LastPass seem to be shooting themselves in the foot with their irrational and inconsistent pricing.
- A few years back, their free/premium tiers were looking similar to what they announced today. Only they charged a mere $15/year for premium, which I gladly paid.
- Then, overnight, they offered syncing across all types of devices for their free tier. The premium tier was only adding some niche features. I would have continued to pay $15/year just to support them, but at the same time they bumped up premium to $36/year. That was a deal-breaker: not paying 2.5x for features I don't use.
- Now, they switch back to not syncing across all types of devices, but the premium price stays $36/year.
If LastPass was the only game in town, they might get away with it. But there are at least two competitors, against which LastPass doesn't compare favourably: 1Password costs about the same, but is more refined. Bitwarden is a bit less refined, but is cheaper.
I'm not dissatisfied with the LastPass product itself. But having to keep up with radical policy changes every few years largely negates any positive experience.
Thanks for the pointer. First time I hear about Enpass.
The UI looks nice, but I still don't get their company model. Data are stored on a third party cloud provider of your choice, so why is Enpass subscription-based? I surmise that paying removes some sort of ads from the apps, but I can't tell for sure. If that's the case, I'll have to pass.
LastPass was my first ever password manager and I used for it ~5 years. A few years ago, I got fed up with how sluggish it was (at least, at the time). So I switched over the Bitwarden. Unfortunately, the Bitwarden Safari extension for macOS had a bug where I had unlock my vault every time I wanted to use a credential and that got annoying.
Around the same time I started using Bitwarden, I started at a job with a corporate 1Password subscription for employees. 1Password's UX was so much better than Bitwarden that I switched my personal account over a few months into using 1Password for work.
1Password isn't perfect (e.g. auto-generated passwords can't be autofilled unless you manually convert it to be a 'Login'), but it's by far the best I've used.
Personally, I've used 1Password, Bitwarden, and LastPass. I switched from LastPass to Bitwarden a few years ago (use it on android and browsers for the most part), and use 1Password for work. Overall I'd say 1Password has the worst UX of all of them, though it looks "clean". It routinely messes with my settings on update, it's password generator is annoying to work with, and it doesn't pick up new logins I've entered well (eg. if I tell 1password to create a login from this page, it populates nothing while bitwarden sets the name and URL + any username or pwd it thinks it sees).
I could go into more depth but overall Bitwarden has been a great daily driver for the past few years and would recommend to anyone.
1Password's support is not that great on Linux. I couldn't get it working anywhere but on Ubuntu. On all other distros, the extension failed to find the running app.
I also switched from Lastpass to 1Password. I did a mildly deep technical investigation into why Lastpass is slow on the browser. I found LastPass delays all page rendering by about 70ms. https://joe.schafer.dev/passing-lastpass/
I had almost the exact same experience. Lastpass was too sluggish for too long and then they jacked up the prices (while also making the free plan actually usable with syncing). I tried Bitwarden but I hated the chrome extension because it didn’t have good autofill which is critical.
Finally switched to 1Password and it has much better autofill + great OTP support even on iOS.
Same. I've been a 1Password license holder for forever and I was looking at switching away from it because they seem to be moving completely to their subscription service but now the value of the subscription service is looking better and better since I started looking at other options. I can get multi-platform apps for my entire family, with the features I've been using for years, and the cost is cheaper than what I was paying in the past for each individual license on each device.
The only thing keeping me from switching is my past experience with these types of services where, once I make the switch, they remove the standalone license and then raise their prices and I have no alternatives besides dropping the ecosystem entirely or ponying up the ransom. I don't like being in that situation.
I had just posted in the duplicate thread complaining about 1Password (https://news.ycombinator.com/item?id=26154324). I've been a user since 2007 and it seemed to get significantly worse with version 7.
Despite its increasingly major flaws (no exact URL matching, slow UI, no way to trigger a sync), it seems like it is still the best option for someone who wants a native Mac/iOS interface. Though if it keeps getting worse at the same rate, hopefully other options will catch up.
Two main bugs I experience with Lastpass are (1) duplicate entries when things sync up and (2) quick search doesn't enable the copy user / password buttons many times. Annoying workaround is clear the search, and re-search again, that usually brings back the buttons.
Yes! 2 drives me nuts. I switched from BitWarden to LastPass mainly because of the quick search. And having to clear the field and retype is one of those minor bugs that is slowly driving me insane because I hit it 15 times day.
I also changed from LastPass to Bitwarden to to LastPass being noticeably slow. I don't mean to diminish the probably very hard work put into a product with a decent free tier, but it was sluggish enough it only made sense to try an alternative.
LastPass costs $36 per year. Operating on the principle of being the customer and not the product, that seems very reasonable for a secure way to store and share the keys to my digital life.
That said, it does make it a little bit harder for me to onboard my friends and family when they ask. One of the selling points has always been "Yes, you can use it on your phone and laptop" and "no, it doesn't cost anything".
I agree with other comments that in the current market, Lastpass is not worth it at $36/y. The way they increased the price is arguably more annoying than the price tag.
I happily paid for Lastpass at $12/y. Logmein raised price and I switched to free. Logmein limited free capabilities and I will switch to Bitwarden or 1Password and pay them. I'm not staying with Lastpass to get the rug pulled out under me the third time.
