• Arn_Thor@feddit.uk
    link
    fedilink
    English
    arrow-up
    7
    ·
    4 months ago

    You say you use Bitwarden. Is that self hosted by any chance? If so, how do you handle the potential for an outage or server failure, where you’d presumably need some of the passwords to fix the problem in the first place.

    • sudneo@lemm.ee
      link
      fedilink
      English
      arrow-up
      16
      ·
      4 months ago

      The Bitwarden client has all the data cached, so the server can be down and you still get access to the passwords (same for internet connection).

      • Arn_Thor@feddit.uk
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        Thanks for the reply! That makes sense. I’m still weary of the client somehow losing the cache while the server is down (two holes in the Swiss cheese lining up) but that is overly paranoid I know that

        • sudneo@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          You should definitely be! I take backups every 6h for my self hosted vaultwarden (easier to manage and to backup, but not official, YMMV). You can also restore each backup automatically and have a “second service” you can run elsewhere (a standby basically), which will also ensure the backup works fine.

          I have been running bit/vaultwarden now for I think 6 years, for my whole family and I have never needed to do anything, despite having had a few hiccups with the server.

          Don’t take my word for it, but the clients (browser plugin, desktop app, mobile app) are designed to keep data locally I think. So the term cache might be misleading here because it suggests some temporary storage used just to save web requests, with a relatively quick expiration. In this case I think the plugin etc. can work potentially indefinitely without server - something to double-check, but I believe it’s the design.

          • Arn_Thor@feddit.uk
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Yes, I figured the word “cache” was used loosely in this case. But you know, the server is down and/or irrecoverable for a while, and then one’s phone gets swiped. Not inconceivable. So I think I’ll follow some of the advice here about a backup service or password stash

    • lemming741@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      I also self host vault warden, it’s pretty straight forward. Like the other person said, it caches locally.

      • ripcord@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        How do you set up local caching? For non-phones?

        Edit: TIL there are windows, Mac, and Linux apps for it. Sheesh.

        • priapus@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          Yep, the browser extensions also have an encrypted cache, although it is less consistent imo. I’ve had times where my server was down and the extension just completely logged out then couldn’t authenticate so I couldn’t access the cache.

          • iN8sWoRLd@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            There is a setting now (in all types of client I think) to log out when you close down the browser. Your comment makes me realize that I probably want to NOT set that on at least one machine. I set that on the machines that are out and about.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      Mine isn’t currently, but I’m working on it. The main complexity is that my wife and I share some passwords, and I want to make sure I do it properly so that transition is as smooth as possible. Vaultwarden is what you’d use to self-host.

      But as others have said, I’m really not worried about it. Passwords are cached locally and only touch the server when syncing to the server. I want to self-host to protect against breaches, not because I’m worried about connectivity loss.

      You can always backup your passwords (there’s an export feature) if you’re worried about it. I haven’t done it, but I imagine it wouldn’t be too hard to have a KeePass backup or something that you update manually every so often.