Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose? - gHacks Tech News

Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose?

LastPass recently announced that it will be limiting cloud-access to one-device per user, so if you were using it to sync your passwords to your phone and computer, you won't be able to do so from March 16th.

Keepass desktop program

Many users have hit out at the company on social media, and some believe that it might have dug its own grave with this decision. From a business' point of view, they're offloading the free users while likely retaining their premium customers. And by doing so, they're getting rid of a large chunk of server load and possibly saving resources which would have otherwise been used for customer support, this could prove to be a profitable move for LastPass.

Anyway, let's not discuss that. The more important thing here is your choice, what is a good alternative for LastPass? Which one are you moving to? I've been intrigued by comments across social media, reddit, and of course right here at the blog. The majority of users seem to be flocking towards Bitwarden or KeePass. Some of you maybe confused by which one to go with?

When people think about KeePass, I believe they don't consider it as a cross-platform program, or capable of cloud-based synchronization. They look at it as an open source password manager for computers, right? That's the issue. Many people aren't aware of the various mobile apps that you can use to complement KeePass, more on this later.

Which one will you choose? KeePass or Bitwarden?

Bitwarden's strength is the availability of official apps, and ready-to-use cloud-based, cross-device synchronization. You have to sign up for a Bitwarden account on PC or browser or the mobile app, import your passwords to it. To use it on your other devices, download the app on your phone or the browser add-on or the desktop program, and you're good to go. This right here is in my opinion why users want to use the service.

KeePass vs BitWarden, which one will you choose

It is after all what attracted users to LastPass in the first place, cross-device syncing. And I confess to betraying KeePass in favor of LastPass' mobile app (autofill is a lifesaver on small screens) for a couple of years, before learning about KeePass' mobile forks and returning to it.

Bitwarden firefox extension

With Bitwarden, unless you are self-hosting the server (really, how many are going to?), you're essentially saving your passwords on the company's servers. I'm not saying it could be, but in the event the server gets compromised, it could impact your accounts. Hey, the odds of that happening are low. But it's a possibility, right?

Update: the data that is transferred between user devices and Bitwarden's server is end-to-end encrypted. Successful attackers won't have direct access to a user's stored passwords and other data as a consequence. End

KeePass on the other hand doesn't rely on internet to work. Your database is encrypted offline and stays secure if you use a strong password, and this is its strong point. You have to take care of all the protecting on the other hand.

What if I want to access my KeePass database on my mobile devices. This is KeePass' biggest issue, it does not have an official mobile app. Instead, it has a ton of forks, some of which are recognized by the developer, which you can take as a sign that they're considered to be safe until proven otherwise.

Since it is an offline tool, you don't need to create an account to start using it, you just set up your database using the official desktop program on your computer, or by using one of the unofficial (and open source) mobile apps. To sync the database between your computer and your phone, all you have to do is save the database file in a cloud storage service's folder, like your Dropbox, OneDrive, Google Drive, etc, or your self-hosted server.

Migrating from LastPass to an alternative password manager

This essentially provides a double-layer of security, so a hacker would first need access to your cloud storage's server, and then has to bypass your database's master password. Even if the first one is possible, the chances of the second are pretty slim. This is in my opinion, a safer option than relying on a cloud-based system such as one employed by Bitwarden.

You can further minimize the risks by cutting the middle-man out, i.e., and use local synchronization via USB, FTP/SFTP, SyncThing, etc and still get your devices to sync your KeePass database (multiple databases if you want to).

Personally I use the official KeePass desktop program with the database saved to my Dropbox folder, and I have the Keepass2Android app (has an offline version too) on my phone. But there are good alternatives like KeePassDX and KeePassDroid, though they don't support cloud services.

You can go either way, they're both pretty good and have their own pros and cons.

Now you, which LastPass alternative will you choose: Bitwarden or KeePass.

