I've got hundreds of accounts and passwords, and I need a good password manager with good integration with my web browsers. My brain would explode if I had to remember all the individual accounts and password details I need to login in to every week.
I've been using LastPass despite never having liked or fully trusted them. Then LastPass began stripping away platform support and I started looking for an alternate password manager. Sound studio 4 9 5 0.
- Other free and paid options worth considering. Both LastPass and 1Password are solid, affordable.
- Import your data into Bitwarden. Go to the Bitwarden web vault and log in.; Navigate to Tools → Import Data.; Select LastPass (csv) as the file format and paste the CSV content into the textbox that you copied to your clipboard in step 4 above. Click into the textbox with your mouse, then right click with your mouse and select Paste.; Click the Import Data button.
Bitwarden vs LastPass in terms of security. Security is probably the most important feature of a password manager. Thankfully, both the Bitwarden and the LastPass are renown managers in terms of security. Bitwarden uses end-to-end encryption. That means that even the manager itself is not capable of reading your personal data.
I'll go through a few points that I feel were important to me when deciding on a password manager, and compare how Bitwarden vs LastPass lives up to my expectations.
Platform availability
Bitwarden and LastPass both offer free hosted password management services with clients available for multiple popular platforms.
LastPass have been pretty good about being available in every web browser and on every platform. However, they left the LastPass extension for Firefox for Android to rot for over a year before abandoning it. They were slow to migrate their extension to WebExtensions, the new Chromium-inspired extension API used since Firefox Quantum. They've also got a long history of shipping outdated versions of their extensions to Firefox users over several years.
In my experience, the LastPass extension for Firefox has been only getting more and more buggy with time. My browser of choice, Firefox, clearly haven't been a priority for LastPass.
Bitwarden have desktop apps for Linux, macOS, and Windows; as well as mobile apps for Android and iOS and browser extensions for just about all web browsers — including the underdogs like Vivaldi and Brave with their tiny marketshares. Bitwarden is everywhere I am and everywhere I can foresee finding myself — whereas LastPass suggest you switch your browser to continue using their service.
LastPass' toolbar icon in my browsers used a glaring red color; a color normally reserved to indicate that something is broken or requires your attention. Bitwarden's calm blue icon is less alarming and I subjectively strongly prefer it over LastPass' icon. I've also found that Bitwarden displays error messages in situations were LastPass would just silently fail to perform the requested operation.
Open-source and self-hosting
LastPass is a proprietary software and service. You've to rely on their infrastructure and will to continue operating the service without interference.
Bitwarden on the other hand is open-source from top to bottom. Their apps, extension, and online services are all open-source. If Bitwarden.com where to announce they were shutting down tomorrow, you could grab the source from their servers and host it yourself to ensure continued service.
Self-hosted instances of Bitwarden isn't an after-thought either as the company behind it considered self-hosting a 'first-class feature'. I've yet to dig into this in more detail, but I expect that I'll look into hosting it for myself with time.
As a developer, I also value the ability to inspect their code and suggest changes when I encounter bugs. I haven't ran into anything that have needed my attention in Bitwarden, but I like knowing that I've the option to fix it myself. I've submitted quite a few concrete bugs and even suggested patches to LastPass through their support form, but they've always preferred to leave the bug unresolved in their browser extensions for years instead.
Security
I don't have the time nor ability to evaluate exactly how secure or insecure any password manager is compared to another. However, I've noted a few things of interest.
There hasn't been a full independent security review of Bitwarden yet. The code is open and anyone can look at it, and hopefully it will be 'the good guys' who'll find any potential security vulnerabilities and report the issues to Bitwarden. Macaw 1 5 15. The probability of that happening is much greater than with a proprietary product; seeing how everyone has access to Bitwarden's source code.
I was positively surprised to learn that Bitwarden's browser extension doesn't auto-fill login information on pages as soon as they've loaded. The user has to interact with the extension to cause it to fill in stored usernames and passwords.
While this is a slight inconvenience, it also effectively stops auto-fill theft as some advertisement networks were caught doing in . This issue has been known to browser vendors for over a decade already, yet the built-in password manager in most web browsers and most third-party password managers have all ignored it.
I've also got some concerns regarding Bitwarden's use of third-party script resources which I'll go into greater detail in the next section.