I switched to Bitwarden in early 2019. The migration was really easy, and I was surprised to find that it was accurate, too. Bitwarden has its flaws, but I'm happy with it.
LastPass is a commodity. There are many free or open-source alternatives that are as reliable and as secure as LastPass that provide similar functionality. It's hard to justify even the small price for a commodity service unless you provide the best possible solution, and sometimes even that is not enough.
I switched from LastPass premium that costed 15$ per year a few years ago to Bitwarden because LastPass could recognize password fields on all web pages, while free Bitwarden just works everywhere.
The functionality is a commodity but what about the UX? MP3 players were fairly common when the iPod came out but the iPod crushed all the competition? Why because the UX was simply better.
Without a doubt the password manager with the best UX is 1Password. Last year ago I got my tech-averse partner to set it up on her phone, the entire process took about 10 minutes and then it was done. She's never asked for me help or support, once she got things working its simply continued to work.
I've since setup it up across my family and my pre-teen child is also using it without a hitch.
From a holistic perspective I love that I can manage multiple vaults. Everyone has a private personal vault that is only available to them and we have a bunch of shared vaults for things like xbox and netflix passwords.
I've never used BitWarden so I cant comment on the UX but $60 a year for 1password is well worth it. I can rest easy knowing that everyone in my family has good password hygiene.
I've been debating making this switch myself. How time consuming was the transition? Did you have to do much manual data entry or does bitwarden have the ability to reliably import lastpass data?
I used to subscribe, then the service was acquired and the price doubled so I stopped subscribing and relied on the free tier. With this announcement I think it's time to move on (probably to Bitwarden)
It’s ridiculously expensive. I get Office 365 with 1TB of storage for €6 per month. Office is just as secure as lastpass. I bought Enpass(wouldn’t recommend as they moved to a subscription model) and store everything on OneDrive. Paying $3 per month to store tiny text files is crazy.
I often see comments like this one that misunderstand value for how something is achieved.
Value is decided by the market according to the utility of the service. I happily pay $22 per year for Pinboard to keep a few bookmarks with tags. That's also storing "tiny text files" but I could not care less. I could even implement something similar myself. And yet, I find the value it provides worth paying.
Another, more extreme example. I am part of a $5000 business program. Last week, I got a single piece of advice that I consider already paid for the entire program. The delivery was 20 minutes long. It was not even something original invented by the lecturer, but it can be found in some books. And again, I don't care. The value is in the impact, not in how the advice that was discovered or delivered.
I mean the value prop is the software functionality, not the storage. You think lastpass/1password are funding their development with a markup on storage?
I can get the argument that it’s not worth $36 but not because of storage costs.
I was a happy user of that workflow until I started working for an organization that blocked Dropbox but not any of the browser plugin based password managers.
Also while free, arguably the UX is not very good especially on mobile, unless Keepass integrates the way Lastpass, 1Password, et al do. I cannot imagine convincing any of my non-tech friends to go this route.
Interestingly this is basically how 1Password did password sync for years - not a Keepass database, but a 1Password folder structure stored within Dropbox saving a bunch of little text files. They added other synced storage options over time before turning up their own cloud service, but third party sync was where they started.
I kinda feel like the price point for these things is set wrong, though. What you want is a higher price point which gets you /everything/. I pay $1200 per year for bandwidth. If I needed to pay a couple hundred bucks more for access to everything (online newspapers, LastPass, online office suites, etc.), I'd gladly do so.
LastPass should have 250 million customers, not 25 million, each paying $3.60 each, not $36. Most should be inactive, as part of some kind of subscription bundle.
Kinda like a more democratic, decentralized version of Prime.
From posts here, though, Bitwarden seems more reasonable. I trust open source more, and it's cheaper.
It was definitely starting to feel a little pricey for how terrible their UI is and how little interest they seemed to have in fixing it. What really got me to switch to Bitwarden though was how it started "recommending" that I change my master password with a modal popup every single time I unlocked my account.
On the flip side they offered very little value in premium compared to free (for me) so there was no reason to upgrade even when I wanted to pay (I did pay for 2FA but TBH o could live without it)
I moved to Bitwarden about a year ago when I got fed up with the terrible UI in Lastpass. Bitwarden isn't the pinnacle of UI either, but at least it's way cheaper. Been very happy with it.
My topics:
- Bitwarden is becoming risky to use?
- the next Bitwarden?
So many people recommend Bitwarden now. I am a paying customer from the first day and have been using it on all my devices. Bitwarden followed my Lastpass experience, similar to what OP has described.
Now, Bitwarden's popularity is troubling me. It has become already large enough to be an attractive target for attacks. The bigger it gets, the more lucrative it is for attackers. Similar to the Windows vs. OSX discussions 10 years ago: viruses spread on Windows, because it was big.
Hence, I am starting to worry about using it and asking myself what "the next" Bitwarden is.
What do you think? Is my reasoning going into the right direction? Do you see the point reached where Bitwarden has reached critical mass? What would you recommend as "the next" Bitwarden?
Bitwarden is open source and regularly audited, which is not something you can say about Lastpass.
Your thinking about Bitwarden becoming a more valuable target is probably directionally correct, but at least anecdotally, I think the biggest target in this space is going to remain either the built-in Chrome/iOS password managers, or Dashlane, which is a product that advertises widely on Podcasts, etc.
