Premium features for free. There are no benefits in relying on a third-party
this post was submitted on 08 Oct 2024
165 points (97.1% liked)
Selfhosted
39632 readers
297 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
Do you mean 2nd party? If not, what is the 3rd party in this situation?
If you do mean 2nd party - you should have a read through this thread, tonnes of benefit to buying these services.
load more comments
(1 replies)
I have bitwarden family SaaS. So I can share password with my group.
I've used cloud based services for password managers for work and "self host" my personal stuff. I barely consider it self hosting since I use Keepass and on every machine it's configured to keep a local cached copy of the database but primarily to pull from the database file on my in-home NAS.
Two issues I've had:
Logging into an account on a device currently not on my home network is brutal. I often resort to simply viewing the needed password and painstakingly type it in (and I run with loooooong passwords)
If I add or change a password on a desktop and don't sync my phone before I leave, I get locked out of accounts. Two years rocking this setup it's happened three times, twice I just said meh I don't really need to do this now, a third time I went through account recovery and set a new password from my phone.
Minor complaint:
Sometimes Keepass2Android gets stuck trying to open the remote database and I have to let it sit and timeout (5 minutes!!!) which gets really annoying but happens very infrequently which is why I say just minor complaint
All in all, I find the inconvenience of doing the personal setup so low that to me even a $10 annual subscription is not worth it
Consider shortening your passwords. Random passwords longer than 20 characters is a complete waste of time.
load more comments
(2 replies)
Appreciate your perspective thanks for sharing.
The way I get around the syncing issue is to set my syncthing to sync when my phone is charging so it's very unlikely to not be in sync, or if I change a password on the PC I'll plug my phone into a USB and it syncs straight away.
I also use KeepassDX on Android and never have those issues.
load more comments
(1 replies)
I don’t understand it tbh. Password managers and email are the main things I avoid self hosting. Email because it’s just too easy to fuck something up and never realize you’re not actually properly sending/receiving email. And password managers because if I lose access to it, I’m kinda royally fucked. And the password managers I use keeps a local copy of your database that gets periodically updated, so even without internet I do still have access.
Could one not theoretically self-host a PW manager that also keeps a local copy of the database for times with no internet?
Idk if that doesn't exist yet or what, and there are plenty of other reasons against self-hosting a PW manager but that seems like a logical work-around for that particular problem. Keep your access when the internet is down, and keep your data out of third party control.
Bitwarden does exactly that. It will mostly work with no server connection.
load more comments
(2 replies)
I use KeepassXC
You'll learn pretty quickly that a large chunk of self-hosting people are the types that are just terrified of having things be outside their control, which by extension means they are terrified of other people that aren't them running infrastructure. 🫠
I self-Host Vaultwarden at home, this way I have a convenient password manager for myself and my SO, it's easy to setup and maintain. East to access from the phone, Firefox, etc. Bitwarden app keeps a local cache so even when disconnected from the server I have access to my passwords and it will synchronize at the next connections. I otherwise have a Wireguard VPN setup in case I need to connect to my home server from outside my home.
Before I used KeePass+syncthing but it was to much configuration to convince my SO to use it. Bitwarden/Vaultwarden was more successful in that regard.
After trying them all, I’m back at having a local KeePass database that is synced to all my devices via iCloud and SyncThing. There are various apps to work with KeePass databases and e.g. Strongbox on macOS and iOS integrates deeply into Apple’s autofill API so that it feels and behaves natively instead of needing some browser extension. KeePass DX is available for all other platforms, and there are lots of libraries for various programming languages so that you can even script stuff yourself if you want.
And I have the encrypted database in multiple places should one go tits up.
Very interesting. How secure is this against having a compromised device? I‘m really paranoid that someone would somehow have a backdoor into my systems and snatch stuff I host on my own
Not the one who wrote the command: The Keepass DB encryption is afaik pretty damn good. So that wouldn't be an attack vector I would worry about. Also and those are just my five cents and I might probably be ripped in pieces by some it sec people, I wouldn't fear too much about a backdoor being put into your systems when self hosting. If someone actually does this it's most probably gonna be some actor related to a government that targets you for whatever reason and at least then most of us wouldn't stand a chance to keep all of their IT devices save, especially when they could stop you on the streets and get physical access to some devices. On the other hand hosted services with thousands of customers are also a lucrative target for cyber crime and which you as a self hosting individual are most probably not. This reduces the possible threats quite a bit, at least if you keep up some default safety stuff to not just let any wannabe hacker from wherever into your self hosted services that would be happy if they can get a 5 thousands dollars/ euros or whatever from you.
load more comments
(1 replies)
I pay Bitwarden the tenner a year as I have no reason to distrust them and they're definitely providing a more reliable, securer service than I can self-host.
I also do an encrypted export once per week and store that export to an encrypted cloud based service and an encrypted USB stick. Takes 2 minutes.
I access my Vaultwarden server via Cloudflared tunnel while I'm away from home network.
Using vault warden because I read too much about errors in implementing or design in services like LastPass or (though encrypted) vaults being stolen.
Bit warden client on Android lets you sync (ie LAN) and then use it as a read only database while on the go without a connection.
I recently added tailscale and when I really need a service from home I just flick it on on my phone and I am good
Works like a charm.
I recently added tailscale.
How to set up Vaultwarden with tailscale ? Any pointer ?
I've been using VW for over a year but I'm double NAT'd so I set it up with CF Tunnel with my domain and while I'm confident in my master ps I would prefer TS.
load more comments
(1 replies)
Why not a piece of hardware instead of self hosting, cloud hosting, etc?
What do you mean?
I'm curious why your listed options are all software that runs on the internet as opposed to a piece of hardware that you connect to your devices.
Is that just because this is the self hosting community?
Well partly yes. This is a self hosted community so I asked a self hosted question.
The other part (I.e. why I haven't asked anywhere about hardware solutions) is because I am not aware of a hardware solution that could do what a software solution can do: that is, store all my passwords, credit card details, OTP codes etc and work with any service that requires a password.
If you know of a hardware solution that does the same then by all means share! I am open to alternative ideas as well.
load more comments
(2 replies)