Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
matrixbot
@matrixbot
luckyiam anyone around
luckyiam ?
anat0lius
@anat0lius
hi
As a user, would be great to not distinguish between the classic "yubikey security key" and the new "yubikey 4/5"
anat0lius
@anat0lius
I have 2 registered, a security key and a yubikey 5. When I want to unlock my vault it asks me to enter the security key, and if I try to enter the yubikey 5 I have to choose the "yubikey" 2fa method from options. Which is annoying.
do you think this can me implemented in such way it's seemingless for the user?
Ryan
@bigdestroyer
hey peeps
I have a weird question, how is bit warden open source yet you have to pay for it?
vachan-maker
@vachan-maker
Bitwarden has a free plan and a premium plan
The free plan is really good and lets you store logins without any limit.
The premium plan has additional features like 1 G.B encrypted storage, TOTP generation, 2FA with FIDO U2F yubikeys, etc
Everything is stored safely in the cloud @bigdestroyer
matrixbot
@matrixbot

wingedrhino > <@gitter_bigdestroyer:matrix.org> I have a weird question, how is bit warden open source yet you have to pay for it?

You pay for hosting. The source code is "open" to viewing. Makes sense?

lmojzis
@lmojzis
Actually I wanna ask a similar question. I want to do a self hosting of bitwarden. Can anyone explain to me in a few bullet points why am I supposed to pay for being able to deploy a self hosting instance that is supposed to enable me to share passwords with multiple people? What exactly am I getting other than access to a feature that does not have any cost in the first place. Can you please kindly explain to me. Thank you.
I understand that I pay for the hosting costs, but why do I still need to pay if there are no additional costs for bitwarden? And the wiki page says it pretty clear. Most people hate that and gave it a dislike on the page.
lmojzis
@lmojzis

The sharing features of Bitwarden require that you create an organization account. To create an organization in an on-premises hosted Bitwarden installation you must first obtain a families organization (for personal use) or enterprise organization (for business use) license. Only families and enterprise organization plans are eligible for on-premises hosting.

But WHY??? If I run an instance of Minecraft or Mumble, I can run it for thousands of people without any limitation. Yet, when I want to run a simple password manager, it would cost me a fortune. Monthly. So let's say I wanna run an instance for 15 people out of my family. That is a yearly cost of 600 USD. For what? What is the added value proposition?

This is very offensive. I am paying for the server cost already. This is like if I was paying to be able to use my SSD at full speed or be able to use full 2 TB capacity of my physical HDD and not just the free 50 GB trial.
matrixbot
@matrixbot

glenn > <@gitter_lmojzis:matrix.org> This is very offensive. I am paying for the server cost already. This is like if I was paying to be able to use my SSD at full speed or be able to use full 2 TB capacity of my physical HDD and not just the free 50 GB trial.

It seems unfair at first but your are paying for your hosting. The Bitwarden premium license funds further development from their side, not to mention regular security updates and audits to ensure that it is kept as good and secure as possible.

To compare with Minecraft: If you self host a minecraft server for free each person who connects to your server has still purchased a client license/copy of Minecraft which supports its further development.

glenn It also funds wages for their support department and if you need help, even for self hosted, I have found their support very helpful. Well worth it.
lmojzis
@lmojzis
Yeah but in case of a Minecraft server I don't have to buy the copies for every person who wants to play on the server for 2 months then never return. I have no issue whatsoever to have a perpetual license, however a monthly fee in and of itself is nonsense for any home-lab grade hosted service, let alone an enterprise usage. I can only assume the license validation phones home every now and then. The whole point of provisioning a custom password manager is not to end up in privacy and security hell induced by internal machines having uncontrolled access to the web. I want my password manager to only be accessible from the internal network and/or VPN. How do I achieve that without compromising security? Ironically this would have been better if using the free offering bitwarden has. My point is I don't want to spend 600 USD for people to BE ABLE TO use the "trusted" service only to have that service to end up not being used. But I guess wasting money and resources does not concern anyone.
Ghislain Antony Vaillant
@ghisvail
How does the Bitwarden desktop client fetch new updates availability? Is there a public API somewhere which serves the latest version string?
Chad Scharf
@cscharf

@ghisvail ,

How does the Bitwarden desktop client fetch new updates availability?

The check is made directly against GitHub version tags in the desktop repository. The update check is performed against that repository against the installed desktop version.

Chad Scharf
@cscharf

I want my password manager to only be accessible from the internal network and/or VPN.

