Home

Why I left Bitwarden

After lastpass has been aquired by a big marketing company, I moved to Bitwarden password manager. At that time I chose Bitwarden because it was an open source software and was managed by a small team, that’s at least what I thought at that time.
Another reason was that Bitwarden has a JSON export function. Exactly this function I now used to move to another solution.

But why did I leave Bitwarden?

I read this blog post. The author wrote that Bitwarden got a $100 million venture capital investment (this already happened in 2022, but I didn’t notice it). So Bitwarden goes the same way as lastpass years before.

Another reason is an article I read about a security test, I think but not sure, the German Fraunhofer Institute did. They intensively tested three password managers. One of it was Bitwarden.
All three had security issues.

The third reason is that I always was not happy with the fact that Bitwarden is a US company and hence has to follow the rules of the cloud act.
This got more critical when D.J. Trump became president of the USA.

Where did I go?

After I had a look around on the internet by mainly reading this test report (it’s in German) I decided to move to KeePassXC on my laptop and KeePassDX on my mobile phone (android). At the laptop I use the Firefox browser extension KeePassXC Browser. This fills in username and password at the platforms I want to login with a long, secure password.

With KeePass I have everything in my hands. There is no server involved. KeePass reads a local database file and encrypts securely when writing to it.

How do I sync the database at my laptop, smartphone and …

There was one challenge with KeePass I had to solve. Cause KeePass works with a local database file I would have a local file at my laptop, a local file at my smartphone, a local file at …
How to keep those files in sync?

Fortunately the solutions is quite easy in my case. My E-Mail provider is mailbox.org. Mailbox.org not only provides an E-Mail account but also some other services. In fact it offers a complete portal. Among the services is also a webspace that allows me to save files to it.
One can then access this file service via WebDAV at my laptop and a program thats called OX Drive on my Smartphone.
With this two means I can access the same KeePass password file from the different devices.

If you don’t have an account at mailbox.org you can of cause use any other cloud service (nextcloud, google drive, dropbox, …) to save your password file to. As long as you have access to the files via the your OS which is the case at least for nextcloud you can use it the same way I do it.

There is one unsolved issue

When I make changes to the password file at my smartphone and at my laptop I think the last change wins. So I have to be careful not to do that.

Maybe I’ll find a solution by using several password files in parallel. Not sure if this works. I have to dive into this later.

Posted

in

by

htammen

Tags:

, ,