I have been using Bitwarden for around 7~ years. Subscription for this long too, at 10USD p/year. I will be switching due to lack of transparency, and would love to hear others thoughts on this.

The linked article goes into further detail, but here is a small summary that very much concern me / are sus:

  • that 10USD per year has gone up quietly . I just checked and I have no email telling me it’s increased. It renews in like 2 months, so this is good timing for me
  • Originally Bitwarden had values as apart of the acronym “GRIT”. Gratitude, Responsibility, Inclusion, and Transparency. They have changed the last two words to “Innovation, Trust”
  • There is now a new CEO, this was not announced and the only reason people outside of Bitwarden know is that someone saw this change on LinkedIn
  • The free tier momentarily disappeared from their product page for about a month (april14-may14). People were likely still able to make free accounts during this period. Bitwarden says it was a marketing mistake

The price hike is one thing, but for me the acronym change is most concerning, which is why I will be looking at another password manger (probably keepassxc)

    • liverstealer@lemmy.zipOP
      link
      fedilink
      arrow-up
      1
      ·
      22 days ago

      I know right. Even in an Enterprise environment why would trust be a better word to represent your values over transparency

  • undu@discuss.tchncs.de
    link
    fedilink
    arrow-up
    35
    ·
    22 days ago

    It got bought by a company owned by Vista Equity partners, a private equity firm.

    The loss of values happened at Citrix when it was Vought by Vista. They installed Tom Krauseasthe CEO to gut it from the inside out.

    Everybody should have an exit plan ready to be able to leave bitwarden

  • myrmidex@belgae.social
    link
    fedilink
    arrow-up
    35
    ·
    23 days ago

    Totally agree. I’ve been a multi-year paying customer of bitwarden for the family, always happy with their service, especially when compared with the 1pass I use at work. But that CEO avatar picture alone gives me enough bad vibes, let alone his credentials, the acronym change, so yea I too reckon I’ve been putting off the switch long enough now.

    I came from keepass, can’t go back there, even if I now have syncthing set up everywhere. Also, how would that work for the family, you force everyone to set up their own file and hope they manage it well? Highly doubtful.

    I saw aliasvault pop up too, this last week. Haven’t looked into it yet, and although a great contender, it’s probably too young to seriously consider.

    These are the alternatives according to selfh.st/apps :

    • Vaultwarden
    • Password Pusher
    • KeePassXC
    • Passbolt
    • Infisical
    • OpenBao
    • YeetFile
    • AliasVault
    • OrigamiVault

    Anyone here had some bad experiences with any of these?

    • lime!@feddit.nu
      link
      fedilink
      arrow-up
      17
      ·
      23 days ago

      vaultwarden allows you to keep using the bitwarden client i think, just with your own server. should be the most seamless for the family.

      • myrmidex@belgae.social
        link
        fedilink
        arrow-up
        2
        ·
        22 days ago

        Good point, that is a big factor indeed, ease of migration. Vaultwarden should get bonus points for this, so I’ll be sure to add it to the list of alternatives to try out. Thanks!

    • oats@piefed.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      23 days ago

      Switched from keepassxc to vaultwarden a while ago (mostly due to the horrible syncing experience, and to use the same password manager as my family so I could help out better).

      It’s a selfhosted and open source version of the Bitwarden server, you’ll use the (open source) Bitwarden clients. So its all features of Bitwarden plus full transparency

      • myrmidex@belgae.social
        link
        fedilink
        arrow-up
        3
        ·
        22 days ago

        oh so if Bitwarden eventually locks down their app, the folks over at vaultwarden could just spin up their own f-droid app?

        • oats@piefed.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          22 days ago

          Yes, the clients (Desktop, Web, Browser, Mobile, CLI) are published by Bitwarden under GPL3 license, so you can always fork them.

          Bitwarden could delete the repos, but the code is out there.

    • EntropyPure@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      23 days ago

      Password Pusher is no password manager, only for securely sharing information.

      Running on Vaultwarden, though that still depends on the official BitWarden Clients. Works great though, and can be selfhosted on pretty small machines. Very satisfied with it.