Bitwarden license checks are done against a signed license file using signiture verification, not against the internet. Self-hosted instances may be blocked from any internet access without sacrificing functionality. Only updates require internet access, but even those could be manually performed by downloading and transfering docker images and manually running installation/setup scripts to compose newer versions of those images yourself vs. using the update script(s) provided.

亗【JΛVΛDZ501】亗
@javadz501
Hello everyone, I just wanted to say that for a program that claims to be free, it is very ugly that it does not support Aegis! Aegis is a 2FA FOSS program in F-Droid...
Greg Hewgill
@ghewgill
Aegis appears to support the same 2FA standards as the rest of them. Bitwarden doesn’t have to do anything different for you to use Aegis.
亗【JΛVΛDZ501】亗
@javadz501
I have been using Google Authenticator for a while, and I exporetd all the keys and imported them in Aegis... Now I can not enter Bitwarden with the key given by Aegis, but I export the same key and import it in the Google Authenticator, And with the Google key, I can easily enter the program!!!
Luke Walker
@ozskywalker
how would that be very ugly given the install base is maybe 10k for Aegis compared to more popular authentication apps?
and would export/import working w/Google Authenticator, but not with Aegis, indicate there's an issue with import process in Aegis?
ggiesen
@ggiesen
Any idea when a new version of bitwarden-cli will be cut? Waiting on a bugfix :)
vachan-maker
@vachan-maker

Any idea when a new version of bitwarden-cli will be cut? Waiting on a bugfix :)

Probably by the end of this month.

AJ
@ajostergaard
@javadz501 are Aegis and GA on the same device? In other words, is it possible it is a time sync issue?
haneef95
@haneef95

Hi guys,

The Bitwarden Server keeps returning 403 on /notifications/hub and /events/collect, everything else loads fine...

How could I trace to find the root/cause of the issue?

Thanks

I've traced it upto nginx access.logs
no record of it in the error.log
ggiesen
@ggiesen

Any idea when a new version of bitwarden-cli will be cut? Waiting on a bugfix :)

Probably by the end of this month.

Any updates?

Trey Greer
@tgreer-bw
Release should go out in about 10 days or so
Andrei-Stepanov
@Andrei-Stepanov

yes, you can

Hi, I cannot create an item, and add it at the same time to .collectionIds: I do:
https://paste.centos.org/view/513529e9

It creates an item. I can see it with bw list items but they are not part of any collection

digital mystik
@digital-mystik:matrix.org
[m]
hello.. just throwing out an idea (probably already mentioned before), but it would be nice to have an option to password protect OTP tokens separately so that eggs would be in two baskets.. not sure if that would be feasible though. BTW thanks for Bitwarden! great service and many appreciate it
1 reply
digital mystik
@digital-mystik:matrix.org
[m]
random_guy52: yeah I do keep them separate (Aegis).. having that option would be pretty nice though. no biggie
Chris Lane
@ChrisLane
Always forget I'm in this chat until I get pinged by my issues :P
Chris Lane
@ChrisLane
Not being able to access any login details via the Bitwarden iOS app for iPad for months is fairly disappointing :/
2 replies
random_guy52
@random_guy52:matrix.org
[m]
Did you report the issue?
omyno
@omyno
Quick question on the new emergency access feature, because the documentation has no mention on how to reject requests: When the grantor gets an email about an access request, is there a button to reject the request?
Trey Greer
@tgreer-bw
The reject option is in the web vault
omyno
@omyno
I see, thanks!
digital mystik
@digital-mystik:matrix.org
[m]
hello.. great to see the encrypted export feature! just so I understand it, it is tied to an account's encryption key and not the password, so that it can only be decrypted when importing into bitwarden using the encryption key that was used during the export?
Shane Taylor
@GirzzlyAK
According to the help I just read, that is correct. If you change your key, you'll no longer be able to import/decrypt that backup. It warns about that. https://bitwarden.com/help/article/encrypted-export/
I did have a question tho, in that same help on encrypted backups, it says "Warning: Importing data multiple times will create duplicates". That would seem like a pretty easy thing to prevent on import, wouldn't it? I wonder why this is a thing? Why not just check to see if there is already an identical entry and don't duplicate it? Or, alternatively, if there is a NEWER version in the current vault, ask if BW should replace it with the backup or leave the current one?
1 reply
random_guy52
@random_guy52:matrix.org
[m]
why aren't there any client apps or forks of Bitwarden apps?
1 reply
keepass is open source and there are a bunch of client applications available.