I do not mean to start any arguments or insult the great work that has been done on BitWarden (it still has the cleanest UI of any password manager), but I have a hard time trusting it over a privatized service such as LastPass or 1Password. On the other hand, at a company such as LastPass or 1Password all code is reviewed by many developers who all are incentivized to make their service work properly. Is it not plausible that since the last security audit, some "bad guy" has committed a key-logger? I can see on Github that there are only a small number of active developers, each who have little incentive to "do the right thing". Bitwarden is a secure open-source password manager that comes with heaps of extra features and a remarkably low price tag. The beta version is built on the same open-source, zero-knowledge end-to-end encryption foundation featured in the company’s password management offering.
Of course I could self-host, but I do not have the resources to do so. The Bitwarden Secrets Manager gives developers, DevOps and IT teams a single and convenient way to secure and manage secrets, the company says. Of course I could dive into the source code and check myself, but that would take time I do not have. How do I trust that BitWarden does not contain a hidden key-logger or major security flaw? I keep reading that BitWarden is safer than LastPass and 1Password because it is open source, receives security audits, and is self-hostable.
0 kommentar(er)
