The Github page says they are aiming to get one done soon.
dreamkeeper@literature.cafe
on 16 May 02:39
collapse
They shouldn’t claim that an effing password manager is “secure” until after they’ve done an audit.
I’ll pass, thanks.
DevoidWisdom@sh.itjust.works
on 15 May 16:47
nextcollapse
Per the github page “With the API stabilized, we aim to have AliasVault undergo a thorough security audit this stage. We have already initiated conversations with renowned cyber security companies who have taken interest in taking this on.”
I hope it doesn’t say as I didn’t bother to check - how do free projects get money for audits like this?
non_burglar@lemmy.world
on 17 May 13:12
nextcollapse
Excellent question, because financial transparency is becoming more and more of a factor in my shift to open software.
And I suspect that there are indeed a few not-so-good actors who are abusing FOSS for political or financial gain.
DevoidWisdom@sh.itjust.works
on 17 May 15:17
collapse
Good question. I don’t see anything about current funding. They do mention in the road map having a premium cloud subscription to cover cloud hosting.
I’m a keepass user myself. Too many hosted programs turn to crap one way or another. Let alone the trust componet. I hope for the best with this software.
hellmo_luciferrari@lemmy.zip
on 15 May 16:54
nextcollapse
I’ll optimistically sit back and see what comes of this. I’m happy with vaultwarden.
It could. The removal of “transparency” indicates to me that the clients might also stop being open source at some point and Vaultwarden doesn’t have its own clients.
savvywolf@pawb.social
on 15 May 17:17
nextcollapse
One thing that jumps out at me reading the readme is the fact that it has a built in email server. Email is hard to get right, and I’m surprised a relatively young(?) project is working on getting all the moving pieces together rather than declaring it out of scope.
It’ll be interesting to see how it develops.
prenatal_confusion@feddit.org
on 15 May 22:07
nextcollapse
Do You know more about the email server part? I understand +addressing but this seems to be more? Do You hand a domain over and it is actually a full MX or is it just an imap client?
I’m no expert but as i understood, it’s the sending part that’s tricky to get right. Lots of handshake to handle, all to probably end up in a spam folder or blocked along the way. But receiving from a publicly acknowledged address ? I think it’s fairly simple
Looks promising! And it’s refreshing to see something that doesn’t look vibecoded in a week. Couldn’t find any AGENTS.md or other AI crap so I could actually try it
This is most definitely AI assisted. I won’t say vibe coded, but this has the hallmarks.
KairuByte@lemmy.dbzer0.com
on 15 May 22:13
nextcollapse
This is a claim that is meaningless. You can say it about literally any software currently in development, and there is zero way to reliably refute it.
Aren’t both of them password managers? I guess I wonder if someone has a preference for one over the other.
KairuByte@lemmy.dbzer0.com
on 15 May 21:59
collapse
They are, it’s just odd to bring up an unrelated software.
I do use 1Password and like it, but I couldn’t compare it to this one.
OpenAltFinder@lemmy.world
on 16 May 22:07
nextcollapse
I recently started migrating away from 1Password. I was on the individual plan for almost 5 years, but this year they would raise the price. I would happily keep paying, but I just find that the quality has just gone downhill. The Firefox extension seems to freeze up quite often, or unlocking doesn’t work, or sometimes it takes 10 seconds +…
The browser extension was also feeling a bit intrusive. It would often pop up for non-login fields. There’s also no way to disable it for specific sites.
All in all, I just grew frustrated with it, and decided to switch to Bitwarden. I’m just on the free one, so I am missing quite a bit of functionality.
I don’t know why people use these services that charge you. Just use Keepass. It’s free and open source. The only disadvantage is syncthing across devices, but syncthing makes that trivial.
we used to use it at work. i hated it, cause it did not recognise any non english european character during search. i wonder what happens if someone with a full cyrillic alphabet starts to use a mess like this.
been the number 2 recommendation after shitass proton on alternativeto.net. ui is a bit weird, but works. password generstion def needs more options tho, some sites need more number or more special characters.
threaded - newest
Has this been audited? It’s easy to claim that something is secure, but there have been products that made such claims and were trivially exploitable.
the true audit is time, unfortunately
The Github page says they are aiming to get one done soon.