The way that Lastpass and Bitwarden (which seems to have followed most of the security architecture of LP) is designed, it makes it very resistant to attacks.
The passwords and all data are encrypted on the client side and the server has no way to decode your passwords so even if Bitwarden's password was stolen, the passwords within the accounts are as secure as the Master password you chose.
Also the fact that the server side is fully open-source (and not just the client) means you could switch to using your own servers at any time.
How big the target is has very little to do with how safe it is.
virus' spread a lot more on windows because of MS's shit stance on security. It an even more popular OS now but the virus landscape is a hell of a lot more limited because they started to take security more seriously. They still have a way to go.
It works great on iOS. Full integration as you would expect, pops up at the top of the keyboard for app & website autofills. FaceID is also implemented to authenticate before opening your vault.
edit: One note about something that was bugging me for a while...items created on my computer sometimes wouldn't show up in the vault for immediate use. Painful when you sign up for a service using your computer and then try to immediately sign into it on your phone.
In the iOS app settings there is 'Swipe down to refresh' (or similar) - turn that ON. Not sure why it was off by default, but it totally fixes the issue. Just swipe down to refresh the vault and your new item appears.
I've tried really, _really_ hard to like Bitwarden. But I ran into 2 huge issues, that ended up being blockers for me:
1. Sharing is super-confusing. I was trying to organize things for my mom, as well for my wife and I. And you have to create these "organizations". And they makes things really confusing for a variety of reasons. They are a different pricing/SKU. And the UX around them is not good. It's not clear where things are being created a lot of the time, and who may or may not have access. It just was a really bad experience.
2. It was outrageously slow for me. I use Enpass otherwise, and it comes up right away, and searching is relatively fast. But Bitwarden always had this delay. And it was a huge pain point because it wasn't clear immediately if there were just no results, or if I just had to wait a few seconds. And sometimes things would pop up unexpectedly.
So I've continued using Enpass. It has _by far_ been my favorite password manager. It's no open source, but it uses Sqlite and SqlCipher under-the-hood, and I have full control over where it syncs my data to. Sharing is still a problem (mainly because of the architecture decisions - there is no "central server"), but everything else is so great that I'm fine making that tradeoff.
Agreed on the sharing - I was trying to arrange a family plan for 5 people, and happy to pay $10*5 a year (coming from a shared lastpass instance), but have given up trying to figure out how sharing works. Ideally every person would have their own personal vault and there would be a shared vault for "family" accounts, that you don't explicitly have to switch to in order to use. We just share master passwords and manually sync things, but it seems like a missed opportunity to upsell individuals into family or small team plans with just a few new sharing features..
Having just set up a free organization the other day, I agree it was slightly confusing. Mostly because I was kind of hoping to combine costs for an organization with the per user $10/year plan. In the end, I set up a FREE organization for two people, and paid for the per-user upgrade for one of us, for now, to get the reports on bad passwords.
If you're trying to set it up for three users, you'd need to pay for a organization, which starts at $9/month. On the other hand, I believe you could set up two free organizations where you are a member in each, and you add your mom to one and your wife to the other.
I don't think it was a particularly difficult process, but I did it on my computer, and once it was all figured out, helped my spouse with the rest. I don't find the sharing process confusing. You click Share on a saved password, choose the organization, and then you choose the collection you put it in (which can simply be Default.)
I haven't found BitWarden to be slow, but my laptop is a Ryzen 7 4800H and my old phone was a Pixel 3, so neither are slouches. Not sure how many records I have but I'd estimate about 500.
re:2 - interesting. I've used bitwarden regularly over the last year or so across windows and mac laptops and iOS devices. I can't recall ever having a notable delay. I wonder what this implies about configuration.
I'd be a bit afraid of this. Secure key derivation takes time. Remember, you want to be able to defend against people with a few GPUs or the ability to configure a cheap FPGA at least and the ability to build custom ASICs or employ a GPU botnet at worst. Taking ~5 seconds to derive your key securely on your phone is a near inevitability.
Same here, I'm happy to pay Bitwarden because they have a highly functional firefox addon. LastPass was garbage for like two years before I dropped them and that was itself years ago. It's been bad for a while.
I definitely don't trust LastPass with my information, definitely don't trust that it will actually work in my browser, and if you export your lastpass vault bitwarden imported it perfectly.
Take my advice at your own risk of course, I had both for a few months before I was confident it was safe to close my lastpass account.
I did the same switch too a while back, Bitwarden has been really solid.
Interesting thing: I just now remembered to delete my LastPass account, but the delete account flow breaks totally. Just end up in a modal without any content in it, both Firefox and Chrome.
I'm wondering if they are even deliberately blocking deleting accounts for damage mitigation?
Huh, you reminded me that I used LastPass for a while and still had that account. I went and deleted any passwords still in there, and then had to do a web search and found https://lastpass.com/delete_account.php which worked for me. I just had to confirm 2 or 3 times and then it claims it deleted my account. This is in Firefox on Windows.
Honesty, I’ve been using LastPass for years and lately the chrome and Firefox extensions have been really buggy for me. Especially the chrome one. So I’m not sure it’s nefarious.