Security concerns over third-party resources
In my opinion, no external resources should be loaded from any third-party domains inside a high-risk high-security environment like a password manager.
LastPass hosts everything under their own domains and thereby can ensure that as long as they've control over their servers, they maintain control over everything that loads inside the password manager.
Update (): The rest of the information in this section is outdated. Please see the 3-months with Bitwarden update for newer information.
Bitwarden loads scripts and styles from Bootstrap CDN as well as Google Fonts and Google Hosted Libraries. These resources are loaded with Subresource Integrity enforcement, meaning that modern browsers will refuse to load them if the external resource don't match a predetermined checksum. In other words, Bitwarden have a fairly good confidence that they don't load anything malicious or unexpected by including these remotely hosted resources.
However, Bitwarden also loads JavaScript from the two payment service providers Braintree (PayPal) and Stripe, as well as Google Analytics and the two-factor login services provider Duo Security. All these third parties are included when you login to the web vault, and are loaded without Subresource Integrity enforcement. Subresource Integrity enforcement isn't supported by these third-party vendors.
Including any third-party content is a potential avenue for malicious actors to get in to the password vault. I can't see any strong reason why any of these companies should be able to execute code inside the password vault. They're all well-established service providers and it's not very likely that they'll loose control over their domains. However, it's an unnecessary risk factor and frankly their inclusion also seems entirely unnecessary.
Third-party analytics
The Bitwarden mobile apps, desktop apps, extensions, and web vault all integrate Google Analytis for tracking behavioral data from users. Users can opt-out by disabling the Analytics option by going to Settings: Other: Options.
Update (): Bitwarden no longer includes Google Analytics scripts directly. Please see the 3-months with Bitwarden update for newer information.
This is another example of an unconstrained third-party script that don't belong in a secure environment such as a password manager. Users should opt-in to tracking in this instance rather than having to opt-out.
It's not enough to opt-out once in the web vault or in one of the apps or extensions. Users have to opt-out again in every client they use as the opt-out preference isn't being synchronized between clients.
I completely understand the need and desire for tracking some behavioral analytics. However, what is good enough for a normal website isn't necessarily good enough for a security critical environment like a password manager. In my opinion, there's no good reason for using Google Analytics — or any third-party analytics — in the way Bitwarden uncritically uses it.
Data portability
Bitwarden and LastPass can export and import password, secure notes, and other secure notes to a comma-separated value (CSV) format with headers denoting each value. Many password managers support importing from CSV files, but some manual shuffling of the data columns may be required (as with anything else that use CSV in lieu of a formally standardized interchange format).
Bitwarden being the underdog, can import data from LastPass. However, if you want to go the other way around, you'll need to reformat the CSV export file for LastPass to accept it. CSVs are easy enough to work with, and the important point to note is that all data appears to be present when exporting from both password managers.
LastPass incorrectly encoded a few (but not all) UTF-8 characters when I exported data to be imported in Bitwarden. I'd to manually correct these in the comma-separated export format before Bitwarden could import the file. (This is a bug in LastPass and not Bitwarden.) Having just run into an export issue, I also tested and made sure that Bitwarden didn't do the same mistake when exporting.
Both Bitwarden and LastPass can store other types of information including secure notes and credit card information. These types of data are also part of the password database dump.
Conclusions
I choose to use Bitwarden over LastPass despite being more skeptical about their security practices when it comes to inclusion of third-party executable scripts inside the password manager. I hope we'll see Bitwarden make changes to limit the number of possible attack vectors in the future.
Bitwarden doesn't have a proven record of maintaining strict operational security for a decade like LastPass. However, my personal values, beliefs, and preferences lean heavily towards Bitwarden over LastPass as an optionally self-hosted open-source application with clients for every platform.
I've no strong reason to trust LastPass over Bitwarden. I find that I like Denied 1 4 1. using Bitwarden whereas I never liked using LastPass. Bitwarden seemed to me like the best LastPass alternative out there.
If you require absolute security, you should probably stick with LastPass as they've get a decade of experience in offering hosted password management services. You could opt to self-host Bitwarden in an environment that isn't exposed to the internet as an alternative. However, for most folks — the current level of security offered by Bitwarden is probably good enough. Hopefully, we'll see Bitwarden undergo a full security audit soon.
