Use of Vaultwarden: do you feel comfortable hosting all your passwords remotely?
-
Dear all,
I've been saving passwords locally for years, using an app that only saves passwords to disk.
However, with repeated web logins and varying passwords, I was thinking of starting a Vaultwarden instance on Cloudron to pass all the passwords. This would give several advantages, including immediate synchronization of all devices and integration with various apps.
At this point, however, I wonder how you are using Vaultwarden: do you use it only for some passwords, or all passwords? Do you also use it for credit cards or other sensitive information?
Do you feel safe to remotely put all passwords? Do you use any additional security measures regarding the Vaultwarden instance? (Eg IP filtering, ports, etc).
Thanks so much for sharing your experience
-
As far as I know Vaultwarden is End to End Encrypted which means even if someone got access to the data, they can't read any of it (unless they guess the main password). I use my Vaultwarden with 2FA, a long master password, and only on devices where I trust my data being secure (encrypted & password protected PC and iPhone)
Vaultwarden is safe. Cloudron's package is pretty good - if you wanted added security you can self-host outside of cloudron, IP filter like you mentioned, or even use it over a VPN so it's not directly accessible via internet.
-
-
Thank's a lot for your feedback @murgero
You will understand that it is a paradigm shift and therefore for those approaching these solutions it is better to have "real" feedback.
About "use it over a VPN so it's not directly accessible via internet", can you give me a concrete example? There are several providers that offer intranet services – with no Public IP –, but I've never looked into it: are they these?
Thank's again
-
@timconsidine it looks great. Do you use any additional safety measures? (Eg. host on your local home server, or other else)
Thank's a lot
-
@mugero if you do that, how do you solve the problem with valid SSL certificates?
-
Oh yeah I did not think of that - If you install vaultwarden with an SSL cert for a domain you own like
vault.example.com, you can use internal DNS to make an A record internally to point to that.Example:
vault IN A 192.168.1.123vaultbeing theArecord in your DNS server for theexample.comzone. Pi Hole can do this easily and a lot of 3rd party routers support it as well.
-
For me it's Vaultwarden for Business and Enpass for personal.
I prefer the Enpass UX with its widget shortcut, and lots of sync options that all work well.
Bitwarden/Vaultwarden I find better for business in sharing with specific groups of users, and instances per organisation. Plus it has the Emergency Access feature, which is an essential feature need for modern digital asset life and legacy.
BW/VW still doesn't do multi-account through the browser extension, hence the multi-app approach, but overall this setup has worked for me for years.
HTHs
-
@p44 I think @murgero hit the perfect use case for you. I have also been using bitwarden for many years. Transitioned to vaultwarden a few years ago. I would recommend you just run it yourself on something like a raspberry pi or something then you get the "local" feel that you are used to. Not running it in someone else's cloud but with the "cloud" benefits. Then if you want to up security make it only accessible on your home network so you need a VPN to get to it when you are out and about.
Another thing to think about as a safety/reliability thing is that if whatever you are running it on goes down you still have access to your passwords on whatever device you've used it on. So your phone would be able to access everything still even if your Raspberry Pi goes down. And worst case if for whatever reason those things can never come back up you can export it from your phone and move on to something else with your file of passwords.
All in all it is worth giving it a shot. If you wanted to be really over the top about it you could have separate users (so separate master passwords) for each of your type of things if you are worried about it. Passwords under one user, addresses/personal info on another, and bank/cards on yet another.