      Passbolt was not on my radar when I was in the market for a new password manager, but would be a serious consideration today.

      If considering a self hosted alternative, remember that backups are your responsibility then as well.

      • myrmidex@belgae.social
        link
        fedilink
        arrow-up
        2
        ·
        22 days ago

        Good point about the backups. I snapshot the important VMs daily on Proxmox, I reckon that should suffice for this, right?

        • trilobite@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          22 days ago

          Exactly what i do but have replication across machines and save the VM backup resository on external hard drive in different building. Outside garage.

    • jobo@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      22 days ago

      still in beta (stable) but im using aliasvault for a couple of months now and i don’t have any issues

      • myrmidex@belgae.social
        link
        fedilink
        arrow-up
        2
        ·
        22 days ago

        still in beta

        any idea when they will release a major version?

        Is AliasVault here for the long term?

        Yes. We build AliasVault with a long-term vision, not with a quick exit in mind. The product is never “done”; we keep developing, improving, and refining AliasVault continuously to give users the best possible experience over the long term.

        Our spiritual predecessor, SpamOK.com, has been running since 2013. That is more than 13 years of uninterrupted service helping people fight spam and protect their privacy online. The same long-term mindset applies to AliasVault.

        That does inspire confidence, so I’ll add it to the list!

    • kittenroar@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      22 days ago

      vaultwarden has an uncertain future with the new bitwarden management – we would need bitwarden apps that use vaultwarden apis rather than bitwarden. I suppose if bitwarden breaks api compatibility that might happen.

      KeepPassXC is what I was using before – it’s like keepass. It has browser integration, but syncing is problematic, and it doesn’t have biometric unlock.

      • myrmidex@belgae.social
        link
        fedilink
        arrow-up
        1
        ·
        22 days ago

        if bitwarden breaks api compatibility that might happen

        I should think so too. I’d expect a big race to start, like with the kbin/lemmy apps after the reddit api fiasco.

        • kittenroar@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          22 days ago

          I’m using boost for lemmy btw. It was a great reddit client back in the day, and when the api change was announced they switched to lemmy pretty quickly.

  • Allero@lemmy.today
    link
    fedilink
    arrow-up
    26
    ·
    22 days ago

    If you or someone you trust happen to have a home server, just install Vaultwarden, which is the community fork of Bitwarden without any fees, shady stuff or reliance on Bitwarden infrastructure.

    • zebidiah@lemmy.ca
      link
      fedilink
      arrow-up
      23
      arrow-down
      1
      ·
      22 days ago

      If you look real close side by side there is a subtle difference…

      Suuuper easy to stand up, took me about 20 minutes to get it up and running

      • trilobite@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        22 days ago

        Well, when u say supereasy to set up, i don’t know. The need for reverse proxy was driving me nuts. For someone that doesn’t expose anything to the outside world, the need for a reverse proxy is overkill in my opinion. But i did hive up fairly easily, so i’ll have another go in the future when i have time. For now my Syncthing + Keepass setup will have to do but i do find its not 100% robust. If i have keepass open on both mobile and laptop, i’m at risk of loosing changes. If the change is made on one device and i close after change, i won’t see the change until i close keepass on the other device. But by then syncthing thinks that the latter is the most recent change and marks the file of first device as conflict file. So the chsnge is not lost but its not in the most “recent” version of the database.

        • kazerniel@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          19 days ago

          Yeah this is why I don’t want to bother self-hosting. There are just too many ways to fuck it up. I’d rather pay a small fee for professionals to handle it for me 🤷 If Bitwarden goes to shit, I can always move to something else - I never heard of a password manager that didn’t let us export passwords.

    • KairuByte@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      4
      ·
      21 days ago

      I know this options exists, but honestly I don’t think I have reliable enough infrastructure. It’s hardly ever offline, but my backup game is super weak, and I have had to rebuild from scratch once in the past three years.

      What happens if I fuck up again and have to rebuild? Just feels like a massive potential failure point.

      • Auli@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        21 days ago

        Your backup is all your clients. Every client has a blob. If you loose it export and then import. That is if everything else fails.