Summary
Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose?
Article Name
Migrating from LastPass to an alternative password manager? KeePass vs Bitwarden, which one will you choose?
Description
Now that LastPass is going to restrict free users severely, are you switching to a different password manager. Will you choose Bitwarden or KeePass?
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post:

Comments

  1. MJTobias said on February 20, 2021 at 4:53 pm
    Reply

    Already switched to Bitwarden and have been a happy user. Unless they follow Lastpass’s lead and do something stupid, I can’t imagine switching again.

  2. Chucky2401 said on February 20, 2021 at 5:09 pm
    Reply

    I use KeePass for a while now. I can’t change, because I use some URL overrides to open SSH/RDP/Teamviewer connection with one shortcut.
    You are not able to do that with BitWarden, or I didn’t see this features.
    I think Bitwarden is for end-user with low capacity on computer. But KeePass for an I.T. guy is very powerful.

  3. rip said on February 20, 2021 at 5:15 pm
    Reply

    KeePass has been my go to for several years. I use Google drive to synch with my Android phone and Windows/Linux boxen.

    Recently I’ve also been using KeePass to store non-password related information including medical and financial records.

    The list of add-ons is overwhelming, however. I sorta wish KeePass would have a recommended list of 10-20.

  4. SteveB said on February 20, 2021 at 5:37 pm
    Reply

    I really don’t see why people should crib about having to pay for products – disk farms, networking, R&D, support all costs – if those who whinge are willing to work for nothing, I’ve plenty of projects in mind.

    1. Beta said on February 22, 2021 at 12:05 pm
      Reply

      I paid $36 for LastPass Premium. I don’t understand why that is a problem. I usually feel guilty using applications that are free. If I like a free app I usually donate to the organization that supports it.

  5. Sérgio said on February 20, 2021 at 6:05 pm
    Reply

    None, i will jeep using keepassxc. Cross-platform, Open source, offline and great ui.

  6. Michael Rainey said on February 20, 2021 at 6:21 pm
    Reply

    I find Sticky Password to be easy to set up and quite capable.

    https://www.stickypassword.com/

  7. LogicDaemon said on February 20, 2021 at 6:42 pm
    Reply

    Use metactrl DropSync or some other sync tool to sync KeePass db to the phone and use KeePassDX on Android. That’s better than native support because it still works with when offline/no signal.

  8. ShintoPlasm said on February 20, 2021 at 8:37 pm
    Reply

    When you need to share access with other family members, Bitwarden is the preferred option. KeePass is for loners… :D

    1. owl said on February 21, 2021 at 7:15 am
      Reply

      @ShintoPlasm,
      When you need to share access with other family members, Bitwarden is the preferred option. KeePass is for loners… :D

      You may be right.
      I, too, have found Bitwarden to be the better for shared use with family.
      In an environment where there is no one to share, KeePass is the best.

  9. Finnegan said on February 20, 2021 at 8:51 pm
    Reply

    I’ll choose Keepass XC which is better than the original Keepass.

    1. PlusOne said on February 23, 2021 at 5:01 am
      Reply

      +1

  10. Ric Burger said on February 20, 2021 at 9:25 pm
    Reply

    I just sent all of my login info to Bitwarden and I am very happy. On big improvement is I can now use biometric log in for all my devices.

  11. Old Guy70 said on February 20, 2021 at 10:30 pm
    Reply

    I have used KeePass for many years. Portable, reasonable size, and under the user’s control. I am less skilled than many who follow this site, but I don’t understand why anyone reading this would choose another program, given KeePass’ ability to generate passwords according to the website’s specks, and easy backup and duplication on multiple devices.

  12. Anonymous said on February 20, 2021 at 10:43 pm
    Reply

    “I’m not saying it could be, but in the event the server gets compromised, it could impact your accounts. Hey, the odds of that happening are low. But it’s a possibility, right?”

    Correct me if I am wrong but my understanding is if you use a complex passphrase rather than a simple password, the odds of cracking you account increase dramatically and the main threat becomes social engineering.

