 Time here for more systems and we're gonna talk about bit warden the open-source password manager If you want to learn more about me or my company head over to launch systems comm There's a hires button atop if you'd like to hire short project If you would like to support the channel in other ways or affiliate links below for products and services that we Talked about on this channel that often gets you a discount. I Don't have one though for bit warden and this is me talking about bit warden because we switched to it There's no paid endorsement. I know no one at bit warden. I'll just make sure that's out of clear there I will disclose ever as always if something was ever a paid endorsement But my positive review of this I'll just let you know. Yes. I like it. Yes. I use it for those you too long didn't watch people It's a great password manager now previously I've done several videos on last pass and to my knowledge. There's no flown flaws in last pass I'm not switching because I know that there's some major security problem with it And I have also done videos about security problems found with last pass and how fast they were at fixing them was really impressive It's a solid password manager. I don't think last pass is a bad product But I when possible I always like to prefer an open-source product and a lot of people have asked me why I'm not using bit warden Well, my first answer which was solved was the fact that bit warden was not code at code audit And when companies make a new product, it doesn't necessarily mean I am going to trust all of my most important passwords to that product That's obviously trust has to be earned and in security trust has to be audited make sure that was this program written in a secure manner Now both last pass and bit warden last pass being one of the first to market making them one of the biggest and why they're so popular And they do make a good product. It stores the passwords in a vault So there's a supposed to be and to my knowledge is a zero trust that means Zero trust is you decrypt within the browser. So the passwords are decrypted by you through a master password and not The last pass system itself or in this case bit warden So what they're going to each of these companies do is have a business model where they handle handle passing and storing the encrypted vault and your Master password that you set decrypts the vault with them having zero knowledge And this goes back a long time from a business model standpoint back to Lava bit Lava Levison And they realized that well He had the passwords and could decrypt some of the encrypted email that Lava bit had Therefore the government was able to compel them or even attackers could possibly get hold of those keys last past decided In their earliest inception that they would encrypt it without knowledge of understanding what the passwords are because you can't compel a last pass to give up a password with all the Information in it if they don't have it bit warden built on the same thing, but they decided to make it open source So while last pass has gone through a code review as well and is vetted by third parties It's still not an open source product. So now we're going to dive into Bit warden, which is an open source product and which has completed third party security audit This was a very important step to me and this happened. I know a little while ago But I still the pain of switching Well, I thought it would be more painful than it was it was kind of like well We have an entire workflow I have shared passwords between my team here at Lawrence systems and you know last pass was a great solution because well It made working very easy. So let's start here at the front page Solve your password management problems the easiest and safest ways for individuals teams and business organizations at store and share and sync Sensitive data install now. It's free. So their business models very similar to other password managers that there is a complete free version They will host a vault and you can create a free account which I have and we're going to demo it And they also have a paid model where they do enterprise solutions where you can dive into and we'll actually just look at it real quick So you don't understand the pricing and what you get When you dive into the enterprise it three dollars per user per month is actually a really That's really reasonable. I think for the amount of features that they offer on here So user groups director sync on-premise hosting event audit logs API access multi-factor With to TP and of course things like duo security and UB keys and they have a lot of other features there Which is awesome if you want to go into the higher-end model The free for user allows sharing up to two users So if you and one of the family member want to use this and share Passwords securely between each other that is supported right in free version the family plan at a dollar a month for five users Yeah, that's just really inexpensive now This is where some people sometimes people conflate things they assume open source always means free the code is all free The code is all on github. They're doing the hosting and things like that. That's part of what some of those fees are for So those fees that come into this if you want to grab all the source code and build it all yourself Absolutely, they have made 100% of the source code available. It's all right here documentation and everything the Apps they have everything so I'm throwing it out there for those that always seem to ask that question when companies charge for certain things You're paying for some of the hosting and some of the features And they do have some premium features that do require licensing if you