bitwarden Reviews

A much better choice than Lastpass, but not the best choice overall

about bitwarden and 1Password, KeePassXC, LastPass · · Helpful Not helpful 14 Helpful Report as spam

Password managers are essential and come in many different shapes and sizes. The best advice is to go with something that is open source, which the "big players" like LastPass, 1Password and Dashlane aren't. Open source software ensures a higher level of trust, and enables security flaws to be found much more quickly.

The Good:

BitWarden is open source, which is good for security and trustworthiness. However, like its closed-source competitors mentioned above, it syncs an encrypted version of your password library to a central server, so that your logins are available wherever you are. All you have to do is install a browser plugin or phone app. Additionally, it offers 2-factor authentication via mobile. One of the major advantages over BitWarden is that it encrypts your URLs (web addresses) whereas Lastpass does not (and I think 1Passwords doesn't either). This means they can read which websites you have accounts with, how often you visit them, and that means this data can be subpoenad and used to profile you, which would be a violation of your privacy.

The Bad.

Bitwarden does not give you access to your passwords if you don't have an internet connection active. That's bad news because if you store data there that might be of use even in an offline situation, you can't get to it. BitWarden is also based in Florida, which puts it under US legal jurisdiction, which is far from ideal. Although it's open source, the data - in it's unreadable, encrypted format - is stored on Microsoft's servers. That probably means the servers are well managed and secure, but if the data was asked for by federal agencies under National Security Letter or FISA laws, they would probably hand it over and tell you nothing about it. It would be encrypted, but they would still have a copy for future use if they wanted. The fact that Bitwarden (and Lastpass, etc) store your data on a central server (whoever it belongs to), means there is a high-value target servers somewhere for hackers to try to breach. This has been LastPass's perennial problem, and in the case of OneLogin, another related servers, an attack seems recently to have succeeded. Finally, Bitwarden is a young project and does not enable you to store other types of data than passwords (e.g. notes, credit card numbers) with the same ease as other projects.

My advice

Use a local database that you sync yourself (e.g. KeePassXC, which works with browser plugins on Windows, Mac and Linux). If you absolutely need something that syncs for you, go with Bitwarden (although there are others, like Encryptr, which are simpler and also open source). Avoid LastPass and 1Password like the plague. They will make your passwords more secure only up to a point, and your internet habits much less private.

Summary

KeepassXC (OSS, local) > BitWarden (OSS, synced) = Encryptr (OSS, synced) > Enpass (closed, local) >>> Lastpass = 1Password = Dashlane (closed, synced)


2017-06-25 update: I have been testing BitWarden for the past couple of weeks. I am impressed by how much of the functionality of LastPass it can offer for such a young project. The developer is also responsive and has fixed a GUI bug I reported. He predicts addtitional features in the summer of 2017, including Yubikey for paying customers (same price as LastPass: $1/month). I would like to see Bitcoin as a payment option, but about this he says he is undecided.

please update your review regarding the selfhostoption on bitwarden.

Reply
about bitwarden · · Helpful Not helpful Report as spam

I have premium accounts on both. "Which one is more trustworthy?" Lastpass is the most popular, and LogMeIn is behind it, which as a well established company, they care about their reputation and customers, so they won't try to take away your trust.

Bitwarden is a new company, made by one guy. The big difference is that Bitwarden is Open Source, so anyone can check and audit the code. Not only that, you can take such software and implement it on your local server at not cost. Since they're a new company, they also don't want to loss your trust, they depend on their initial customer base.

Both have my trust. I believe both try their best to keep my data safe. But if you're talking about security issues, I think Bitwarden is better. I know for sure that Lastpass devs are either lazy or don't have enough resources to update their software. The plugins feel outdated, they're slow, and they have a lot of bugs. As you mention, they already had some security problems. I think it has to be expected, because the popularity of the platform. Also consider that these vulnerabilities, while allowed hackers to get data from lastpass accounts, they couldn't do much with it, because the data was encrypted.

Bitwarden, in the other hand, is Open Source, so anyone can check for bugs, report them, and the development is more transparent. The developer seems to be more active, and the software feels faster, well made, and stable.

So, my bet is for Bitwarden. Give it a try, the premium features are nice (like getting two-factor-authentication directly on your Bitwarden plugin) and is cheaper.

Source : https://www.reddit.com/r/Android/comments/7mex7b/lastpass_android_authenticator_app_is_not_secure/

Reply
about bitwarden · · Helpful Not helpful Report as spam

Great open-source alternative, especially with bitwarden-ruby for self-hosting.

Reply
about bitwarden · · Helpful Not helpful Report as spam

It's open-source (unlike LastPass) and offers better UX than KeePass.

Reply