    Enter ‘Bowser’ on the following website
    https://howsecureismypassword.net/
    then test
    My 1st dog’s name was Bowser

  13. Anonymous said on February 20, 2021 at 11:04 pm
    Reply

    Hey Ashwin, Gary from Bitwarden here. Per your comment “With Bitwarden, unless you are self-hosting the server (really, how many are going to?), you’re essentially saving your passwords on the company’s servers. I’m not saying it could be, but in the event the server gets compromised, it could impact your accounts.”
    > there is now way for Bitwarden, or anyone, to get to your accounts on the Bitwarden servers since all vault data is end to end encrypted. More detail in our security FAQ https://bitwarden.com/help/article/security-faqs/#q-what-happens-if-bitwarden-gets-hacked

  14. Anonymous said on February 20, 2021 at 11:35 pm
    Reply

    Password Safe or KeePass, sync database with your own host. No need to rent cloud services for a few kilobytes of data.

  15. Anonymous said on February 21, 2021 at 1:04 am
    Reply

    There is no problem with KeePass. The problem is with the different apps you need to get it to work. None of them have been audited. You are trusting all your security to unvetted, unaudited apps. At least Bitwarden has gone through multiple external security audits. Has Keepass2android? KeepassDX etc? No. They may be fine, but maybe the authors have put in something nefarious, or there is a security flaw in them. Is it worth risking the passwords to every account you have? Bitwarden basic is free, if you want the benefits of Pro it is only $10/yr. How much is it going to cost you if some unaudited addon you need to get it to work they way you want has a security flaw or is written by an unscrupulous author?

    1. Anonymous said on February 21, 2021 at 6:24 pm
      Reply

      This!

  16. David said on February 21, 2021 at 3:37 am
    Reply

    Bitwarden holds my reference copy of my passwords. I also periodically make a Keepass copy.

  17. KHTangent said on February 21, 2021 at 6:21 am
    Reply

    Bitwarden also allows offline access, you just need internet access when setting up a new device. AFAIK, your passwords are end-to-end-encrypted as well, so if their server is compromised, they wouldn’t get access to your passwords.

  18. owl said on February 21, 2021 at 6:40 am
    Reply

    There is no doubt about the usefulness of password managers.
    Some sort of “password manager” is built into the browser, it has also been added as an incidental Service Items to security solutions such as VPN clients and Kaspersky.
    Can you trust all of those password managers?
    Risks such as data breaches, accidental inaccessibility, and data loss must also be considered.

    “Password manager” can generate and manage login account information, but if the user is familiar with how to use it, and put to practical use it, it can also manage extremely unique information other than the user.
    In fact, in addition to login account information, I manage a wide variety of information “such as credit card information, basic resident information, taxpayer identification number, passport number, driver’s license and qualification registration information, securities information, asset inventory, etc.” and unique information of relatives with “KeePass Password Safe”.

    At home, I use a Desktop PC (Windows 10), but for mobile use, I use an iPad and an iPhone.
    Since KeePass Password Safe is for Windows only, I use “Bitwarden” on mobile devices (I used to use KeePassXC, but switched to Bitwarden for convenience and update support).
    Since mobile devices are at risk of loss or hacking, I do not register any unique information with high importance.
    I have already added “Bitwarden” to my desktop PC, but the information registered in Bitwarden is limited to the content for synchronization with mobile devices.

    What is appropriate and what is inappropriate is, after all, a “user’s value judgment”. The optimal selection will be narrowed down based on how you are using it.
    In my opinion, the accessories of “browsers, security solutions, VPN clients, etc.” are unreliable. From my knowledge and experience, I recommend “KeePass Password Safe, KeePassXC, Bitwarden”!

    https://en.wikipedia.org/wiki/KeePassXC
    The Electronic Frontier Foundation mention KeePassXC as “an example of a password manager that is open-source and free.”[6] The tech collective PrivacyTools has included KeePassXC in their list of recommended password manager software because of its active development.

    1. owl said on February 21, 2021 at 6:47 am
      Reply

      Surveillance Self-Defense
      Tips, Tools and How-tos for Safer Online Communications
      A Project of the Electronic Frontier Foundation
      https://ssd.eff.org/
      Keeping Your Data Safe
      https://ssd.eff.org/en/module/keeping-your-data-safe
      Using Password Managers to Stay Safe Online
      https://ssd.eff.org/en/module/animated-overview-using-password-managers-stay-safe-online
      How to Make a Super-Secure Password Using Dice
      https://ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice

      Should understand the importance of passwords correctly and choose “robust and reliable means” from the viewpoint of trouble prevention.
      Half-hearted means are the cause of accidents and incidents.

      If you are currently using a password manager software like 1Password, LastPass, Roboform, or iCloud Keychain, you should pick an alternative here:
      https://www.privacytools.io/software/passwords/
      Results of Bitwarden security audit published | gHacks Tech News
      https://staging-ghacksnet.kinsta.cloud/2018/11/13/results-of-bitwarden-security-audit-published/
      Bitwarden | Wikipedia
      https://en.wikipedia.org/wiki/Bitwarden
      KeePass Password Safe | Wikipedia
      https://en.wikipedia.org/wiki/KeePass
      KeePassXC | Wikipedia
      https://en.wikipedia.org/wiki/KeePassXC
      LastPass | Wikipedia
      https://en.wikipedia.org/wiki/LastPass

      1. owl said on February 21, 2021 at 6:49 am
        Reply

        KeePass Password Safe | Home
        https://keepass.info/index.html
        Introduction – KeePass | KeePass Help Center
        https://keepass.info/help/base/index.html
        First Steps Tutorial – KeePass | KeePass Help Center
        https://keepass.info/help/base/firststeps.html
        Master Key – KeePass | KeePass Help Center
        https://keepass.info/help/base/keys.html
        Plugins – KeePass | KeePass Plugins and Extensions
        https://keepass.info/plugins.html
        Technical FAQ – KeePass | KeePass Help Center
        https://keepass.info/help/base/faq_tech.html
        Detailed information on the security of KeePass.
        https://keepass.info/help/base/security.html

        Check all KeePass passwords against the Have I Been Pwned database locally | gHacks Tech News
        https://staging-ghacksnet.kinsta.cloud/2019/01/18/check-all-keepass-passwords-against-the-have-i-been-pwned-database-locally/

      2. owl said on February 21, 2021 at 7:01 am
        Reply

        Many people who do not use a password manager tend to register “automatic login” at login destination.
        However, the actual situation of maintenance management of the login destination is unknown and extremely risky.
        The act of storing your unique data (email address, password, credit card information, etc.) on social media, Amazon, online shopping, etc. is risky!
        Even if it is troublesome, you should log in every time you use it.
        And change your password in a timely manner!
        The 773 Million Record “Collection #1” Data Breach | Troy Hunt
        https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

        https://staging-ghacksnet.kinsta.cloud/2021/02/16/lastpass-free-will-be-severely-limited-on-march-16-2021/#comment-4486694
        I recommend “KeePass Password Safe, KeePassXC, Bitwarden” from my knowledge and experience, but with them, you can easily, inexhaustibly, and instantly generate very complex password sets, and can manage it.
        Case example:
        ● Number of characters in the password to be generated “35”:
        /gôÁ@îÐ+EѲ”ÚjS{ùÚWÎ4Û«f,VZÙ#ÁµIÝG?
        ● Number of characters in the password to be generated “1000”:
        IAF·Z:»¾ð6ö°`ÅMi».ÎØÍÒl_n.\r©ýo\»L©#ËvÀ+wQëj²õFºkÜ))L³£Â1 ¾)°ávósÑjüÍ%JaH¦}nãv¬¶Øù¨bÓ4XWZK]®<qø%ØVBØ#ÝY#_LÅÛÈgÝÁ´x«2ZÈhbßè$)¡gøVºÒÅʾmÑæ`/6üP帪¼éªjE¢ð@^OS"ý²è§SrÌX\TFU¾*hQÛ.áp+:8u%§ÊÁ:ó°cõFÃG?S*Zmï-½ØeNÀ,?±O©QZç&[¨êºKùØ´Éaÿ¯Nº#<$Nº$å<5te½Çö÷'a\sæÅu?HZ¯´ÈVca¨zå¢V.¬XSf#]qÿ^Z¥ü {Jçý»"^-ÃPgÜ|pzËÌý]pILX¥7½À¢oÕMQÀÜH2îÍ?.Äæúñè½G#Eåte8m%¾ª©Ù×!o`¢hr3í;Àïf$¡¹ª¾’ÐÎ_*~ÜóêWz1Üîh)þ_é4oú§t*;×o¸/âàñÖzM,VÊ®AãXwâ×ùò,pÂ_Ì\ì÷±}¢9Èt9Aãáh¥ÍJÂêê=yòËRªv æª&ö&_¶Ê㣯MÅãØöëê~È/zW.i:)Ù&NQÓ[b¡í®Ãß8iH½ÜLM[fM¼3=+z$è4tÌYÄ°z&þ1ôû£¬À8»©¸Lñ×vy:Êr/Òðg¾_||mÔ¤Q©0<l¶Ô¯IxcÆ°(Ø\õä³$ëÎxÙ¶wØgÜÿ£G#|mc¸àïÛåÜF£ÏÖ