self host this as well But if you wanted to spend the source code and not just download it from Docker Yes, you could remove the licensing just so I'm clear on all that so we're up front Creator free account easy enough to do I have one created over here We're gonna go in a vault per second sinks between all the devices. That's awesome desktop apps They have a Windows Mac and Linux app web browser extensions for Chrome Safari Firefox with all the brave tour browser edge and Opera like said mobile app command line That's actually kind of cool too and of course the web vault and of course here is the open source Statement check out our bit hub and they have everything on there the Docker images This is the self-hosted system and I'll cover this a bit more at the end But you the self-hosting is great on this it works really really well I we have it set up and then we chose a self-hosting to reduce our threat surface And right here's the personal premium accounts a couple extra things that you get Both of them and this is where sometimes people have confusion. Yes, you can have two-factor authentication Without the premium account what they're talking about here to TOTP authenticator and key storage I don't use this feature But it's kind of novel that they can do this and we'll cover what that is It's basically allows you to save your TOTP your time-based authentication passwords and have it create them But that kind of breaks certain rules of two-factor and I'll explain that shortly here and more details about the whole system I guess the companies very open open source Their business model is really really clean and they're got a really solid system that has now been vetted now Let's look at like the desktop app. I have it running a Linux here I have a demo account set up on here so you can go through and see I got a couple logins saved in there We're gonna cover them in a couple different ways But I didn't find any problems with the demo account or setting up a demo account and running it and an application here in The window I've also got the browser plug-in set up here. Well, actually one of the cool things is you can this does this both for chrome and firefox This allows you to pop it out like this So I can just you know use it and have it without loading an application Have it popped out and do look at my vault look at the collections and things like that And of course then we can log into things via the Actual web vault right here, which I got to get the password to and unlock because it timed out And I put a really long password in there Now this is also something I found kind of interesting is you can be logged in here and edit things and Not at the same time be logged into the web version. They keep these things separate so you can go to vaults.bitwarden.com when you're Running this and it decrypts it in there now an interesting thing about the way it decrypts Just so you know when you send your master password They bring what they call the encrypted blob to the browser and they aren't getting your master password back They're doing that encryption in browser. This is how they keep from knowing your master password They've developed in the system once again, it's open source and being vetted They developed this so they don't send the master password back to them to decrypt it because then well then they would have your master password If they had it They would be compelled or it could be compelled to do it or the risk of them being attacked Would allow people and attackers potentially get in so many log in here and get the password real quick All right, and I'm logged in so no matter which one I log into they're all in sync with each other all the time So this was the popped out with the Chrome extension. I have just a couple things saved in here Just this is just the demo account This is where you can look at the generator. You can import data matter of fact This is how you would switch it from last pass and wow this was easy I think I have over I permed them download right around 7 800 passwords That I needed copied over when you run into the export You just go to export with last pass and they link to the article of how to export from last pass You copy that and paste it in or you can save it as a CSV file and it imported flawlessly I would that part was way less pain than I thought so switching was actually really really easy for me And my understanding is switching from some of the other ones is easy Now you can also on the other side of this export your vault In exports in JSON or CSV you put your master password in there And you can then export the file and then you have it It's in a JSON file or a CSV file if you wanted to put it in a spreadsheet They do I like any company that supports a solid data liberation process Which means I can get all the data that I put into this product back out of the product If I wanted to then I can put it somewhere else if if I wanted to do so Now back to a couple of our features of the vault. So we're gonna look right here Well, let's go and edit this actually this is where this is a premium features This is right here the rolling to TT T OTP numbers So if you have a premium account you can put this in here that means your Username and your password and then the third party authentication that extra token could all be stored right in here to me I mean I think this is a great convenience But security and convenience are always at odds with each other doing it this way means if I stored this in here and somehow someone got into My vault because I've been compromised my master password was compromised Someone figured it out and they figured out how to get into my vault They now have the pieces of information