this post was submitted on 07 Aug 2024
50 points (98.1% liked)

Privacy

32096 readers
634 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Despite the massive breach where we found out that notes (where lots of people stored previous passwords) were not stored encrypted by Lastpass, I have stuck with them for years because its hard to switch services.

Recently I realized that both my wife and I were paying for 2 separate password manager services and we need to consolidate down to one.

Staying with LastPass and moving to a family account would only cost $4/m which is still 1/2 what we were paying combined.

Is there another manager that offers Apple, Android, and Browser based applications/plugins? Ideally also with an authentication app, though I can swap to any authentication if I need to so its just a nice to have.

top 30 comments
sorted by: hot top controversial new old
[–] TheButtonJustSpins@infosec.pub 63 points 3 months ago (3 children)

Check out BitWarden. You can use a Collection to share passwords with each other. Free, though I think the TOTP functionality is in the Premium subscription ($10/yr).

[–] Vanth@reddthat.com 34 points 3 months ago

Bitwarden also imported my LastPass export seamlessly. Setup and transferring took under 20 min.

[–] wesker@lemmy.sdf.org 18 points 3 months ago

BitWarden user for 4 years now, managing an organization that consists of my family. It's great.

[–] infinitevalence@discuss.online 11 points 3 months ago (3 children)

I like your suggestion, forwarded to partner. Also this way we both have to go through some pain to transfer and its not just them.

[–] HessiaNerd@lemmy.world 8 points 3 months ago

I moved from LastPass free to bitwarden paid. Very happy with the upgrade. I can manage my aging parents passwords and share joint account info with my spouse.l

[–] calmluck9349@infosec.pub 3 points 3 months ago

Its not that painful. Just export from lastpass. I did when they brought up prices before the breach. The export at the time was just CSV so no photos came with it. I'm on Bitwarden now.

[–] fmstrat@lemmy.nowsci.com 2 points 3 months ago

Big fan of BitWarden, hosted and self-hosted.

[–] fluckx@lemmy.world 27 points 3 months ago (1 children)

I think bitwarden checks all the boxes. It's 3.33$ per month for a family plan ( 6 users). I've used it for a long time and I'm happy with it.

If you want more privacy you can always self host vault warden and use that. In which case you have full access to the premium features and you just pay the hosting costs.

Bitwarden can be set as the default password manager in browsers. Stores TOTP codes, has a browser plugin, has android app and iOS app.

Works flawlessly in my experience ( Linux/macbook/android).

No experience with iphones, but I assume it is fully supported.

[–] capital@lemmy.world 2 points 3 months ago

I’ll echo everything above. I moved from LastPass as soon as I heard it got bought by a private equity firm and I’ve loved Bitwarden. Well worth the small amount they charge.

Does indeed work fine on all of the above and I can confirm iOS is good to go.

[–] floofloof@lemmy.ca 25 points 3 months ago* (last edited 3 months ago)

Using LastPass now, after we learned so much about them from that breach, is inadvisable. Security is the whole point of a password manager, so no matter what the price, a password manager run by a company that can't do security, and tries to hide their poor practices behind a wall of secrecy and deceit, is not a good option.

BitWarden is free, or $10 per year for premium, or $40 for the family version where you get 6 accounts. It's open source and the developers are quick to respond to issues. It's a refreshing contrast to the culture of secrecy and complacency that is LastPass.

1Password is also well thought of, but not open source.

[–] independantiste@sh.itjust.works 13 points 3 months ago* (last edited 3 months ago) (2 children)

Proton Pass or Bitwarden are both very good options. Here is my breakdown of their pros and cons:

Pros of Proton Pass over bitwarden

  • Much better UI/UX (in terms of looks and ease to navigate)
  • The app is feels much faster than Bitwarden's, maybe its not objectively, but it feels lightyears ahead in terms of speed
  • Possibility for separate email and username fields
  • more seamless integration with simplelogin aliases than what Bitwarden has
  • TOTP is available in the free version

Cons of proton pass compared with bitwarden:

  • No "Identity" item type (vault item where you can store info about yourself like your SSN etc.)
  • No payment card autofill
  • Can only register the "generic" 6-digit type of TOTP (Steam guard TOTP didn't work when I tried it)
  • No custom fields that auto-fill on the web page
  • less settings in general, for example, you can't decide of the hashing algorithm of your account's password, and you can't tweak the hashing parameters
  • more expensive
  • less "Foss": the server code is not published and there are no 3rd party servers like vaultwarden
[–] unskilled5117 4 points 3 months ago (1 children)

Passkeys have been available in Bitwardens mobile apps for some time: https://bitwarden.com/help/storing-passkeys/

[–] independantiste@sh.itjust.works 4 points 3 months ago

Thx, edited

[–] ChiefGhost295@lemmy.one 4 points 3 months ago* (last edited 3 months ago) (1 children)

Pros of Proton Pass over bitwarden

  • Much better UI/UX (in terms of looks and ease to navigate)
  • The app is feels much faster than Bitwarden's, maybe its not objectively, but it feels lightyears ahead in terms of >speed
  • Possibility for separate email and username fields
  • more seamless integration with simplelogin aliases than what Bitwarden has
  • TOTP is available in the free version
  1. Bitwarden is currently working on redesigning their apps, which will also include new native mobile apps that will fix the current speed issues. You can already test them if you are interested.

  2. Even if Bitwarden doesn't have as straightforward implementation regarding the separate email and username fields, you can easily use custom fields to solve this issue. As you also noted, Bitwarden will also autofill these.

