A few weeks ago I saw bitwarden finish their third party security audit and took the opportunity to jump. Couldn't be happier. Autofill fails less, the "copy password" menu works, the mobile experience isn't intentionally broken to sell an app, and export->import went without a hitch. Better, actually: it is the first time I have done an export/import and had the resulting data immediately work better in the second app. There's also the hope-springs-eternal factor of bitwarden giving me the option to host the sensitive stuff myself once I get off my butt and set up that server I've been meaning to for a while now.
If you're thinking about lastpass, save yourself the trouble and try bitwarden first. Or something else, but bitwarden has been good to me and lastpass, well, hasn't, to put it politely :)
I tried to switch to pass, and I'm not sure if it was something to do with how I imported but it didn't list my passwords and the browser plugin was clunky and didn't work. Anyone had success with pass/gopass.
Bitwarden seems like a happy Medium, I'd rather not do my password ops. The pricing seems fair (and rather optional). I'll try it, thanks.
I like the model a lot, because it solves the "database ownership" issue, where your Password provider (be it LastPass, 1Password, etc) becomes in itself a weak link.
The worse thing that happens to me is if I generate a password, and then Lastpass doesn't save it! It feels like a 50% shot it will actually save the generated password.
I have nearly 1000 passwords stored in it now, so it's going to be a huge pain to migrate.
If you load the same site using "load desktop site" the UI gets fixed.
Also that site looks like it should be selling something but I see no money hole - should I be worried?
This is kind of yikes for a password manager too: https://github.com/bitwarden/core/issues/399
But it's also pretty much the only polished open source password manager there is out there.
For now I'll be sticking with 1password, but might check out bitwarden again once they have tests and more maturity as a password manager.
We have a tendency to compare opaque with transparent and balk at what we find, but I question what you would feel if you could see through the opaque.
And if you look at their jobs page, one of the job description points is "Create unit tests for existing code to run faster and more reliably.": https://1password.com/jobs/droid-builder/
They might even have a few QA people AFAIK!
I understand why the single founder / engineer of bitwarden doesn't have tests. When you're a startup not writing tests can speed you up significantly. But after a certain point they are going to need automated testing, especially for something as vital as this.
For me, the lack of open source in 1p has been a sticking point, and I was planning to migrate after the audit. But seeing no tests, 1p documenting their security model and bitwarden not being good enough compared to 1p in UI has me sticking to 1p for now. I have high hopes that bitwarden will get to that maturity point one day.
I switched over about a week ago and find it pretty solid, but it's missing alot of the quality of life features that last pass had. You can't just hit command + c whilst on a entry and have it copy the password, they haven't implemented the new ios 12 features that make password managers much better on ios.
I'm running them both right now as I'm not fully committed to the switch over, but I'll see how the features get added over time.
Very happy with 1PasswordX (the browser-only version) - filling is much better, copy is supported out of the box, support have been very helpful when I've reached out. Much better customer experience.
However. Still can't uninstall 1Password. Haven't figured out where to store notes (meta) in Keychain. Stuff like "Name of your first pet?".
[0] https://www.passwordstore.org/ [1] https://github.com/passff/passff#readme
I would like to also recommend the Firefox extension 'Kee' for autofill. On Android there is the 'Keepass2Android' app. Both are open source and work well.
I also recommend the KeePass plugin 'Yet Another Favicon Downloader'. It downloads favicons from websites for your password entries.
Also 'Keebuntu' is a plugin that makes 'minimize to tray icon' work for me on Linux.
I've used both extensively and Bitwarden is just a dramatically higher-quality app it's not even funny.
(Not that this whole thread hasn't had me re-evaluating whether there's a better solution for me now.)
I run a unique password for every site so it doesn't matter if a provider gets rumbled, and I don't reuse passwords or have to remember multiple ones.
The form autofill is pretty awful compared to Lastpass, but I can live with that.
Is anyone aware of a technical reason that copy to clipboard is absent in Firefox, or is just laziness? If laziness, I'll dump them tomorrow.
I will give Bitwarden a try.
Do you access kbdx files on mobile devices? If so, what do you use?
The biggest problem with MiniKeePass, in my opinion, is that it doesn't support the new iOS autofill API and that it doesn't support even basic syncing. You always have to make a manual copy of the database file and you can't really create logins on mobile because of that.
There's a fork of MiniKeePass called KeePass Touch, but they don't publically host the source code anywhere. You have to email them to ask for a copy of the source code, which is technically GPL-compliant, but a bit annoying.