Update (): German security agency Cure53 have now completed an independent security audit of Bitwarden. All noted issues have been patched.
Password safes are maybe one of the most important tools these days when it comes to security in our online life. I use them every day, multiple times and already wrote about it here. You can go for my KeePass article or the LastPass article of my co-author Alex.
All in all, I want to compare these password safes now in a few fields like UX, official support, security, pricing, and licensing.
LastPass
LastPass is maybe the most popular password safe in the world and very good in their marketing. They provide a modern UI and have clients for all major platforms including modern browsers as well as a desktop and a CLI application.
UX
From a UX perspective, LastPass is for sure the most user-friendly service in this comparison. The modern design allows very intuitive usage and since they provide clients for all browsers as well as your smartphone, you can also easily integrate it, in your daily web workflow.
Official support
Since LastPass provides ready to use clients for all kind of platforms it also supports them officially, which means people don't have to trust another 3rd party tool.
But they also provide an API so 3rd party tools can be written, which makes it nice to integrate LastPass with own applications.
Security
When it comes to security LastPass becomes a bit difficult. There were multiple security flaws in LastPass that were published in the past few months. They are fixed now (as far as I know), but there was one, based on the previous, so the security work is maybe not perfect. On the other hand, they fixed these issues very fast.
Anyway, they provide bug bounty for security flaws which help to improve the security of the program and makes it less attractive to abuse security problems.
Last but not least, many people have concerns with storing their passwords in a cloud. Right now, LastPass doesn't support a local use only and the only way to sync passwords is to use their cloud service.
Pricing
LastPass provides a free as well as a paid version of their service. The paid service costs $2 per month, which means $24 for a year. That's pretty cheap and allows you to access additional security features as well as the usage of the desktop client with native fill-in to desktop applications.
I personally used it without a paid subscription. The free version was okay, for me.
There are additional plans for business use-cases and organizations.
License
As a FOSS person the license is important to me and here LastPass is a disappointment because it's totally proprietary. The servers as well as clients.
The only client project they provide under a free license is the lastpass-cli
and it's published under GPL-2.0.
Rating
UX: ✱✱✱✱✱
Official support: ✱✱✱✱✱
Security: ✱✱✱
Pricing: ✱✱✱
License: ✱
Bitwarden
Bitwarden is an awesome project as password safe. It works similar to LastPass but is 100% FOSS. Clients, as well as servers, are provided under GPL or AGPL and it provides a modern UI.
UX
From a UX perspective, Bitwarden is very intuitive for non-tech users. They also provide very understandable help section on their website which allowed me to migrate from LastPass to Bitwarden in less than 5 minutes.
But they are still a young company with a lot of products, which sometimes let you run in a dead end. So it's already easy to use, but some places still need work.
Official support
Right now, Bitwarden provides a web-extension for all major browsers including the tor browser. They also provide a mobile app and web access to your vault on their web page as an in-browser app.
A native desktop application as well as and CLI version are planned but not finished yet.
Security
Here it comes to a problem.
As well as LastPass, Bitwarden only supports storing your passwords in a cloud. Of course, they are encrypted with your master password and they also allow 2 factor-authentication, but I couldn't find any security audit of their backend.
The good news is: Their backend is open-source as well, so you can host and audit it yourself.
So this is now a question of trust. If you are interested in this topic you can easily follow the GitHub issue about it.
Update 2018-11-12:There is now a security audit along with a blog article about it.
Bitwarden Vs Lastpass 2020
Pricing
For private people, Bitwarden provides two plans. The free plan is the default plan and includes all basic features. It's comparable to LastPass free plan, but without ads and you can use all applications including the upcoming desktop application.
The premium plan only costs $10 a year and is way cheaper than LastPass. It provides additional features like extended 2FA features for login to your password safe, 1GB storage and priority support.
As well as in case of LastPass I stayed with the free plan.
There are additional plans for business use-cases and organizations.
License
From the licensing perspective, I love Bitwarden.
Their entire applications are provided under a free license: GPL-3.0 or AGPL-3.0. Tuneskit apple music converter 1 2 5 download free.
But there are some features require a premium license to use. I'm not sure how this works, but and how this impacts the AGPL but if you want to follow the GitHub issue you'll probably learn it.