Import features alone should work, but if you’re absolutely desperate you can roll your own import process with bitwarden-cli (it’s on github and various package managers).
I think Bitwarden's UX is pretty poor. A few examples off the top of my head:
- 1Password's TOTP support is much better. 1Password autofills the code and the password, Bitwarden only copies the code. 1Password will scan pages for QR codes.
> Rotating your account’s encryption key will render an Encrypted Export impossible to decrypt. If you rotate your account encryption key, replace the old backup with one that uses the new encryption key.
All password managers have issues but as a user of 1Password I have a lot of gripes with the product:
- Fails to fill out passwords around 2% of the time (Firefox account for example)
- Sometimes I mash the "CMD+/" shortcut and nothing happens. It's very unstable.
- Password generator is rigid. I have to edit the generated password about 90% of the time to add capital letters, numbers etc. I made a comment a while back on how we should be using HTML data attrs on the password field to hint how a password should look for password generators. Perfect password every time.
- Can't remove a single item from the trash. It's empty all or nothing.
- The shift to the web. Introduction of Keepass X extension whilst supporting the legacy. No feature parity between them. It's a bit of a mess to be honest.
It's probably tough to find a thorough review where someone put basically all their passwords in different password management tools and lived with them for long enough to compare them. Then again, people have undertaken more arduous tasks before.
For a while, I had the horrible practice of using the same username and very simple password everywhere. Eventually my "one true password" became slightly more complex, but I still had some bad habits. I eventually started letting Chrome save all my passwords except for, of course, my Google one.
I switched to LastPass (free) for a while. (My memory of this is a bit fuzzy.) At some point I wanted to switch to something less, eh... corporate? So I got BitWarden. I really like the password generator, and use it exclusively now. (There was a web site I used to use for this, but of course this is much more convenient.)
It was a bit rocky in the earlier days. Integration with the browser on Android could sometimes be a little shaky. It's still not perfect, but I don't have good comparisons there. I use Firefox on Android, Windows and Linux. It works really well on the desktop and mostly really well on Android, though with the browser it's unreliable if you rely on the Android app, so I install the Firefox Add-On for BitWarden, and that works reliably.
My spouse set up her own account, and we share some of our important passwords via a free organization. This is a great feature and gives us both some peace of mind if we were ever required to get into each other's accounts. We also paid the $10/year so she could see reports on her passwords, and get rid of breached, insecure and duplicate passwords. She has adapted readily to using the password manager though she mostly just uses it on the computer, not on the phone.
Overall we are very happy with it and I believe it's an excellent option. I cannot, however, compare it to 1Password.
Unless you have strong opinions about either one's UX, the most significant difference that matters to most users between Bitwarden and 1Password is that Bitwarden has a free plan and 1Password doesn't. Sometimes the "free" price tag is the difference between being able to convince someone (or yourself) to use a password manager and not being able to convince them.
About UX: between BitWarden and 1Password, I haven't seen any actually compelling discussion of the two password managers' UX that goes beyond just the typical way in which anonymous internet commenters enthusiastically assert preferences. They both do their jobs well enough the vast majority of the time. If you're genuinely in doubt about the UX, try Bitwarden for free and then try 1Password if you can't stand Bitwarden's UX.
Bitwarden doesn't have a Safari extension anymore since Safari's extensions are their own format... Safari since said they'd allow Chrome's extension api but I haven't heard if Bitwarden will start developing the Safari extension again.
Good to hear, I want to make the jump myself some day. At the moment I have a personal (paid) LastPass merged with my companies enterprise Lastpass and for sanity sake I get both in one UI with Youbikey support.
Honestly I pay for the premium even though I use absolutely none of their premium features. At €10/year, it's the cheapest subscription I've ever encountered, and I don't want to store OTP at the same place as my passwords to avoid single point of failure for my most important stuff.
The title is slightly off. The limit is to a single device type, not device.
If you only use LastPass on 2 devices of the same type (on your desktop and your laptop or if you only use it on your Mobile and your Tablet) you will be fine to stay on Free, However if you use it on your Desktop and your Mobile (like me) you will need to swap password managers or pay up for the service.
Before LogMeIn brought them the service was free on "Computers" but you had to pay up for Mobile (Although you were able to access your vault via their website, the mobile app just made it easier).
Guess it's time for me to invest my time into actually settings up and exporting my passwords to something like KeePass (I've been meaning to do it ever since LogMeIn brought them, I was just far too lazy to do it until now).
$30~ for a year (the offer they included in the notice) aint that bad, but I just don't like having the rug pulled from under me and would rather support something like KeePass than support LastPass.
Maybe I will change my mind after I've had some time to digest the news and play with KeePass (and its alt's).
I've been using KeePassXC for a few years now. Before this, I was using LastPass and then before that, the original KeePass. Feature-wise, KeePassXC does a really good job replacing and going beyond LastPass.
It can have folders, it generates passwords, it can hold TOTP (2FA) tokens and it can even hold SSH keys acting as your SSH agent. Having your password safe be an SSH agent is a really nice feature which means less copying passwords around. The browser plug-ins have worked well for me as well.
