Discover your next favorite thing. Product Hunt surfaces the best new products, every day. It's a place for product-loving enthusiasts to share and geek out about the latest mobile apps, websites, hardware projects, and tech creations. In case of backup, both LastPass and Firefox Lockwise backup passwords to the cloud. So, you can start using them on any system by signing in with your username and password. Additionally, Firefox Lockwise also stores passwords locally in 2 different files under the Profile Root directory – logins.json and key4.db.
缘由⌗
1password太贵, 关键是这类软件好像以前还有数据泄露事例。
在此之前老灯用的是Firefox Lockwise , 只能说基本上够用吧。管理密码功能在Firefox上操作。其实就是Firefox本身的功能。 Lockwise app 只是协助在手机端给你自动填充密码。
这次Google 停止Chromium账号同步功能事件,使得我重新花时间思考了一下,我要切换浏览器的事情。
这一年多以来,老灯重回Firefox, 刚开始真的很不适应,你们懂的。唯一不适应的就是:慢。打开网页超级慢。
(因为习惯了Chrome和Chromium的快)
然而一年过去了,Firefox打开页面的速度并不见得有什么提升。同时有一些在任何其它浏览器都没有的问题,
在Firefox会出现。fix: (native wayland和硬件加速的支持 已经和 Chromium 一样可以试验性开启了。) , 最明显的可能是 4K 屏下打开Firefox 要按两次 F11 解决窗口大小问题吧(用过的就懂我在说什么)。
不过,一个Firefox进程打开4000多个tab不会炸机(没错,我真的有四千个tab没关),这一点 Firefox 确实比 吃内存狂魔 Chrome 要好。
切换掉Firefox 对于我来说,等于要卸载Firefox Lockwise . 因此得找个替代的app.
为什么是Bitwarden⌗
综合考虑之下,选择了 Bitwarden.
- 全套开源(desktop, mobile, server)
- 官方同时提供付费服务(有商业支持,能确保开源项目持续)
- 其实官方的 free 版也足够大部分人使用,比如我。
唯一我不太喜欢的可能是,server端是基于C#实现了,同时要mssql 数据库的支持。
虽然官方有提供docker compose 文件,可以一键 up. 但是对于个人需求来说,为了一个server api, 起一堆的容器,我也不太喜欢。另外,起这么多容器,vps的配置也是要相应的跟得上的。
不过,翻看博客,找到了一个基于Rust 实现的all in one 的 Bitwarden server:
这个版本相对于官方的C#版有什么区别?
- 除了一些企业版的功能,其它的应该有的都有。可以说对于个人用户是没有影响的。
- 小巧啊,all in one 啊,只要跑一个容器。据说只需要10M左右的内存给它跑!
自己构建 Bitwarden 容器镜像⌗
如果不想使用默认的镜像,可以自己构建,很简单。
当然也可以直接用Rust toolchain编译二进制:
构建web ui (web-vault)
可以直接从dani-garcia/bw_web_builds 下载web-vault的编译版本。
*注意:构建密码库需要约 1.5GB 的 RAM。在具有 1GB 或更小容量的 RaspberryPI 之类的系统上,请启用交换功能或在功能更强大的计算机上构建,然后从那里将文件复制过来。仅构建时需要大量内存,而运行带密码库的 bitwarden_rs 仅需要***约 10MB** *的 RAM。*
1、克隆bitwarden/web git 库,并检查最新的发行标签(例如 v2.18.2):
2、从dani-garcia/bw_web_builds 下载补丁文件并将其复制到 web-vault 文件夹。选择要使用的补丁文件的版本(假设网页密码库版本为 vX.Y.Z):
- 如果有版本为 vX.Y.Z 的补丁,则使用该版本
- 否则,选择小于 vX.Y.Z 的最大的那一个版本
3、应用补丁:
4、然后,构建
5、最后将 build 文件夹的内容复制到目标文件夹中:
- 如果与 cargo run –release 一起运行,则目标文件夹为 bitwarden_rs/web-vault。
- 如果直接运行已编译的二进制,则它位于二进制旁,为 bitwarden_rs/target/release/web-vault
老灯构建完已经推到docker hub了:
启动 Bitwarden 容器⌗
解释: -e SIGNUPS_ALLOWED=false 禁用新用户注册,如果只准备给自己使用,则可以用这个选项禁止其它人注册。注意,容器第一次启动时,请将这个选项设置成 true 开启注册,等你注册完了自己的账号,就可以关闭注册 了。当然,如果你开启了admin后台,也可以通过admin发起邀请注册。
-e INVITATIONS_ALLOWED=false 禁用(普通用户的)邀请权限
如果机器有开 firewalld 防火墙的,注意开放 443 端口,等会我们要用到。
nginx反向代理+启用https⌗
