Firefox has a built in password manager, it is stored on each machine you sync. But to anwer your question any cloud stored data is vulnerable, so be sure your password manager supports other verification measures such as Yubikey as another factor of authentication
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I self-host Vaultwarden but I use a VPS where I keep things stable. My VPSes run Debian Stable and have unattended-upgrades installed and configured to automatically install security updates. My home server runs Unraid and is more experimental - I'm not running anything of critical importance on it.
Self-hosting removes the risk of somebody compromising Bitwarden’s servers and adding malicious javascript to send off your master password to a bad actor instead of just processing it locally like it’s designed to.
I think the chances of such a breach are vanishingly small. I wonder if I'm right though.
I think anyone capable of pulling off such a feat is not interested in my data, and probably more likely looking for government employee access etc..
They don’t need to be interested though. You could conceivably dump all the password you collect in an attack and just start trying them automatically like you would any other breach. Find a bunch of bank accounts and your chances you getting away with millions are high. Not to mention: a breach like this means changing all your saved passwords to re-secure them which is a multi-day affair.
Premium features for free. There are no benefits in relying on a third-party
Well 'no benefits' is a bit of a stretch.