1. 16
  1. 8

    I was hoping to read a security review of Bitwarden. Does that exists?

    1. 9

      Here’s an audit from 2020, and in that post is a link to one from 2018 [PDF].

      1. 4

        I do not have the knowledge to write one. But I know someone who does. I will contact him and see if he is interested in writing a review.

        1. 2

          That would be very interesting. Are my passwords safe on my own hosted Bitwarden server?

          1. 3

            My current approach is to run bitwarden on my local network and setup the docker networking so that the bitwarden container doesn’t have access to the internet. If I wanted to expose it to the public internet, I’d connect the container to a VPN, not rely on the authentication (since I’m running the bitwarden_rs fork).

      2. 2

        On the topic, 1Password isn’t OSS, but they’re very open about their encryption and file formats, and they’re the only option that hasn’t yet had a major breach that I know of. I don’t mind paying them at all.

        1. 2

          I left 1Password after they started forcing everyone into the subscription model after I’d already given them $100+