I’ve been using Keepass for about the past 15 years.
When you jump into the middle of a conversation, this is what happens. In fact, I already answered your question. Even though you seem to be acting in bad faith, and you’re trying to get a “gotcha” out of me… I’ll elaborate a little
I use a Nextcloud Server (there are other network sync tools as well). I have the Keepass file on the server which syncs with my remote devices. If I make changes to the database, it syncs with the cloud server which pushes the changes to the other devices. I have NEVER had a situation where I needed to make changes to the databases on two or more devices in parallel, nor can I think of a use case. My guess is that in such a situation, whichever file was saved last would be the one last saved by Nextcloud (overwriting the other edit). So your “gotcha” is valid but rare. The other option is to use the web app for Keepass in Nextcloud (not sure if it’s still being developed though, it’s been a long time since I used that).
Anyway, the point of my question was to understand why people use a cloud service for this when it can be easily done (and be safer) than relying on a 3rd party cloud. From what I can tell it’s “convenience”.
You need to turn down your suspicions.
Can’t ask questions without drawing the wrath of some users here…
Anyway:
I thought about it but in the end went with Bitwarden just because it’s convenient and didnt feel like entering the security minefield.
Same was for pictures (kept them on my PC and that was backed up to another drive) and E-Mail.
As my gear improved I started to use Immich.
E-Mail is still outsourced as I can’t and don’t want to deal with getting put on spam-lists and having to deal with getting of of it (had the pleasure of getting my domain already marked by google safe browsing).
The “gotcha” about conflicting (as you put it and trying to infer further bad faith conversations) was more about edge cases biting you in the ass.
Not fun having to search accounts if you expect them to be securely saved in the vault but not being there.
Anyway, the point of my question was to understand why people use a cloud service for this when it can be easily done (and be safer) than relying on a 3rd party cloud. From what I can tell it’s “convenience”.
That’s mine and being under the assumption a corp that is specializing and programming a security product is probably better at it than me.
And so far the behavior from Bitwarden after being audited and their current breach-history gives me enough faith for now.
They had some oof-moments like master-password are used to encrypt the vault and weak encryption protocols with weak encryption parameters on top
But they werent enough to start a transition elsewhere.
You need to turn down your suspicions.
Can’t ask questions without drawing the wrath of some users here…
Do you not see that you are being aggressive? Who are you to tell me I have to turn down anything?
Reread the the thread where you came out swinging about insecure servers and then continued over complicating the solution. It’s so condescending from the start:
Not interested in selfhosting and risk a data breach.
It’s imple: Who is better equipped to combat a hack? You or Bitwarden?
All Ive been talking about is literately an encrypted file which is synced between various devices (regardless of sync method). You started talking like that before you even knew what you were talking about!
Making yourself some kind of victim will not change that.
I thought about it but in the end went with Bitwarden just because it’s convenient and didnt feel like entering the security minefield.
This is all I was asking for. thanks for the feedback.
The “gotcha” about conflicting (as you put it and trying to infer further bad faith conversations) was more about edge cases biting you in the ass.
Not fun having to search accounts if you expect them to be securely saved in the vault but not being there.
As I have said, I have been using this for about 15 years. There is no adge case. I was not even trying to convince you to switch from whatever password service you were using. I simply was looking to understand why.
…under the assumption a corp that is specializing and programming a security product is probably better at it than me.
And so far the behavior from Bitwarden after being audited and their current breach-history gives me enough faith for now.
I have zero trust in any corporation. I will always take responsibility for my own security as much as I can. Being dependent on corporations, esp., digital tech corporations has led us to where we are today. Keepass is a zero trust solution for me. I don’t have to worry too much about where I place it (even Onedrive or Google Drive if needed).
I have no issue with Bitwarden as a project, but I wouldn’t trust any server that is tasked with managing my passwords. I will do it myself.
For what it’s worth, Keepass has been audited multiple times, including from the EU and I think the EU has (had?) Bug bounties for it. Germany and France definitely audited it.
When you jump into the middle of a conversation, this is what happens. In fact, I already answered your question. Even though you seem to be acting in bad faith, and you’re trying to get a “gotcha” out of me… I’ll elaborate a little
I use a Nextcloud Server (there are other network sync tools as well). I have the Keepass file on the server which syncs with my remote devices. If I make changes to the database, it syncs with the cloud server which pushes the changes to the other devices. I have NEVER had a situation where I needed to make changes to the databases on two or more devices in parallel, nor can I think of a use case. My guess is that in such a situation, whichever file was saved last would be the one last saved by Nextcloud (overwriting the other edit). So your “gotcha” is valid but rare. The other option is to use the web app for Keepass in Nextcloud (not sure if it’s still being developed though, it’s been a long time since I used that).
Anyway, the point of my question was to understand why people use a cloud service for this when it can be easily done (and be safer) than relying on a 3rd party cloud. From what I can tell it’s “convenience”.
You need to turn down your suspicions.
Can’t ask questions without drawing the wrath of some users here…
Anyway:
I thought about it but in the end went with Bitwarden just because it’s convenient and didnt feel like entering the security minefield.
Same was for pictures (kept them on my PC and that was backed up to another drive) and E-Mail.
As my gear improved I started to use Immich.
E-Mail is still outsourced as I can’t and don’t want to deal with getting put on spam-lists and having to deal with getting of of it (had the pleasure of getting my domain already marked by google safe browsing).
The “gotcha” about conflicting (as you put it and trying to infer further bad faith conversations) was more about edge cases biting you in the ass.
Not fun having to search accounts if you expect them to be securely saved in the vault but not being there.
That’s mine and being under the assumption a corp that is specializing and programming a security product is probably better at it than me.
And so far the behavior from Bitwarden after being audited and their current breach-history gives me enough faith for now.
They had some oof-moments like master-password are used to encrypt the vault and weak encryption protocols with weak encryption parameters on top
But they werent enough to start a transition elsewhere.
Do you not see that you are being aggressive? Who are you to tell me I have to turn down anything?
Reread the the thread where you came out swinging about insecure servers and then continued over complicating the solution. It’s so condescending from the start:
All Ive been talking about is literately an encrypted file which is synced between various devices (regardless of sync method). You started talking like that before you even knew what you were talking about!
Making yourself some kind of victim will not change that.
This is all I was asking for. thanks for the feedback.
As I have said, I have been using this for about 15 years. There is no adge case. I was not even trying to convince you to switch from whatever password service you were using. I simply was looking to understand why.
I have zero trust in any corporation. I will always take responsibility for my own security as much as I can. Being dependent on corporations, esp., digital tech corporations has led us to where we are today. Keepass is a zero trust solution for me. I don’t have to worry too much about where I place it (even Onedrive or Google Drive if needed).
I have no issue with Bitwarden as a project, but I wouldn’t trust any server that is tasked with managing my passwords. I will do it myself.
For what it’s worth, Keepass has been audited multiple times, including from the EU and I think the EU has (had?) Bug bounties for it. Germany and France definitely audited it.