Rating
UX: ✱✱✱✱
Official support: ✱✱✱✱
Security: ✱
Pricing: ✱✱✱✱
License: ✱✱✱
Update 2018-11-12:The security rating is definitely no more correct. I would tend to put it to 4-5 stars from today on. Please notice that due to the nature of the article, I'm not about to change the rating, since this would require me to rework the whole thing for each password manager.
KeePass
KeePass! The first password safe I used and very popular from the old times. It's basically completely offline and designed as own application. It provides rock solid and proven security and has a standardized file format called .kdbx
.
It's provided for all major Linux distributions as well as Windows and MacOS.
UX
From a UX perspective, KeePass is very old school. It looks like a Windows XP application, but once you created your password file it's very straightforward. You create a new entry, get a pre-generated password and simply add the details you need to identify the password later. You can also add a web address or similar, where you want to use the password. Once you did that, you press save and it's done.
It's not enough to opt-out once in the web vault or in one of the apps or extensions. Users have to opt-out again in every client they use as the opt-out preference isn't being synchronized between clients.
I completely understand the need and desire for tracking some behavioral analytics. However, what is good enough for a normal website isn't necessarily good enough for a security critical environment like a password manager. In my opinion, there's no good reason for using Google Analytics — or any third-party analytics — in the way Bitwarden uncritically uses it.
Data portability
Bitwarden and LastPass can export and import password, secure notes, and other secure notes to a comma-separated value (CSV) format with headers denoting each value. Many password managers support importing from CSV files, but some manual shuffling of the data columns may be required (as with anything else that use CSV in lieu of a formally standardized interchange format).
Bitwarden being the underdog, can import data from LastPass. However, if you want to go the other way around, you'll need to reformat the CSV export file for LastPass to accept it. CSVs are easy enough to work with, and the important point to note is that all data appears to be present when exporting from both password managers.
LastPass incorrectly encoded a few (but not all) UTF-8 characters when I exported data to be imported in Bitwarden. I'd to manually correct these in the comma-separated export format before Bitwarden could import the file. (This is a bug in LastPass and not Bitwarden.) Having just run into an export issue, I also tested and made sure that Bitwarden didn't do the same mistake when exporting.
Both Bitwarden and LastPass can store other types of information including secure notes and credit card information. These types of data are also part of the password database dump.
Conclusions
I choose to use Bitwarden over LastPass despite being more skeptical about their security practices when it comes to inclusion of third-party executable scripts inside the password manager. I hope we'll see Bitwarden make changes to limit the number of possible attack vectors in the future.
Bitwarden doesn't have a proven record of maintaining strict operational security for a decade like LastPass. However, my personal values, beliefs, and preferences lean heavily towards Bitwarden over LastPass as an optionally self-hosted open-source application with clients for every platform.
I've no strong reason to trust LastPass over Bitwarden. I find that I like Denied 1 4 1. using Bitwarden whereas I never liked using LastPass. Bitwarden seemed to me like the best LastPass alternative out there.
If you require absolute security, you should probably stick with LastPass as they've get a decade of experience in offering hosted password management services. You could opt to self-host Bitwarden in an environment that isn't exposed to the internet as an alternative. However, for most folks — the current level of security offered by Bitwarden is probably good enough. Hopefully, we'll see Bitwarden undergo a full security audit soon.
Update (): German security agency Cure53 have now completed an independent security audit of Bitwarden. All noted issues have been patched.
Password safes are maybe one of the most important tools these days when it comes to security in our online life. I use them every day, multiple times and already wrote about it here. You can go for my KeePass article or the LastPass article of my co-author Alex.
All in all, I want to compare these password safes now in a few fields like UX, official support, security, pricing, and licensing.
LastPass
LastPass is maybe the most popular password safe in the world and very good in their marketing. They provide a modern UI and have clients for all major platforms including modern browsers as well as a desktop and a CLI application.
UX
From a UX perspective, LastPass is for sure the most user-friendly service in this comparison. The modern design allows very intuitive usage and since they provide clients for all browsers as well as your smartphone, you can also easily integrate it, in your daily web workflow.
Official support
Since LastPass provides ready to use clients for all kind of platforms it also supports them officially, which means people don't have to trust another 3rd party tool.
