DEV Community

Cover image for Password manager recommendations?
Jess Lee
Jess Lee Subscriber

Posted on

Password manager recommendations?

Password managers are one of those tools that people don't tend to swap around because it can be a real pain. I have hundreds of credentials and going through the process of setting up new passwords is something I don't have time for, and only consider when my password manager has an outage. Like today.

We set up our password manager years ago and now I'm wondering if it's time to switch to something else. What are your suggestions?

Below are two open source password managers I'm looking into:

GitHub logo buttercup / buttercup-desktop

🔑 Cross-Platform Passwords & Secrets Vault

Buttercup Desktop

Buttercup for Desktop - Mac, Linux and Windows

Buttercup Latest version Chat securely on Keybase

Buttercup Desktop screenshot ²

About

Buttercup is a free, open-source and cross-platform password manager, built on NodeJS with Typescript. It uses strong industry-standard encryption to protect your passwords and credentials (among other data you store in Buttercup vaults) at rest, within vault files (.bcup). Vaults can be loaded from and saved to a number of sources, such as the local filesystem, Dropbox, Google Drive or any WebDAV-enabled service (like ownCloud or Nextcloud ¹).

Why you need a password manager

Password management is a crucial tool when you have any online presence. It's vital that all of your accounts online use strong and unique passwords so that they're much more difficult to break in to. Even if one of your accounts are breached, having unique passwords means that the likelihood of the attacker gaining further access to your…

GitHub logo bitwarden / server

Bitwarden infrastructure/backend (API, database, Docker, etc).

Bitwarden

Github Workflow build on main DockerHub gitter chat


The Bitwarden Server project contains the APIs, database, and other core infrastructure items needed for the "backend" of all bitwarden client applications.

The server project is written in C# using .NET Core with ASP.NET Core. The database is written in T-SQL/SQL Server. The codebase can be developed, built, run, and deployed cross-platform on Windows, macOS, and Linux distributions.

Developer Documentation

Please refer to the Server Setup Guide in the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

Deploy

docker

You can deploy Bitwarden using Docker containers on Windows, macOS, and Linux distributions. Use the provided PowerShell and Bash scripts to get started quickly. Find all of the Bitwarden images on Docker Hub.

Full documentation for deploying Bitwarden with Docker can be found in our help center at: https://help.bitwarden.com/article/install-on-premise/

Requirements




Top comments (130)

Collapse
 
simoroshka profile image
Anna Simoroshka

I am very happy with LastPass

Collapse
 
darksmile92 profile image
Robin Kretzschmar

I also use LastPass and I like it!
Currently on the premium subscription (bought through a makeuseof deal) and I can say the android app improved over time.

Sometimes there are apps or views where LastPass can't manage to show the configured overlay with autofill but they made a handy tile for the notification bar to trigger the LastPass autofill dialog manually so this isn't painful anymore.

Screenshot of android tile

See tile "LassPass Autofill"
Collapse
 
edisonywh profile image
Edison Yap

Do you use it on Android?

Last I remembered, it wasn't working well (buggy Auto fill), and so I disabled it completely and used Google's native AutoFill and only drop into LastPass when it's not saved in my Google also.

Curious if you experienced similar things at all?

Collapse
 
simoroshka profile image
Anna Simoroshka

Sometimes, yes. I then have to go to the app and copy paste manually

Collapse
 
moopet profile image
Ben Sinclair

I use it on Android. It used to get disabled a lot so I had to keep re-enabling it but that seems to have fixed itself since I updated my Android to Oreo.

Thread Thread
 
jsn1nj4 profile image
Elliot Derhay

Oh... Good to know. Now if LG would only update my phone from 7.0...

