Bitwarden Down

3 points by hughes ↗ HN
Can't log in to new browsers or add/modify items where already logged in.

Slow responses eventually resolve to Error 524 from Cloudflare.

Status page: https://status.bitwarden.com

5 comments

[ 3.3 ms ] story [ 25.2 ms ] thread
At moments like this I kinda wish I was running my own vault server!
In my personal experience with self-hosting, don't do it to improve the availability.

Because you can't really match a company with a high availability setup, with a 24/7 experienced on-duty team, and with a very strong incentives to have an up and running service.

You may never have any issues but it's likely that your self-hosted system will fail as well, and not necessarily at a convenient time.

Self-hosting is interesting though, so you should run your own vault server if you think you will enjoy maintaining it.

I still wonder why they make it this way - with the vault relying on online login. I know it's possible to self-host it but after such situation maybe they should consider making vault unlockable in offline mode by default and turning synchronization with their server into an optional feature - at least for those who prefer desktop client.
If you are still logged in, don't try to fix it by logging out. You'll be unable to access any of your passwords.
Sunday morning, around Midnight Mountain time, one of my family's not very well secured vaults was logged in to from an IP address in Bangkok.

I'm wondering if that is related to this issue; I would assume that attempts to login using all the account information in haveibeenpwned databases would cause a lot of traffic and attempts to block it could lead to Cloudflare collateral damage, as well as heavy load on the backend systems.

I had contacted their support (which I'll say was really good a couple years ago when I signed up), and got a pretty lack-luster response. The initial response was along the lines of "Are you sure your account was actually accessed? Did you check the e-mail that was received to make sure it wasn't spoofed? Could it have been a login you forgot you did? Maybe a friend is playing a joke on you?"

I asked them if they had any logs of what actions were taken related to the login (just a login, was the vault accessed or downloaded)? They said they don't keep those sorts of logs for personal accounts.

I've been a supporter of Bitwarden, but lately I've been more dissatisfied and ready to switch to something else. A large part of why I selected them was the audit a number of years ago, and that they had clients for all the platforms I was interested in.

On the fence, I think my account renews in 5 months...