It’s good if you like self-hosting stuff.

However, what I tell people is this:

If you know jack about security and how to lock down a machine that is running Vaultwarden, then it’s useless. You should go with Bitwarden.

If you’re looking to install it just to play around with, I would be very cautious about what you store there, unless you can lock the system down to where it’s not accessible by the outside internet and localized only to your network.

And I have redundant backups in place in case one decides to fail, which are all encrypted with GPG and a few other measures.

If you have it installed and not accessible to anyone else but you, it’s a fun project. I like using VW and BW.

The other bonus would be no one is going to look to target you specifically unless you’re turned into a target.

Whereas if BW were to be breached, it wouldn’t have anything to do with you.

However, BW utilizes encryption, so even if they did somehow manage to get in, they can’t read your passwords.

I literally just had the exact opposite question! I’ve been wondering why you’d want to pay for a password manager service when you could self host it. The only reason I could think of is guaranteed high uptime, but to me (and at least in my personal use case) that seems a bit pointless, since you can have a copy of your password manager on each device, which is being synced through your server

A few reasons.

1. Privacy, you control your data. It doesn’t go to someone else’s server to sit.

2. Security. It’s on your server. Password managers are primarily targets for hackers, i don’t want to name names, cause I’m not 100% sure of the name. But, one pw manager was hacked like 3x in the past year or something. It’s on your server, you are less likely to be targeted for a huge data breach, and you get to manage your data. Not someone else who fucks up.

3. You can’t be banned, or have the provider suddenly change access to the server, thus losing your data. I will name names here. MyQ garage door opener by Chamberlain suddenly removed the smart home integration, since the whole system ran on their servers. Removing the functionality users paid for. But they don’t own it, so they just got fucked. Your data/service on someone else’s server, is actually their data/service, you are just a visitor.

I don’t self host anything where it would impact me unduly if it went down while I was on holiday to the point where I’d have to break state and fix stuff.

A password manager falls in that camp so it’s paid-for Bitwarden every night every day every possible way for me.

Sure Vaultwarden suits others - generally those who either want control of their data, smaller target on their back than a public instance user, watching their pennies etc.

Bitwarden has never been breached AFAIK.

What you mean is it hasn’t been breached *yet*.

All commercial password managers have a huge, fuck off, target on their backs

Nobody is going to come after some random blokes self-hosted password manager to get access to their Sonarr (I’m trivialising to make the point) as long as if a similar effort would get them into Bitwarden.

It’s the same principal as bears in the wood - nobody needs to outrun a bear, just your companion