Choosing a password manager can be a headache. You will be using it to store your passwords, notes, and whatnot. As such, you want it to be safe and reliable. LastPass is one of the most popular password managers but it has some flaws. It has been in the news for getting hacked, more than once, and is owned by LogMeIn.
I found an alternative in Bitwarden, an open-source password manager that is quickly gaining traction.
Bitwarden has managed to stay away from controversies and hacks, so far. It is an open-source password manager that offers most features for free.
Let’s see if Bitwarden does a better job, or LastPass is still the better alternative.
1. User Interface
Both LastPass and Bitwarden have a similar layout where a list of passwords is visible in the middle. There is a sidebar on the left where you can jump between different options like notes, passwords, settings, and so on.
LastPass offers a menu to change the display from compact to list or grid view. A minor thing in the grand scheme of things, I guess.
Mobile apps follow suite with an easy to use UI, which lists all your passwords, search bar, and sidebar menu to hop around between notes and other options.
Bitwarden doesn’t allow screenshots on mobile apps but has a similar layout. There is a bottom bar with Vault, Settings, and Generator though.
Overall, both the password managers offer a polished UI with everything easily accessible.
Also on Guiding Tech
2. Managing Vault
Both LastPass and Bitwarden can fill forms and passwords automatically, whether you are using a browser (using extensions) or a mobile app. That makes it easy to sign in without having to remember and type everything every time.
You can create folders for managing passwords on both. That will bring more sanity to your user interface. Imagine having to scroll through hundreds of entries otherwise. There is also a search bar if you know what you are looking for.
You can add a new password manually using the big ‘+’ icon on desktop/mobile. Alternatively, the app will suggest you to remember the login details when you sign in manually the next time. For desktop, you will need browser extensions.
Autofill works for passwords, names, and addresses. Apart from the usual, you can create and add custom fields in Bitwarden, which is a plus for advanced users.
This is probably the most important part when you are comparing password managers. Bitwarden is open-source, which means the code is available to security audits. Bitwarden uses AES-256 encryption to protect your data. It is end-to-end encrypted, which means even they can’t read your data. Plus, they use salted hashing and PBKDF2 SHA-256 hashing function to protect your data.
LastPass follows suit and employs the same security standards we talked about above. The data is encrypted and decrypted on your device, so nobody can read or access it once it leaves the device. Both LastPass and Bitwarden offer 2FA support like email, authenticator apps, FIDO U2F security keys, and Yubico. There is also support for biometric authentication for mobile apps in LastPass and Bitwarden.
Notably, LastPass has its 2FA app for Android and iOS users. While it is good, I believe it isn’t very wise to put all your eggs in a single basket, just in case. LastPass also supports smart card readers for enterprise users.
LastPass will scan your passwords to create a Security Challenge report. This will tell you what’s your password health score is and where you need to change it. I don’t think I am doing very well.
Bitwarden does one better with multiple reports like weak passwords, inactive 2FA where available, passwords that you have reused, and even data breach reports. Phew. Just reading through the list makes me feel secure.
Also on Guiding Tech
4. Emergency Access
LastPass has a unique feature called Emergency Access. You can use that to provide secured access to one of your trusted contacts. In the event something unfortunate happens to you, this trusted contact will be able to access your vault, including all passwords and notes, just once.
When the designated person tries to sign in, there is a waiting period, set by you, where you will be notified that he/she is trying to access the vault. You can then choose to allow or disallow access remotely.
5. Platform and Pricing
Both LastPass and Bitwarden support popular platforms — Windows, macOS, Linux, Android and iOS. Both also extend support to browser extensions for Firefox, Chrome, Edge, and Opera. Bitwarden also includes some lesser-known browsers like Vivaldi, Brave, and TOR to list of supported browsers.
LastPass has a free plan, which is good. For $3/month, you get 1GB encrypted file storage, secured sharing, Yubikey and Sesame 2FA support, and an ad-free vault. Yes, ad-free. LastPass says these ads will be for premium LastPass features only. They also have an enterprise plan where prices begin at $4 per user per month.
Bitwarden also has a free plan but with one additional feature. The ability to self-host it on your server. For $10 per year, you get 1GB encrypted file storage, sharing for two users, 2FA support for Yubikey, and advanced reports. The five user team plan begins at $5 per month, and enterprise plan starts at $3 per month per user.
Pass the Word
I would go with Bitwarden here and for a good reason. LastPass' reputation is working against it. Bitwarden is open-source, offers more compatibility, more features in the free plan, and offers plans that are less costlier than LastPass.
Next up: Looking for more options? Here is an in-depth guide on Dashlane and KeePass to keep you busy.