Yes, despite my misgivings, Bitwarden is my new password manager. Last year, when I mentioned that KeeWeb was my password manager, I said that relying on a third-party service was a recipe for disaster. Although I still think that way, I’m willing to take chances with Bitwarden because my most important websites use multi-factor authentication.
The first password manager I ever used was the one that came with my web browser and that was many years ago. The first third-party service I used was LastPass, back when I used to blog a lot more than I do today. I stopped using LastPass after the service suffered from multiple attacks and then changed hands more than once.
I switched to self-hosting a KeePass compatible database with Nginx, WebDAV and the KeeWeb desktop application. It worked fine until every web browser extension I used stopped working with the desktop application. I don’t like copy and paste. If I did, I’d settle for a plain text file. Copy and paste is time-consuming, mainly caused by the time it takes to find the right line.
I exported the database to an XML file yesterday and then imported it to Bitwarden a short time later. The web browser extension worked immediately after I installed it and logged in with the master password. I then disabled my WebDAV share completely, which I was using only for the database. I installed the Bitwarden application on my Android phone, and it worked just as well as the web browser extension.
So basically, I gave up on self-hosting my password database purely because of frustration. I can’t think of a better reason right now.
What’s worse than a third-party service? A web browser password manager controlled by a single entity. Not only is it going to be less secure, despite what they say, but they only work with specific web browsers. The Chrome password manager doesn’t work with Firefox, for example, and vice-versa. That was the reason I switched to LastPass in the first place.
I wish I didn’t have to use a password manager at all, kind of like some people I know. They use the same passwords everywhere, only using unique passwords for money related sites. Unfortunately, I like unique passwords everywhere. It’s a pain, but I feel safer that way.
Using a bookmark manager is a different story altogether. I’m not using one at all at the moment (other than the one built into my web browser), and it’s simply because I can’t stand waiting for their web pages to load. Perhaps I need to write my own, just like I wrote the application that produced this web page. I’m pretty lazy, though, so it probably won’t happen.
Image Attribution: Bitwarden at GitHub