Hacker News new | past | comments | ask | show | jobs | submit login

> I do not want my passwords on anybody’s servers.

What about your own server?


To me, this disqualifies it:

> Each Bitwarden installation requires a unique installation id and installation key.

If I’m self hosting, I want it to be independent of the code provider. It is bad enough, to me, that I have to pay a subscription fee to self-host “advanced” features like Yubikey auth. That’s the same kind of annoying that my own install still must link to their server that can die at any moment.

Let me buy the software to self-host with all of the features. The “subscription” and “integrated” mindset has no place in “I’m doing it myself” installs.

>That’s the same kind of annoying that my own install still must link to their server that can die at any moment.

With software like a password manager, if it's not actively maintained you're not going to want it anyway. So the same risk of the developers either discontinuing the product OR changing the pricing model applies just about evenly.

Being open source, at least the community can fork and maintain the software if the developers ever did throw in the towel, similar to TrueCrypt's forks.

I run my own server; it works great and is incredibly easy to set up. I would highly recommend people check this software out.

It's maybe not as feature rich as other password managers, but it is being actively developed and the few times I had questions I got a quick response from Kyle (the creator).

> I run my own server

If you think it matters where the data is stored (which shouldn't matter because it should be client side encrypted), running your own server would also be a risk. Because you cannot possibly have the same resources to monitor your server/router for suspicious activity...

That's true, but at the same time, there's something to be said for not storing my eggs in the huge basket with everyone else's eggs in it too.

By separating the storage of passwords, we drive down the economic interest in breaking into any one of the individual baskets.

Maybe I do, maybe I don't want my passwords to be at the same target as others, maybe I don't trust the hosting provider or Bitwarden the company (which you could argue, then I shouldn't trust the software, but I can monitor its behavior).

I still think it matters where data is stored because I don't trust most companies to not have back doors.

Since its all my own equipment and I have a background in this sort of stuff, I know what I am looking for when it comes to intrusions.

I had considered setting it up until I saw that SQL Server won't start unless the container has 2G of RAM. That quadruples the price of a VM on hosting providers from the usual minimum.

What is essentially a small CRUD app with encryption requirements shouldn't need 2G just for a database app.

It’s expensive to setup, if you need to rent a VPS it’s going to cost $5 per month which is probably the most expensive option and if you can’t trust somebody else’s server, you definitely CANNOT trust your own VPS ;-)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact