If leaving LastPass, do you trust your browser password manager as replacement?

Im glad that stayed with keychain although it is not for windows
How much do you trust Edge ir chrome password managers

I prefer a system not tied to a browser.

2 Likes

I’ve never used it, but the iCloud app is supposed to give you access to your Keychain passwords on Windows.

TBH with the recent issues with LastPass, I’m tempted to look at using either Apple, Google or Microsoft’s password managers.

2 Likes

In terms of security I trust it as much as any other decent solution, but it’s not as flexible or feature-rich as a dedicated utility.

1 Like

The in-browser managers had a rocky start, with them not being encrypted and not being password secured (especially Chrome was bad in the beginning). Steve called them out for their poor security at the time on Security Now.

I did use the Firefox password sync for a while, but eventually moved to LastPass and then, a couple of years back, to 1Password.

My main problem is, I don’t use the same browser on each platform. I use Firefox or Brave on Windows, mainly, but Edge for work accounts, I use Firefox and Safari on my private Mac and I use Safari on my phone and tablet.

Because of the diversity, I stick with a password manager, it works flawlessy with all of them.

1 Like

I get confused with password management on Windows. There’s the credential manager in control panel, Edge can save passwords, plus MS have an authenticator app on iOS/Android with a password vault and autofill. All of these seem to be separate and none work across all devices.

I’ll stick with Bitwarden I think :slightly_smiling_face:

2 Likes

Lol they’re all true

Many routers, VPN, etc offer that as well
My main concern on stand alone ps managers is although they get heavily advertised for a short period of time (the reason I don’t trust them and reviews usually)
They tend to change their business model, charge a premium ( many say it’s good they charge to be responsible for keeping it safe),
and Many data leaks
They are called the best on tech channels as long as they pay for adds or else something else will be the best
Google knows all passwords
Apple has all passwords
Ms has them as well
Now as edge got better in security
I tend to stay with apple keychain and edge for limited things i do with windows (work)
I have lastpass but realy limited

A business has to earn its money somewhere, if all you are doing is giving them your data, they must be doing something with that data to earn money. Password managers charge a premium for additional functionality - and if there are enough premium users, they can afford to provide the basic service for free.

Bitwarden is the exception, it being open source, if they tried to take away the free service, people would just fork it and carry on using it for free. But the cloud service still needs to be financed and some of the developers, at least, need to be paid. That is why you can (and should) donate to open source projects, and why Bitwarden and paid-for tier had.

2 Likes

I totally agree with you
Good work should be backed and supported
Similar to support good channels vs “content creators”
By changing business model i meant not being clear upfront when starting business and tricky widespread advertisements
Anyways, we always hope to find something reliable and support it to last

I’m using the selfhosted Open Source Bitwarden fork called Vaultwarden. Works really well, and I’ve introduced a few layers of security over the top of it. I just run it from my Synology NAS at the moment, but can install it pretty much anywhere. I can also automate encrypted backups too which is handy.

1 Like

Is Vaultwarden really a fork of Bitwarden? On GitHub, it’s described as an “Alternative implementation of the Bitwarden server API”. So, if I understand it correctly, no actual codebase has been forked, it’s an entirely new program that’s compatible with Bitwarden.

I could be wrong, but I believe initially it was a fork, but then rebranded due to offering some of the paid benefits of bitwarden for free and they had to distance themselves from the bitwarden name for legal reasons. Up until only the last 6-12 months it still showed the bitwarden logo in the web vault (changed to a vaultwarden logo now). It uses the bitwarden apps everywhere etc. but doesnt support some of the premium features of bitwarden like sso etc…

I could find info about the name change, but it doesn’t mention anything about a fork.

Even on an archive.org snapshot from 2018, it mentions a compatible server implementation, not a fork.
https://web.archive.org/web/20180816192649/https://github.com/dani-garcia/bitwarden_rs

If the server software is compatible with Bitwarden, they probably just used the Bitwarden apps to prevent themselves from having to develop a new app and to get Bitwarden users using the project.

I guess what really matters is if it provides a benefit over using Bitwarden, as Bitwarden is also open source and can be self-hosted.

I haven’t left LastPass yet, but I’m no longer using the account. Switched to 1Password, and I’m checking out Bit Warden as well just so I can talk about both. Changed all of my important account password and 2FA, and switched from LastPass Authenticator to Authy.

I also use KeePass for some things, like credit card details I simply don’t want to put in the cloud.

I have listened to a lot of security minded podcasts and read articles over the years. The experts I trust, including Steve and Leo, don’t seem to take browser based password managers seriously, so neither do I, and I disabled them.