Passwords: the one thing that sits between your online data and people with bad intentions.
Let’s recap what makes a good password management policy:
- Never use the same password for 2 different service providers
- Whenever possible use long, random passwords (20+ is a good start) using a password or passphrase generator.
- Always keep your master passwords / passphrase secure, whether it’s in a digital or physical form, ensure that it’s either in a very safe place and/or on an encrypted device.
- Do not directly send passwords via unsecure channels (email included).
Sounds tedious, almost outright impossible? It’s actually not that bad, and dedicated password management solutions can make it very bearable, or even comfy
We will not be talking here about the elephant in the room, i.e. people who are supposed to represent us while carrying just plain wrongful intentions, like enforcing the idiotic so-called “Ghost protocol”. Such harmful, counter-productive measures would render any password solution or strategy just plain useless, and would be a(nother) violation of our most basic right to privacy .
KeepassXC: the lasting choice
Modern, secure and cross-platform, KeepassXC is a community-driven port of the Windows application “Keepass Password Safe”. Running as a local-only client application, synchronising your database file between multiple devices will require discipline and an online file storage solution. Nothing impossible though, I have been using KeepassXC for many years, using an encrypted Seafile library to host my KeepassXC file.
As time went, a reliable browser extension was developed by the community. It allows, among other things, for a convenient password selection as you visit websites for which you have entries in your KeepassXC database.
Bitwarden: an online password management solution you can trust
Bitwarden is a password management service that stores sensitive information in an encrypted vault. Developped by Bitwarden Inc., the Free Software design choice (AGPL-3.0 and GPL-3.0+ licences) and the zero-knowledge design make Bitwarden the best tool for the job. FOSS is obviously the only possible choice for a password manager which you’ll need to fully trust. Audited multiple times, Bitwarden has proven to be the best choice for whoever wants a password management solution that they can trust.
Bitwarden will empower you to:
- Have all you passwords handy, readily available in your browser (using the Bitwarden extension).
- Use the Send feature to send passwords in a secure way, with a limited time availabilty and automatic removal.
- If you are an organisation, you can use Bitwarden to share password collections among workmates.
So, why Vaultwarden?
The only problem with Bitwarden, when you are a Free Software afficionado, is that the freely available community version is only provided via Docker. At Nomagic, we don’t run docker. Also, the Bitwarden technological stack is full of Microsoft-originating programming languages: namely typescript (made public in 2012) and more problematically C#, a language that doesn’t come easily on a GNU/Linux operating system.
To have our cake and eat it too
This is were it gets really great. Vaultwarden (formerly called Bitwarden_rs) is described in the following terms on the code repository’s page:
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
In a nutshell, Vaultwarden is an easy-deployable rewrite of Bitwarden. It comes will all the main features and is compatible with the Bitwarden browser extension as well as Android and iOS applications (it’s possible to install it via a custom F-Droid repository).
That’s it really, now all you need to do is to reach out (email, Matrix, Fediverse, etc.) to get your Nomagic Vaultwarden account created!
Oh, and if you were previously storing your passwords in KeepassXC, it will be easy to import your passwords into your vault!
note: this service is for Nomagic members only!
The various project accounts pictures shown here are the property of their owners, please refer to the official applications’ websites to get more details on their licensing.