But they also provide an API so 3rd party tools can be written, which makes it nice to integrate LastPass with own applications.
Security
When it comes to security LastPass becomes a bit difficult. There were multiple security flaws in LastPass that were published in the past few months. They are fixed now (as far as I know), but there was one, based on the previous, so the security work is maybe not perfect. On the other hand, they fixed these issues very fast.
Anyway, they provide bug bounty for security flaws which help to improve the security of the program and makes it less attractive to abuse security problems.
Last but not least, many people have concerns with storing their passwords in a cloud. Right now, LastPass doesn't support a local use only and the only way to sync passwords is to use their cloud service.
Pricing
LastPass provides a free as well as a paid version of their service. The paid service costs $2 per month, which means $24 for a year. That's pretty cheap and allows you to access additional security features as well as the usage of the desktop client with native fill-in to desktop applications.
I personally used it without a paid subscription. The free version was okay, for me.
There are additional plans for business use-cases and organizations.
License
As a FOSS person the license is important to me and here LastPass is a disappointment because it's totally proprietary. The servers as well as clients.
The only client project they provide under a free license is the lastpass-cli
and it's published under GPL-2.0.
Rating
UX: ✱✱✱✱✱
Official support: ✱✱✱✱✱
Security: ✱✱✱
Pricing: ✱✱✱
License: ✱
Bitwarden
Bitwarden is an awesome project as password safe. It works similar to LastPass but is 100% FOSS. Clients, as well as servers, are provided under GPL or AGPL and it provides a modern UI.
UX
From a UX perspective, Bitwarden is very intuitive for non-tech users. They also provide very understandable help section on their website which allowed me to migrate from LastPass to Bitwarden in less than 5 minutes.
But they are still a young company with a lot of products, which sometimes let you run in a dead end. So it's already easy to use, but some places still need work.
Official support
Right now, Bitwarden provides a web-extension for all major browsers including the tor browser. They also provide a mobile app and web access to your vault on their web page as an in-browser app.
A native desktop application as well as and CLI version are planned but not finished yet.
Security
Here it comes to a problem.
As well as LastPass, Bitwarden only supports storing your passwords in a cloud. Of course, they are encrypted with your master password and they also allow 2 factor-authentication, but I couldn't find any security audit of their backend.
The good news is: Their backend is open-source as well, so you can host and audit it yourself.
So this is now a question of trust. If you are interested in this topic you can easily follow the GitHub issue about it.
Update 2018-11-12:There is now a security audit along with a blog article about it.
Bitwarden Vs Lastpass 2020
Pricing
For private people, Bitwarden provides two plans. The free plan is the default plan and includes all basic features. It's comparable to LastPass free plan, but without ads and you can use all applications including the upcoming desktop application.
The premium plan only costs $10 a year and is way cheaper than LastPass. It provides additional features like extended 2FA features for login to your password safe, 1GB storage and priority support.
As well as in case of LastPass I stayed with the free plan.
There are additional plans for business use-cases and organizations.
License
From the licensing perspective, I love Bitwarden.
Their entire applications are provided under a free license: GPL-3.0 or AGPL-3.0. Tuneskit apple music converter 1 2 5 download free.
But there are some features require a premium license to use. I'm not sure how this works, but and how this impacts the AGPL but if you want to follow the GitHub issue you'll probably learn it.
Rating
UX: ✱✱✱✱
Official support: ✱✱✱✱
Security: ✱
Pricing: ✱✱✱✱
License: ✱✱✱
Update 2018-11-12:The security rating is definitely no more correct. I would tend to put it to 4-5 stars from today on. Please notice that due to the nature of the article, I'm not about to change the rating, since this would require me to rework the whole thing for each password manager.
KeePass
KeePass! The first password safe I used and very popular from the old times. It's basically completely offline and designed as own application. It provides rock solid and proven security and has a standardized file format called .kdbx
.
It's provided for all major Linux distributions as well as Windows and MacOS.
UX
From a UX perspective, KeePass is very old school. It looks like a Windows XP application, but once you created your password file it's very straightforward. You create a new entry, get a pre-generated password and simply add the details you need to identify the password later. You can also add a web address or similar, where you want to use the password. Once you did that, you press save and it's done.
