
Password Sharing with Organizations - xxkylexx
https://blog.bitwarden.com/password-sharing-is-here-organizations-cf9e7a2098d2
======
vmarsy
I've never heard of this service before, is bitwarden widely used by people
here?

I was looking at the FAQ[1] and on a small paragraph they manage to put 3
spelling mistakes. This might be unjustified but I'm less inclined to trust a
product with this, even less one that manages sensitive secrets.

> Since your data is fully encrypted and/or hashed before ever leaving your
> local device, _noone_ from the bitwarden team can ever see, read, or reverse
> engineer to get to your real data. bitwarden servers only store _encypted_
> and hashed data. This is an important step that bitwarden takes to protect
> you.

> You can read more about how your data is encrypted and _trasmitted_ here.

Many FAQ questions have at least one spelling mistake, and it's not the same
every time, so it's not due to a foreign speaker's mistake. "trasmitted",
"sensative data", etc.

[1] [https://help.bitwarden.com/security/can-bitwarden-see-my-
pas...](https://help.bitwarden.com/security/can-bitwarden-see-my-passwords/)

~~~
styx31
Based on github it seems this service is developed by a single person[1]. So,
the product seems to be really new.

[1] [https://github.com/kspearrin](https://github.com/kspearrin)

------
laingc
I'm a LastPass Premium subscriber, and I would be interested in trialling a
move to BitWarden for myself and my family. However, the lack of a Safari
plugin is a showstopper for me, and it seems that plans to develop one are on
hold indefinitely.

A real shame, as BitWarden looks like a solid project.

~~~
mahyarm
Through the magic of open source, one could be made!

[https://github.com/bitwarden/browser](https://github.com/bitwarden/browser)

~~~
chdsbd
You still need an Apple developer account to sign and run an open source
extension

------
tehsuck
I've been using BitWarden for about 4 months now and really like it. It's not
as full-featured as others, but it does the job and is OSS, and unlike
1password, the chrome plugin works on Ubuntu.

Also, I am not a .NET dev, but if you take a look at the code it's one of the
cleaner projects I've seen.

~~~
swozey
It's a fun and infuriating past time of mine to check the now 38 page
1password feature request regarding adding Linux support from 2010.

[https://discussions.agilebits.com/discussion/2846/new-
produc...](https://discussions.agilebits.com/discussion/2846/new-product-
request-1password-for-linux/p31)

------
Roritharr
I've been digging into Self-Hosted password solutions lately, the most mature
looking I've found was Pleasant Password Server. I haven't tested it yet, it's
next on the List. Does anyone have experience with it?

[1]
[http://www.pleasantsolutions.com/passwordserver/](http://www.pleasantsolutions.com/passwordserver/)

~~~
mhotchen
I've used it as an end-user in an enterprise with LDAP integration. It worked
well in that situation and our sysadmin who set it up was happy with it as
well.

At home where it's just me using the passwords across a couple of devices I
just use KeePass with the database stored on dropbox.

------
Canada
Another crypto app misusing zero knowledge: "The answer is public/private key,
or asymmetric encryption. All sharing in bitwarden follows the same zero-
knowledge principles that we have always followed, protecting you and your
data with end-to-end encryption."

------
nik1aa5
I use `pass` with git versioning. Encrypted with GPG. Does the same, doesn't
it? Not that fancy but it works well.

~~~
gervase
Ultimately, all password managers are just data storage with encryption and
convenience layered on top.

However, I think the main advantage many password managers bring is cross-
platform compatibility, specifically all of:

\- Windows

\- Mac

\- Linux

\- Android

\- iOS

This can be a killer feature (or a blocker) for adoption, and would fall under
"convenience" above.

~~~
tylorr
I use pass on windows, mac, linux and android

------
nirmalkant
I would never share my password with any individual or a company for sure. I
am using LastPass and its very good but one thing i don't like about this tool
is, there is option to show your password who you wish to share your account.
If you want to learn how to keep your password secure and make it difficult to
decrypt, here is the solution - [http://gotowebsecurity.com/now-thats-
password-security/](http://gotowebsecurity.com/now-thats-password-security/)

------
woodruffw
I wrote a secret manager [1] that accomplishes this by lying on top of
Keybase's virtual filesystem. To share a secret between _N_ people, I only
need to create a new "session" between the private directories of each Keybase
user.

[1]:
[https://github.com/woodruffw/kbsecret](https://github.com/woodruffw/kbsecret)

------
jonathonf
Just be aware, there are bugs in the interactions between extensions and
sharing. For example, if you share a secret via the web vault then edit it
(without syncing first) in an extension it becomes inaccessible. If you
perform a sync after sharing, the secret isn't visible in the extension any
more.

------
secfirstmd
Looks like an interesting project. Will take a look deeper in the next few
days.

Though I have to say, I haven't trusted password managers which sync online
since the beginning. Just doesn't feel right. And the various hacks over the
past few years seem to validate that.

~~~
jonathonf
> Just doesn't feel right. ... various ... seem to ...

Could this sentiment be any less specific?

------
endymi0n
Or - if you absolutely must, at least share your passwords with open source
technology:
[https://www.justwatch.com/gopass/](https://www.justwatch.com/gopass/)

~~~
jonathonf
All of Bitwarden is open source.
[https://github.com/bitwarden/](https://github.com/bitwarden/)

------
Cilvic
I find it quite misleading to call it "Free" if the free one is only for
personal use or at least to not the Team/Organization option.

~~~
kyrra
Indeed. Seems the HN title should match the site:

"Password Sharing with Organizations" or "Password Sharing with Organizations
– bitwarden blog"

~~~
sctb
Thank you, we've updated the title from “Bitwarden, Free and Open Source
Password Manager, Adds Password Sharing Features”.