因为 Bitwarden web vault UI 使用的Web Crypto API,大多数浏览器只有在 HTTPS 环境下才能正常工作。
(推荐)把 bitwarden_rs 放在一个反向代理后面。比如用nginx来处理 HTTPS 连接
(不推荐)启用 bitwarden_rs 内置的 HTTPS 功能(通过 Rocket 网络框架)。Rocket 的 HTTPS 实现相对不成熟且有限。此方式也不支持 WebSocket 通知。
有关这些选项的更多细节,请参考启用 HTTPS 部分。
这里老灯选择最简单的方案:
nginx反向代理 +Cloudflare 代理
Cloudflare 里面的tls 配置成 full 模式。然后nginx使用自签名的证书就OK了(cf的 full 模式不会校验 origin server之间的ca 证书, 因此可以放心地用自签名证书)
由于前置了cf, 真正的证书是cf自动分发的。因此 origin server (也就是我们的nginx反向代理)自签名证书完全不会给浏览器红色警告。
当然,也可以使用ACME 客户端获取Let’s Encrypt 证书。一些反向代理(例如Caddy)也内置支持使用 ACME 协议获取证书。
老灯这里用nginx,是因为服务器上已经有nginx在跑了,并且占用了80和443端口。
如果是全新的服务器,并且80和443没有被占用,我建议使用 Caddy 配置起来 更简单。
启用 WebSocket 通知⌗
要启用 WebSockets 通知,必须使用外部反向代理,并且必须执行以下配置操作:
- 将 /notifications/hub 端点路由到 WebSocket 服务器,默认在 3012 端口,确保传递 Connection 和 Upgrade 头。(提示:可以使用 WEBSOCKET_PORT 变量来更改端口)
- 将所有其他(包括 /notifications/hub/negotiate)路由到标准 Rocket 服务器,默认在 80 端口上。
- 如果使用 Docker,则可能还需要使用 -p 标识来映射两个端口。
tips: 由于 Rocket (荒野注: 这个server api是基于Rust生态一个叫Rocket的框架开发的) 缺乏对 WebSockets 的支持(尽管这是计划的功能),因此要在单独的端口上启动ws服务器。
当 bitwarden_rs 运行时,默认它会产生 2 * <cpu 核心数> 个 worker 来处理请求。在某些系统上,这可能会由于 worker 数量太少,从而导致性能降低,因此在 docker 镜像中更改为默认产生 10 个线程。可以通过设置ROCKET_WORKERS变量来增加或减少 worker 数量以覆盖此默认设置。
最后,老灯的配置如下:
TLS 检测⌗
TLS 检测工具:
可以使用https://comodosslstore.com/ssltools/ssl-checker.php 网站来检查 SSL 证书是否包含证书链。缺少证书链,Android 设备将无法连接。
也可以使用https://www.ssllabs.com/ssltest/analyze.html 网站进行检查,但是它不支持自定义端口。一定要记住选中“Do not show the results on the boards”复选框,不然你的网址就在“Recently Seen”列表中公开暴露了。
也可以使用 openssl 工具来验证
Web Vault Admin界面⌗
这里主要是给管理人员用的,对于个人用户单用户来说,就没有必要打开这里了。
启动管理界面,需要在创建容器时指定环境变量: -e ADMIN_TOKEN=一个超级复杂的密码
有关这些选项的更多细节,请参考启用管理页面 部分。
这个密码可以直接用命令生成: openssl rand -base64 48
测试一下禁止注册功能是否正常:
用户Web Vault界面⌗
支持上游发展⌗
最后,开源不易,有能力的大家尽量支持Bitwarden官方:8bit Solutions LLC 公司毕竟,开源项目要是脱离了商业支持,基本上活下去的都是奇迹。
bitwarden_rs 仅提供 API(服务器)端实现,用户仍依赖来自上游的客户端程序(移动应用程序、桌面应用程序和网页密码库),这些都是 8bit Solutions LLC 公司在上游完成的许多工作。
同时 bitwarden_rs 支持上游的某些付费功能并免费提供该功能。这就提出了一些有关维持和支持上游发展的问题。许多用户提出了这个问题,并咨询他们如何在使用 bitwarden_rs 的同时支持上游的发展。
您可以通过PayPal 直接捐赠给上游以支持他们的发展。
refs⌗
构建容器镜像–中文文档: https://rs.bitwarden.in/deployment/building-your-own-docker-image
构建容器镜像–英文文档 https://github.com/dani-garcia/bitwarden_rs/wiki/Building-your-own-docker-image
启用https https://rs.bitwarden.in/deployment/https/enabling-https
备份密码库 https://rs.bitwarden.in/other-information/backing-up-your-vault
反向代理教程: https://rs.bitwarden.in/deployment/proxy-examples
禁用新用户注册 https://rs.bitwarden.in/configuration/disable-registration-of-new-users
启用管理页面 https://rs.bitwarden.in/configuration/enabling-admin-page
