Bitwarden introduced a non-free dependency to their clients. The Bitwarden CTO tried to frame this as a bug but his explanation does not really make it any less concerning.

Perhaps it is time for alternative Bitwarden-compatible clients. An open source client that’s not based on Electron would be nice. Or move to something else entirely? Are there any other client-server open source password managers?

  • 4shtonButcher@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    86
    arrow-down
    2
    ·
    1 month ago

    Can’t we ever have software that just keeps working? Password managers are like the new RSS readers.

    1. search around for a good one
    2. find a nice one and start using it
    3. they add stuff you didn’t want and slowly make it worse
    4. they’re bought up/ abandoned/ otherwise become unviable

    Back to 1)

  • CommanderShepard@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    edit-2
    1 month ago

    Bitwarden is a very convenient password manager for an average computer user. It’s very straightforward and easy to use.

    I can see some bias here of the people who say “o, just use KeePass and sync the database over some cloud provider”. What if there are conflicts? How do they deal with them? I can figure it our but most people I know, won’t.

    Even the password manager concept is a complicated concept to grasp for many people (that I know). And I can recommend them Bitwarden because it’s relatively easy, but KeePass with sync? Maybe, if I commit to actively help them with it.

    P.S. I’ve convinced several people to try out Linux, and they are willing to learn it, but even if they just need to use a browser, they struggle sometimes. I can’t imagine them syncing the KeePass database.

    • Daniel Quinn@lemmy.ca
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 month ago

      This is a common problem with Free software, and honestly I think it’s our biggest one: we build stuff for ourselves and stop there. If we want our stuff to be adopted (which, for things that rely on network effects, we do) then we need to pay more attention to usability.

      Here’s a suggestion for anyone starting a project they think they might share. Before you start writing any code, write the documentation. Then rewrite it from the perspective of the least tech-literate person you know who you’d still want to use the project. Only after you’ve worked out how easy it should be for this person to get started, then you can start writing the thing.

      • CommanderShepard@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        Ideally, the project should not require any documentation to read.

        Yep, I know, I think everyone should read to learn, but I’ve seen so many times peoples’ spark die once I tell them “I will send you the docs with clear instructions. If you have any questions, let me know :)”. The reply is often " Oh, but it should tell me where to click".

        Or maybe it’s because the docs are too difficult, I don’t know.

        • Daniel Quinn@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 month ago

          Generally, I agree. I think what I meant by the above is “how would you tell someone how to use the thing”. My favourite example is email vs email-with-PGP.

          How do you send an email?

          1. Open client
          2. Click “send new email”
          3. Type your email
          4. Click send

          How do you send a PGP-encrypted email

          Let’s first talk about this thing called a “keyserver”. Once you know what that is, you’ll have to go out and find some keys to add to it. We’re not going to talk about styling your message 'cause that’s not something you should be able to do… etc. etc.

        • Allero@lemmy.today
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 month ago

          The docs are not only often difficult for an inexperienced user, they commonly omit points of failure.

          Various prerequisites, problematic settings, possibility of the user choosing the wrong menu etc. etc. should always be considered.

    • overload@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 month ago

      Have got two of my family members onto bitwarden and even that is a lot for the tech-illiterate. Couldn’t imagine Keepass+syncthing.

      Ultimately, bitwarden is better than using hunter12 for everything like how they were.

  • TrippyHippyDan@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 month ago

    This plus the syncthing announcement about the Android client ending support is a bad day indeed. I was just thinking about self hosting instead of KeePass + SyncThing now it’s back to the drawing board once it stops working 😵‍💫

    • ShortN0te@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 month ago

      The syncthing fork on f-droid is still an option. An issue has been opened on the github repo. Lets see what will happen with the fork

      • TrippyHippyDan@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        I do have it installed through F-Droid. I thought I read that they weren’t really going to be focusing on it at all, so updates may just die out.

        Brings the little hope that my current situation won’t die!

        I don’t know enough about Java directly to contribute anything useful, sadly.

      • TrippyHippyDan@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 month ago

        The whole point of self-hosting it is to not put the information on a public cloud. But, thankfully the F-Droid fork is still going on and I had misread it anyway.

    • Piece_Maker@feddit.uk
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      And how exactly does that fix the issue with the client going against the spirit (if not the law) of the GPL?

    • ancoraunamoka@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 month ago

      Or don’t, because they are going to kill it eventually.

      There are less convenient possibilities, like pass and keepass, even a markdown file pgp encrypted and git. Yes, less convenient, but guaranteed to work in 5,10,20+ years