LastPass has been bad news seven times during the period I have been a customer of theirs and the most recent one brought me to switch to Bitwarden.
But it was not only the news of intrusions and shortcomings, but also a little of how the company LastPass did not develop its product that contributed to the switch. I have not yet deleted my account with them. If you look a bit at the company history (LastPass and GoTo) on Wikipedia (which I usually do) you see the usual takeover and name change culture you often see within Tech companies. As well as, of course, information about LastPass’s known incidents.
I should add that I do not seriously believe that my database of passwords and logins is locally stored with any cracker and is in danger of being brute force hacked. But I cannot know.
Below I have a paid license for LastPass and compare some issues relevant to me, with Bitwarden’s free version.
Why am I leaving LastPass?
- The incidents, of course.
- Aging interface.
- Lack of functionality. Two items in particular;
- Did not work so well on Android Smartphone, you often must switch back and forth at some point before LastPass grasps that there is a password box to fill in.
- Did not pass passwords in browsers that generated a pop-up in the browser.
Why did I choose Bitwarden?
Being a member of the Sweclockers.com community I read some reviews and comments about Bitwarden. I think that some people’s reasoning around Zero-Trust and free source code is relevant and convincing. At least to 90%. You get to choose something, and I did it. There are a few programs to choose from, after all.
Any issues with Bitwarden, the free version?
You must go into the menu more often to select an account when using it. You can choose to enable AutoFill, but it is still an “experimental feature” although it is a feature that is important and should be essential to the basic functionality. Still works better than LastPass, compared with my two problem examples above, in Smartphone and Browser Pop-Ups.
I have not had to read up a lot, the interface feels intuitive and self-explanatory in most cases. Especially if, like me, you have been using a password manager for many years. Of course it works in a different way than LastPass.
A bit of fun is that you can choose to have the app on your own server, but then you must of course arrange the entire chain out on the Internet if you want to use it outside the home / office / work.
– – –
I shall continue with Bitwarden and will upgrade to Premium. Just being able to run TOTP in the same app (we will see how it works, using MS Auth now) as well as having a bit of an eye on the “user breach data report” will be worth it.
It should also be emphasized that I have not tried others, such as Dashlane or Roboform which I know are also popular. What I can see is that LastPass is by far the one with the most published security-related incidents, if Wikipedia is to be believed.
Added march 15