Warning: Rocket’s built-in TLS is not considered ready for production use. It is intended for development use only.
对比:https://www.iamzs.top/archives/comparison-among-three-password-managers.html
-->Microsoft Authenticator supports importing passwords from Google Chrome, Firefox, LastPass, Bitwarden, and Roboform. If Microsoft doesn’t currently support your existing password manager, you can manually enter sign-in credentials into our template CSV. To import your existing passwords and manage them in the Authenticator app, just export your passwords from your existing password manager into our comma-separated values (CSV) format. Then, import the exported CSV to Authenticator in our Chrome browser extension or directly into the Authenticator app (Android and iOS).
Import from Google Chrome or Android Smart Lock
You can import your passwords from Google Chrome or Android Smart Lock to Authenticator on either your smartphone or your desktop computer. You can:
Import from Chrome on Android and iOS
Google Chrome users on Android and Apple phones can import their passwords directly from their phone with few simple steps.
Install Authenticator app on your phone and open the Passwords tab.
Sign in to Google Chrome on your phone.
Tap the at the top right for Android phones or at bottom right for iOS devices, and then tap Settings.
Platform Link Android iOS In Settings, open Passwords.
Platform Link Android iOS On Android devices, tap the at the top right for Android phones, or at bottom right for iOS devices, and then tap Export passwords.
Platform Link Android iOS You must provide a PIN, fingerprint, or facial recognition. Confirm your identity and tap Export passwords again to start exporting.
After the passwords are exported, Chrome prompts you to choose which app you're importing into. Select Authenticator to start importing passwords.You’ll be informed about import status when it’s complete.
Platform Link Android iOS
Import from Chrome desktop browser
Before you begin, you must install and sign in to the Microsoft Autofill extension on your Chrome browser.
Open Google Password Manager in any browser. If you haven’t already, sign in to your Google account.
Select the gear icon to open to Password settings page.
Select Export, then on the next page select Export again to start exporting your passwords. Provide your Google password when prompted to confirm your identity. You’ll be informed about import status when it’s complete.
Open the Autofill Chrome Extension and select Settings.
