This is understandable, the password manager market is saturated and implementing new features like Passkeys is far from trivial.
Still, they are the only real option for a one-click mostly open source password manager that works across all the major platforms and that supports modern features.
Bitwarden is no longer free software - https://news.ycombinator.com/item?id=41893994 - Oct 2024 (71 comments)
I’m a customer of both services. I started with 1Password since its early days and have been using the family plan for the past 5+ years.
I used BitWarden when starting with Teams, as it is cheaper and presumably scalable. I hope that if things grow up, we can either host it ourselves or the pricing is affordable enough.
If Bitwarden becomes as “successful” as 1Password, people/companies will actually just use 1Password.
I think, now, the idea would be to start moving all critical ones to Keepass; and use a better UX client on top of the database.
It works until you have conflict edits on different device and need merging.
https://github.com/keepassium/KeePassium
As with all iOS apps, there’s no guarantee that the open source app code on GitHub corresponds to what you install from the App Store.
I have been very satisfied with KeePassium, it integrates with all the cloud storage providers I’d want and the app itself works well.
Bitwarden is no longer free software
https://news.ycombinator.com/item?id=41893994
BitWarden leaves open source community https://news.ycombinator.com/item?id=41896750
Recently switched over from a premium Bitwarden account to it. Import from Bitwarden was a breeze.
Note that KeepassXC only writes to a local encrypted db file. Syncing that across devices is left to you. I used Syncthing for that.
So it doesn't really solve my problem
I think this is easy for pretty much anyone that's an active HN user, but is it for your parents or grandparents? It's they who matter a lot. It's why WhatsApp was so successful, it passed the Grandma check. Signal might, but onboarding is "hard" (and the nerds argue and that's all others hear and then do what... Use telegram? Lol). But it's why Matrix isn't gaining popularity, because frankly until creating servers is a one click install it's not going to get mass appeal (same for any federated app).
It's the old PGP joke: how do you decrypt a PGP email? You email the sender "I can't decrypt, can you send it without encryption?"
I refuse to use Signal because their message history functionality is too restrictive for me.
Telegram strikes a good balance, and wins at the UI/UX game.
For a general audience, even Bitwarden doesn't pass the "grandma check". If you've used Bitwarden for a while you have probably been met with a stern warning about "KDF Iterations too low".
So I pitched the answer assuming "able to use Bitwarden" as a base level of tech savvy.
Also, seeing as I am on HN, I assumed the following:
1. Security matters, even if it comes at a slight cost in convenience
2. User can figure out their own syncing mechanism
> Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.
Tempest in a teapot.
What about reporting a bug and chill? Instead of immediately jumping the gun and flooding the issue tracker of the one company that still tries with preaching? What is this going to achieve? Of course they locked it. Shame on everyone who commented some RMS-inspired lament into their issue queue.
What the CTO said is that, "build [failure] with bitwarden_license directory removed" is a bug. It doesn't change the fact that the SDK is not released under the free license.
EDIT: citation EDIT2: s/CEO/CTO/
https://github.com/bitwarden/clients/issues/11611#issuecomme...
Eg for Keypass and authenticator.
There's the encrypted files, but they don't live in a vault. It seems that most obvious use case (being that you only get 1G) is to attach photos to IDs. But the implementation is silly. It's encrypted on their cloud where you download a copy and it then lives unencrypted on your device.
It seems silly that this is the implementation considering your passwords live in a local vault where you don't need a network connection.
Idk, I do want to support them but it does concern me when developers do not think about details, especially when it comes to security. The little things matter a lot.
I will continue to vote with my wallet, with other open-first solutions like ente and etesync.
Part of why I do this is so that if the company changes direction, the community can potentially fill in.
With the momentum behind vaultgarden, maybe open clients will flourish too.
That's a big deal to some, no doubt, but it's important to be precise about language in cases like this, especially since folks will undoubtedly assume that this means secret user-hostile things will now be embedded in the source code, sight-unseen.
