When it comes to online security, one of the best things you can do to protect yourself is to use a password manager. Password managers make it easy to avoid reusing passwords across websites, while also generating cryptographically secure passwords that you can use online. They can also be greatly convenient, with support for auto-filling on all of your devices.
Of course, syncing your passwords is completely safe. Your data is stored in a way that only you can decrypt your password vault, but you can also host your own password manager on your NAS if you feel more comfortable with it. There are a few reasons you might want to do that, so long as you're tech-savvy enough to keep it secure.
4 You have full control over your data
You choose what happens to it
This is the main point most people will think of when it comes to self-hosting a password manager. You don't have it in the back of your mind that all of your most important passwords are on some server somewhere. You know exactly where they are, how they're secured, and how they can be retrieved.
That has its own disadvantages too, as all of the responsibility of protecting the data falls solely on you. That also means making sure you have sufficient backups, which in itself can be difficult to get right. You're the complete owner of your data, which carries a lot of good and a lot of bad with it.
To the credit of most of the popular password managers, the major players in the space have robust data protection practices. Bitwarden regularly conducts third-party security audits, as does 1Password. In the event that you self-host your own password manager, you'll need to ensure that your security is up to scratch at all times.
3 Customizable security
You build it from the ground up
When it comes to self-hosting your own password manager, you can customize your security in any way that you want. That includes hosting your own firewall, making it only accessible to a local internet connection, or requiring a reverse proxy or VPN to connect to it. Those may obviously be inconvenient to some extent, but someone who self-hosts their own password manager and is committed to it likely already has many of those systems in place.
Self-hosting it gives you a lot of options in figuring out ways to protect your data, which can both be a learning experience and can give you peace of mind that what you've set up is the right system for the job. Passwords can be incredibly valuable depending on the service that they protect, so you'll need to go above and beyond for a project like this.
When done right, the security setup that you can build will probably be the best that it any password manager can be, so long as you also keep up to date on security updates and other important changes. It might not be the most convenient, but a server kept on a local network that you manage and monitor will be much easier to protect than a cloud-based password manager that could, in theory, be found to have made poor choices in how it protected its infrastructure.
2 Open-source solutions can be better
Though not always
When self-hosting something like Vaultwarden, you can trust that the code is publicly available and likely to have been audited by many others. Given that popular projects typically have dedicated maintainers, there's usually someone (or multiple someones) in the chain that looks over code that gets committed before it's accepted.
With that said, there have been times when code has been found lurking in open-source projects that slipped under the radar for a long time. One of the most egregious and worrying examples happened in the Linux community, arguably the poster child of what open-source development can do. Code was committed to the XZ Utils library in February of last year after a maintainer spent years gaining the trust of its developers. It took a month for software developer Andres Freund to discover it. He said it “really required a lot of coincidences,” to find it, when he posted about it on Mastodon.
As a result, open-source software isn't always the security bastion that it might appear to be, but it can at least make it significantly harder for malicious code to seep in and go unchecked. Because of the open-source nature of it too, you can even modify it yourself if you wish to add new features or change things up in how it works. It doesn't have to just be used out of the box, though that obviously takes significantly more effort to do than just self-hosting an already robust piece of software.
1 It's completely scalable
From your home to a business
When you self-host something like Vaultwarden, you decide who has access and how it's accessed. In fact, it's quite common for businesses to roll out Bitwarden instances supporting potentially hundreds of employees. You'll need to pay for a license to have more than 10 users even on your self-hosted instance, but the point is that you can decide how it works and who can use it.
There are a lot of options for scaling a password manager to a family, a small business, or a full organization. When you self-host it, you're in control, meaning that there's a lot more flexibility. For example, local access can be crucial, with many businesses opting to put it behind a VPN.