I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:
- Host Vaultwarden on a VPS, or
- Use the free bitwarden service.
I want to know how they are in practical aspects.
While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.
On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?
I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!
If in the future you think you might bring family/relations onboard to the password manager, it may be worthwhile to pay for a BitWarden family plan. BitWarden is really low-cost and they publish their stuff as FOSS (and therefore are worth supporting), but crucially you don’t want to be the point of technical support for when something doesn’t work for someone else. Self-hosting a password manager is an easier thing to do if you’re only doing it for yourself.
That said, I use a self-hosted Vaultwarden server as backup (i.e. I manually bring the server online and sync to my phone now and again), and my primary password manager is through Keepassxc, which is a completely separate and offline password manager program.
Edit: Forgot to mention, you can always start with free BitWarden and then export your data and delete your account if you decide to self-host.
that was my thinking too, if something happened to me I dont want all my wifes passwords to be locked out so I made her an admin on the account as well to be able to continue paying for the service or export her passwords
Vaultwarden has an “emergency access” feature so if something happens to me my wife can take over the account.
I also added the kids to our “organization” but didn’t give them write permissions to their passwords yet so they can’t accidentally change something.
I’m sure official bitwarden has those options too.
oh interesting Ill have to look into that! thank you