One of my friends asked me today, about moving away from LastPass. I told him that Bitwarden Password Manager is a free and open source alternative to LastPass.
Now for a bit of a backstory with the latter. LastPass has been my preferred choice password manager for about a decade now. But the service has been spiraling downwards in terms of quality. Don’t get me wrong. It still works fine most of the time, but the issues which break the functionality of the service, are quite annoying at times.
When Firefox was updated to version 57, Mozilla ended support for legacy XPI extensions for the browser. While many add-on developers ported their work to the new WebExtension format even before Firefox 57 was released, LastPass waited until the last minute to add support for the same. And it was a big mess too. The add-on broke the copy username/password options, and is still not fixed as of today (May 11th, 2018). The beta version of the add-on too, does not have the feature enabled. We have already posted the only workaround for this problem.
Another issue which affected 2 of my computers, is that LastPass logged out of the account, every time I closed the browser. The fact that the auto-logout option was disabled, only added further mystery to the puzzle. Uninstalling the add-on and re-installing it won’t solve the issue. The only fix for this issue, is to delete your Firefox profile or to refresh Firefox (which essentially does the same).
And not to mention, there is one major security issue in LastPass. The Export function which can be accessed from the LastPass Browser Extension Icon > More Options > Advanced > Export, is that this opens your database in a browser window. And guess what, the database is opened in plain text. Yes, anybody looking over your shoulder can read the passwords, or worse take a photo of the same. In case your browser or computer is affected by malware, this is a serious security risk. Clear the browser cookies and data at once.
How to export the LastPass password database:
To save the database as a CSV, you need to install the Binary Component of LastPass, which is included in the desktop program. This won’t open the plain-text version in your browser window.These are issues which may not affect everyone, and we hope LastPass addresses these issues.
Bitwarden Password Manager
Some people are already moving on to other password managers. One such service, is Bitwarden, which as we mentioned before is a free and open source password manager. It has every feature that LastPass has, including cloud support for syncing your vault. And yes, it has cross-platform apps, 2 factor authentication for your account and more.
Bitwarden is not perfect though. There are some minor issues, like when you use the browser extension (logged in to the vault), and you are on some sign-in page, the auto-fill option does not recognize you are logged in. So, you need to refresh the page for that to work. LastPass does this better in my opinion.
Bitwarden’s desktop applications are available for Windows, Mac and Linux from the official website. And there are browser extensions for Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari, Brave, Opera. Vivaldi and Tor. You can even store the password database on your own server.
The mobile apps that Bitwarden has for Android and iOS, are excellent too and sync with the desktop applications and browser add-ons, and even support advanced security measures, like Fingerprint unlocking. If you are familiar with LastPass, you will be right at home with Bitwarden Password Manager.
Be sure to disable the analytics option in the app.
There is a premium account service which gives you some extras like 1GB encrypted storage, 2FA with USB keys, etc for $10/year. But we think the free version is just fine.