I like that it can use any file sync tool for storing the key database - similar to why I like Joplin for note taking. I also like that there are many different clients for it since it is an open standard. To keep things secure you can use a password plus a key file. As long as you keep the keyfile only on the devices or on separate sync services, it raises the bar of security quite a lot.
There are KeePass clients on Andriod (Keepass2Android and KeePassDX) as well as iOS (Keepassium and another that I forgot the name of). All of the mobile clients support filling passwords. I have them all looking at the same file share and have not had any issues with corruption or file sync. I have it configured to immediately save all changes to disk and it writes and merges conflict files automatically as needed.
There are a few areas that it isn't as strong. First is sharing passwords - it has a feature for it but I haven't actually tried it out yet. Since you need to have the shared file ahead of time, you're really relying on your file sync provider to share that part of things. Second, the integration between programs works well but it isn't as seamless as a cloud service would be. For example, prompts will pop up in KeePassXC when there is a request to access a new password by a website. I believe this is probably more secure but it is an extra thing to come up when auto-filling passwords.
I have yet to try bitwarden but I would guess that sharing and lower-friction in web browsers would work better with it since those were the key benefits of LastPass when I'd used it.
FYI Bitwarden is only $10 a year. Before Bitwarden I used a combination of Keepass and Google Drive to sync all my passwords between devices. That was a workable solution, but Bitwarden is certainly easier, and I think more polished too.
I should also note that the free bitwarden does support syncing across unlimited devices (and device types), and can be self-hosted if you like that kind of thing. The premium version unlocks additional features like 1GB of encrypted file storage, a built-in TOTP authenticator, and priority support - but I was using the free version for multiple years prior to paying and it was great.
Cheers for the info, I'll look into it. I'm not against paying for the service (I've used the hell out of LastPass) I just not a fan them pulling my use case from under me.
To me, the unbeatable feature of Keepass is the fact that I'm not limited to user/password combination. I use it to store important notes and even files.
Bitwarden is awesome. I use the free version and it covers all that I need. All the clients and the server are open-source, you can self-host it for free, and there are even alternative server implementations like https://github.com/dani-garcia/bitwarden_rs
The whole distinction between mobile and computer is such a frustratingly artificial concept, a concept that has been imposed for monetization and control.
At this moment in time, I'm not against paying for my password manager as it has been handy to me. However because I feel that LastPass has pulled their product from me with a demand to pay up to continue to use it, it feels different to me then it would be for me to opt into a paid account because I liked the service but the free account would probally work just fine for my use case (The current free tier of Bitwarden for example).
So at this point in time I would rather switch providers and give them the 30 bucks LastPass are now demanding for my use case out of the sheer principle of the matter.
So If I do Swap to KeePass or KeePassXC I will be donating that 30 bucks to them. If I swap to something like Bitwarden I'll pay them for what ever package is as close to that $30.
The only problem I had with BitWarden was you cannot add/update entries on mobile when you're offline. This might not be a big issue for many, but it was a deal-breaker for me. I'm now rocking a local KeepassXC (PC) + Keepass2Android + Syncthing setup that syncs when I'm on my home network.
Bitwarden is a F/OSS software that you can install its server on premise [1]. I hope it to be lighter, though (its minimal memory requirement is quite large).
Just switched to Bitwarden. Took me ~15 minutes to get the browser extension + app installed and to complete the migration using the export/import features.
I've performed the switch as well, however, a couple of things to consider about Bitwarden:
- field detection is much poorer in Bitwarden (ie. it will fill both signup and login fields in some websites... including HN)
- Bitwarden timeout doesn't survive browser restarts (at least, this was the last time I've tried it), making it difficult to use for people with a complex password and frequent browser closing/opening
I don't like using browser extensions for password managers (I read in the past these are usually the easier attacks, might not be true nowadays) and switched from LastPass to Bitwarden.
The feature I miss is that LastPass has a Mac MenuBar app which provided a global shortcut to search my wallet, for Bitwarden I always have to open the app.
Also, the iPhone app doesn't let you view attached images in the app, you have to first download them to the phone's storage.
Also bit wardens enterprise feature is very different than anyone else’s enterprise feature.
It’s in my opinion a bad system. The issue revolves around that you always have a personal account, that has work access. Well.... for enterprise, I want to be able to help user reset their password, override there to MFA, revoke access to a share, audit what shares they have access to.
I REALLY wanted to use Bitwarden company wide, but the enterprise product is just not there.
How does it do with sites that insist on using a 'password' type field for both username and password? This is my biggest pet peeve on the internet today!
Readit News
- A few years back, their free/premium tiers were looking similar to what they announced today. Only they charged a mere $15/year for premium, which I gladly paid.
- Then, overnight, they offered syncing across all types of devices for their free tier. The premium tier was only adding some niche features. I would have continued to pay $15/year just to support them, but at the same time they bumped up premium to $36/year. That was a deal-breaker: not paying 2.5x for features I don't use.
- Now, they switch back to not syncing across all types of devices, but the premium price stays $36/year.
If LastPass was the only game in town, they might get away with it. But there are at least two competitors, against which LastPass doesn't compare favourably: 1Password costs about the same, but is more refined. Bitwarden is a bit less refined, but is cheaper.
I'm not dissatisfied with the LastPass product itself. But having to keep up with radical policy changes every few years largely negates any positive experience.
