I've been recommending Bitwarden for a few years now and have also been paying a yearly sub since 2022, as I always thought 10$ was a really good value.
But with all this stuff coming out, I'm holding off on recommending it anymore; at least until everything calms down and the new value proposition is fully laid out.
Like other folks have said, I don't think it's yet time to migrate. That being said, it doesn't hurt to do an encrypted export for backup purposes, start looking at alternatives, and reach out to people I know use Bitwarden to do the same.
Keeping an eye out on how this develops.
Agreed. I will continue using it as it currently fulfills my needs. But I’m not going to shout it at everybody I catch not using a password manager anymore. I’m just not willing to take responsibility for the changes they may make in the near future.
As an aside, since it seems like they’re trying to make money: The aforementioned enthusiasm has gotten it adopted at a workplace of mine. The experience hasn’t been good, so no recommendation here either.
Their moat was being a trusted name in FOSS and it’s a bit sad to see them going in the direction of abandoning it.
But somebody else will probably step up and build on the ruins, like vaultwarden already has. That’s the beauty of choosing FOSS in the first place.
You should try hosting it yourself in docker. Absurdly easy to do if you get an llm to do it and it works very, very well.
Hope they don't alter self hosting it.
It is absurdly easy to fire off the docker container you mean.
Because you need to back up, verify backups, monitor availability, manage updates, manage MFA, and a zillion things.
Don't get me wrong, I work in hardcore, high tech IT for 30 years and I selfhost two dozen or so of services. It is far, very far from "absurdly easy" when you start .
Sure you can run a container on your pc, and hope for the best
Exactly.
I’ve seen this idea so many times on HN. “Just stand up a docker container and self-host”. Or even worse: “why does anyone need GitHub - just host Bitbucket yourself”
Ok, then what?
If you're going to the trouble of self-hosting, I'd suggest just running vaultwarden.
https://github.com/dani-garcia/vaultwarden
It's entirely compatible with the clients. It also removes a lot of "rug-pull" potential, and gives you the ability to access all the nice features (ex - multi-org, multi-user, shared vaults, totp, etc...)
Honestly - part of the reason I like Bitwarden is that if they ever go full "enshittification", it's going to be relatively easy and straight-forward to just move entirely off their projects and onto open-source forks.
You can get rid of the element of hope by using KeepassXC and syncthing. Bonus is you can use this FOSS stack completely offline.
And not be able to use it on your phone or share it with people you work with.
Vaultwarden is the way. Easy to host docker. Solid. And if bitwarden blocks the clients there will be a fork.
It's leading to it anyway.
I really hope the community gets together and creates a better browser extension. Vaultwarden + that would be perfect.
Cant tell if this is satire. But I'm not self hosting my passwords unless I fully understand exactly what's happening. Trusting that to an LLM without really understanding what's happening seems very risky to me.