Hello everybody,
I’m looking for a password manager that I can share with the three other associates in my company. I often hear people around here talk about KeePass and Bitwarden, but I found several different options for each and I’m not sure how to choose. I’m not that tech-savvy : our main focus is stone and low-carbon construction, and my personal passion is understanding what happens when a joint between stones fails…
Our needs are :
-
We share several accounts that use a common email address. When a password is changed, it needs to be updated automatically for everyone.
-
We also have individual accounts. It’s not an issue if other associates can see those passwords, as they’re strictly for professional use.
-
We need the passwords to be synchronized across devices, so we’re willing to pay for a suitable solution.
Any help is welcome !
Edit :
First, thanks for all the answers.
After reading all the contributions I realised that for the moment we need something that works out of the box as we don’t have a freelancer to help us anymore. When we find one we will consider changing the password manager, and many other things !
I will try to make a table with the pro and cons of the various solutions I will study from now on and to post it here.
So with all the insights my new criteria are :
- various vaults (one shared, and individual ones),
- Probably european,
- Low maintenance : works out of the box, synchronised by the provider (for the moment)
again, thanks a lot. I’ll keep you updated
Edit 2 :
I made a comparison table of the solutions hosted by the provider analysed so far :
| Name | Proton Pass | 1Password | Padloc | Bitwarden | Dashlane | Passbolt |
|---|---|---|---|---|---|---|
| Essentials | Business | Team | Team | business | ||
| Shared vault | Yes | Yes | Yes | Yes | Yes | Yes |
| Company location | Switzerland | Canada | Germany | US | France | Luxembourg |
| Company server provider | Proton | Amazon | DigitalOcean | Microsoft Azure | Amazon | GCP (google) |
| Open source | Yes | Not clear | Yes | Yes | Partially | yes |
| Linux client | Yes | Yes | Yes | Yes | No | yes |
| Price / user | 4.99 € | 6.99 € | 3.49 € | 4.00 € | 6.00 € | 4.5€ |
To be clear, I don’t use linux… yet. But I will probably not use it at work before a long time
Edit 3 : I updated the table with passbolt.
Passbolt enterprise is hosted in their own server, but the business version is hosted by google
I looked into VaultWarden recently, and I would be hesitant to use it for a business. In the latest release, you cannot create an organization because of a bug in the web ui (https://github.com/dani-garcia/vaultwarden/issues/6638), and the fix has not been released because their build pipeline is broken (https://github.com/dani-garcia/bw_web_builds/pull/224). I get it is the holiday break, but hosting it seems to require some hands-on maintenance.
Interesting that the current version has this bug. I think around the time I started using Vaultwarden as my Bitwarden backend it was also said that the password-sharing should be treated as experimental, but I have had zero issues with it so far. The Web UI might not be super self-explanatory the first time round when it comes to sharing passwords with others but I mean as far as I know this is the work of a single Bitwarden-employee doing this in their free time. And once you have the org set up you don’t have to rely on the Web UI for any of the sharing, transferring, creating and whatnot anymore.
If it is currently impossible to create new Organizations then I’m sure this week-old bug will be resolved fairly soon, probably with the next release.
Either way OP said they’re not tech-savvy so they would probably need to hire someone to set this up for them, which I wouldn’t say is a ludicrous thing to suggest. Even with the level of encryption that this data is stored with you can never go wrong with the data sovereignty that comes with self-hosting. Once you have Vaultwarden in a Docker container with Watchtower updating it regularly it’s zero maintenance as far as I’m concerned.
I don’t think it’s a good idea to use a set it and forget it mindset for things like these. how will they know if something happens to vaultwarden? discontinuation, enshittification, repo transfer to new maintainers, bad release by hacked account? we are roughly following the channels to get informed but someone who’s not dealing in IT much even just as a hobby probably won’t get to know if something is up. also, does watchtover properly handle database upgrades, like for postgres?