this post was submitted on 12 May 2024
1043 points (98.2% liked)

Open Source

30988 readers
425 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 33 points 5 months ago* (last edited 5 months ago)

I get the thought, but your phone can also have a security breach at any moment, ESPECIALLY because normal user error is by far the weakest and most often exploited attack vector.

Bitwarden's vaults are also encrypted with the option for even stronger argon2id encryption. Bitwarden themselves can't access them or reset them. It is open source and most importantly, audited. KeypassXC has only had one audit ever. (Though that passed and I would also definitely recommend keypassXC, it is great software security-wise)

The database is stored, encrypted, once on their server and once to each device you sync to, so it is available locally.

Even if they had a security breach, by design the assailant couldn't access your database any more than they could access your keypass database.

You can also self-host it which would bring it exactly to the level of keypassX variants as far as attack surface.

Not to mention with bitwarden, you will also only need one key. That is the whole point of a password manager.

"It is available locally and a lot better..." is simply untrue. They are both great options. Just whatever works best for the person. Bitwarden has a ton more QoL options and enterprise options, plus separate, shared password databases and such for families and companies. Again, just as secure.