The UI looks nice, but I still don't get their company model. Data are stored on a third party cloud provider of your choice, so why is Enpass subscription-based? I surmise that paying removes some sort of ads from the apps, but I can't tell for sure. If that's the case, I'll have to pass.
Deleted Comment
Around the same time I started using Bitwarden, I started at a job with a corporate 1Password subscription for employees. 1Password's UX was so much better than Bitwarden that I switched my personal account over a few months into using 1Password for work.
1Password isn't perfect (e.g. auto-generated passwords can't be autofilled unless you manually convert it to be a 'Login'), but it's by far the best I've used.
Anyone used both 1password and Bitwarden? I'm using Bitwarden right now, but I dislike the fact that their desktop app is Electron based.
I could go into more depth but overall Bitwarden has been a great daily driver for the past few years and would recommend to anyone.
Nontheless, it works, and it works well.
Since the release of 1PasswordX I hardly ever spend time in the native apps except for iOS.
Bitwarden is fine, especially for $10/yr.
Finally switched to 1Password and it has much better autofill + great OTP support even on iOS.
The only thing keeping me from switching is my past experience with these types of services where, once I make the switch, they remove the standalone license and then raise their prices and I have no alternatives besides dropping the ecosystem entirely or ponying up the ransom. I don't like being in that situation.
Despite its increasingly major flaws (no exact URL matching, slow UI, no way to trigger a sync), it seems like it is still the best option for someone who wants a native Mac/iOS interface. Though if it keeps getting worse at the same rate, hopefully other options will catch up.
That said, it does make it a little bit harder for me to onboard my friends and family when they ask. One of the selling points has always been "Yes, you can use it on your phone and laptop" and "no, it doesn't cost anything".
I happily paid for Lastpass at $12/y. Logmein raised price and I switched to free. Logmein limited free capabilities and I will switch to Bitwarden or 1Password and pay them. I'm not staying with Lastpass to get the rug pulled out under me the third time.
I switched from LastPass premium that costed 15$ per year a few years ago to Bitwarden because LastPass could recognize password fields on all web pages, while free Bitwarden just works everywhere.
Without a doubt the password manager with the best UX is 1Password. Last year ago I got my tech-averse partner to set it up on her phone, the entire process took about 10 minutes and then it was done. She's never asked for me help or support, once she got things working its simply continued to work.
I've since setup it up across my family and my pre-teen child is also using it without a hitch.
From a holistic perspective I love that I can manage multiple vaults. Everyone has a private personal vault that is only available to them and we have a bunch of shared vaults for things like xbox and netflix passwords.
I've never used BitWarden so I cant comment on the UX but $60 a year for 1password is well worth it. I can rest easy knowing that everyone in my family has good password hygiene.
Value is decided by the market according to the utility of the service. I happily pay $22 per year for Pinboard to keep a few bookmarks with tags. That's also storing "tiny text files" but I could not care less. I could even implement something similar myself. And yet, I find the value it provides worth paying.
Another, more extreme example. I am part of a $5000 business program. Last week, I got a single piece of advice that I consider already paid for the entire program. The delivery was 20 minutes long. It was not even something original invented by the lecturer, but it can be found in some books. And again, I don't care. The value is in the impact, not in how the advice that was discovered or delivered.
Deleted Comment
I would've been happy to continue paying 12 USD / year for that service, but at triple the cost? I'm now on BitWarden.
That said, you're not really paying for the storage, you're paying for the apps and plugins.
I can get the argument that it’s not worth $36 but not because of storage costs.
Also while free, arguably the UX is not very good especially on mobile, unless Keepass integrates the way Lastpass, 1Password, et al do. I cannot imagine convincing any of my non-tech friends to go this route.
I kinda feel like the price point for these things is set wrong, though. What you want is a higher price point which gets you /everything/. I pay $1200 per year for bandwidth. If I needed to pay a couple hundred bucks more for access to everything (online newspapers, LastPass, online office suites, etc.), I'd gladly do so.
LastPass should have 250 million customers, not 25 million, each paying $3.60 each, not $36. Most should be inactive, as part of some kind of subscription bundle.
Kinda like a more democratic, decentralized version of Prime.
From posts here, though, Bitwarden seems more reasonable. I trust open source more, and it's cheaper.
So many people recommend Bitwarden now. I am a paying customer from the first day and have been using it on all my devices. Bitwarden followed my Lastpass experience, similar to what OP has described.
Now, Bitwarden's popularity is troubling me. It has become already large enough to be an attractive target for attacks. The bigger it gets, the more lucrative it is for attackers. Similar to the Windows vs. OSX discussions 10 years ago: viruses spread on Windows, because it was big.
Hence, I am starting to worry about using it and asking myself what "the next" Bitwarden is.
What do you think? Is my reasoning going into the right direction? Do you see the point reached where Bitwarden has reached critical mass? What would you recommend as "the next" Bitwarden?
Your thinking about Bitwarden becoming a more valuable target is probably directionally correct, but at least anecdotally, I think the biggest target in this space is going to remain either the built-in Chrome/iOS password managers, or Dashlane, which is a product that advertises widely on Podcasts, etc.
The passwords and all data are encrypted on the client side and the server has no way to decode your passwords so even if Bitwarden's password was stolen, the passwords within the accounts are as secure as the Master password you chose.
