What makes Bitwarden better than something like LastPass?

At a glance, I don’t see how Bitwarden is better in terms of privacy or security compared to something like LastPass. What makes it so much better?

1 Like

Well there are a few reasons.
First of all, Bitwarden is open source, which means that anyone can easily verify to see if their code does what they claim it does. While open source doesn’t mean its secure, it does give you an edge transparency wise. Bitwarden also allows you to self host it if you want, so you won’t need to trust the bitwarden servers.

While I heavily recommend Bitwarden, I do have to say that if you already correctly use a proper password manager, then your already miles better off then most people. Using Bitwarden would just be the cherry on top. Maybe @infosechandbook has something to add?

I use Keepass, I was just wondering because most my family members (who use a PM at all) use LastPass, and PTIO specifically says

If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here.

because its open source, free, can host it on your own, can even use it online without the app and end to end encrypted (and i trust them about that, why? because they are open source) so in summery bitwarden is better in trust due its open source

For reference, this are some of the password managers classified by proprietary and open source code:

As @blacklight447 mentioned, you get more transparency when using an open-source password manager (or open-source software in general). However, this doesn’t mean that something is more or less secure.

In the case of Bitwarden, there are some possibilities for tech-savvy users to self-host the server. In general, we (ISH) don’t recommend self-hosting for non-technical people as this introduces lots of risks that most “you can easily self-host everything” people forget.

KeePass 2 or KeePassXC are also famous password managers. However, (as always) it depends on your use cases and threat model what is “best” for you or your family members.

For instance, if you only need your password database on a single device, KeePass can be a sufficient solution. However, if you need a non-technical possibility to synchronize your password database with several devices, then KeePass isn’t good anymore.

Well I use XC on desktop and DX on my phone so I just said “KeePass”

I usually just add stuff on my PC then update mobile over USB every once in a while, if I need an account that I haven’t added yet. It’d be nice to have cloud sync, but I’m fine without it

I usually just add stuff on my PC then update mobile over USB every once in a while, if I need an account that I haven’t added yet. It’d be nice to have cloud sync, but I’m fine without it

I’d recommend Syncthing for that, there are clients for all major platforms and is very easy and simple to use.

1 Like

I’ll probably set that up, I’ll still switching everything over to privacy friendly software/services