both of them needed to log into my next piece of account For example right now because I don't keep my T OTP authenticator key in here If they were to get in and I was on a site that also had a third party authentication It would stop them from doing it because they would need my External which in this case is my phone which has the rolling numbers on it So leave it up to you if you want to put that in there. I think it's cool that they offer it I think it's a bit risky Now other things about the interface This is the test log in for PF sense Easy enough now what about if we wanted to do another custom field. This is another feature So we got a notes field here, but let's say The other password some other key that you might will see the VPN key because we we have that created separately and We'll put some random junk in here and just like that, but now we hit save And now what we've done is when we go and look at this particular item I can not have it exposed but go in here and just copy the value for the VPN key Because I wanted to store some extra piece of information about this site login Maybe those are security questions you answered this can all be stored in here Maybe there are some other pieces of information that are pertinent to whether it's a firewall like I'm doing as a demo Here's it's a PF sense box or whatever that is sometimes sites have a few extra questions They want to ask and maybe you want to have those as a text Maybe you want to have those as hidden to copy and paste the answers and a series of questions that you answered now Not answering those questions the same on each site when they ask you like what your mother's maiden name is This helps to do that so you can come up with a random answer for every website So too many places use that mother's maiden name or some type of arbitrary information that you can probably find about a person That's why it's better to make things up But then you can't just make them up and forget them because then you wouldn't be able to get back in if there Was ever a problem so making them up and saving them inside of here and having a series of fields great way to use it It does support full organization of things like folders, so you're able to I don't have any created as demo account But you can organize everything into a series of folders like my social media accounts or my web accounts or my server accounts Now the difference between this test and this time login are one belongs to an organization and one belongs to me This is where I think they did an amazing job. You don't share passwords Based on the object inside to here. So if each password, let's say is an object So we want to share this with someone else we can but Normally the way you would do it in last past just and I don't know every password manager But the last pass to do is it's kind of a I want to share this and would have a list of users I shared with it. They break everything down in Here and bit warden using organizations. I really this is just great. So we create a new organization We'll call this one demo to so hip bit warden demo at launch systems calm and This is where the licensing kicks in and this applies to self-hosted or not So I was going to make that very clear free limited to users including you So it's really just you and one other person limited to collections You can only because each organization then can have a collection underneath it And if the free plan only lets you have two collections The collections are essentially like folders underneath it So maybe some are related to the business or however you want to break those down Maybe department if you want to consider an organization a company and then maybe you'll create a series of departments under there And there's full granular permissions for each person you share this with which is actually really nice You can then upgrade to the family plan for a dollar a month really inexpensive with the family plan on Premise hosting is an option because once you create these this is the Not gotcha, but it's something that I was a little unclear on But reading through and now I've set this all up. I understand a little better now You can get in on-premise license the way you said an on-premise if you want to self-host this up as you would create this here Create the account by the family plan even though you're gonna use self-hosted You still have to create an account with the same name So the username is gonna be your email address So I had to create one with my email address at bit warden I had to buy the plan even though I don't keep it in their vault because I'm hosting it myself You have to buy the license here Then you get to download and export the license and then you import it into yourself hosted and the email addresses have to match Just FYI on that. That was the part. I was a little bit fuzzy on that. Maybe they could add to their documentation Teams teams is cool, but down side about teams the on-premise hosting part missing So for a business I was thinking hey the teams account seems like what I want oddly You don't get to some on-premise host this so you can buy the teams account host it with their vault But teams doesn't allow you to download the license neither does the free plan You can't create an organization without a license for the on-prem So you had to go with the enterprise one which does have on-premise hosting But at $3 a user per month. It's really reasonably inexpensive So that's for a business use case. That's just yeah great price Especially because you get all these features that you want for a business anyway unlimited collections Share with unlimited users and control user access with groups Track changes and log audits. They give you