      • Allero@lemmy.today
        link
        fedilink
        arrow-up
        1
        ·
        21 days ago

        Bitwarden app is fully compatible with Vaultwarden and stores copies of all your passwords for offline access, so as long as you have access to the app somewhere, you’ll have them.

        Also, Bitwarden can export your passwords as a file in several formats, readable by Bitwarden, KeePassXC etc. You can have that stored somewhere safe.

  • Nukitashi@lemmy.world
    link
    fedilink
    arrow-up
    15
    ·
    22 days ago

    Sure, Go for it. I’ve been using KeePass for a long time now and I am very satisfied with it. Aside from the security and privacy (Which you know is BEST out there), It comes with many customizations too. I used to use BitWarden but now I use KeePass.

    • liverstealer@lemmy.zipOP
      link
      fedilink
      arrow-up
      2
      ·
      22 days ago

      Great to hear. One thing I liked about Bitwarden is that you change choose Aegon2id and its KDF iterations, etc. Is that standard? Can you do that in keepass?

  • Fmstrat@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    22 days ago

    I will conti UE to self-host Vaultwarden and use the BitWarden clients until I feel the clients are not trustworthy or they are forked.

  • RiQuY@lemmy.zip
    link
    fedilink
    arrow-up
    8
    ·
    22 days ago

    I guess it’s time to move on, I’ll check PrivacyGuides for a better alternative while I compare by myself too.

    I’m not gonna allow a quiet price hike, this is scummy and anti-consumer.

    • Skeezix@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      22 days ago

      Bit warden is undergoing enshittifcation in real time. It’s interesting to watch.

    • whatiswrongwithyou@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      22 days ago

      The price hike was announced months ago iirc and brings bitwarden in line (still cheaper) with all the other services after being the same price over years and years of inflation.

      I got my eyes on em because of the vc money but the price hike isn’t out of line.

      • RiQuY@lemmy.zip
        link
        fedilink
        arrow-up
        1
        ·
        22 days ago

        As a former subscriber since today, I didn’t get an email about it so it’s wasn’t announced enough imo.

        • whatiswrongwithyou@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          21 days ago

          Idk what to tell you, the price hike was announced months ago and I had to field a lot of questions from people I help with computers about it.

          Another person posted the receipts for when emails got sent out and I remember warning people about this when it first “hit” the news cycle in January.

          What would have been enough announcement?

  • overload@sopuli.xyz
    link
    fedilink
    arrow-up
    8
    ·
    23 days ago

    Disappointing, but I’m still going to be running the free tier of Bitwarden for the time being. Thanks for the heads up.

  • BrilliantBadger@piefed.ca
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    22 days ago

    Migrated to Keepass shortly before the price increase ( not because of it) just for the reason of wanting my vault fully offline. Seeing these changes at BW still makes me sad, was a long time paying user & truly enjoyed it

    Keepass is fantastiic, my vault is pretty static so just manually copy to other device as needed. And of course, have your full backup plan in place as with all things

  • RainbowBlite@piefed.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    22 days ago

    The price is still reasonable for me. I don’t want to switch services because they might enshitrify someday.

    • liverstealer@lemmy.zipOP
      link
      fedilink
      arrow-up
      2
      ·
      20 days ago

      Yea this is what has likely happened to me, just haven’t got the email about it. Then I was thinking: If I never heard any news about the price hike (which I didn’t) it would be good if I got an actual email from Bitwarden - perhaps when they decided the price would be higher, therefore I could actually choose to stay with them or have time to research other options

  • Libb@piefed.social
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    23 days ago

    In the same boat as you.

    I don’t like how it’s changing, I also don’t like how the UI is changing and, sadly, as a EU citizen I can’t trust it any longer since it is made in the USA.

    But I’m no hurry to switch. I mean, I won’t rush or worry about paying one more year subscription if I have to. I’ll try alternatives as long as I have too. So far, there is

    • the Canadian 1Password and
    • the non-synced/local but free to use KeepassXC that are standing out.

    Both work with Linux.

  • mystic-macaroni@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    22 days ago

    Out of a desire not to switch, I’m going to ask what I know to be a naive/dumb question: what’s the worst that can happen? It’s a mature gpl codebase