I think that using a self hosted is better because we control all this data, but we have to sort out a safe backup policy for this data.
Regarding the users putting their personal data inside this vault, they should be advised to don’t do it, and use it only for Status related passwords, because it would be like storing your personal items in someone else vault.
1 Like
I currently use both 1Password and Lastpass and do have a mix of Personal and Status on Lastpass. I don’t mind putting in some effort to clean up and use Bitwarden only for Status accounts.
Here’s how I’d likely use it:
- Maintain 1Password and export all Personal accounts there and all Status accounts to Bitwarden.
- The bulk of Status accounts, the ones I already have, will live there.
- If I’m setting up an new account (e.g. for a new tool) 2 min before UX testing as a last resort when all infra is failing me and I have 10 other things on my mind… I will probably go for 1Password
- New accounts might grow like this on 1Password and I’ll manually move these to Bitwarden manually, potentially 6 months later.
- I’ll likely also use a 1Password generated secret to get into Bitwarden so I only have to worry about losing 1 Master password.
@petty I’ll totally leave it up to you to judge whether this sounds acceptable. It’s my most realistic imagination of how I’d use Bitwarden in practice.
Another perspective: I have no clue how much of an investment this is for you @petty and @jakubgs, I’d say we’re looking for a proven secure solution that enables our work. If either option leaves any time to spare to speed up product development, while using a proven secure solution, I’d opt for that one.
1 Like
The goal of the original idea in bitwarden was exactly for this.
Optimally, you’d switch everything to bitwarden, as it’s free for personal use but being part of the Status org gives premium services across the board while you’re a part of it. This would allow you to have everything in the same UI, but organization secrets stay in the org “collections” which you could add to and we could manage appropriately.
Transferring from a password manager to bitwarden is quite easy as they import all common app export formats. Setting up collections within a given “group” is pretty easy from there to share with whoever is doing things with you.
My main concern with the self-hosted solution is that all of the previously mentioned ease of use goes out the window. A self hosted solution is the same as using a completely different password manager, but actually a bit more obtuse if you happen to also use bitwarden as you have to change the endpoint back and forth when switching
1 Like
Copy pasting this from instant messaging so it doesn’t get lost in the backscroll (discussion on how Bitwarden is working out):
It doesn’t have the same functionality of sharing specific passwords with specific people. It’s a lot more geared towards sharing as a group, and all passwords being open to all people in the group. Good for certain use cases, but seems we have passwords we really only want to limit to individual people - UI is good, no complaints there. Works well, price is decent, etc. - Adoption has been a mixed bag, we still have people using the free version of LastPass, meaning syncing and integrity of passwords between the two clients is an issue. If people don’t agree to use the same pw manager, the fragmentation becomes a problem. If this is going to be an ongoing area of friction for finance team (DanM, Jason- & carl ) - who I believe are amongst the most frequent users of a password manager (along with ops, security, devops & pops) - then there’s a case for going back to LP. Cons to switching - We’ve already paid the $540 annual fee until Aug 20 which is a sunk cost, and it would probably take around ~3-5 man hours of recontracting with LP (assuming that’s the one y’all want to move to if half using it currently) plus migrating passwords & users off Bitwarden + comms.
My personal 2cents is Bitwarden works fine for my purposes, but am happy with the switching costs if that solves a problem other people are having