75
Collaborative project to document AI-contaminated FOSS
(www.theregister.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 Jan 2026
75 points (95.2% liked)
Opensource
4835 readers
126 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 2 years ago
MODERATORS
Ah, damn. Bitwarden has Agents.md. That doesn't really fill me with confidence, and it's the most critical software I use.
I need to update my threat model, I've trusted them quite a lot to the point of using Bitwarden for MFA for less-important services (so it's not really MFA, since both my password and MFA token is in Bitwarden, but it's super convenient), and only had Yubikey for my Bitwarden account, so as long as the app itself isn't compromised I should be good (and Bitwarden has a pretty good track record as far as I know), but if they are going to start vibe-coding their tools then it's probably time to move to a proper MFA.
I've been using Keepass2 (not XC, which also has AI issues) for ages and it still works great for me. It's older, it's ugly, but it runs fine under Linux with a little effort, plugins and all, on mono alone without even requiring wine. I can't assert that it's completely AI free, but it's actively maintained and doesn't show any obvious sign of enshittification yet, AI or otherwise.
If I'm not mistaken, Keepass doesn't have cloud sync, right? That's a pretty important feature for me, and a reason why I went with Bitwarden, even though Keepass is probably better.
Version 2 has some synchronization features. There are also plugins available.
Oh, nice. A sync with ProtonDrive, that looks promising.
I don't trust myself enough to backup my passwords on something self-hosted, but ProtonDrive might actually be reasonable. I'll look into it, thanks!
I'm not sure about "native" cloud sync, but Keepass2 (non-XC) has a very robust and reliable "Synchronize" function, which can be executed manually as needed, or set up with triggers (recommended) to Synchronize the database file with another database file. This is actually the reason I specifically still use Keepass2 and refused to migrate to Keepass-XC despite the nicer interface and better code, because it dropped this functionality.
If that other, synchronized database file happens to be in a cloud somewhere, Keepass2 doesn't know or care, it just makes sure all the entries in it are synchronized with the ones in your open database. It's up to the cloud software to make sure it gets synced to other computers, but that's fine, that's what they're for.
This is what I have used for cloud sync since day 1. It used to be Dropbox. Now I use both NextCloud and Syncthing to keep many copies of my password database scattered around my digital universe.