Bitwarden introduced a non-free dependency to their clients. The Bitwarden CTO tried to frame this as a bug but his explanation does not really make it any less concerning.

Perhaps it is time for alternative Bitwarden-compatible clients. An open source client that’s not based on Electron would be nice. Or move to something else entirely? Are there any other client-server open source password managers?

  • CommanderShepard@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    15 days ago

    Bitwarden is a very convenient password manager for an average computer user. It’s very straightforward and easy to use.

    I can see some bias here of the people who say “o, just use KeePass and sync the database over some cloud provider”. What if there are conflicts? How do they deal with them? I can figure it our but most people I know, won’t.

    Even the password manager concept is a complicated concept to grasp for many people (that I know). And I can recommend them Bitwarden because it’s relatively easy, but KeePass with sync? Maybe, if I commit to actively help them with it.

    P.S. I’ve convinced several people to try out Linux, and they are willing to learn it, but even if they just need to use a browser, they struggle sometimes. I can’t imagine them syncing the KeePass database.

    • Daniel Quinn@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      15 days ago

      This is a common problem with Free software, and honestly I think it’s our biggest one: we build stuff for ourselves and stop there. If we want our stuff to be adopted (which, for things that rely on network effects, we do) then we need to pay more attention to usability.

      Here’s a suggestion for anyone starting a project they think they might share. Before you start writing any code, write the documentation. Then rewrite it from the perspective of the least tech-literate person you know who you’d still want to use the project. Only after you’ve worked out how easy it should be for this person to get started, then you can start writing the thing.

  • just_another_person@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    16 days ago

    BitWarden already has lots of clients. There’s also VaultWarden for the server if you want.

    This is being blown a bit out of proportion though. All they are saying is the official SDK may have some non-free components going forward. So what? It’s a private company, they can do what they want. Or the community can just fork it and move forward with a free one if they want, but it’s just not going to be in the official BitWarden clients. Hardly news or a big deal.

    • thayerw@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      15 days ago

      I can only speak for myself, but I would never trust opaque, proprietary software to manage my credentials, especially in a networked environment. For me, that’s a total showstopper.

      I’ve never had need to use Bitwarden or Vaultwarden as I’ve always been happy with KeePass, but this news would definitely have me choosing an alternative.

      • Lucy :3@feddit.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        15 days ago

        I always found it weird for people to recommend BitWarden … it just FELT like a company that’ll go completely off track sooner or later. And it did. Oh wonder. KeePass ftw!

        • Lemmchen@feddit.org
          link
          fedilink
          English
          arrow-up
          0
          ·
          15 days ago

          completely off track

          Let’s see how things evolve before declaring things like that.

  • 4shtonButcher@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    ·
    16 days ago

    Can’t we ever have software that just keeps working? Password managers are like the new RSS readers.

    1. search around for a good one
    2. find a nice one and start using it
    3. they add stuff you didn’t want and slowly make it worse
    4. they’re bought up/ abandoned/ otherwise become unviable

    Back to 1)

      • jasep@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        16 days ago

        The downside to Keepass is it is not self hosted, as in it’s designed to run locally per device. Yes, you can put the database file on a network and have multiple clients from different operating systems access the database, but you will end up with collisions and database issues. Ask me how I know.

        Running cross platform Keepass (and it’s various forks) is absolutely doable, but it is not as seemless as BitWarden. I’m running self hosted VaultWarden and I’m hoping to run it for a long time as it’s much easier than Keepass.