Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Hendrik Rommeswinkel
@hendrik@sciences.social  ·  activity timestamp 3 weeks ago
@bitwarden Why does #bitwarden on #samsung devices not respect its own language settings but keeps defaulting back to the region you are in? I'm looking at a setting screen right now in which the language is clearly set to "English" but everything is written in Japanese...
  • Copy link
  • Flag this post
  • Block
Jeroen Habets
@jeroen@mastodon.habets.dev  ·  activity timestamp 4 weeks ago

Using Bitwarden (also other password managers!) makes you #vulnerable to 1 click credit card hijacking.
@bitwarden sees issue as low prio and did not bother to fix it in 4 months :(

This according to #cybersecurity researcher Marek Tóth in his recent #defcon33 talk
https://marektoth.com/blog/dom-based-extension-clickjacking/#fixed-versions

I am wondering if this is really #Chrome only or also impacts the #Firefox #bitwarden extension.

  • Copy link
  • Flag this post
  • Block
Charles U. Farley
@freakazoid@retro.social  ·  activity timestamp last month
#Bitwarden on my #Android phone keeps losing my #Fastmail masked email API key and now it's just saying "error sending request" with a new key. I'm about ready to trash it, since the ability to generate masked emails directly in my password manager was my main reason for being willing to pay for a password manager.
  • Copy link
  • Flag this post
  • Block
Tuta
@Tutanota@mastodon.social  ·  activity timestamp last month

It's amazing to see that #DeGoogling is possible. 😎🙌

Share your favorite DeGoogle apps in the comments!

Screenshot of privacy-focused apps: Tuta Calendar, Tuta Mail, Signal, Wire, Bitwarden and Onion browser. Above the app icons is a title, "Share your favorite #DEGOOGLE APPS" with a hand pointing to the app icons.
Screenshot of privacy-focused apps: Tuta Calendar, Tuta Mail, Signal, Wire, Bitwarden and Onion browser. Above the app icons is a title, "Share your favorite #DEGOOGLE APPS" with a hand pointing to the app icons.
Screenshot of privacy-focused apps: Tuta Calendar, Tuta Mail, Signal, Wire, Bitwarden and Onion browser. Above the app icons is a title, "Share your favorite #DEGOOGLE APPS" with a hand pointing to the app icons.
Diego Córdoba 🇦🇷
@d1cor@mstdn.io replied  ·  activity timestamp last month
@Tutanota I use #keepassxc + #keepassdx + #syncthing instead #bitwarden
  • Copy link
  • Flag this comment
  • Block
Doug Webb
@douginamug@mastodon.xyz  ·  activity timestamp 2 months ago
#Passkeys working on #GrapheneOS with #Vanadium and #Bitwarden 🌻

Support for #keepassDX in progress 🌱 https://github.com/Kunzisoft/KeePassDX/issues/1421

  • Copy link
  • Flag this post
  • Block
Oleksii
@Oleksii@social.linux.pizza  ·  activity timestamp 2 months ago

Hey @bitwarden are you ok?
#bitwarden

it seems bitwarden forum website is down.
it seems bitwarden forum website is down.
it seems bitwarden forum website is down.
  • Copy link
  • Flag this post
  • Block
2something@transfem.social
@2something@transfem.social  ·  activity timestamp 2 months ago

Hi Fedi,
I have been using @bitwarden@fosstodon.org since 2019, and been a premium subscriber for most of that time. Due to their recent hyping of AI, I am interested in switching away.

$[x3 Update 2025-07-14]
So far I am liking Gnome Secrets (desktop) and Keepass2Android (Phone). However, there does not seem to be a way to get Secrets to autofill on websites.
https://gitlab.gnome.org/World/secrets/-/issues/34

I'll give Bitwarden a few weeks to see if they can resolve their AI issues. If not, I'll probably suck it up and lose autofill.

Options I am currently considering are Nextcloud Passwords , KWalletManager, and a Keepass-based password manager synced using Nextcloud. I have questions and concerns about each, and I'm hoping you can address my concerns for at least one of these three options, or suggest something else.

Before getting into those, I'll just say I also considered and rejected Proton Pass, on the grounds that
a) The server software is proprietary,
b) Logging in requires a Captcha. I can pass the captcha, but I'm always afraid that I will fail it.
c) The CEO has said and done bad things,
d) The company is also into AI.

So, what are the options I am considering?

$[x3 Keypass with Nextcloud for syncing]
This is the recommendation I see the most. I have three concerns: two regarding use on Android and the other on desktop.