well all the business and enterprise class tools You want to create a shared password manager that they don't even host So yes, I said in the beginning they're a trusted company But if you want to reduce your threat service more You don't even publicly expose your bit warden server in any way that way in the future if any flaw was found You have self hosted this and the only way accessible in the way we set this up is internally with the VPN So it's completely locked down to an internal network with a lot of access restriction rules around it Therefore reducing if they're for example was a flaw ever found in bit warden I'm sure they would be quick to fix it But not having it exposed means it was never a chance to exploit that flaw So there's important reasons you may want to do it. It's not for everybody and a matter of fact they're hosting I've been I'd set up some demo accounts and tried a few things with their hosted version Matter of fact, I moved all my personal stuff that I you know games and stuff I play all to their Hosted version that they offer the hosting for and bought it as a premium and I'm thrilled with it. It works great It's fast. I've not any issues at all. They seem to have a really solid platform So with all that go back over here go back over here and how do we get things in and out of there? Well, it's kind of a one-way operation I bring that up because right now I own test but the demo org here owns Tom this other login And so when we log in and we'll actually go here and log in and out just this was handy to have So if we want to log in we've got two options because I save two different passwords here So we got the Tom one which we can log in right here All right now logged in And then we're going to log out and this can be really any website. This was just handy I happen to have this sitting here with pfSense Um, we did the login over here with the little button and now we're going to log in with test And we can log in with that now Test is owned by me but anyone who I shared in the demo organization. So we look at demo org and we can Invite some user. We invite this user. This is the owner And so I have full permissions But then the demo user or another menu would pop up and let us granularly control all the permissions of who can see what inside of here I didn't want to show this on mine because it has all of my staff's email addresses in and of how we delegate this out And that would be more than i'm willing to share today On terms of that, but then you can break down with that premium one each one of these you can go through and granularly your permissions, but Once this gets moved into and let me show you how to move something in there. We'll move test in here now as well We're going to share what collection default collection over with demo You can have as many collections as you want everyone organize them. This is a one-way operation Once you've taken something and it's not in your vault. It is now part of the organizational vault It does give a little sharing on there But it I didn't see any way to remove The share once it's done You have to cop you have to reset it up back into your account Your personal one once it's in the organization. So it's just kind of a Only feature I really complained about so to speak would be that that I wouldn't mind be able just to take something Of an organ say I don't want to share that anymore. So once you decide to share something you've shared it You can delete it out of there. No problem But there's not a way to say move this back over so tom owns it It's not shared with the group that is in that organization So just a little fyi now Now a few other things they have in here that's also really nice the organizations work just like the vault So under my vault I can say I want to create a new login I can want to look at cards. I want to look at identities So let's add an identity item. So identity item is going to be I want to put in my title All the information. So when I go to a website, you just can fill all this out email address phone, you know I have one of these filled out from my business card Add item we can put different cards in here And we can you know, I say you change it as you go down right here So name folder a card holder name visa master card, etc, etc Custom fields that you may want in there who owns this item is down here at the bottom And this is what I really like. So we do need to share certain card information and stuff like that with our vault So we put things or I should say I do I put them in the shared folder right from the go So I have certain things I want them to fill out. I have Cards I want to share with my staff when you want to share those cards I just throw them right into the shared organization and the staff members that have the permission for that particular folder Now have access to be able to buy something and use one of the company credit cards right from here And fill it in this is really solid the way they did this. This is just I really like it now Let's demo real quick what looks like to actually so make sure we log in as Tom So we'll go choose the Tom log in here And actually let's uh delete The other log in so delete the test log in so back to all items and uh Even though it's in the shared one it is to be yep We're gonna delete that I don't even know what the password is for test Doesn't matter though. So Make sure we're uh refresh the page Yep, there's only one login now. We're gonna choose the Tom login And this is my demo server. So yes that password is that short Still can't have it but it's short because it's a demo server for this particular demo. I just spun up So let's go over here to user manager now I granted you'd be doing