There are several types of password managers. On the one hand, we have programs that allow us to save all passwords locally in an encrypted database, as is the case with KeePass. These are the most secure, since only we host our own database, but they are also the most cumbersome to use. Then, on the other hand, we have the possibility of save passwords in browser, like in Google Chrome. This is the most used method, the most comfortable, and its only problem is that Google, Microsoft, or whoever the cloud is, literally has all our passwords. And third, we have clouds specialized in storing these passwordssuch as LastPass or the option we are talking about today, Bitwarden.
Bitwarden is an open source platform where we can save all our passwords, sync them securely with the cloud, and access them whenever we want. Taking charge of my security, and starting to manage my passwords instead of giving them to third parties is something that has always caught my attention and that, with this platform, was finally going to become a reality.
For this reason, I decided to set up my own Bitwarden using Docker Compose and a simple database, with SQLite, so as not to have complications. And, on the second try, everything started to work. Already from the installation of the service, when it asks you to register in Bitwarden and get an ID and a KeyIt was starting to smell bad. But after logging into my new password manager, things started to get worse.
With Bitwarden, you host it, but you also have to pay
My idea was that, being an open source password manager, and hosted, the service would be totally free. That is, you download it, install it, host it and use it, regardless of everything else, to keep your passwords and all the information you want securely. Peri, actually, it’s not like that.
Once installed, I created my user account and entered the password manager. The truth is that its interface is very clear, clean and organized, quite the opposite of Chrome’s password manager. Leaving aside the validation of the email, which requires additional configuration, we can now start using our new password manager. We can add them by hand from scratch, or import them from other programs, such as Google Chrome. Also, one of the features that led me to set up this password manager on my server was the possibility of having passwords, banking information, and 2FA codes, all in one place.
The first thing that caught my attention when I saved my first password was that green box that indicates “Premium”. And on top of that, in one of the functions that interested me. If I have installed the password manager on my server, what does it mean? Then it all started to make sense.
An OpenSource with subscription
The Installation ID and Key allow Bitwarden to control the instance you mount on your server. This way, they can enable or disable features to try to get you to subscribe to the service. Clicking on the “Premium” button takes us to the configuration menu, where we find the section to subscribe. This subscription costs 10 dollars a year (or 40, if we want a family plan to share with up to 6 people). And, curiously, the price is the same as if we decided to use it from their servers, without hosting anything ourselves.
Seeing this, what Bitwarden offers us is the possibility of hosting the instance ourselves, and having full control over our passwords, but depending directly on them. Even having to pay the subscription to be able to use the service.
So what is it for? To be very disappointed, re-launch Docker Compose to remove all traces of this service and never hear from it again, and appreciate Google’s password manager even more.
