Published on
by 
James Ravenscroft
I’m looking at migrating away from #LastPass - I am considering self-hosting BitWarden or using their SaaS service. However, do I truly believe in my heart-of-hearts that we won’t see the same headline about BW being breached in the next 5 years? Do I paint a target on my back by hosting my own and also not being a security specialist or do I benefit by not being in the “big pond” of SaaS users? Or, do I go stateless with #LessPass?
Replies & Web Activities
If you would like to comment or reply then toot me or bluesky me about this url, or send me a webmention
1 Likes
5 Comments
@jamesravey 🤷♀️
@jamesravey Hosting your own seems fraught with risks IMO. I've done enough work on security in the past to know that I don't know the half of it. I tend to trust Bitwarden. Have you read their FAQ: https://bitwarden.com/help/security-faqs/#q-what-happens-if-bitwarden-gets-hacked ?
Security FAQs | Bitwarden Help Center@jamesravey I am using keepass-xc with syncthing to make it cross-device (really just my PC and my phone). Data breaches would really only happen if someone has physical access to either of my devices, in which case I will have bigger worries.
@jamesravey I think it depends on where you self host. If its internet accessible, I'm going to trust the SaaS service.
On a private network via VPN? I'd seriously consider hosting it myself if I trust my backup solution.
@underlap yeah I assume the same re: self-hosting - I definitely don't know enough to be comfortable. It seems that BW have a similar architecture to LP (if breached your data is encrypted don't worry yadda yadda....) I question why folks are saying jump from LP to BW - seems like jumping from titanic to britannic - sooner or later getting sunk anyway. Wondering if it's because BW is #OpenSource or purely that they didn't get hacked yet?
opensource