something completely different if you're creating a login for a site It has these type of options, but we'll use the password generator to show you how it works So, uh, we'll go here. I'm just going to hit over the generator and You can choose some of the options longer however you want the password to be this seems like enough characters right here Do you want it to have? Which characters uppercase lowercase? uh Minimum amount of numbers special characters avoid ambiguous characters are plenty of little options that you can do there And keep it ring generate till you say I think that looks good. So we're going to copy the password Password copied and we'll just paste Paste now because this field is labeled password just by me hitting save here Even though I've already got Tom saved it says should bit warden remember this password for you. Yeah, save it so Back over to bit warden here Back over to my vault Instantly it's saved right there. And by the way, I've left this open in the background It's saved right here. It is in sync. So as these changes are happening the bit warden Uh tool right here is syncing all of it and it's working all in real time for anything that we add And now I can have this in my vault and we can see the password it generated right here Be able to view it and away we go it remembers the thing now something about match detection is kind of cool, too This is really nice that they have this built in here. You can change the default rules on it But you can have things like I want it to be an exact match for this So only use this password when I'm at this particular URL or you can edit it So this or you or I is exactly this so you can say I want it to be Exact match for this and this is kind of a nice feature as well and uh, That you can do this on easily do this on a per item basis. So I really like that Now the last thing I'm going to talk about because I mean we didn't do some of this it's Uh, these are a couple other premium features that I guess we can cover real quick like exposed password report reuse password report week password No, they don't just send your password to have it been pwned They create a hash of it and do a hash comparison. So I thought that was nice that they built those things in Now that's definitely really cool and under the settings. Um, this is where you have some of the other options The change the billing options lock options your organizations Uh, everything else billing two step login. They support Uh With the not pay this is a hundred percent free one here Um authenticator app and I'm using that google authenticator but authenticator plus I don't know if I did a video on an app But it's a great app to use uh for doing totp authentication But they have all the support for that. You can also have your verifications emailed to you But this is way better to do something like this right here But please note if you ever lose the password to this or lose your authenticator app key and now all that you're not Getting back in they can't help you they don't have your password So it's really important when you set this up initially and create the master password that you just don't lose it Now finally, let's talk though about how you self host bit warden and uh, this has been great. Um, oh Let me close this window. But yes, they have a uh bug bounty program. I guess we can just mention that worth mentioning for sure All right, do you have a breakdown for like I said, they have license fees those license fees Well, they do apply to self hosting. You just want to reiterate that just because you're self hosting it You would have to recompile the code to remove the fact that it requires a license for certain other premium features The code's available. Have at it guys installing and deploying this This is really well done. They've done a great job. So Too long don't read right here Just all you really need is your dns records to point and have ports 80 and 443 open So if you want to self host this, uh, your domain, you know, you call it whatever you want bit warden dot your domain dot com Really straightforward. They have a great installer that is very very automated. Um, and what this does is Grabs this really basic bit warden dot ashay script It goes to the bit warden downloader. It grabs this the only pretty requisites are docker and docker compose I built this running a server running devian 10. No problem. I didn't load anything else on it. It's a bare bones I loaded a docker on it. That's it and I wanted to create this with the absolute minimum So once you want to install install to play bitcorden run their tool here Uh, then you run bit warden install start and away we go And they have a couple options of how to do this on power shell how to do this, uh If you want to adjust things now, this is a part that I think is really great They did an excellent job. Now. This is best practice and docker. Anyways, they Do a solid job of separating data from runtime environment So you're when you build this all in docker and this is to me absolutely great Like I said, I uh, I'm just happy with the whole way. They have, you know Here's how to set up docker docker compose install the bit warden run through some of this But they have and it grabs all the proper Docker images that are nice built compiled. You're not compiling any of the code But they create a separated data folder So your data folder is located in wherever you download and install this and then docker runs The docker images get updated whenever there's updates, but your data stays safe By the way, when it comes to backups inside of this virtual machine that I created They create a backup folder and every night it creates a backup of my bit warden Files you can