Collapse
 
rdumais profile image
Ryan

I love LastPass as well. Except for this morning, the outage is driving me nuts!
status.lastpass.com/

Collapse
 
leslieongit profile image
Leslie

This is where I would recommend Bitwarden, works well offline with synced data and once online syncs with my desktop app as browser addon, but the only problem I had was when i imported all of my browser passwords and disabled auto save within Chrome and Firefox, Bitwarden has become a bit slow ever since but its normal to be slow when you've got nearly 8K logins including yours and other peoples

Collapse
 
simoroshka profile image
Anna Simoroshka

yep, this is a problem with any services. The only solution I know is to have an offline password manager with multiple copies of the db, and sync it with devices through dropbox or something like that. But then what about handy browser extensions..

Thread Thread
 
perry_mitchell profile image
Perry Mitchell

Buttercup actually allows you to sync via Dropbox, so you can host your vault file there and let DB do the sync'ing, and Buttercup has clients to allow you access to these sync'ed credentials on all major platforms (including within Chrome+Firefox using an extension). Disclaimer: I'm the author.

Thread Thread
 
jsn1nj4 profile image
Elliot Derhay • Edited

Neat! I'll have to look into that now. I'm currently a very happy LastPass user (though not for work, so I actually got by without knowing about the outage). But that does sound like an interesting solution.

Collapse
 
simoroshka profile image
Anna Simoroshka

Reading comments and thinking to try something else, maybe there are better solutions.

Collapse
 
crease29 profile image
Kai Neuwerth

Did you know that LastPass has been hacked completely at least twice?

Collapse
 
equiman profile image
Camilo Martinez

Yes, but can't decrypt anything.

Collapse
 
simoroshka profile image
Anna Simoroshka

Ok, I'm migrating tonight.

Thread Thread
 
moopet profile image
Ben Sinclair

Take "hacked completely at least twice" with a pinch of salt.

Thread Thread
 
vinayhegde1990 profile image
Vinay Hegde

Unsure about twice but here is an official post by LastPass themselves.

From my experience, I'd recommend BitWarden as the free version will suffice on Android/iOS will suffice for most people along with proper sync between desktop / mobile apps along with being quite user-friendly.

Collapse
 
alex_barashkov profile image
Alex Barashkov • Edited

1password is amazing product. I used LastPass but switched to 1Password.

  • Really pretty and nice UI
  • Family plan. the price is very fair but you could guarantee that all your credentials so be safed across family and it's also great to have share vaults where you could put common things
  • Touch Id support. Use it on Mac and iPhone, so it's really fast and secure way to access to your vault.
  • 2fa codes support. First of all you could keep all your codes in 1password + it will be auto copied to your clipboard. it so useful

I think that's my best features I use every day in 1password

Collapse
 
moopet profile image
Ben Sinclair

None of these features (apart from the name of the family plan) are unique to 1password, as far as I'm aware.

Collapse
 
maestromac profile image
Mac Siri

I've switched from Lastpass to Bitwarden because it wasn't working on Firefox (which I also switched out of to something else). Bitwarden is so much smoother and less intrusive on the browser. I also like it a lot that Bitwarden is open-sourced.

Collapse
 
edisonywh profile image
Edison Yap

I am also thinking about the switch, one for the open-source nature of BitWarden, and second I think LastPass was just bought over by LogMeIn, heard that it was a rather dodgy company.

Anyway, couple questions - how much hassle was it? How does it perform on mobile? (Android Auto fill etc)

Collapse
 
deciduously profile image
Ben Lovy

Not OP, but I made the same transition and IIRC it was as close to a one-click operation as you can reasonably get. AutoFill has not failed me yet on Android.

Thread Thread
 
edisonywh profile image
Edison Yap

Cool man! That's exactly how it went down, it was one click for me!

I'm going to be trying out BitWarden for a bit.

Part of me says if LastPass isn't breaking, there's no need to change. The other part says open-source :p

Thread Thread
 
deciduously profile image
Ben Lovy • Edited

LastPass isn't breaking, there's no need to change. The other part says open-source :p

That's more or less how it happened for me, yeah

Collapse
 
wuz profile image
Conlin Durbin

Bitwarden has ties into the new Android autofill stuff, which makes it super smooth to use on Android. I believe it has the same for iOS.

