• misk@sopuli.xyzOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          3
          ·
          4 months ago

          I would understand self hosting but those are for-profit entities as well. They might be subject to less regulatory oversight because they’re smaller. They might not have as many resources to keep my data safe. They have benefits for sure but trust is not this easy to judge.

            • misk@sopuli.xyzOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              edit-2
              4 months ago

              Based on prcinpipes Bitwarden is an obvious choice. With things like passwords I’m leaning into giving my keys to a company that, if it comes to be, can pay gargantuan ransoms.

          • akilou@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            The difference is their business model is privacy. Google’s business model is advertising. I’m Proton’s customer, but advertisers are Google’s customers.

            • misk@sopuli.xyzOP
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              3
              ·
              edit-2
              4 months ago

              I don’t trust them in general but I’m certain Google doesn’t use my passwords for advertising.

              • Todd Bonzalez@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                arrow-down
                1
                ·
                4 months ago

                The real issue is that Google stores your passwords in plaintext. That’s why they survive a password reset, or apparently now can be shared with others. Proton and Bitwarden encrypt your passwords so that nobody but you can access them, or at least in the case of Bitwarden, you can share with other users using pre-shared keys.

    • Potatos_are_not_friends@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      We watched a show where there was a concept called a Dead man’s switch, and my wife asked me if I would ever do something similar, but include all my passwords, for everything.

      “Absolutely not.” I told her.

      No one can know about my smut logins.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    Cool I guess?

    Personally, I use Bitwarden with my wife. We pay $10/year, and we share a few things:

    • streaming services
    • online shopping services
    • some bank accounts

    Basically, if it’s something that doesn’t allow separate logins and both of us will need, we share them.

    Everything else is not shared. $10/year is completely fair to me, and I’m probably going to upgrade to the family plan at some point. I plan to self-host soon, so I’ll have to see what plan we need to do that.

    • towerful@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Bitwarden, DNS and email are the 3 services I pay for.
      Passwords can’t be inaccessible, free DNS services never have an LE API, and email is extremely difficult to self host. The uptime and security I expect for these things means I’m happy paying someone else to take care of it.

      Bitwarden seem to be a great company and doing everything right (even though they are being annoyingly slow with passkeys on android, my only fault with their service).
      Their subscription is extremely reasonable, so even if I figured I could self host it, I’d rather pay bitwarden

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        4 months ago

        I honestly don’t like passkeys, at least how they currently work. It seems the intent is to replace MFA with just one factor. I prefer 2FA with TOTP separate from my password manager, which means an attacker would need to exploit both to access my accounts.

        That said, it’s a sticking point for many people, so I hope Bitwarden gets it soon. I just probably won’t use it.

        • randombullet@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          From my understanding, passkeys is supposed to be something you have (phone) and something you know (pin) or something you are (biometrics)

          I still use hardware keys like a yubikey (something I have) and my normal password via a password manager.