KeePass is very extensible as I already mentioned in my previous article. When you use plugins it becomes a bit difficult. You need to install them into the right location and since they are all 3rd-party you have to trust the authors or check them yourself.
Official support
KeePass provides an awesome collection of plugins on their web page, but you have to keep in mind, they are all no officially supported. If they work, fine, if not, well, not a KeePass problem. http://scccsu.xtgem.com/Blog/__xtblog_entry/19088984-macbook-a1181-os-x-yosemite#xt_blog.
But what KeePass provides by default is an auto-fill into the most application by simply send the key presses to the application.
When it comes to supported platforms, they list various Linux distributions as well as Windows and MacOS. But of course, since .NET is built by Microsoft the best experience for KeePass appears on Windows.
Since the KeePass file format is standardized there are various alternative applications that can read and write .kdbx
files
Security
When it comes to security, KeePass is one of the most secure applications in this comparison. It doesn't use any cloud by default and allows you to encrypt your password with a master-password and a cryptographic key file. This way even when your password database is stolen, it's way more secure than the usual master-password-only setup, that LastPass and Bitwarden provide where the second factor is only used to prevent access the database on their server.
You can place this key file on an USB device and carry it with you around so even when your notebook is stolen your passwords are safe.
Pricing
KeePass is free. And since it's a local program only, there is neither a cloud version nor premium feature.
But of course, they love donations: https://keepass.info/donate.html
License
KeePass is a wonderful free & open source software. 100% GPL-2
Rating
UX: ✱✱✱
Official support: ✱✱✱
Security: ✱✱✱✱✱
Pricing: ✱✱✱✱✱
License: ✱✱✱✱✱
Pass - The password store
Pass is a command line-based password safe that manages all your passwords in a git repository encrypted with your GPG key.
So if you are familiar with both technologies, it's a perfect solution.
UX
Since pass is a command line utility, it's not very perfect for non-tech people that jump out of windows when a black box with white letters appears on their screen.
But for those who are familiar with git
, it's super easy to use. pass generate
generates a password, encrypts it with your GPG key, stores, and commits it to the repository in one step. As identifier, it's recommended to use a webpage.tld/username
-scheme but that's it.
It also allows you to store normal files in it. Simply use the -m
flag. This as well as, when you edit your password, will open your default editor (in my case vim
) with the file content and let you insert all you need.
And since it uses git as data store, you can simply move your passwords around as any other git repository. For example, I use a private GitHub repository as my personal password cloud storage.
Official support
Pass is a command line tool only. So it's feature setup is also only around the CLI. But everyone who uses the command line on a daily basis knows the power of UNIX. And that's why there exist a lot of other tools that simply use the output and pass it to your target application. A browser, another CLI tool, even Ansible has a wonderful integration for pass
.
Security
When it comes to security it's as secure as gpg
and git
. Both are very well known and used programs and proven to be secure.
And since it encrypts every password like this, using asymmetric encryption, it's maybe even more secure than KeePass with a key file.
Pricing
It's free. No premium features, no cloud storage.
Bitwarden Vs Lastpass Reddit
License
It's free and open source software. Licensed under GPL-2.0+.
Rating
Batman vs superman games free download. UX: ✱✱
Official support: ✱✱
Security: ✱✱✱✱✱
Pricing: ✱✱✱✱✱
License: ✱✱✱✱✱
Conclusion
All in all, all password safes are usable. LastPass and Bitwarden are very easy to use and something I would suggest to my parents. While KeePass is a bit more difficult to use and of course, they don't provide an official plugin for browsers.
Pass itself is not very perfect for people who don't like CLIs. But there are various 3rd-party GUIs and nice integrations made by the active community. So maybe they are better for you.
I use and used all password safes for a while. I switched from LastPass to Bitwarden for my typical browser passwords, because I like the fact that they are Open Source. I use KeePass for my very sensitive passwords and recovery keys and pass for everything I deploy with Ansible. So there are many different use cases out there.
Which password safe is the perfect for you? That is a question you have to answer yourself. But if you decide which one it is, let me know in the comment section.
Keep your passwords safe!
Update 2018-11-12:Please notice the updates to Bitwarden are not put into account for the conclusion, since I'm not about to rework the entire article. Cookie 4 1 – protect your online privacy.