Collapse
 
maestromac profile image
Mac Siri

The switch was super fast. Would recommend! Yes auto fill works very well but you might need to manually enable it

Collapse
 
rhymes profile image
rhymes

I'm a LastPass user, I'll definitely consider the switch!

Collapse
 
rhymes profile image
rhymes

Switched to Bitwarden Premium, my LastPass Premium expires in a month anyway :D

I'll decide then which one to keep.

Thread Thread
 
maestromac profile image
Mac Siri

Let me know what you decide on!

Collapse
 
moopet profile image
Ben Sinclair

I'd never heard of it, but it looks interesting.

Collapse
 
dmfay profile image
Dian Fay

I'm quite happy with KeePassXC.

Collapse
 
cmmata profile image
Carles Mata

I use KeePassXC too, with it's browser plugin. And KeePass2Android on mobile. And very happy with that couple!

Collapse
 
mungojam profile image
Mark Adamson

I love KeyPass2Android, glad I switched from KeePassDroid which just lagged behind feature-wise.

KeePass has a nice chrome extension too, though initial setup is a minor pain.

Thread Thread
 
cmmata profile image
Carles Mata

Which one do you use? I was using CKP - KeePass integration for Chrome, but it doesn't work since I started to use KeepassXC instead of the original (and mono-built) keepass

Thread Thread
 
mungojam profile image
Mark Adamson

I use chromeIPass with the original Keepass app. I hadn't heard of KeepassXC before but it seems to be popular on here so maybe I should give it a go

Collapse
 
phlash profile image
Phil Ashby

Ooh, movement in the KeePass world - I might move across from KeePass2 myself :)

Collapse
 
dmfay profile image
Dian Fay

I was really happy when it came out! I'd had to buy MacPass to get a good kdbx-compatible password manager on OSX (nothing against it as a product but I prefer open source), and the less said about dealing with the Mono version on Linux the better.

Thread Thread
 
phlash profile image
Phil Ashby

Amusingly I use the mono version on Linux the most, then KeePassDroid on my phone. I even re-wrote Andrew Schofield's excellent HIBP plugin in so it would work on Linux/mono despite that not having TLS1.2+ support :)

github.com/phlash/keepass_hibp

Collapse
 
perry_mitchell profile image
Perry Mitchell

I'll just chime in here regarding Buttercup (I'm one of the authors) - There are a lot of great comments here (nice seeing so much opinion in the password manager space) and I thought I'd quickly cover our product and why I wrote it and why I'd recommend it.

Buttercup is a password vault that's available on every major platform - we have a desktop application on Windows+Mac+Linux and a mobile app on iOS+Android. We also have a browser extension for Firefox+Chrome (with more browsers on the way). We use vault files to store an encrypted copy (AES-256, PBKDF2 derived keys, GZIP compression) of your passwords and secrets in a variety of locations (Dropbox, NextCloud, ownCloud, WebDAV supporting services, the local file system). Buttercup's browser extension also allows for form filling and login actions via its UI. Buttercup is also free and open-source, so you can see how it's put together and what we do at every turn. It'll remain free and has a very long-term roadmap so we'll be busy building it for the foreseeable future.

We have our own hosting service planned as well (will land most likely in Q1 2019), which will become a source of revenue to keep our company afloat. We'll offer free personal hosting so that everyone can take advantage of storage-agnostic vaults.

Collapse
 
waqardm profile image
Waqar Mohammad

You may have a new user 😃. For now, is it self hosting? Does one have to set up the app apis too?

Collapse
 
perry_mitchell profile image
Perry Mitchell

That'd be swell! We're a friendly bunch I promise. "Self-hosting" yes, but you can simply host it in a free Dropbox account to get started - No need to run up any servers yourself. In our opinion Dropbox is perfectly fine for this use, and because it has file versions you're even better protected against overwritten values etc. (we have an in-built history system in our vault files which will soon be exposed to the user - kinda like time-travel).

