But we have Vaultwarden which is ridiculously easy to deploy and also very lightweight while being immensely popular; has never had any major security incidents so far - and it has thousands of eyes on it for every single commit.
I've been hosting this for three years now and I have never had a single problem with it. always worked with my Bitwarden clients on all of my devices. So if you would like to, try Vaultwarden.
My tab's title: "Ask HN: How could I safely contact drug cartels?"
Spoiler: That whole thread is probably an excellent troll ("I might make this a startup"), except a ton of mid(dle brow) people had to ruin it.
And "Aside from the aforementioned technical details, Bitwarden is (and has always been) one of the subjectively worst applications on my phones and my desktop in terms of user interface. "
Really!!? How many apps has this person used?
Of course the price between 1pass and Bitwarden reflects why 1pass is so much better. And you don't really realise how clunky BitWarden is if it's all you use, until you also have to use some other password manager.
To each their own (bugs).
Not to mention the absolutely garbage performance of the Windows desktop app.
$10/year seems pretty fair to avoid all that.
The clients are fine, could be smoother, but I've internalised the quirks by now.
Never mind that 'fill' is 100x more common as an action. So why on earth is that not the default? It is indeed an unfathomably stupid UI decision, beyond what I regularly see in other apps that I use.
I still hate it to this day, and find it incredibly clunky. In fact that alone is kind of making me want to give in and just use Apple.
To be clear I don't even think I'm talking about taste here, although people did complain about that. I can't think of any good reason that 'fill' is not the default action on an app/extension whose core purpose is to fill things.
I did however want to comment on the tab changing it's favicon and title everytime you change to another tab. Quite a cool "advertising" method for what javascript can do.
Password management involving a 3rd party is dumb and should never ever have been a thing. Before two parties had the secret (or something related to it) and now three parties have it and that's objectively worse -- even taking into account "the lazy user" or whatever.
I know we're past that in a lot of places for a lot of people, but nope, my dad and his printed out sheet of password next to his desk is still beating every company out there.
Once I moved to a password manager I realised how clunky and poor dragging a Keypass vault around was.
To suggest they have a copy of your passwords is to misunderstand what they're doing. It's the same as saying you host your Keypass on Dropbox so now Dropbox have a copy of your passwords/secrets.
The value they are providing is seamless sync between a huge range of platforms/devices and making it as frictionless as possible to entry your password when you need to (biometrics to unlock the vault, browser addons to seemlessly enter the passwords etc)
Your Dad has a single point of failure for all his accounts. That's not a win.
There seems to be a misunderstanding of how typical cloud password vaults work. The 3rd parties like Bitwarden, 1Password, Apple iCloud Keychain, etc don't have access to the users' passwords. The scheme is based on Zero-Knowledge End-2-End-Encryption. The cloud is just a mechanism to store an encrypted blob and sync them to various devices. The client devices (users' desktop, users' smartphone) are the only ones that can decrypt the passwords. There are still only 2 parties with knowledge of the actual passwords.
In contrast, the type of 3rd parties that do have knowledge/access to unencrypted plain text passwords would be Amazon storing users' wi-fi passwords, and Plaid storing users' bank account credentials & passwords. Gmail and MS Outlook.com would also be a 3rd party having a copy of users' passwords when they act as web clients to fetch email from other IMAP servers.
>, my dad and his printed out sheet of password next to his desk is still beating every company out there.
That doesn't work for users when they're not sitting at their desk and need passwords. Printing out a hardcopy sheet of passwords and carrying it the wallet or purse is a massive security risk.
Each time I read about the monstrosity of an external company owning all my passwords, taking into account all the leaks and supply chain attacks these days... I feel good "self hosting" what could be the most sensitive information that I have.
It's open-source, and I can self-host (100% free) and the free version is really, really good too, and then a premium version is $20/year which is very reasonably priced.
Also for cloud hosted password manager, you're always going to have attacks no matter what, but at least they are transparent about it .. (unlike say 1password or others). For self-hosting it might be better security, solely because no one cares to attack it, but it's not going to be more secure form engineering best practices POV (but again I might be wrong .. I'm not a security engineer of any kind)
Overall their actionable advice that different types of credentials might need different software is good.
The rest seems like ax grinding.
I dug around and found them listed within the `kill.js` file[0]. It uses the visibilitychange[1] API and swaps it to one of the following:
Official Church of Scientology: Difficulties on the Job - Online Course
Ask HN: How could I safely contact drug cartels?
The internet used to be fun
am I boring - Google Search
what is punycode - Google Search
arguments for HN comment - Google Search
how to hack coworker's phone - Google Search
censorship on hacker news - Google Search
rust programming socks - Google Shopping
Adult entertainment clubs - Google Maps
Pick up lines suggestions - ChatGPT
Online debate argument suggestions - ChatGPT
The Flat Earth Society
Amazon.com: taylor swift merch
Amazon.com: waifu pillow
/adv/ - topple government - Advice - 4chan
r/wallstreetbets on Reddit
Infowars: There's a War on For Your Mind!
birds aren't real at DuckDuckGo
Lincoln MT Cabins For Sale - Zillow
The Anarchist Cookbook by William Powell | Goodreads
Fifty Shades of Grey | Netflix
jeff bezos nudes - Google Image Search
zuckerberg nudes - Google Image Search
bigfoot nudes - Google Image Search
Rick Astley - Never Gonna Give You Up - YouTube
Pennsylvania Bigfoot Conference - Channel 5 - YouTube
Linus goes into a real girl's bedroom - Linus Tech Tips - YouTube
MrBeast en Español - YouTube
FTX Cryptocurrency Exchange
[0] https://xn--gckvb8fzb.com/js/kill.js [1] https://developer.mozilla.org/en-US/docs/Web/API/Document/vi...
lambdadelirium•1h ago