If leaving LastPass, do you trust your browser password manager as replacement?

Im glad that stayed with keychain although it is not for windows
How much do you trust Edge ir chrome password managers

I prefer a system not tied to a browser.


I’ve never used it, but the iCloud app is supposed to give you access to your Keychain passwords on Windows.

TBH with the recent issues with LastPass, I’m tempted to look at using either Apple, Google or Microsoft’s password managers.


In terms of security I trust it as much as any other decent solution, but it’s not as flexible or feature-rich as a dedicated utility.

1 Like

The in-browser managers had a rocky start, with them not being encrypted and not being password secured (especially Chrome was bad in the beginning). Steve called them out for their poor security at the time on Security Now.

I did use the Firefox password sync for a while, but eventually moved to LastPass and then, a couple of years back, to 1Password.

My main problem is, I don’t use the same browser on each platform. I use Firefox or Brave on Windows, mainly, but Edge for work accounts, I use Firefox and Safari on my private Mac and I use Safari on my phone and tablet.

Because of the diversity, I stick with a password manager, it works flawlessy with all of them.

1 Like

I get confused with password management on Windows. There’s the credential manager in control panel, Edge can save passwords, plus MS have an authenticator app on iOS/Android with a password vault and autofill. All of these seem to be separate and none work across all devices.

I’ll stick with Bitwarden I think :slightly_smiling_face:


Lol they’re all true

Many routers, VPN, etc offer that as well
My main concern on stand alone ps managers is although they get heavily advertised for a short period of time (the reason I don’t trust them and reviews usually)
They tend to change their business model, charge a premium ( many say it’s good they charge to be responsible for keeping it safe),
and Many data leaks
They are called the best on tech channels as long as they pay for adds or else something else will be the best
Google knows all passwords
Apple has all passwords
Ms has them as well
Now as edge got better in security
I tend to stay with apple keychain and edge for limited things i do with windows (work)
I have lastpass but realy limited

A business has to earn its money somewhere, if all you are doing is giving them your data, they must be doing something with that data to earn money. Password managers charge a premium for additional functionality - and if there are enough premium users, they can afford to provide the basic service for free.

Bitwarden is the exception, it being open source, if they tried to take away the free service, people would just fork it and carry on using it for free. But the cloud service still needs to be financed and some of the developers, at least, need to be paid. That is why you can (and should) donate to open source projects, and why Bitwarden and paid-for tier had.


I totally agree with you
Good work should be backed and supported
Similar to support good channels vs “content creators”
By changing business model i meant not being clear upfront when starting business and tricky widespread advertisements
Anyways, we always hope to find something reliable and support it to last

I’m using the selfhosted Open Source Bitwarden fork called Vaultwarden. Works really well, and I’ve introduced a few layers of security over the top of it. I just run it from my Synology NAS at the moment, but can install it pretty much anywhere. I can also automate encrypted backups too which is handy.

1 Like

Is Vaultwarden really a fork of Bitwarden? On GitHub, it’s described as an “Alternative implementation of the Bitwarden server API”. So, if I understand it correctly, no actual codebase has been forked, it’s an entirely new program that’s compatible with Bitwarden.

I could be wrong, but I believe initially it was a fork, but then rebranded due to offering some of the paid benefits of bitwarden for free and they had to distance themselves from the bitwarden name for legal reasons. Up until only the last 6-12 months it still showed the bitwarden logo in the web vault (changed to a vaultwarden logo now). It uses the bitwarden apps everywhere etc. but doesnt support some of the premium features of bitwarden like sso etc…

I could find info about the name change, but it doesn’t mention anything about a fork.

Even on an archive.org snapshot from 2018, it mentions a compatible server implementation, not a fork.
GitHub - dani-garcia/bitwarden_rs: Unofficial Bitwarden compatible server written in Rust

If the server software is compatible with Bitwarden, they probably just used the Bitwarden apps to prevent themselves from having to develop a new app and to get Bitwarden users using the project.

I guess what really matters is if it provides a benefit over using Bitwarden, as Bitwarden is also open source and can be self-hosted.

I haven’t left LastPass yet, but I’m no longer using the account. Switched to 1Password, and I’m checking out Bit Warden as well just so I can talk about both. Changed all of my important account password and 2FA, and switched from LastPass Authenticator to Authy.

I also use KeePass for some things, like credit card details I simply don’t want to put in the cloud.

I have listened to a lot of security minded podcasts and read articles over the years. The experts I trust, including Steve and Leo, don’t seem to take browser based password managers seriously, so neither do I, and I disabled them.

I made the move from LastPass after they had their system hacked the second time and my personal data was found to be offered on the dark web.

I already had a Protonmail account and I upgraded it and got the ProtonPass feature, which has worked like a charm. They even had an import feature where I could take an exported archive from LastPass and import it into ProtonPass. Then I had to start going through and changing passwords on most of the accounts in the vault, while deleting accounts I no longer used from those providers, before deleting them from the vault.

So far, I’ve not had any issues. I’m using Firefox on both Linux/Debian and MacOS Sonoma with Proton’s plugin for Firefox.

I highly recommend them.

I switched to 1Password a few years back. I wouldn’t trust the browser based password management.

I use keepasxc as my password manager, that is where my most important passwords are being kept, but I also use Vivaldi and safari password managers for random web stuff.
These are not usually support important credentials, sort of throwaway accounts.
Since I do not reuse passwords I don’t worry too much about them getting leaked.


I second KeePassXC, although I believe as a user you need to have a certain level of agency over your digital domain to utilize the software effectively. I always tell people “never ask the mechanic what he drives” when they ask for a recommendation.

I used to use the browser credential managers in this fashion too but I started to get frustrated by the sprawl created from using multiple solutions. Do you ever accidentally check the wrong spot for an account?

1 Like

Yeah I am not claiming it’s ideal, but it works if you have a certain workflow.
The important bit is that you have control over your vault. The chances someone targets you to steal your vault is minimal compared to a major service such as last pass which is a major target.

I’ll eventually migrate away from the browser extensions; I’m just not there yet.