A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.13K Posts
- 78.3K Comments
- Modlog
KeePass + Syncthing works also for OTPs (you can even use OTP without a phone).
As far as I know, you’ll have a last syched copy in your cache. Test it with no internet con! Try to export your data without internet.
I’m using vaultwarden for like 4 year now, but on my personal server at home. Btw a raspberry pi is enough to run vaultwarden.
You could take a look at reverse proxys and dyndns services (like duckdns -> free). I started like this. Now I have my own domain, but that is not mandatory!
I’d pay the $10/yr premium if you can swing it. The emergency contact recovery feature alone was more than worth it to me.
For 2FA, I highly recommend Aegis. I switched from both Google and Microsoft authenticator apps earlier this year and it’s been great. I have the backups running automatically and it dumps it into a folder the Seafile is syncing for me. So not only do I have the backups on the server, but on the clients as well. Seafile is then backed up to an encrypted B2 bucket for further redundancy.
deleted by creator
Have you considered using Bitwarden Premium? It has TOTP support and is $10/year currently.
Also, regardless of how your hosting your data, it’s probably good to keep a secured backup of your vault or two just in case something unexpected happens.
deleted by creator
deleted by creator
If your only issue are the backups, then you can still use aegis with automatic encrypted backup to a folder in your device and then use syncthing to automatically send it to your machine. From there use any other backup solution like duplicati or restic.
(Remember that syncthing is not a backup solution, it should only be used as a way to automatically sync files between devices) (People have had many issues with duplicate, but I’ve only seen posts about huge amounts of data, for something like aegis backups has been working fine for me)
I’d also recommend you asking in !selfhosted@lemmy.world
deleted by creator
A password manager can be considered critical infrastructure; beyond privacy and uptime/access considerations, you should also consider what happens if you lose all of your data - Do you have backups? Are the backups 3-2-1 redundant? Do you have a ready-to-go docker compose to get yourself up and running locally in a pinch?
I self-hosted bitwarden (vaultwarden) for several years and it became evident to me that it was important enough to use the hosted service - especially as I was already paying Bitwarden to support their open source business.
deleted by creator
I don’t know about render.com, but as long you have a HTTPS domain, you can just use any domain.
Also, I think many services will notify you about changes of their pricing, so you can just back up the server and move them somewhere before something going up.
Some good info about Vaultwarden is in the wiki, including some installation source, there are docker, binaries, and rust, so you can pick one of them.
Yes, the bitwarden client will simply treat it as being offline. You should check the docs on how to migrate to a new server so you can be prepared.
No.
Bandwidth is up to the network stack to determine, not the programming language. Generally, your app and OS will use as much as avalable unless otherwise throttled.I just looked it up, and their “bandwidth” is not a measure of bandwidth, but a data quota. The answer is still “no” because it’s about how much data is transferred in total, which has also little to do with the language in this case. Despite the difference of some negligible amount of bytes of overhead, vaultwarden’s limited by the format the database is in. To lower data usage, try reducing how often you automatically sync the clients with your server.
I have not tried this, but i am opinionated: on one hand, self-hosting will always be your most reliable and private option. However, if you have judged other pursuits a more valuable use of your time and mental energy, then it’s probably worth the $20/month (or whatever) if and when your server lands in reorganization jail.
The biggest issue would be your privacy, which almost always goes out the door when money comes into the picture.
If your issue is with the authenticator, then why not just switch authenticators? I’ve been quite happy with Authy over the years.
Sure, self hosting can be more secure, but if it’s not on your own hardware, I don’t see how moving to render is better. You’re still using a third party to host your most sensitive information.
Authy is pretty bad. They had a data breach that exposed users, they make it really hard to migrate your secrets to another app (God help you if you lose your phone), and they’re completely closed source.
The best option is probably Aegis Authenticator, but at least do a cursory search for “[authenticator name] controversy” before choosing an authenticator.
Thanks for the recommendation. I’ll look into transitioning to Aegis. Regarding backups, you are able to have another device in case you lose your phone (I also have Authy on my laptop in case that does happen), but the data breach you mentioned said that may have been a weak point. Either way, I’m going to explore Aegis now.
This was my thought too. Why are you using Google Authenticator? It’s my understanding that it’s only required to use 2FA with Google specifically because, like Apple, they use their own system.
Just grab any authenticator, like Authy. Problem solved.
Authy is lovely in that it just works, but it is hellacious to migrate off of if you change your mind.
I also don’t love that Authy is owned by Twilio, a communications/marketing service company.
I’ll second Authy, I’ve never had any issues and it’s simple in design which I like.
I can’t answer most of these except that as long as the render-affixed URL supports https you should have no issues and if it does die you ahould have the last synced cache in your browser. Been able to use my vaultwarden extensions offline no problem.