  3. Even though Proton’s SimpleLogin implementation is more simple and likely easier to use compared to Bitwarden, it also poses a serious lock-in issue with Proton Pass. If you ever decide to downgrade to a free plan, Proton will disable all your aliases that go beyond the max limit (10) in the free plan. This is a big contrast to even SimpleLogin that will keep all of your aliases operational even if you downgrade to the free plan. I would also take Bitwarden’s alias implementation over Proton Pass because they support multiple different aliasing providers compared to just SimpleLogin. In the past I have had issues registering a SimpleLogin alias for some sites, so all I needed to do was to change to DuckDuckGo that Bitwarden also supports and the site accepted that one. This is also a feature I doubt Proton would never implement because they own SimpleLogin.

  4. Proton’s free version only supports three TOTP logins, so not very usable, and Bitwarden’s Premium plan is only $10 per year, so not a big deal to upgrade to that if you need this feature.

[–] capital@lemmy.world 1 points 3 months ago

To add to this point,

I was using ProtonMail when I finally got serious about generating new email aliases for everything. I went as far as upgrading my plan and started setting up SimpleLogin when I ran into the fact that I couldn't just send from arbitrary addresses using a domain THAT I OWN. I couldn't even reply to emails to a particular alias, FROM that alias. It looks mighty sketchy to the other party when you reply from some address they didn't know about with the contents of someone else's email (for all they know). Trying to explain this to others was a terrible experience.

I came across Fastmail, saw they integrated with Bitwarden via API so Bitwarden could create aliases (Fastmail calls them "masked emails"), and verified that I could both send from arbitrary addresses using my own domain and easily reply from masked addresses properly. I moved over and I've loved it ever since.

As I understand it, Proton is still working on the sending feature I wanted but it's obviously not a priority for them.

IMO, Fastmail + Bitwarden is a much stronger feature set than Proton + SimpleLogin. Which is nuts considering Proton/SimpleLogin's close relationship.

If I ever want to migrate from Fastmail, it's a DNS change...

[–] kia@lemmy.ca 12 points 3 months ago (1 children)

It took me less than 30 minutes to transfer my LastPass vault to Proton Pass. The actual transfer took under a minute, then I just had to reorganize the folders. Definitely worth the switch.

[–] runwaylights@lemmy.world 7 points 3 months ago

The transfer into proton is indeed very easy and with their family pack you also get Mail, Drive, VPN, Calendar and they keep working on adding more. Very happy with proton and their fight for privacy

[–] ignotum@lemmy.world 11 points 3 months ago

Exported everything in lastpass as CSV, imported it into KeePass, the vault file is synchronized between my devices using syncthing, i never looked back

[–] voracitude@lemmy.world 11 points 3 months ago* (last edited 3 months ago) (1 children)

1password offers complete import from LastPass and both looks and works similarly. Same price, I think; better software, fewer and lower-severity CVEs, better handling of breaches when they do happen. It seems to offer everything you're looking for.

Edit: well bugger, critical flaw for 1password Mac app: https://www.forbes.com/sites/daveywinder/2024/08/07/critical-1password-security-flaw-could-let-hackers-steal-unlock-key/

It's been patched, but not a good look when I just said they don't have super bad CVEs 😑 Still true, this is rare, but important to update and address it I think.

[–] AstralPath@lemmy.ca 3 points 3 months ago

1password is great!

[–] greatwhitebuffalo41@slrpnk.net 10 points 3 months ago

I've thoroughly enjoyed Bitwarden. Their free version meets my needs but I pay for the paid because I think it's great.

[–] nokturne213@sopuli.xyz 8 points 3 months ago

I left lastpass and moved to Bitwarden. On mobile Bitwarden does not handle multiple fills (such as username, account number, and password). I have also found that if you add a login or update a login on one device it can take a while to automatically sync despite it saying it recently sync’d. I have to go in and manually sync.

but those are the only issues I have had with it and have now been using it about as long if not longer than lastpass.

I think I pay $10/year. I am trying to get my wife and kids to sign up and then I will get a family plan.

I used Bitwarden on android, windows, Linux, iOS, and macOS.

[–] Jumuta@sh.itjust.works 7 points 3 months ago (3 children)

I know keepassxc works with Android, Linux and windows with syncthing, but idk if it works with Apple

[–] bonn2@lemm.ee 2 points 3 months ago* (last edited 3 months ago)

This is my solution as well. It is worth remembering however that unlike paid services you are on the hook for your own backups. Not really a downside IMO, but something extra that needs to be done.

[–] trevor@lemmy.blahaj.zone 1 points 3 months ago

KeePaasium is what you use for Apple devices (macOS and iOS. Unfortunately, it's a paid app, but you can enroll in the beta program to get it for free.

[–] considine@lemmy.ml 1 points 3 months ago (1 children)

I use Keepass2Android. Is there some reason Keepassxc is better, or just an alternative?

[–] Jumuta@sh.itjust.works 2 points 3 months ago

i dont think xc is on android i use dx

[–] Kanzar@sh.itjust.works 6 points 3 months ago

My friends use bitwarden. We're on 1password. Both seem decent choices.

[–] 01189998819991197253@infosec.pub 2 points 3 months ago

I use Bitwarden for personal, and Keeper for work. Both great so far.

[–] bilbobaggins@lemmy.world 2 points 3 months ago

adding on to what people have said about Bitwarden, it supports passkeys but LastPass still doesn't?! if you want to increase your security even more, then definitely consider passkeys 🔑