Bitwarden is now my recommended password manager. This free, open source application is a replacement for proprietary password managers like Lastpass and 1Password.
Bitwarden syncs your passwords across multiple devices, and the browser extensions fills in your logins automatically. I’ve been testing Bitwarden for a couple months, and it has worked flawlessly so far.
Previously, I was recommending Lastpass — but this application has become slow, clunky and it now incorporates advertising. I was also recommending Keepass — this was a reasonable alternative but it didn’t sync automatically across devices, and it required PassIFox to fill in logins on Firefox. Bitwarden offers all of this functionality in an open source package.
For security, Bitwarden uses end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
Bitwarden is available on all major platforms (Android, iOS, Mac, Windows, Linux). It has browser extensions for Firefox, Chrome, Brave, Opera, Vivaldi, Microsoft Edge and Tor Browser. This is great selection of browser extensions — Lastpass does not have extensions available for Brave or Vivaldi.
There’s a $10 per year premium Bitwarden service that offers 1 GB of encrypted file storage, 2FA with YubiKey, FIDO U2F, & Duo, TOTP key storage & code generator.
What do you think of Enpass? I know it’s not opensource as Bitwarden is but I like that it’s an offline solution and nothing is saved on their server. From a security perspective, which of all password manager solutions do you think is best?
It looks interesting — but I haven’t test it. Bitwarden is open source and the information is encrypted before it leaves your computer, so from a security standpoint it’s pretty solid. Offline solutions like Enpass might be even more secure, depending on they are implemented. Another example of an offline password manager:
Master Password – Master Password is based on an ingenious password generation algorithm that guarantees your passwords can never be lost. Its passwords aren’t stored: they are generated on-demand from your name, the site and your master password. No syncing, backups or internet access needed.
Regarding the monetisation I just found a comment from the Maker from end 2016, that he/they back then were financed via Microsoft’s Bizspark (www.bizspark.com). I just checked and they now offer “Team” and “Enterprise” accounts: https://bitwarden.com/#organizations.
Could you explain what specifically you don’t like/trust about 1Password?
I was a 1password customer about 7 years ago, I haven’t tested it recently. But here’s what I know:
– Bitwarden is 100% open source, and it’s available GitHub for anyone to review/audit
– 1Password costs between $46 and $60 per year, whereas Bitward is free (or if you need to store encrypted files the premium service costs $10 per year)
– There’s no Linux version of 1Password (except by logging into the website)
– Bitwarden can be self-hosted if desired
Thanks for this great site!
First off, thanks for writing this blog/web presence. I stumbled on it a year or two ago while investigating VPNs. Your advice is typically spot on. Thank you for that.
I’m currently using Lastpass, and pay for a ‘family’ membership, and agree – it has become bloated/slower over time. We’ve also experienced issues getting my wife set up so we can share common data.
I’m curious about BitWarden – it sounds almost too good to be true. A free account (free forever, according to their website), with sharing between 2 users. Do you have any understanding of how they can offer this for free? Perhaps hoping to up sell to the family membership level?
Thanks for the feedback. Since Bitwarden is an open-source project. Typically, these projects monetize by offering support services or hosting. Bitwarden already offers a paid service (that I’m currently testing).