Big Tech passkey implementations are a trap | Proton
proton.me
- Big Tech has implemented passkeys in a way that locks users into their platforms rather than providing universal security
- Passkeys were developed to replace passwords for better account security, but their rollout by Apple and Google has limited their potential
- Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.
You are viewing a single comment
If I can't add your passkey to my Bitwarden vault, I'm not using your passkey.
If I can't add your passkey to my local KeepassXC database, I am not using your passkey.
You can also host it yourself.
https://bitwarden.com/blog/host-your-own-open-source-password-manager/
Yea, I know. But my preference is for my password manager to not be cloud at all.
I don’t mean to be pedantic but self hosted isn’t cloud.
Doesn't it require cloud activation?
It requires a key and id they generate.
https://bitwarden.com/help/install-on-premise-linux/
Though from the instructions, I’m not sure if the install needs continuing communication outbound to function.
Yea, I understand, and it's a perfectly valid choice. But does that disregard people's preference to not bother with this at all?
I don’t think I understand the question.
To be clear, the alternatives are valid choices.
That was a rhetorical question. What I wanted to say was basically "if it is only supported by Big Tech walled gardens and some open, selfhostable cloud password managers, I am not using such passkeys, because for me it is far more comfortable to have my password manager fully offline".
Eh, easier to just use the same password for everything.
I use 12345, personally.
Huh.. same as my luggage.
Why are us nerds like this? No one asked, please dont.
I mean, they were responding to someone who sounded like they were acting superior for self-hosting their password manager. This person chimed in with “well you can self-host Bitwarden too”. And now you’re upset because they offered a direct counterpoint, and furthered a conversation?
This is a guy who planted some Cheerios because he thought they were donut seeds.
Bitwarden proper wants $40/year to have two users sharing passwords. You might try Vaultwarden?
That doesn’t seem unreasonable at all for not having to host your own server.
That's with hosting your own server. Unfortunately I only discovered this paywall after sending them $10 out of good will.
Of course it's open source, so it's certainly possible to break their DRM, and if it were something less sensitive I would.
I still might, but VaultWarden looks like a better alternative.
Nowhere on their pricing page does it say you need to host your own server.
I pay $10/year for my wife and I, total. The $40 is if you want 3-6 people. AFAIK, you still need to pay if you self-host and use the premium features, but you can self host on the free plan as well.
$10/year for my wife and I is completely reasonable, and I'd pay the $40/year if my kids needed their own accounts. It's a fantastic service.
If you self host you need the $40 plan for two people. Seems kinda backwards, doesn't it?
Yeah, they absolutely don't make that clear or I wouldn't have gone with Bitwarden.
Really? It says it's supported for each account type. It looks like you don't even need the $10/year account anymore for sharing with one other user.
You'd think that based on your link, wouldn't you. I did.
My support ticket response:
Your issue is creating an org. The free tier allows again one collection with one user. So don't create an org, share a collection.
One user can't share a collection with another user. An org is required to share.
I'll have to check. I haven't self-hosted mine yet, but I thought the collection share I do with my wife is different.
You could very well be right, which would be disappointing.
If you discover anything different, I'd love to try it! Currently we're either going to share a single login (which might get odd with 2fa devices) or just use VaultWarden.