some sysadmin • March 9, 2026 2:55 PM

Different tools for different use-cases. My org self-hosts a vaultwarden instance with account recovery auto-enabled. If our admin accounts were to be compromised, it’d be game over for the whole org. (well, provided our SIEM also failed at alerting us that multiple vault recoveries were taking place in a short amount of time)

As a sysadmin responsible for a 300-ish users network I simply cannot afford to have a password manager that does not have central management and most importantly an account recovery feature in case of forgotten passwords.

Our initial rollout was KeepassXC on test users (30 people) and a fourth of them forgot the master password within 2 weeks. At this point I’m either taking a central vault with potential backdoors or I’m ok with letting users store their passwords in a plain text .docx.

In private though KeepassXC all the way.