I switched from LastPass to Bitwarden and I’m not going back

People are creatures of behavior. Nerds, doubly so. That’s why all of us had that one job that was nonetheless utilizing a DOS stock administration program on its computer systems nicely after 2000, and it’s why we’re nonetheless getting Pokemon video games whereas a number of the unique “gotta catch ’em all” era are actually grandparents. It takes loads to vary the way in which a nerd does issues, is my level. 

And on that observe: LastPass. I used to be a contented person of LastPass for years, and an evangelist of the service for my much less technical family and friends. (No, Aunt Laura, you’ll be able to’t simply have “password1” as your password for every part.) But in case you’ve been following the information currently, that LastPass and its mother or father firm GoTo have been getting an absolute shellacking amongst customers of all ranges after a series of high-profile hacks. 

LastPass deserves no sympathy 

Now, an organization getting hacked isn’t essentially its fault, and it doesn’t essentially point out any type of deficiency. After all, criminals are criminals, they usually’ll hack any high-profile goal that they’ll. But within the case of LastPass, the hacks completely had been its fault — a collection of lax security standards and vulnerabilities to focused phishing makes an attempt had been how the malefactors acquired in. 

And maybe extra damning, LastPass’s failure completely signifies a extreme deficiency. Aside from the final comfort of remembering your passwords for you, conserving them secure from prying eyes is LastPass’s complete enterprise mannequin — and one which it expenses you for if you wish to apply it to a couple of gadget. If you’re going to ask individuals to pay for fundamental performance, performance that’s constructed into the bottom degree of working methods and browsers at this level, you had higher nail it. 

LastPass didn’t nail it. And with the scope of its failure, it’s onerous to see how anybody can belief the corporate ever once more. If you want a cause to eliminate software program you’ve been utilizing for years, it’s onerous to consider a greater one than placing each single little bit of your on-line life in peril. 

A number of alternate options

But I’m nonetheless human, and I’ve [checks notes] 100 and forty-two totally different web sites and providers that I’ve to log in individually at this level, and that listing is barely rising. So a password supervisor, and furthermore, a password supervisor that’s each fairly safe and cross-platform, is a necessity for each my private {and professional} lives. 

At this level there are a number of choices if you wish to ditch LastPass. I attempted 1Password, and in full disclosure, I did this as a result of the corporate provides free upgrades to its premium service for members of the press. But in contrast to LastPass, there’s no free model of 1Password, only a free trial, and I felt like that makes it one thing very troublesome to advocate to the common person. I bumped into the identical difficulty with PCWorld’s pick for the best overall password manager, Dashlane, which solely provides entry on one gadget on its free tier.

Rob Schultz/IDG

Enter Bitwarden, PCWorld’s favorite free password manager, and the password supervisor that sells itself on being open-source. That doesn’t truly matter to me personally, since I can code software program about in addition to I can follow alligator dentistry. But there’s a little bit of consolation figuring out that there’s a military of nerds that may test Bitwarden’s work in the event that they need to. And since, once more, it is a firm you’re trusting with the keys to your proverbial citadel, they’re motivated to take action. 

The ups and downs of Bitwarden

“Open-source” comes with just a few expectations. One is that it’s free, or a minimum of has a free possibility. Check: Bitwarden’s free private tier will get all the fundamental performance of storing and recalling passwords, plus the important further of a randomized password generator. (This is totally one thing you need, until you’re nice at inventing 14 randomized characters on the drop of a hat.) And as a plus over each LastPass and 1Password, the free tier consists of entry through apps and browser extensions on limitless gadgets. That’s onerous to beat. 

Bitwarden

Another expectation of open-source is a considerably lackadaisical perspective in the direction of the person interface. Alas, this too is the case. Bitwarden’s UI is frankly ugly and a bit janky subsequent to its competitors. But after utilizing it for just a few months you get the ins and outs of its largely menu tree-based system…if solely by dint of going via every menu in search of that one little tweak.

Bitwarden

Bitwarden can also be lacking just a few creature options. For instance, although the Windows app is kind of redundant if in case you have a browser extension, you’ll be able to’t arrange entry to your vault through Windows Hello fingerprint or face scanning with out it. That’s even supposing Chrome can deal with Windows Hello authentication on the internet simply effective. Bitwarden’s cellular apps are equally unintuitive — a minimum of as soon as per week I’ve to manually copy and paste my credentials into some app or one other. 

You can’t beat free

But regardless of that jank, it’s onerous to argue with Bitwarden’s worth proposition. You solely have to pay for some further authentication options and premium entry to help, and even that’s shockingly low cost at simply $10 a yr. So I’ll proceed to make use of Bitwarden for myself, and advocate it to my family and friends, aside from these few who’re keen to pay for a handsome menu interface. 

…and even then, I’ll advocate 1Password over LastPass, a minimum of for the foreseeable future. Because 1Password has but to have a catastrophic hack or leak…that we find out about. That’s how you modify a nerd’s habits: Give them one thing free, useful, dependable, and in the case of safety software program, one thing reliable.