I’m going to move away from lastpass because the user experience is pretty fucking shit. I was going to look at 1pass as I use it a lot at work and so know it. However I have heard a lot of praise for BitWarden and VaultWarden on here and so probably going to try them out first.
My questions are to those of you who self-host, firstly: why?
And how do you mitigate the risk of your internet going down at home and blocking your access while away?
BitWarden’s paid tier is only $10 a year which I’m happy to pay to support a decent service, but im curious about the benefits of the above. I already run syncthing on a pi so adding a password manager wouldn’t need any additional hardware.
I’ve used cloud based services for password managers for work and “self host” my personal stuff. I barely consider it self hosting since I use Keepass and on every machine it’s configured to keep a local cached copy of the database but primarily to pull from the database file on my in-home NAS.
Two issues I’ve had:
Logging into an account on a device currently not on my home network is brutal. I often resort to simply viewing the needed password and painstakingly type it in (and I run with loooooong passwords)
If I add or change a password on a desktop and don’t sync my phone before I leave, I get locked out of accounts. Two years rocking this setup it’s happened three times, twice I just said meh I don’t really need to do this now, a third time I went through account recovery and set a new password from my phone.
Minor complaint:
Sometimes Keepass2Android gets stuck trying to open the remote database and I have to let it sit and timeout (5 minutes!!!) which gets really annoying but happens very infrequently which is why I say just minor complaint
All in all, I find the inconvenience of doing the personal setup so low that to me even a $10 annual subscription is not worth it
Consider shortening your passwords. Random passwords longer than 20 characters is a complete waste of time.
To me 16 is long haha.
I usually end up running with 16 characters since a lot of services reject longer than 20 and as a programmer I just like it when things are a power of two. Back in the Dark Times of remembering passwords my longest was 13 characters so when I started using a password manager setting them that long felt wild to me.
I do have my bank accounts under a 64 character password purely because monkey brain like seeing big security rating in keepass. Entropy go brrrrrrrrrrrr
Haha, yeah 16 is actually pretty long.
I guess I’m just used to being forced 16 characters long passwords at long.
Appreciate your perspective thanks for sharing.
I run a similar setup, but with syncthing as the syncing system. Every time I connect the phone to the charger it just syncs the database and I can even sync it outside the home network. Works like a charm. Worst case you get a sync conflict which is easy to solve.
The way I get around the syncing issue is to set my syncthing to sync when my phone is charging so it’s very unlikely to not be in sync, or if I change a password on the PC I’ll plug my phone into a USB and it syncs straight away.
I also use KeepassDX on Android and never have those issues.