this post was submitted on 30 Apr 2025
80 points (96.5% liked)

Selfhosted

60281 readers
936 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I am looking into password managers, as number of my accounts are increasing. Currently I am weighing two options:

  • Host Vaultwarden on a VPS, or
  • Use the free bitwarden service.

I want to know how they are in practical aspects.

While I am fine self-hosting many services, password managers seem to be one of the most critical services that should not admit downtime. I surely cannot keep it up, as I need to update it time to time.

On the other hand, using bitwarden might require some level of trust. How much should I trust the company to use the free service? How do I know if my passwords would be safe, not being exposed to the wide net?

I want to gauge pros and cons, are there aspects I missed? How are your opinions on this? If you are self-hosting vaultwarden, how do you manage the downtime? Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] Schlemmy@lemmy.ml 1 points 1 year ago (2 children)

Bitwarden does my OTP as well. You don't need the servers for that?

[–] koala@programming.dev 2 points 1 year ago

Nope, just tested. There are hardware OTP devices that have no Internet connectivity. As far as I know, all OTP protocols are offline-friendly.

[–] irotsoma@lemmy.blahaj.zone 2 points 1 year ago

It you're talking about TOTP exclusively, that only needs the secret and the correct time on the device. The secret is cached along with the passwords on the device.