also yourself all you have to do is grab this bw data folder that it creates and Away you go. That's all you have to do to back it up. She's keep backing up bw data and and pretty straightforward also, um, they have Things like this when you go into the environment variables under bw data environment you set things that you need to have set up So smtp.sengrid Um port 587 username api key sign api key, etc. Etc. But One of the things that's very important if you self host if you want to self host it and work properly You have to have the mail server set up. That's why they have these in here And that's one of the reasons we're pointing this out Even if you self host when you create new users You can't even Activate the premium license fee because you download the license from your logged in version of bit warden You then log into your self hosted version and Then you put your license key in but the license key has to match your email address and your email address has to be verified That's an important step So make sure you have access to a mail server that you can send information through And there's a lot of you can search for different mail server types that work for this But you know is make sure you have this right now as of right now But not in the future you probably could use something like google less secure apps Look that up, but google is also my understanding deprecating less secure apps. So that may work for now The other thing you need to email to work for is when you invite others to share So you have other users like for in my my team for example as they created accounts on here I needed to share the keys with them to put them in the different organizational groups and the different collections That also is an email generator now once they're Shared you don't really need a mail server anymore But you will get mail notifications unless you turn them off for new logins and new login attempts, which I do like quite a bit So here's a few of the other script commands and they made this really easy So what if there's a new version of bitward and how do you update it? Well, that's actually pretty easy Update all containers in the database. They have an update update the main script update all containers without restarting and running instance and Rebuild them. There's also a standard config yaml file So you can edit the config and once you edit these configs or these environments Please note and this is a docker thing that you need to rebuild the docker because once it starts all these instances And grabs the latest versions of them It uses the config files But you have to start and stop them again and rebuild them to say hey grab those config files again because I made changes Um, they do also offer instructions on an entire manual Installation and when it comes to keys they support both less encrypt for uh, when you if you need to have a key signed They support less encrypt they support self signed and they support your own and they have instructions on each For a company not just giving away the source code saying here it is to take the time to build out these entire docker images With detailed instructions of how to set it up. Um, that is outstanding This is one of the reasons that I was really impressed like they're they went the extra mile In my opinion to go through and do this to say hey Some companies are open source and say, you know, their business models will sell access or whatever But uh, when it comes to if you want to run this on your own. Well, cool. Here's just a pile of source code Uh, they don't always take the time to build really solid Detailed instructions on how to set it up how to update it and they kind of almost encourage you for those of you that want to self host Awesome away you go. Now a couple notes about the self hosting Self signed key versus let's encrypt. So awesome. They have let's encrypt But if you do this and you set this up on your server, whether it's a hosted in a cloud like digital ocean Or if it's going to be on prem like we're doing Within our own stack you do need to have your dns records and let's encrypt post it to get a sign Cert or buy a sign search somewhere and install it and like I said, they have those instructions there The reason you need that is if you want the command line app or you want the desktop app to work And you don't want that error to come when you go on the browser It needs to have that sign cert, but those desktop apps don't have a bypass for unsigned certificates So an example is going to be in a hold this up for just so you guys understand So we're going to go here and this works for uh any of them. So we're going to go and Go to account and log out. Yes and then we're going to go Settings and you put in the server URL right here. This works for the browser extension as well. So we're going to go ahead Whoops Probably don't didn't need to do that go here Settings lock log out confirm you want to log out Same thing up here. There's where we can go and Uh put in whatever it is a gtps and if you leave it blank it goes back to the bit warden vault But If that does not have a properly signed certificate It won't work. It will work in the browser. It will work with the browser extension It won't work with the command line app and it won't work with the desktop app and it won't work with the mobile app So if you choose to go with self-signed certificate when you're hosting this And you just don't want any exposure. That is a limitation you will run into Granted you could recompile these you could you know set the flag in there to allow a self-signed search Or you can take a self-signed cert and add it to your trust store of each device that's going to attach to it Those are other