No need to set up any complex APIs etc if you don't want to. I personally use an ownCloud server where I host my vault. Others have used everything from Box through to Yandex (WebDAV services).

Thread Thread
 
waqardm profile image
Waqar Mohammad

thank you, I would be happy to give it a go. Will test-drive it over the weekend 😃

Collapse
 
bzdata profile image
Beatriz

+1

Collapse
 
pbnj profile image
Peter Benjamin (they/them) • Edited

I used the free version of LastPass in the past, but I have switched to 1password for a few reasons:

  1. 1password has a very nice UI and a very intuitive UX.
  2. On MacOS, 1password supports TouchID. On iOS, it supports FaceID for easy, seamless authentication
  3. 1password also supports Two-Factor (a.k.a. Multi-Factor) Authentication tokens. I used to use Authy for this, but it is really nice to have both passwords and 2FA managed by the same app.
  4. Family plan allows me to share passwords with my family securely.
  5. 1password has a CLI client, which is nice for scripts/programs that need to programmatically access passwords and 2FA tokens.
Collapse
 
tiagomagalhaes profile image
Tiago Magalhães

How do you use op to get 2FA tokens?

Collapse
 
pbnj profile image
Peter Benjamin (they/them) • Edited

Go to the account in question > edit > click add new one-time, then you can point the camera at the qr code or type the secret manually.

1password

Thread Thread
 
tiagomagalhaes profile image
Tiago Magalhães

My question wasn't clear enough. I was asking about point 5. the 2FA tokens in the 1password CLI

Collapse
 
moopet profile image
Ben Sinclair

LastPass does everything in your list except the faceID (I don't know if it does that).

Collapse
 
ondrejs profile image
Ondrej

Pass is also kinda cool (passwordstore.org/). Synchronized via git. Minimalist Unix philosophy & design.

Collapse
 
phlash profile image
Phil Ashby

Thanks - that's my TIL for the day!

Collapse
 
snesjhon profile image
Jhon Paredes

I use 1password. Although I have tried others I have found a better experience with 1password. It might just be a personal preference.

However, the standout feature for me using 1password is its iOS integration. Not the app (although it's related) but the AutoFill Passwords integration. 1Password is nicely integrated with using that feature and it's probably the way I use it the most.

Collapse
 
deciduously profile image
Ben Lovy • Edited

I can't compare/contrast, but I've been using BitWarden for over a year and have no complaints. Importing from LastPass was a breeze and I was able to set up my YubiKey for 2FA in maybe five minutes. The mobile app is performant and consistent with the browser plugin. I tell everyone who will listen to use it.

Collapse
 
itenev profile image
Ивелин Тенев

What happens if you lose the YubiKey? How do you backup it up?

This is what keeps me from using YubiKey as a single 2FA token and having an alternative 2FA method like cell phone kind of defeats the whole purpose :/

Collapse
 
dennis profile image
Dennis Møllegaard Pedersen

But me and my GF have each a YubiKey. On lastpass you can set a backup YubiKey, so I can use hers, in case my own are gone. In addition, you can print a list of OTP and use that.

Dont know what BitWarden offers, tho.

Thread Thread
 
deciduously profile image
Ben Lovy

That's great to know! I believe BW lets you do this too, though I'm not positive. I know it offers the printable OTP list - they're very similar products, really.

Collapse
 
deciduously profile image
Ben Lovy

I do have it backed up by cell phone 2FA. I see what you're saying, but I don't feel that undermines the advantages. I have my YK attached to my car keys - if I lose those, I've got all kinds of problems.

Collapse
 
jsn1nj4 profile image
Elliot Derhay

Importing from LastPass may be what gets me to switch over much sooner.

Collapse
 
nickytonline profile image
Nick Taylor

1Password. A subscription also gives you up to 5 family accounts where you can have shared vaults. Multi domain for an account. Pretty solid UI. And the killer is if you're on iOS, you can now use it instead of.the default key chain, which means it's super easy to enter username /password for apps too.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.