        You see, it’s amazing!
        Is it possible to enter manually?
        Is it possible to memorize such a complex password sets?
        If “password sets” are inconsistent three times, your login account will be locked immediately, and it is impossible for a third party to unlock it.

        Don’t insist on such nonsense as “memorization” or “notes and pen”, you may want to use a password manager.
        If you’re straightforward, you’ll be amazed at the amazing power of password managers.
        With a genuine password manager, everything can be generated and managed easily and at will, with secure control.

  19. Moloch said on February 21, 2021 at 7:38 am
    Reply

    I would just use both just to fool my enemy.

  20. Jdkdk said on February 21, 2021 at 9:00 am
    Reply

    I do not like that my accounts and passwords are saved in the cloud. My KeePass database is saved on my own Nas behind a hardware firewall. I access those data via VPN from the internet.

  21. Carl Gustav said on February 21, 2021 at 10:44 am
    Reply

    KeePass / Keepass2Android + NextCloud

    As mentioned above, it’s a rather strange idea to pay for a separate storage service of several kilobytes that cannot even be edited offline.

  22. Klaas Vaak said on February 21, 2021 at 12:25 pm
    Reply

    KeePass is a great password manager for Windows. On Linux and MacOS it is not so great; KeepassXC is much better for those 2 platforms.

  23. Edward said on February 21, 2021 at 2:21 pm
    Reply

    Since I am already bought into Office365 from Windows (which inherently means I have to trust Microsoft) I just switched from LastPass to Microsoft Authenticator/Microsoft Autofill. It is still version 1.X, but it works fine on the iPhone for both browsers and apps. For Windows 10 it works in Chrome and Edge. Moving was just a matter of dumping the CSV file from LastPass and copying the columns into the import template for Microsoft.
    Honestly I think I would rather trust Microsoft than any of the small guys or Google, and definitely more than hosting myself.
    The integration with Authenticator is slick—everything is FaceID on my iPhone.

    1. owl said on February 21, 2021 at 4:00 pm
      Reply

      “Face ID” and “fingerprint authentication” have been touted as the ultimate authentication method, but if Face ID or fingerprint authentication leaks out, it is easy to duplicate (counterfeit and sell), and the seriousness of the risk is also ultimate.
      After all, the “password method” that can be changed and reissued is the best.

    2. owl said on February 22, 2021 at 1:44 am
      Reply

      > everything is FaceID

      “Face ID” and “fingerprint” are the one and only ultimate personal information.
      Congenital faces and fingerprints are only unique, and no one in nature is the same.
      It is my personal opinion that absolute personal information that impossible to remake (remodeling) should be avoided from being registered “outside”.

  24. Dave Koker said on February 21, 2021 at 3:15 pm
    Reply

    One thing that I did not see mentioned in the discussion is the use of a key file (maybe I missed it). I believe that one of the Keepass’s strongest points is that you can use a Key file as an additional level of security. If the key file is kept only on your devices while the encrypted password database file is in the cloud, that along with your password needed to access it, makes KeePass my choice. If the other password keeping apps have this ability, please let me know, as I have not found any mentions on their respective websites yet.

