Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose?
LastPass recently announced that it will be limiting cloud-access to one-device per user, so if you were using it to sync your passwords to your phone and computer, you won't be able to do so from March 16th.
Many users have hit out at the company on social media, and some believe that it might have dug its own grave with this decision. From a business' point of view, they're offloading the free users while likely retaining their premium customers. And by doing so, they're getting rid of a large chunk of server load and possibly saving resources which would have otherwise been used for customer support, this could prove to be a profitable move for LastPass.
Anyway, let's not discuss that. The more important thing here is your choice, what is a good alternative for LastPass? Which one are you moving to? I've been intrigued by comments across social media, reddit, and of course right here at the blog. The majority of users seem to be flocking towards Bitwarden or KeePass. Some of you maybe confused by which one to go with?
When people think about KeePass, I believe they don't consider it as a cross-platform program, or capable of cloud-based synchronization. They look at it as an open source password manager for computers, right? That's the issue. Many people aren't aware of the various mobile apps that you can use to complement KeePass, more on this later.
Which one will you choose? KeePass or Bitwarden?
Bitwarden's strength is the availability of official apps, and ready-to-use cloud-based, cross-device synchronization. You have to sign up for a Bitwarden account on PC or browser or the mobile app, import your passwords to it. To use it on your other devices, download the app on your phone or the browser add-on or the desktop program, and you're good to go. This right here is in my opinion why users want to use the service.
It is after all what attracted users to LastPass in the first place, cross-device syncing. And I confess to betraying KeePass in favor of LastPass' mobile app (autofill is a lifesaver on small screens) for a couple of years, before learning about KeePass' mobile forks and returning to it.
With Bitwarden, unless you are self-hosting the server (really, how many are going to?), you're essentially saving your passwords on the company's servers. I'm not saying it could be, but in the event the server gets compromised, it could impact your accounts. Hey, the odds of that happening are low. But it's a possibility, right?
Update: the data that is transferred between user devices and Bitwarden's server is end-to-end encrypted. Successful attackers won't have direct access to a user's stored passwords and other data as a consequence. End
KeePass on the other hand doesn't rely on internet to work. Your database is encrypted offline and stays secure if you use a strong password, and this is its strong point. You have to take care of all the protecting on the other hand.
What if I want to access my KeePass database on my mobile devices. This is KeePass' biggest issue, it does not have an official mobile app. Instead, it has a ton of forks, some of which are recognized by the developer, which you can take as a sign that they're considered to be safe until proven otherwise.
Since it is an offline tool, you don't need to create an account to start using it, you just set up your database using the official desktop program on your computer, or by using one of the unofficial (and open source) mobile apps. To sync the database between your computer and your phone, all you have to do is save the database file in a cloud storage service's folder, like your Dropbox, OneDrive, Google Drive, etc, or your self-hosted server.
This essentially provides a double-layer of security, so a hacker would first need access to your cloud storage's server, and then has to bypass your database's master password. Even if the first one is possible, the chances of the second are pretty slim. This is in my opinion, a safer option than relying on a cloud-based system such as one employed by Bitwarden.
You can further minimize the risks by cutting the middle-man out, i.e., and use local synchronization via USB, FTP/SFTP, SyncThing, etc and still get your devices to sync your KeePass database (multiple databases if you want to).
Personally I use the official KeePass desktop program with the database saved to my Dropbox folder, and I have the Keepass2Android app (has an offline version too) on my phone. But there are good alternatives like KeePassDX and KeePassDroid, though they don't support cloud services.
You can go either way, they're both pretty good and have their own pros and cons.
Now you, which LastPass alternative will you choose: Bitwarden or KeePass.Advertisement