Having been an avid user of password managers for as long as I can remember, I was an entrenched premium customer of LastPass for several years. It served me well with its multi-platform support, reliable sync and support for quirky authentication schemes, however as time went on I encountered more and more issues, and eventually I had enough and decided to start looking for alternatives. I put myself together a list of must-have features and started searching.
It became quickly obvious that password management is an industry with generally poor options. I toyed with 1Password but it was pricey and had limited platform support [at the time]. Dashlane was a promising contender, but I was already wary of trusting $COMPANY with the keys to my digital kingdom. What I really wanted was an open source option – I figured that would by extension solve my other hard requirements, specifically to have ownership of my data and the ability to back it up. I was seriously disappointed when the best option turned out to be the Keepass family of applications. So I gave up, for awhile.
Whilst trying to make peace with LastPass – not easy when your login data gets regularly corrupted and LastPass support refuses to engage on the issue – I stumbled across Bitwarden. With low expectations I started investigating the project and found what appeared to be a serious effort to build something with merit, in the open, and eager for feedback. The project was in early stages but I kept going back to see what progress was being made, and I was very pleasantly surprised. In the space of a few months, they’ve launched apps for just about every platform, addons for every major browser, and – especially promising – refactored the service to run on .NET Core. They started promising the ability to self-host, and sure enough, a few weeks later, announced a one-command install for Linux. I dove right in and have not looked back.
Here are the best things I like about Bitwarden.
- Open Source: Although it does appear that a small number of developers are working on all their projects, nevertheless the entirety of the suite is open source. Not just the clients, but the server and the web application. Development happens in the open, on GitHub, and it really does appear that anyone is welcome – they’ve already established what I’d consider a friendly culture for feedback, contributions and feature requests.
- Feature Parity with LastPass: Rather than being a blind carbon copy of LastPass, it seems that new features are considered very carefully for inclusion and the implementation is discussed with actual users. They’ve already got support for credit card fills, secure notes, multi-factor authentication, folder-based organization, a password generator and a native MacOS app in addition to browser addons.
- TOTP Support: Especially convenient is the ability to add your TOTP secret to a login, after which Bitwarden will push a current code to your clipboard when you auto fill that login. No scrambling for your phone or waiting for the Authy Chrome app to load. This works on both desktop and mobile apps – the latter especially convenient since more and more apps are bundling a web viewer.
- Autofill on mobile: Simply imperative, since all my passwords are excruciatingly long and randomized, for sanity reasons tapping them by hand on my phone(s) is just not an option. Bitwarden seems to make full use of autofill related APIs on iOS and Android, and if it doesn’t work, it’s designed well so that switching to the app and copying a password for pasting is non-frustrating.
- Self Hosted: My personal killer feature. It’s always difficult to decide whether to self-host a particular cloud/web service, but my password manager is definitely top of list. Bitwarden self installation is smooth and fast, and it exposes all user data for straightforward backups. A helper script stands up all the requisite services as Docker containers, and provides update commands which I’ve found to be totally issue-free so far.
If you’re a LastPass user, you could do worse than give Bitwarden a try. The cloud version is free to use, and there’s an import facility so you can pull in your sites from LastPass and other major services.