Also the fact that the server side is fully open-source (and not just the client) means you could switch to using your own servers at any time.
virus' spread a lot more on windows because of MS's shit stance on security. It an even more popular OS now but the virus landscape is a hell of a lot more limited because they started to take security more seriously. They still have a way to go.
edit: One note about something that was bugging me for a while...items created on my computer sometimes wouldn't show up in the vault for immediate use. Painful when you sign up for a service using your computer and then try to immediately sign into it on your phone.
In the iOS app settings there is 'Swipe down to refresh' (or similar) - turn that ON. Not sure why it was off by default, but it totally fixes the issue. Just swipe down to refresh the vault and your new item appears.
1. Sharing is super-confusing. I was trying to organize things for my mom, as well for my wife and I. And you have to create these "organizations". And they makes things really confusing for a variety of reasons. They are a different pricing/SKU. And the UX around them is not good. It's not clear where things are being created a lot of the time, and who may or may not have access. It just was a really bad experience.
2. It was outrageously slow for me. I use Enpass otherwise, and it comes up right away, and searching is relatively fast. But Bitwarden always had this delay. And it was a huge pain point because it wasn't clear immediately if there were just no results, or if I just had to wait a few seconds. And sometimes things would pop up unexpectedly.
So I've continued using Enpass. It has _by far_ been my favorite password manager. It's no open source, but it uses Sqlite and SqlCipher under-the-hood, and I have full control over where it syncs my data to. Sharing is still a problem (mainly because of the architecture decisions - there is no "central server"), but everything else is so great that I'm fine making that tradeoff.
If you're trying to set it up for three users, you'd need to pay for a organization, which starts at $9/month. On the other hand, I believe you could set up two free organizations where you are a member in each, and you add your mom to one and your wife to the other.
https://bitwarden.com/help/article/getting-started-organizat...
https://bitwarden.com/pricing/business/
I don't think it was a particularly difficult process, but I did it on my computer, and once it was all figured out, helped my spouse with the rest. I don't find the sharing process confusing. You click Share on a saved password, choose the organization, and then you choose the collection you put it in (which can simply be Default.)
I haven't found BitWarden to be slow, but my laptop is a Ryzen 7 4800H and my old phone was a Pixel 3, so neither are slouches. Not sure how many records I have but I'd estimate about 500.
I'd be a bit afraid of this. Secure key derivation takes time. Remember, you want to be able to defend against people with a few GPUs or the ability to configure a cheap FPGA at least and the ability to build custom ASICs or employ a GPU botnet at worst. Taking ~5 seconds to derive your key securely on your phone is a near inevitability.
I definitely don't trust LastPass with my information, definitely don't trust that it will actually work in my browser, and if you export your lastpass vault bitwarden imported it perfectly.
Take my advice at your own risk of course, I had both for a few months before I was confident it was safe to close my lastpass account.
Interesting thing: I just now remembered to delete my LastPass account, but the delete account flow breaks totally. Just end up in a modal without any content in it, both Firefox and Chrome.
I'm wondering if they are even deliberately blocking deleting accounts for damage mitigation?
I think the issue before was w/ multi-line nodes and special characters.
For reference, I imported the data by pasting in the lastpass export rather than using the .csv import.
Good Luck!
Deleted Comment
- 1Password's TOTP support is much better. 1Password autofills the code and the password, Bitwarden only copies the code. 1Password will scan pages for QR codes.
- They finally implemented encrypted backups but they half-assed it. From https://bitwarden.com/help/article/encrypted-export/:
> Warning
> Rotating your account’s encryption key will render an Encrypted Export impossible to decrypt. If you rotate your account encryption key, replace the old backup with one that uses the new encryption key.
- https://news.ycombinator.com/item?id=25868856
That said, I'm a Bitwarden user because I don't it's that bad and I don't think 1Password is worth 3.6 times as much.
- Fails to fill out passwords around 2% of the time (Firefox account for example)
- Sometimes I mash the "CMD+/" shortcut and nothing happens. It's very unstable.
- Password generator is rigid. I have to edit the generated password about 90% of the time to add capital letters, numbers etc. I made a comment a while back on how we should be using HTML data attrs on the password field to hint how a password should look for password generators. Perfect password every time.
- Can't remove a single item from the trash. It's empty all or nothing.
- The shift to the web. Introduction of Keepass X extension whilst supporting the legacy. No feature parity between them. It's a bit of a mess to be honest.
For a while, I had the horrible practice of using the same username and very simple password everywhere. Eventually my "one true password" became slightly more complex, but I still had some bad habits. I eventually started letting Chrome save all my passwords except for, of course, my Google one.
I switched to LastPass (free) for a while. (My memory of this is a bit fuzzy.) At some point I wanted to switch to something less, eh... corporate? So I got BitWarden. I really like the password generator, and use it exclusively now. (There was a web site I used to use for this, but of course this is much more convenient.)
It was a bit rocky in the earlier days. Integration with the browser on Android could sometimes be a little shaky. It's still not perfect, but I don't have good comparisons there. I use Firefox on Android, Windows and Linux. It works really well on the desktop and mostly really well on Android, though with the browser it's unreliable if you rely on the Android app, so I install the Firefox Add-On for BitWarden, and that works reliably.
