Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
The code is open source but you can just use the cloud version.
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Bitwarden does not store your passwords
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
My name is Matteo and I'm a cloud solution architect and tech enthusiast. In my spare time, I work on open source software as much as I can. I simply enjoy writing software that is actually useful.
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes
said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
@rhymes
@kriscius
Open source (esp. cloud solution) means that I should roll my own compilation/server for the app, cuz it's easy to provide an open source app and ship some extra code (that collects your passwords) with the binary.
So no thanks, I don't really wanna go through that hustle.
Not really Yaser. Open source means just that, also we are not talking about some random npm package with crypto mining hidden inside, we're talking about tools that are peer verified by security firms: help.bitwarden.com/article/why-sho...
The code is open source but you can just use the cloud version.
They don't store your passwords, they store the encrypted version and the master key never leaves your device.
My bitwarden account syncs on various browsers and two devices. 1password and the others work just like that.
For why you should use a password manager and not your memory troyhunt.com/password-managers-don...
Troy Hunt is also the person behind Have I Been Pwned, a tool to check if your email is part of various security breaches haveibeenpwned.com/
Its DB of 500 million leaked passwords is also exposed as an API and currently used by various sites to bar people from using leaked passwords again.
Fun stuff 😂
Yep, and I'm not really into self-hosting my own Bitwarden (which seems pretty safe).
The problem is that you take their words for granted, call me paranoid, but I never trust these words:
Why are you providing me the service then? Nothing comes for free dude!
Yes, Troy is pretty popular in the security scene, but again once I heard Gary Vee saying that we (humans) can sniff if someone is selling us something, this is what I mean:
troyhunt.com/have-i-been-pwned-is-...
Bitwarden, like many others, has a free plan and a couple of paid plans that add features like secure team-shared credentials (think developers sharing servers root passwords in an organization), encrypted file storage and security audit logs. As @rhymes said you don't have to take THEIR word for granted, they have been audited by security experts and deemed acceptable. They publish peer-reviewed papers about their crypto setup and have a good reputation.
If this is not enough for you, that's totally fine. But you're really falling deep into paranoia because no real reason for not trusting them has been found yet.