That free password manager I used for 3 years had a data leak last month

I got an email from Bitwarden about some breach in their bug bounty program. Not a major hack but it made me think about how much trust I put into a free service. I looked into it more and found out they had a vulnerability in their browser extension that could have exposed vault data. Has anyone else considered self-hosting a password manager after something like this?

3 comments

3 Comments

grace_wright10d ago

Did you end up going with Vaultwarden like @elliot_taylor mentioned? I've been thinking about doing the same thing but the idea of me managing a server is kind of funny. I can barely keep my own laptop from becoming a disaster zone, let alone a whole Linux box. My last attempt at self-hosting anything ended with me accidentally nuking my DNS config and taking down my whole home internet for a day. I'll probably end up sticking with Bitwarden and just hope they're better at security than I am.

elliot_taylor12d ago

Honestly, this is exactly why I moved my stuff to a self-hosted vaultwarden instance on a cheap VPS. It's kind of a pain to set up at first but once it's running you don't have to worry about some company getting hacked and losing your passwords. You still need to keep that server patched and backed up though, that's on you.

oscarc5312d ago

Took me a weekend to get mine sorted but now it just works. Just set up a quick backup script to copy the data offsite once a week so I don't lose everything if the VPS dies.