• JustEnoughDucks@feddit.nl
    link
    fedilink
    arrow-up
    35
    ·
    edit-2
    7 months ago

    I get the thought, but your phone can also have a security breach at any moment, ESPECIALLY because normal user error is by far the weakest and most often exploited attack vector.

    Bitwarden’s vaults are also encrypted with the option for even stronger argon2id encryption. Bitwarden themselves can’t access them or reset them. It is open source and most importantly, audited. KeypassXC has only had one audit ever. (Though that passed and I would also definitely recommend keypassXC, it is great software security-wise)

    The database is stored, encrypted, once on their server and once to each device you sync to, so it is available locally.

    Even if they had a security breach, by design the assailant couldn’t access your database any more than they could access your keypass database.

    You can also self-host it which would bring it exactly to the level of keypassX variants as far as attack surface.

    Not to mention with bitwarden, you will also only need one key. That is the whole point of a password manager.

    “It is available locally and a lot better…” is simply untrue. They are both great options. Just whatever works best for the person. Bitwarden has a ton more QoL options and enterprise options, plus separate, shared password databases and such for families and companies. Again, just as secure.