• Humanius@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    5
    ·
    edit-2
    2 months ago

    It shouldn’t even be that complex…

    I might be mistaken, but ultimately a password manager is basically nothing more than a database of passwords in an encrypted zip file, right? That could entirely be self-hosted with off the shelf open source applications stringed together.
    All you’d need is a nice UI stringing it all together.

    Edit: I’m not sure why people are downvoting me. Is that not what a password manager essentially is?

    • wintermute@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      18
      ·
      2 months ago

      Keepass is exactly that. Basically all the client side parts, and the database is a single encrypted file that you can sync however you want.

    • LedgeDrop@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 months ago

      It’s the “stringing it all together” that could be problematic.

      If you have multiple clients (desktop/cellphone) modifying the same entry (or even different entries in the same “database” ). You need something smart enough to gracefully handle this or atleast tell you about it.

      I did the whole “syncing” KeePass and it was functional, but it also meant I needed to handle conflicts - which was annoying. I switched and really appreciate the whole “it just works” with self-hosted bitwarden.

    • xthexder@l.sw0.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      I’ve done basically this in the past by encrypting a text file with GPG. But a real password manager will integrate with your browser and helps prevent getting phished by verifying the domain before entering a password. It also syncs across all my devices, which my GPG file only worked well on my desktop.

    • HereIAm@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      I see it as it’s easy to self host. But I’m not skilled nor rich enough to guarantee the availability of it. I don’t want to be stuck on a holiday without my passwords because my server back home died from black out or what have you.

      I pay for bitwarden and the proton mail package to keep the password management market a bit more competitive and it actually works out cheaper. It would be nice to have protons anonymous emails built in, but I can live with it.

      But I might have to reconsider if Bitwarden is going a different direction that what I’m paying for.