Bitwarden Unified: easier self-hosting of the password manager
Bitwarden Unified is a new solution for the Bitwarden password manager to host, manage and control the password management infrastructure. It is currently in Beta and developed by Bitwarden itself. The service is available for all Bitwarden customers.
Bitwarden is a cloud-based open source password manager that is available as a free version and commercial versions. The free version does not restrict device access or limits the number of passwords that users may store, but it limits access to features such as emergency access, Bitwarden Authenticator, or hardware-based two-step verification. The price for individuals is just $10 per year on the other hand.
Bitwarden customers can use solutions such as the open source Vaultwarden, to run a Bitwarden server on their infrastructure. While that requires technical knowhow and a server, it improves control and manageability immensely. Bitwarden supported self-hosting for some time, but the process was highly technical.
The recent LastPass incident has shown that cloud-based password managers are lucrative targets. Depending on how data is stored by the company, it may lead to major issues for millions of users.
Tip: the migration from LastPass to Bitwarden is explained here.
A self-hosted instance is a much smaller target and therefore less attractive to threat actors.
Bitwarden unified will run on machines using a Docker container. It is an alternative to the standard deployment option, which uses multiple Docker containers and uses a Microsoft SQL Server database.
The new unified self-host deployment option is available for all Bitwarden plans and requires at least 200 megabytes of RAM, 1 gigabyte of storage space and Docker Engine 19 or newer.
One of the main advantages of Bitwarden unified is that it supports additional database types and CPU architectures. Basically, it enables support for ARM processors and databases besides Microsoft SQL Server. Support for ARM adds support for running Bitwarden's self-hosted instance on Raspberry PI devices, NAS servers, and any other hardware that uses ARM.
A support document is available that highlights how Bitwarden unified is installed on different operating systems. Configuration options are also explained.
Self-hosting a password manager is just one option that Internet users and organizations have when it comes to universal access. Some use local solutions, such as KeePass on their devices and store the password database on their own servers or at a file hosting service.
Now You: how do you handle password management? (via Caschy)
I set up Vault Warden on my Synology, one docker container, no MS crap at all. It was easy.
psychology and education is the answer, rather than technical changes. pw is absolute ok, just needs users who dont suffer incredible laziness and sometimes stupidity.
Keepass + Dropbox are simpler to maintain and 2 systems need to be compromised by hackers
Password managers are dead already?! Then why 99.99% of services still use username & passwords only?
@Some1, it’s yet another excuse to switch to corporate (Google/MS/Apple/FB) half-ass, anti-user solutions.
Password managers are dead. FIDO is the answer.
FIDO is not the answer, nor will it ever be.
> Password managers are dead. FIDO is the answer.
Dead or bound to die. But who’s fault? Basically a strong password with moreover 2FA is secure. The problem’s source are users who choose simplistic passwords and keep the same for different Websites. The moral of the story is that, once again, it is irresponsibility that leads technology to inflated security environments and contributes to the sad evidence that too many of us need to be taken by the hand, open their mouth to be fed with protocols for their own good given that they won’t handle their own privacy/security correctly by themselves. And after that you’ll have users, the same or others, that complain of living in a society where their lives are increasingly controlled. Incoherence of a majority of users leads to the control of all.
No idea of what FIDO may have or not to do with user tracking but, as always with new features the best is likely to include the worst backdoors, i.e. cookies : look what they’ve done to my cookies, ma.
Password managers still alive for the time being, as well as RSS, as well as email, whatever pseudo-progress fans may believe.
I agree that multi-device FIDO credentials (Passkeys) are the only real solution to the password problems. It’s just not possible to properly secure passwords, so using private/public key pairs makes much more sense.
However, at this point, only Apple have released Passkey support properly so far. Microsoft and Google are working on it, but are dragging their feet and launching it in a half-assed way (I.E. Google Chrome currently still requires people to use a phone as well when logging in with Chrome on desktop at the moment, but hopefully this gets sorted soon. And, Microsoft may not support Passkeys on Windows 10, which is just plain dumb).
Once Microsoft and Google (and other companies such as password manager vendors) get around to releasing Passkey support – and in a fully-functioning state, not in a half-finished state like Google/Microsoft have so far – it will be great. But keep in mind that it’s still going to take time to get everyone else on board. Just because Apple, Google, Microsoft, password manager vendors, etc. may support Passkeys, all the places that require logging in such as websites/apps will still need to roll out the ability for users to use Passkeys to log in. This is going to take time, so we’re still going to be stuck with password managers for the time being.
ICYMI, Bitwarden are also working on Passkey support:
https://community.bitwarden.com/t/store-webauthn-fido2-credentials-in-bitwarden-passkey-support/42153/17
Isn’t that done with your phone?
How do you set it up on your phone is you need a pw to set up your new phone first?
https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/