First, on Android, one Bitwarden feature I use heavily is "unlock with pin." Downloading my Bitwarden vault from the server requires entering my very long Bitwarden password plus 2fa. Unlocking my vault on my device to which I am already logged in only requires entering a short password. That's good, since entering my full password on my phone takes a long time.

Keepass doesn't seem to have a native feature like this, but I can sort of replicate it by having a strong password for my Nextcloud account and a weak password for my keepass file.

The concern I have with doing this is that it would mean the folks who run my Nextcloud server, or anyone who hacks them, would have access to my password vault encrypted with a fairly weak password. Is this something I should be worried about? Is there a way to use a strong password for my Keepass vault without needing to take a long time to type it every time I need to log in to anything?

Note that I don't think I can use biometrics. I don't have clear fingerprints, and my phone (Pixel 6a) doesn't AFAIK support face ID.

Next up is the question of which Keepass-compatible apps to use, on both desktop and Android. There seem to be a lot of choices on Android and I have no idea how to narrow it down.

EDIT: The two that people seem to like are Keepass2Android (only on Google Play) and KeepassDX (on F-Droid). Both seem very nice.

On desktop, there seem to be fewer options. I see @keepassxc@fosstodon.org recommended a lot, but their Github says they allow AI-generated code contributions, so I don't think I can trust them not to lose my passwords.
https://github.com/keepassxreboot/keepassxc?tab=readme-ov-file#generative-ai

Then there's Gnome Secrets
https://flathub.org/apps/org.gnome.World.Secrets
Which looks a lot better. However, it doesn't have a way to autofill on websites, and this issue has been open for a long time.
https://gitlab.gnome.org/World/secrets/-/issues/34

$[x3 Nextcloud Passwords]

Aside from using Nextcloud to sync a Keepass valut, there is also Nextcloud's native password manager. There appear to be three Android apps:

  1. https://f-droid.org/en/packages/com.hegocre.nextcloudpasswords/

I am able to log in to this one with my Disroot Nextcloud account. However, I see a red banner at the bottom of the app saying "Cannot connect to server. Tap to retry." (Retrying regenerates the same banner).

  1. https://f-droid.org/en/packages/es.wolfi.app.passman/

In this case I cannot even log in: entering my username and password produces
>Network error: HTTP request failed with http status-code: 404
3) https://f-droid.org/en/packages/de.jbservices.nc_passwords_app/

This one I also can't log in, but there is no error message, I just get sent back to the login screen.

I also tried logging into the desktop flatpak and I am seeing white text on white background.

$[x3 KWalletManager]
I have a rule that if I want to use my computer to do X, and there's a KDE app which does X, then I will give the KDE app a fair try. KDE has a password manager, so I have to at least consider it.

The issue here is I can't figure out any way to sync it with Android. Can this be done?

$[x3 Passky]
I took a look at Passky.
https://passky.org/download

It's a service like Bitwarden: one company provides a desktop app, a mobile app, a browser extension, and a service to sync all of them. One thing to note is that it seems like all of their repositories have very little activity: The Android repository has had no commits for close to three years, the web vault has had no commits for close to two years, and the desktop repository (which is Electron) has had no commits since April 2024. That might not be a bad thing if it's working, but I don't think I'm qualified to assess the difference between "this software has unpatched security issues we aren't fixing" and "This software is working perfectly so we don't need updates."

Their website has a broken link to Google Play, as the app seems to be delisted, but the do have an f-droid app.
https://f-droid.org/en/packages/com.rabbitcompany.passky/
Their website has a broken link to Google Play, but it seems they do have an f-droid app
https://f-droid.org/en/packages/com.rabbitcompany.passky/
In addition to a verified flatpak.

$[x3 Pwsafe]
Then there's Password Safe
https://pwsafe.org/

Much like Keepass, it stores all passwords as a single encrypted file and expects you to use another program to sync. There are iOS and Android apps that are compatible.

The trouble here, as with Keepass, is getting the desktop app to autofill on websites. It does nominally have an "autofill" feature, but it can't detect when the site you are viewing corresponds to an entry: you have to open the desktop app, search for the relevant entry, open it, and then click "autofill." It's a lot less convenient than clicking the icon for Bitwarden's browser extension.

#PasswordManager #AppRecommendation #Bitwarden #Keepass #KWalletManager #Nextcloud #passky #pwsafe

  • Copy link
  • Flag this post
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.2.21 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login