Deleted my LastPass account permanently today.. switched to 1Password.

[badwhitevision]

Until Vaultwarden, I was never comfortable storing passwords anywhere else. Even worse, I used to use variations of the same password, because I am only human and can only remember so much.

Only after Vaultwarden, did I confidently begin storing passwords and used absolutely random characters and absolutely random passwords.

To those saying self hosting BitWarden/Vaultwarden is not a security feature, do you have tips as to improve the security hardening of Vaultwarden?

Things, I could think of
1. Disabling the admin token.
2. Preventing WAN access. (To be done on the router)
3. Setup Reverse proxy with fail2ban.
4. For WAN access, consider something like tailscale.

 

[MarioBros]

Until Vaultwarden, I was never comfortable storing passwords anywhere else. Even worse, I used to use variations of the same password, because I am only human and can only remember so much.

Only after Vaultwarden, did I confidently begin storing passwords and used absolutely random characters and absolutely random passwords.

To those saying self hosting BitWarden/Vaultwarden is not a security feature, do you have tips as to improve the security hardening of Vaultwarden?

Things, I could think of
1. Disabling the admin token.
2. Preventing WAN access. (To be done on the router)
3. Setup Reverse proxy with fail2ban.
4. For WAN access, consider something like tailscale.

Vaulwarden is awesome.. running it as a docker container

- I am using Cloudflare tunnel for wan access
- Have enabled 2FA for additional security

what do u mean by

Preventing WAN access. (To be done on the router)

 

[badwhitevision]

what do u mean

I meant preventing remote access to the router management page itself. And also stop port forwarding vaultwarden or anything else. Both of these hold water only if your ISP provides dynamic IP instead of CGNAT IP. Sometimes having a CGNAT IP is a blessing. (case in point)

With cloudflare tunnels, is your vaultwarden exposed to the public internet directly? Doesn't that open it to brute force attacks (if you haven't used fail2ban)

 

[nRiTeCh]

BItwarden also has this form fill feature, I have used it many times.

It never prompts me to save any forms. Does it prompt for you?

 

[badwhitevision]

It never prompts me to save any forms. Does it prompt for you?

For browsers install the bitwarden plugin and it will prompt. Tested on firefox.

 

[nRiTeCh]

For browsers install the bitwarden plugin and it will prompt. Tested on firefox.

Already using bitwarden plugin since years but it never prompted unlike lastpass. Tried ff/chrome.

 

[badwhitevision]

Already using bitwarden plugin since years but it never prompted unlike lastpass. Tried ff/chrome.

Try this guide maybe?

I vaguely remember using this when I wanted to use auto-fill.

How to auto-fill your passwords with the Bitwarden browser extension | Bitwarden

Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.

bitwarden.com

 

[MarioBros]

Already using bitwarden plugin since years but it never prompted unlike lastpass. Tried ff/chrome.

bitwarden latest updates have the prompt enabled now, for me it works on Edge browser on Windows & Mac