options But I wanted to throw them out there And just mention that because that was something I thought was Not really a terrible thing because obviously using self-signed certs It's a good thing in some ways because if you had a signed cert and all of a sudden it wasn't signed Because maybe your server got hijacked or something like that in a cert change It's probably good that it prompts you and doesn't just log right in the other side of that is I think you should be able as if you're advanced enough to understand how to set up a self-hosted docker image on a server That you should be able to say you know what I want absolutely no exposure I don't want anything but my own certificate that I generated Inside of here and I don't feel like loading it in a trust store. I should be able just to you know log into it locally I don't know. I'm probably being nitpicky about that but throwing it out there But my overall like said my feelings a bit weren't I really like it. It's got a lot of features When you compare it to last pass, uh, it has Really everything I had in last pass I now have in here But more the way it handles organizations is a big plus I don't use this feature But maybe I should I haven't really played with it. It does have a pin option, which is kind of cool So instead of you typing your master password each time you can Have a pin in the browser So you unlock the browser when you open it with the plug in and then you only have to type in a shorter pin number That way each time you want it to load a password You have to put a pin in that shorter versus typing your longer password when you want to have it more secure and locked but I'm absolutely I don't mind typing the longer password and uh, my own habit is even after I push my computer away I press the lock key to lock it out and Frequently closing that's just good security practice because then if I get up and walk away and I left my password manager login someone could obviously go in and start looking at passwords or something Yeah, maybe I'm getting a little over cautious But when you handle a lot of people's secure information, I don't think you can be too cautious But my overall I love the product I'm happy with the self-hosted like I said to me self hosting it reduces the threat surface if You're not exposing it to the internet if you are someone who's not sure how to update docker Or you don't keep your server itself very secure because you're just not familiar with those things My opinion is going to be if those are not things you're familiar with then you are making a less secure product And you're probably best left to the folks at bit warden to keep the product up to date If you're experienced enough to start following these instructions set up the server get everything set up properly You are doing better You can really reduce your threat surface and have it completely locked down internally and do all kinds of restrictions on it That maybe you wouldn't be able to do there But so that when it comes to security it comes down to what are you comfortable with where is you know Your efforts should be put It's not something I can easily answer for people with people always ask me is the self-hosted more secure And I have to say it depends because I've seen people self-host apps and make Tragically bad mistakes and they don't know how they're doing it. They actually create a bigger security hole for themselves, especially with the risk of Let's say you have a server that you don't keep very well It gets compromised has some type of malware on there that then grabs your master password and lives there silently While they slowly creep through all of your passwords because you did not properly secure your server And they were able to start listening to all the traffic and manipulate your server So your skill at locking down a server is going to be very dependent whether or not You should be the self-hosting of this or not and of course if you're self-hosting and you're not exposing it Well, they you've reduced the risk even if you're not good at it. They still have to get inside your network So that does create another barrier. So those are my overall thoughts on bit warden I'm really happy with the product. Uh, if there's questions comments concerns, uh, great Let me know I'm going to have this linked over in my forums. It's a great place to ask questions Um, or if there's you know troubleshooting and things like that I'm willing to help a little but they do have their own support and discourse forums I'm a highly recommend if you have a lot of troubleshooting problems with it because I didn't have problems with it I thought it the documentation was good and it just worked not so impressed with it Um, they have support forums that they have a discussion They have to have a subreddit, uh, where there seems to be a lot of people answering questions as well So the go to the reddit slash our bit warden And uh, have a discussion with people in there too. There's a lot of q and a just read through Um, so, you know, don't believe me Look at other people's thoughts on their product and everything else and um, it's great So it gets a thumbs up for me. Thanks And thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like youtube to notify you when new videos come out If you'd like to hire us head over to laurancesystems.com fill out our contact page and Let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Where we can carry on the discussion about this video other videos or other tech topics in general Even suggestions for new videos. They're accepted right there on our forums, which are free Also, if you like to help the channel out in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time