How safe is Bitwarden? - eviltoast

I’m currently using 1Password but I’m no longer satisfied with it.

  • QubaXR@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    I’m hearing a lot of good things about Bitwarden, especially from the Linux crowd.

    What I am curious about though is what’s in your opinion wrong with 1password - a solution I’m currently using too.

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 year ago

      Because it’s closed source, there’s a higher likelihood that there is an undiscovered vulnerability in 1Password. Even though it is audited, a vulnerability could be introduced after the most recent audit and you would never know.

      For something as mission-critical as a password manager, going with an open source solution gives just that much more confidence that your data is safe. To me it’s simply not worth the risk to blindly trust a company with my login data, when I could trust a company that displays their entire solution in the open.

      • liara@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Going to play Devil’s advocate here, but open source does not automatically mean that things are safe or that anyone is even auditing the code on anything that resembles a regular basis.

        Heartbleed was introduced into OpenSSL source code in 2012 and wasn’t discovered and fixed until 2014

        • asap@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Absolutely, but it’s a probability game. Between those two options of BW and 1Password I’ll go with the choice that has the higher probably of safety.

    • glad_cat@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I use Bitwarden but there is nothing wrong with 1password. Both have been audited, and (IIRC) don’t have major security holes so far. 1password is more expensive but it’s not an issue.

      • zorbse@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        Some would argue that as 1password is proprietary it can’t be trusted as much as open source Bitwarden

      • QubaXR@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I started using 1pass after the audit by my former company’s itsec team. Just curious if there are some downsides (apart from the price) I’m not aware of.

    • constantokra@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Absolutely proprietary, which is why you’re hearing about bitwarden instead from the linux crowd.

      It’s one of the first services I started to selfhost externally. I’ve not had a single problem with it, and it’s easily the best, most useful piece of software I host.

      I’m not sure how 1password works with families, though I see it’s 5 dollars a month for 5 members. I can tell you that with bitwarden (and selfhosted vaultwarden) it’s super easy to manage passwords for your family through organizations. I have it set up so I have access to all my parents’ passwords, and I share access to relevant passwords with my partner, but I don’t have to clutter their password manager with hundreds of passwords for random crap they don’t need.