My spouse set up her own account, and we share some of our important passwords via a free organization. This is a great feature and gives us both some peace of mind if we were ever required to get into each other's accounts. We also paid the $10/year so she could see reports on her passwords, and get rid of breached, insecure and duplicate passwords. She has adapted readily to using the password manager though she mostly just uses it on the computer, not on the phone.
Overall we are very happy with it and I believe it's an excellent option. I cannot, however, compare it to 1Password.
About UX: between BitWarden and 1Password, I haven't seen any actually compelling discussion of the two password managers' UX that goes beyond just the typical way in which anonymous internet commenters enthusiastically assert preferences. They both do their jobs well enough the vast majority of the time. If you're genuinely in doubt about the UX, try Bitwarden for free and then try 1Password if you can't stand Bitwarden's UX.
https://www.nytimes.com/wirecutter/reviews/best-password-man...
If you only use LastPass on 2 devices of the same type (on your desktop and your laptop or if you only use it on your Mobile and your Tablet) you will be fine to stay on Free, However if you use it on your Desktop and your Mobile (like me) you will need to swap password managers or pay up for the service.
Before LogMeIn brought them the service was free on "Computers" but you had to pay up for Mobile (Although you were able to access your vault via their website, the mobile app just made it easier).
Guess it's time for me to invest my time into actually settings up and exporting my passwords to something like KeePass (I've been meaning to do it ever since LogMeIn brought them, I was just far too lazy to do it until now).
$30~ for a year (the offer they included in the notice) aint that bad, but I just don't like having the rug pulled from under me and would rather support something like KeePass than support LastPass.
Maybe I will change my mind after I've had some time to digest the news and play with KeePass (and its alt's).
It can have folders, it generates passwords, it can hold TOTP (2FA) tokens and it can even hold SSH keys acting as your SSH agent. Having your password safe be an SSH agent is a really nice feature which means less copying passwords around. The browser plug-ins have worked well for me as well.
I like that it can use any file sync tool for storing the key database - similar to why I like Joplin for note taking. I also like that there are many different clients for it since it is an open standard. To keep things secure you can use a password plus a key file. As long as you keep the keyfile only on the devices or on separate sync services, it raises the bar of security quite a lot.
There are KeePass clients on Andriod (Keepass2Android and KeePassDX) as well as iOS (Keepassium and another that I forgot the name of). All of the mobile clients support filling passwords. I have them all looking at the same file share and have not had any issues with corruption or file sync. I have it configured to immediately save all changes to disk and it writes and merges conflict files automatically as needed.
There are a few areas that it isn't as strong. First is sharing passwords - it has a feature for it but I haven't actually tried it out yet. Since you need to have the shared file ahead of time, you're really relying on your file sync provider to share that part of things. Second, the integration between programs works well but it isn't as seamless as a cloud service would be. For example, prompts will pop up in KeePassXC when there is a request to access a new password by a website. I believe this is probably more secure but it is an extra thing to come up when auto-filling passwords.
I have yet to try bitwarden but I would guess that sharing and lower-friction in web browsers would work better with it since those were the key benefits of LastPass when I'd used it.
curious what "support" means in this context, as keepass is free. do you donate or otherwise contribute to the project, or does support just mean use?
So at this point in time I would rather switch providers and give them the 30 bucks LastPass are now demanding for my use case out of the sheer principle of the matter.
So If I do Swap to KeePass or KeePassXC I will be donating that 30 bucks to them. If I swap to something like Bitwarden I'll pay them for what ever package is as close to that $30.
> Starting March 16, 2021, LastPass Free will only include access on unlimited devices of one type.
Something to consider, however, is the alternatives. Bitwarden seems cheaper[0]. Anyone has a preference for either?
[0] https://bitwarden.com/pricing/
This move to limit to a device type is shitty marketing trying to convert more people to buy.
It will fail by angering existing free users and pushing them to alternatives, while also reducing new users signup.
This is a sad post-acquisition state for a product, trying to make the most possible money out of it instead of focusing on real value.
Deleted Comment
On my mobile device (One Plus 3T) it's rather slow, but that might be due to the device age.
[1] https://bitwarden.com/help/article/install-on-premise/
- field detection is much poorer in Bitwarden (ie. it will fill both signup and login fields in some websites... including HN)
- Bitwarden timeout doesn't survive browser restarts (at least, this was the last time I've tried it), making it difficult to use for people with a complex password and frequent browser closing/opening
The feature I miss is that LastPass has a Mac MenuBar app which provided a global shortcut to search my wallet, for Bitwarden I always have to open the app.
Also, the iPhone app doesn't let you view attached images in the app, you have to first download them to the phone's storage.
It’s in my opinion a bad system. The issue revolves around that you always have a personal account, that has work access. Well.... for enterprise, I want to be able to help user reset their password, override there to MFA, revoke access to a share, audit what shares they have access to.
I REALLY wanted to use Bitwarden company wide, but the enterprise product is just not there.
How does it do with sites that insist on using a 'password' type field for both username and password? This is my biggest pet peeve on the internet today!
Amazingly painless import of literally hundreds of accounts including my "Secure notes" and credit cards and such that I also had in Lastpass.
Works great on iOS, Firefox and native that I've tried so far.