New Update Bitwarden Unified: easier self-hosting of the password manager

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Bitwarden Unified is a new solution for the Bitwarden password manager to host, manage and control the password management infrastructure. It is currently in Beta and developed by Bitwarden itself. The service is available for all Bitwarden customers.

Bitwarden is a cloud-based open source password manager that is available as a free version and commercial versions. The free version does not restrict device access or limits the number of passwords that users may store, but it limits access to features such as emergency access, Bitwarden Authenticator, or hardware-based two-step verification. The price for individuals is just $10 per year on the other hand.

Bitwarden customers can use solutions such as the open source Vaultwarden, to run a Bitwarden server on their infrastructure. While that requires technical knowhow and a server, it improves control and manageability immensely. Bitwarden supported self-hosting for some time, but the process was highly technical.

The recent LastPass incident has shown that cloud-based password managers are lucrative targets. Depending on how data is stored by the company, it may lead to major issues for millions of users.

A self-hosted instance is a much smaller target and therefore less attractive to threat actors.

Bitwarden unified will run on machines using a Docker container. It is an alternative to the standard deployment option, which uses multiple Docker containers and uses a Microsoft SQL Server database.

The new unified self-host deployment option is available for all Bitwarden plans and requires at least 200 megabytes of RAM, 1 gigabyte of storage space and Docker Engine 19 or newer.

One of the main advantages of Bitwarden unified is that it supports additional database types and CPU architectures. Basically, it enables support for ARM processors and databases besides Microsoft SQL Server. Support for ARM adds support for running Bitwarden's self-hosted instance on Raspberry PI devices, NAS servers, and any other hardware that uses ARM.

A support document is available that highlights how Bitwarden unified is installed on different operating systems. Configuration options are also explained.


 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
yes but this is cloud save ?
Guess, you meant are your data and passwords safe in the cloud servers of Bitwarden?
This question is outdated nowadays because the majority of users prefer to sync all data across their devices to be able using same data even on mobile etc.

For those people are still worried, just searching for other software based more on offline data storage: KeePass, but keep in mind it's less comfortable for users ;)
 

Andrezj

Level 6
Nov 21, 2022
248
a slick way to protect passwords is to install portable keepass onto a usb flash drive inside the vault (like sandisk encrypted vault with complex passphrase)
to get even more fancy with protection you can configure windows to deny all usb except yours
you can even find usb flash drive with encryption password for entire drive

the primary risk is if you loose the usb flash drive
now let us be honest, if the vault and keepass passwords are complex enough, who is going to have the willingness, let alone the resources, to crack the passwords or passphrase?
the risk is minimal

i travel internationally a lot and i have used this method for its balance of security and usability, never lost my keepass usb
connecting a usb anywhere is not an inconvenience, it becomes a headache on shared devices though that use shared online accounts
this is meant to be a single user\account solution

stickypassword has a method for the same, you can even do it with memory card, but it is complicated
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
a slick way to protect passwords is to install portable keepass onto a usb flash drive inside the vault (like sandisk encrypted vault with complex passphrase)
to get even more fancy with protection you can configure windows to deny all usb except yours
you can even find usb flash drive with encryption password for entire drive

the primary risk is if you loose the usb flash drive
now let us be honest, if the vault and keepass passwords are complex enough, who is going to have the willingness, let alone the resources, to crack the passwords or passphrase?
the risk is minimal

i travel internationally a lot and i have used this method for its balance of security and usability, never lost my keepass usb
connecting a usb anywhere is not an inconvenience, it becomes a headache on shared devices though that use shared online accounts
this is meant to be a single user\account solution

stickypassword has a method for the same, you can even do it with memory card, but it is complicated

There's also a portable Windows version of BW, right?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top