I've never heard of this service before, is bitwarden widely used by people here?
I was looking at the FAQ[1] and on a small paragraph they manage to put 3 spelling mistakes. This might be unjustified but I'm less inclined to trust a product with this, even less one that manages sensitive secrets.
> Since your data is fully encrypted and/or hashed before ever leaving your local device, noone from the bitwarden team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encypted and hashed data. This is an important step that bitwarden takes to protect you.
> You can read more about how your data is encrypted and trasmitted here.
Many FAQ questions have at least one spelling mistake, and it's not the same every time, so it's not due to a foreign speaker's mistake. "trasmitted", "sensative data", etc.
I'm a LastPass Premium subscriber, and I would be interested in trialling a move to BitWarden for myself and my family. However, the lack of a Safari plugin is a showstopper for me, and it seems that plans to develop one are on hold indefinitely.
A real shame, as BitWarden looks like a solid project.
I've been using BitWarden for about 4 months now and really like it. It's not as full-featured as others, but it does the job and is OSS, and unlike 1password, the chrome plugin works on Ubuntu.
Also, I am not a .NET dev, but if you take a look at the code it's one of the cleaner projects I've seen.
I've been digging into Self-Hosted password solutions lately, the most mature looking I've found was Pleasant Password Server. I haven't tested it yet, it's next on the List. Does anyone have experience with it?
I've used it as an end-user in an enterprise with LDAP integration. It worked well in that situation and our sysadmin who set it up was happy with it as well.
At home where it's just me using the passwords across a couple of devices I just use KeePass with the database stored on dropbox.
Another crypto app misusing zero knowledge: "The answer is public/private key, or asymmetric encryption. All sharing in bitwarden follows the same zero-knowledge principles that we have always followed, protecting you and your data with end-to-end encryption."
I would never share my password with any individual or a company for sure. I am using LastPass and its very good but one thing i don't like about this tool is, there is option to show your password who you wish to share your account. If you want to learn how to keep your password secure and make it difficult to decrypt, here is the solution - http://gotowebsecurity.com/now-thats-password-security/
I wrote a secret manager [1] that accomplishes this by lying on top of Keybase's virtual filesystem. To share a secret between N people, I only need to create a new "session" between the private directories of each Keybase user.
Just be aware, there are bugs in the interactions between extensions and sharing. For example, if you share a secret via the web vault then edit it (without syncing first) in an extension it becomes inaccessible. If you perform a sync after sharing, the secret isn't visible in the extension any more.
Looks like an interesting project. Will take a look deeper in the next few days.
Though I have to say, I haven't trusted password managers which sync online since the beginning. Just doesn't feel right. And the various hacks over the past few years seem to validate that.
I was looking at the FAQ[1] and on a small paragraph they manage to put 3 spelling mistakes. This might be unjustified but I'm less inclined to trust a product with this, even less one that manages sensitive secrets.
> Since your data is fully encrypted and/or hashed before ever leaving your local device, noone from the bitwarden team can ever see, read, or reverse engineer to get to your real data. bitwarden servers only store encypted and hashed data. This is an important step that bitwarden takes to protect you.
> You can read more about how your data is encrypted and trasmitted here.
Many FAQ questions have at least one spelling mistake, and it's not the same every time, so it's not due to a foreign speaker's mistake. "trasmitted", "sensative data", etc.
[1] https://help.bitwarden.com/security/can-bitwarden-see-my-pas...