    1. matthiew said on February 22, 2021 at 2:44 am
      Reply

      That’s a method of two-factor authentication. BitWarden has it’s own 2FA methods available.

  25. Jack said on February 21, 2021 at 5:04 pm
    Reply

    I’ve been using KeePass for quite a while, primarily because it has the attributes I wanted; highly rated, cross-platform and open-source. Like most, I have some sensitive info stored in it and for that reason I am reluctant to store passwords anywhere outside my local network, so currently my solution is replicated local databases. Now this may seem a little old school, but “if it is not out there, no one can hack it”, and I just spent a couple of hours dealing with the fallout from Breachcomp2.0. And there are enough KeePass add-ons that it is not difficult to manage, although sync does requires manual intervention.

  26. Wayfarer said on February 22, 2021 at 12:51 am
    Reply

    Keepass without hesitation.

    Open source portable version on every device, blocked from the net by my firewalls, and accessed with a reasonably long password. Files copied and transferred the hard way – a real labour of hercules commonly taking all of 2 minutes. Nothing in the cloud – on principle.

    Never let me down yet (touch wood.)

  27. thEGA said on February 22, 2021 at 4:44 am
    Reply

    KeePass 1.x was also audited by EU-FOSSA.
    Presumably the 2.x code would pass as well.
    https://staging-ghacksnet.kinsta.cloud/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found/

  28. noSign said on February 22, 2021 at 11:07 am
    Reply

    KeePassXC requires network access.
    KeePass is written in C # and therefore requires Microsoft’s .NET platform. It has happened to me in a WinPE request to install NET Framework 4.0.2

    1. KeePassXC FAQ said on February 23, 2021 at 5:39 am
      Reply

      Regarding “KeePassXC requires network access”

      Here is what KeePassXC website FAQ says:

      Q: I see that KeePassXC requires network access. What for?
      A: KeePassXC needs network access for downloading website icons (favicons) for password entries and for providing KeePassHTTP-compatible browser extensions with access to your database. Both features are optional and opt-in. KeePassXC will never access any network resource without your explicit prior consent. If you don’t use either of these features, you may also compile KeePassXC without any networking code (see next question).

      Q: Can I get a KeePassXC version without any networking code?
      A: Yes, you can compile KeePassXC without any networking code. Simply configure CMake with -DWITH_XC_NETWORKING=OFF (see Building KeePassXC (https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC) ).

      Source: https://keepassxc.org/docs/#faq-security-no-network

  29. Question Reality said on February 22, 2021 at 11:25 am
    Reply

    Nope – It’s pen and paper for me!

  30. Anonymous said on February 22, 2021 at 12:34 pm
    Reply

    I just love KeePass. I set it up years ago just as you describe and it works so well! I like to know where my security data are kept!

  31. Jeff said on February 22, 2021 at 4:45 pm
    Reply

    Author clearly lacks fundamental understanding of how encryption works and didn’t even mention security audits. Seems like they are pushing Keepass because it’s for power users and they want to be seen as one.

    Spent many years on Keepass XC, it’s garbage compared to bitwarden and even though you have full control over your databae the lack of security audits for it and any of it’s mobile apps mean you’re just using blind trust.

    1. Anonymous said on February 23, 2021 at 3:19 am
      Reply

      I rather KeePass over this Bitwarden garbage everyone seems to be shilling.

  32. Panama Patrick said on February 23, 2021 at 7:17 pm
    Reply

    Well, KeePass has been recommended on this site for eons. So that may be the reason for so many KeePass advocates. I have just recently read about Bitwarden, and it appears superior. However since I just use my computer to access websites and do not own a smart-phone, I will continue to use the free Lastpass, it serves my needs.

  33. Alan said on February 23, 2021 at 8:14 pm
    Reply

    I moved from Keepass to Enpass last year, my password database is in the cloud. Enpass has worked well for me, PC, tablet, Android phone, and just a few $ a year for the premium. Enpass is easier to use than Keepass IMO.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.