• Boozilla@lemmy.world
    link
    fedilink
    English
    arrow-up
    61
    ·
    24 days ago

    Goddammit. It’s getting to the point I’m going to have to figure out how to write my own app for this.

    • Humanius@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      17
      ·
      edit-2
      24 days ago

      It shouldn’t even be that complex…

      I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
      All you’d need is a nice UI stringing it all together.

      Edit: I’m not sure why people are downvoting me. Is that not what a password manager essentially is?

      • wintermute@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        31
        ·
        24 days ago

        Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

      • xthexder@l.sw0.com
        link
        fedilink
        English
        arrow-up
        11
        ·
        24 days ago

        I’ve done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.

      • LedgeDrop@lemm.ee
        link
        fedilink
        English
        arrow-up
        9
        ·
        24 days ago

        It’s the “stringing it all together” that could be problematic.

        If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same “database” ). You need something smart enough to gracefully handle this or atleast tell you about it.

        I did the whole “syncing” KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole “it just works” with self-hosted bitwarden.

      • HereIAm@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        24 days ago

        I see it as it’s easy to self host. But I’m not skilled nor rich enough to guarantee the availability of it. I don’t want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.

        I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.

        But I might have to reconsider if Bitwarden is going a different direction that what I’m paying for.

      • Boozilla@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        23 days ago

        Thank you for the update! I would like to keep using it. I’ve been very happy with Bitwarden both as a password manager and a TOTP authenticator. I have even recommended it to my boss as an enterprise solution for us to use at work, and so far we are planning on replacing our current password database solution with Bitwarden.

        Unfortunately, with “enshittification” being so common these days, it was very easy to believe they were also going to the dark side. I will remain cautiously optimistic after learning it was a packaging bug.

        Here’s a link to the post on X (yes, I hate X, too) in case anyone else is doubtful:

        https://x.com/Bitwarden/status/1848135725663076446

        • ArxCyberwolf@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          23 days ago

          Yeah, I was worried about it too. I’ve become pretty cynical when it comes to everything becoming enshittified, but I’m hoping they stick to their word.