of wanting my vault fully offline. Seeing these changes at BW still makes me sad, was a long time paying user & truly enjoyed it
Keepass is fantastiic, my vault is pretty static so just manually copy to other device as needed. And of course, have your full backup plan in place as with all things
if you’re into self-hosting i’ve been using vaultwarden for a while now. it’s an open-source implementation of the Bitwarden server
hello, quit using centralized services
I ran away from Bitwarden a few weeks ago due to other controversies and started using GNOME Secrets and KeePassDX. I couldn’t be happier, it’s slightly less convenient but I’m glad I did that.
I’ve asked this before but does any of this enshittification affect vaultwarden?
Since we still need to use the official clients with Vaultwarden, I’d say time is running short, even if these changes don’t directly affect it yet. Definitely need some FOSS alternative clients for it.
None of the above effects vaultwarden (how could it?), but it does raise concerns about long term FLOSS-friendlyness. I got bit by the sudden price increase earlier this year and decided that is the 1 year warning to migrate to either self hosted vaultwarden or something else. I move slow, so need some time anyway.
Well since most if not all use the Bitwarden client they could lock that down. Which would suck.
Even if it doesn’t affect it directly Vaultwarden is strongly linked to Bitwarden, for example I think you’re using official clients on your devices, Vaultwarden is not self sustainable (for now)
It got bought by a company owned by Vista Equity partners, a private equity firm.
The loss of values happened at Citrix when it was Vought by Vista. They installed Tom Krauseasthe CEO to gut it from the inside out.
Everybody should have an exit plan ready to be able to leave bitwarden
Bitwarden got bought by private equity?
https://techcrunch.com/2022/09/06/open-source-password-manager-bitwarden-raises-100m/
No, they took $100 million in VC. Never a good sign imho.
Out of a desire not to switch, I’m going to ask what I know to be a naive/dumb question: what’s the worst that can happen? It’s a mature gpl codebase
They become another LastPass.
Was LastPass open source to the same degree that Bitwarden is? It’s super easy to run your own Vaultwarden server already, and it shouldn’t be a problem for the community to fork and maintain unofficial clients either. Doesn’t seem like there’s much Bitwarden as a company could do about that, even if they wanted to.
I’m surprised that nobody has (meaningfully) forked the clients yet, it seems like all the warning signs are there
When the clients start changing for the worse I’m sure there will be forks…
Yeah for sure, I’m just thinking that it can be a little rocky to get governance and contribution processes set up, sometimes those last minute forks flop because the person who decided to advertise their fork ends up being ill equipped to handle running the project. If we can get a libre warden client project working before hand then it’ll make the process a lot more seamless when issues with bitwarden arise.