Select Import data to open a dialog. Then, select Choose File to locate and import the CSV file.
Import from Firefox
Firefox allows exporting of passwords from the desktop browser only, so ensure that you have access to the Firefox desktop browser before importing passwords from Firefox.
Sign in to the latest version of Firefox on your desktop and select the menu from the top right of screen.
Select Logins and Passwords.
From the Firefox Lockwise page, select the menu, select Export Logins, and then confirm your intent by selecting Export. You are prompted to identify yourself by entering your PIN, device password or by scanning your fingerprints. Once successfully identified, Firefox exports your passwords in CSV format to the selected location.
You can import your passwords into Authenticator from a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
Transfer the exported CSV file on your Android or iOS phone using a preferred and safe way, and then download it. Next, share the CSV file with Authenticator app to start the import.
Platform Link Android iOS After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
Import from LastPass
LastPass supports export passwords from a desktop browser only, so ensure you have access to a desktop browser before starting to import passwords.
Sign in to the LastPass web site and select Advanced Options, and then select Export.
Identify yourself when prompted by providing your master password. After that, you’ll see the exported passwords on the webpage.
Copy the contents of the webpage.
Open Notepad (or your favorite text editor) and paste the copied content.
Save this notepad file by selecting File > Save as. Provide a name that ends with “.csv” (such as LastPass.csv) at a safe location in your desktop.
You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
Platform Link Android iOS After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
Import from Bitwarden
Bitwarden supports export passwords from a desktop browser only, so ensure you have access to a desktop browser before starting to import passwords.
Sign in into https://vault.bitwarden.com/ and select Tools > Export vault. Choose the file format as CSV, provide your master password, and then select Export vault to start exporting.
You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
Platform Link Android iOS After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
Import from Roboform
Roboform allows exporting of passwords from its desktop app only, so ensure you have access to the Roboform app on a desktop before starting the import.
Start RoboForm from your desktop client and log in to your account.
Select Options from the Roboform menu.
Select Account & Data > Export.
Choose a safe location to save your exported file. Select Logins as the Data type and select the CSV file as the format, and then select Export.
Confirm your intent and the CSV file is then exported to the selected location.
You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
Platform Link Android iOS After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
Import by creating a CSV
If steps to import passwords from your password manager aren't listed in this article, you can create a CSV that you can use to import your passwords into Authenticator. Microsoft recommends that you follow these steps on a desktop for ease of formatting.
On your desktop, download and open our import template. If you are an Apple iPhone, Safari, and Keychain user, you can now skip to step 4.
Export your passwords from your existing password manager in a nonencrypted CSV file.
Copy the relevant columns from your exported CSV to the template CSV and then save.
If you don’t have an exported CSV, you can copy each login from your existing password manager to the template CSV. Don’t remove or change the header row. When you finish, verify the integrity of your data before you begin the next step.
You can import your passwords into Authenticator in a desktop browser or on iOS or Android phones. To import to the Authenticator app on your phone:
Transfer the exported CSV file on your smartphone using a preferred and safe way, and then download it. Then share the CSV file with Authenticator app to start the import.
Platform Link Android iOS After successfully importing your password to Authenticator, delete the CSV file from your desktop or mobile phone.
Troubleshooting steps
Export Firefox Lockwise To Bitwarden
The most common cause of failed imports is incorrect formatting in the CSV file. You can try the following steps to troubleshoot the issue.
Firefox Lockwise Vs Bitwarden
Check this article to see if if we already support importing passwords from your current password manager. If we do, you may want to retry the import by following the steps mentioned for your respective provider.
If we don’t currently support importing the format of your password manager, you could retry by creating your CSV file manually.
You can verify the integrity of CSV data with following suggestions:
First row must contain a header with three columns: url, username, and password.
Each row must contain a value under url and passwords columns.
You can recreate the CSV by pasting your content in the CSV template file.
If nothing else works, please report your issue using the Send Feedback link from Authenticator app settings.