They shouldn’t claim that an effing password manager is “secure” until after they’ve done an audit.
I’ll pass, thanks.
Per the github page “With the API stabilized, we aim to have AliasVault undergo a thorough security audit this stage. We have already initiated conversations with renowned cyber security companies who have taken interest in taking this on.”
I hope it doesn’t say as I didn’t bother to check - how do free projects get money for audits like this?
Excellent question, because financial transparency is becoming more and more of a factor in my shift to open software.
And I suspect that there are indeed a few not-so-good actors who are abusing FOSS for political or financial gain.
Good question. I don’t see anything about current funding. They do mention in the road map having a premium cloud subscription to cover cloud hosting.
I’m a keepass user myself. Too many hosted programs turn to crap one way or another. Let alone the trust componet. I hope for the best with this software.
I’ll optimistically sit back and see what comes of this. I’m happy with vaultwarden.
It’s good to have options
fastcompany.com/…/bitwarden-scrubs-always-free-an…
They said VaultWarden, not BitWarden. This shouldn’t affect them.
It could. The removal of “transparency” indicates to me that the clients might also stop being open source at some point and Vaultwarden doesn’t have its own clients.
One thing that jumps out at me reading the readme is the fact that it has a built in email server. Email is hard to get right, and I’m surprised a relatively young(?) project is working on getting all the moving pieces together rather than declaring it out of scope.
It’ll be interesting to see how it develops.
Do You know more about the email server part? I understand +addressing but this seems to be more? Do You hand a domain over and it is actually a full MX or is it just an imap client?
I would never trust a newly written email server and there is absolutely no reason not to use an already existing as a dependency to this project.
I’m no expert but as i understood, it’s the sending part that’s tricky to get right. Lots of handshake to handle, all to probably end up in a spam folder or blocked along the way. But receiving from a publicly acknowledged address ? I think it’s fairly simple
Even then, there are lots of edge cases with e-mail that are easy to get wrong and might become security risks.
I‘m not saying this applies to this project, this is more of a general concern.
Looks promising! And it’s refreshing to see something that doesn’t look vibecoded in a week. Couldn’t find any AGENTS.md or other AI crap so I could actually try it
They spelled “agents” backwards to throw you off! lol jk
This is most definitely AI assisted. I won’t say vibe coded, but this has the hallmarks.
This is a claim that is meaningless. You can say it about literally any software currently in development, and there is zero way to reliably refute it.
It’s like stating your comment was AI assisted.
Sort of my point, actually. Most software now I’d argue is AI assisted.
Such as?
Do you have thoughts on 1password?
I’m curious why you asked this?…
Aren’t both of them password managers? I guess I wonder if someone has a preference for one over the other.
They are, it’s just odd to bring up an unrelated software.
I do use 1Password and like it, but I couldn’t compare it to this one.
I recently started migrating away from 1Password. I was on the individual plan for almost 5 years, but this year they would raise the price. I would happily keep paying, but I just find that the quality has just gone downhill. The Firefox extension seems to freeze up quite often, or unlocking doesn’t work, or sometimes it takes 10 seconds +…
The browser extension was also feeling a bit intrusive. It would often pop up for non-login fields. There’s also no way to disable it for specific sites.
All in all, I just grew frustrated with it, and decided to switch to Bitwarden. I’m just on the free one, so I am missing quite a bit of functionality.
I don’t know why people use these services that charge you. Just use Keepass. It’s free and open source. The only disadvantage is syncthing across devices, but syncthing makes that trivial.
we used to use it at work. i hated it, cause it did not recognise any non english european character during search. i wonder what happens if someone with a full cyrillic alphabet starts to use a mess like this.
Yes! Finally one with email aliases.
Thanks but i stick to keepass. It does the job
I actually happened to use AliasVault. It’s Free Software from the Netherlands for those who are unaware.
Looks like an interesting project, but I just don’t understand it’s use case.
I use Keepass and I just copy the (different) email address I used to register for a site into the username field and I’m done.
No hosting required, no additional email server, etc. just credentials in a fully portable file.
Is this trying to automate email based 2FA ?
been the number 2 recommendation after shitass proton on alternativeto.net. ui is a bit weird, but works. password generstion def needs more options tho, some sites need more number or more special characters.
It worked right out of the box.