As for keepass itself, you will never lose access to keepass because it’s locally run and can run on any device.
Even with syncthing, if a file is corrupted (without you knowing) it would just get synced corrupted across to other locations.
But if you follow my advice to enable multiple versions, you can always revert to the previous versions. This is not default behavior in syncthing, but it’s just a toggle. You can have as many database files as you want going as far back as you want. There is a reason why I keep mentioning this.
With cloud backup, I was referring to something like Proton Drive with the keypass file. If you wanted, you could even have this set up to upload every version of the keypass file created by Syncthing.
If you’re just not comfortable with keepass yet then it makes sense to keep the passwords in bitwarden as well. However, long term, it will be a lot of unnecessary work to keep the two database files (bitwarden/vaultwarden and keepass using different file formats) in sync.
Also, I actually do run bitwarden and plan to switch to vaultwarden, but it’s because I don’t want want to use keepass. I would never go through the work of managing both. Obviously it’s harmless if you still want to do it though.
Store all credentials in one text file, encrypt with symmetric GPG (gpg -c), delete the plaintext. When needed: gpg -d passwords.txt.gpg | grep “service”
Pitfalls to avoid:
Make sure swap is encrypted, otherwise decrypted content could end up on disk
Editors like vim create swap/backup files - disable them
Use shred -u instead of rm to overwrite before deleting
Watch your shell history
It’s basically a manual version of “pass” if you know that tool.
I do have this through FreeFileSync. this was more of a password manager provider backup. I completely agree with your thoughts on backups with multiple versions.
I used to use Bitwarden cloud password manager, but my account got hacked so all my passwords, and I don`t have a few, to be exactly I have 1548 passwords, got public on the internet.
From there I changed my passwords, I did a lot of work to change all those passwords, I started to use keepassxc and pass
I make weekly backup and all my passwords databases are encrypted and are localy stored on a usb flash device! I hope it will help you to not get hacked on your bitwarden cloud password manager!
Yes somebody brute force my password and email! This is why I say to you never, ever keep your passwords in a cloud. Keep them localy on your SSD or a usb flash stick, encrypted. I learned my lesson in a hard way!
Wow I haven’t heard of that before, I consider the risk to be someone hacking bitwarden itself rather than my account. That must be a horrible mess to unpick.
But your passwords are encrypted on device before being sent to Bitwarden cloud aren’t they? So even if your account was hacked they would only see nonsense? Or am I misunderstanding?
Probably what happened was @Alin had a weak password on their email or bitwarden account, and if the email was exposed in a breach an attacker could have brute forced the email password (or bitwarden password) to gain access to their personal bitwarden vault.
Encryption on device doesn’t matter if you know the decryption keys or can easily guess/break those keys.
You are right. My email adress was involved in a database leak on a website, I don`t remember now what website. So they know my email adress and they brute force my bitwarden password wich was a weak one. I tell you not to use bitwarden or any online password manager. Use one offline like keepassxc or pass for gnu/linux.