One LastPass replacement question to rule them all
January 26, 2023 7:42 AM   Subscribe

I'm a longtime happy LastPass user, but the time seems to have come to find a new password manager. What would you suggest as a replacement? It's been discussed in some contexts recently on both the Blue and the Green, but I wanted to ask the question again in a place that is likely to get more attention that the recent MeFi thread.

There was an excellent "Last Pass hack" thread posted yesterday on the Blue. In it, The Tensor asked the same question I would like to ask: what is a good LastPass replacement?

There were some great answers to that question in that thread, but I wanted to put it out here on the Green so we can open up the question to those who might not have seen it yet.

Priorities for me: ease of use, security, straightforward and reliable auto-fill across various browsers. I am willing to pay.

Here are some other questions that touch on this, but in a somewhat more narrow context: question #1, question #2.

Thank you!
posted by cheapskatebay to Computers & Internet (40 answers total) 22 users marked this as a favorite
I just switched to 1password from LastPass and so far it's been pretty much seamless. Accepts imports from lastpass, the browser fills work just fine, and they've got a deal where they're crediting folks for remaining time on subscriptions to other password managers. More importantly, it's pretty highly regarded among folks who do security - some of their design decisions are just fundamentally better than those of lastpass. Not a sales pitch, and I think some of the others could be good too - just laying out my reasoning for switching to it.
posted by chrisamiller at 7:50 AM on January 26, 2023 [7 favorites]

Bitwarden. I switched from LastPass when they changed their pricing structure and I'm very happy. It does all the same things. File import is simple, editing entries is simple, and autofill works great.
posted by epanalepsis at 7:51 AM on January 26, 2023 [5 favorites]

I'm very happy with Bitwarden.
posted by General Malaise at 8:12 AM on January 26, 2023 [4 favorites]

We've had a 1password family account for about 5 years and we're very happy with it.
posted by damsel with a dulcimer at 8:12 AM on January 26, 2023

We use 1Password at work, and are happy doing so.
posted by mhoye at 8:15 AM on January 26, 2023

nthing 1Password or BitWarden. I've used both (1P for 15 years or so? then moved to BitWarden last year) - 1Password is definitely more polished, more feature-full, and (I think) easier to use. BitWarden gets the essentials pretty well, is just about as good as 1P (there are definitely some rough edges but it's not bad), and is open source. They're both very good options from the security and safety point of view. I switched from 1P to BW for self-hosting reasons (BW gives you that option if you want it and you're familiar with hosting applications on the internet) and for dumb reasons; I still think 1P is overall a great product.
posted by mrg at 8:16 AM on January 26, 2023

Nthing bitwarden - does everything I need it to do.
posted by craven_morhead at 8:16 AM on January 26, 2023

If there is anyone you share passwords with, most family plans are just twice as much as a personal subscription, so you can both have your own vaults and get the shared one for the same price you would pay together if you each had your own accounts.
posted by soelo at 8:17 AM on January 26, 2023

Bitwarden's autofill works 10x better than Lastpass in Chrome or Firefox on Android. I was kind of mad I waited so long to switch because I log into stuff on my phone all the time. (I have never used 1Password to compare.)
posted by possibilityleft at 8:18 AM on January 26, 2023

Bitwarden here, came from LastPass long ago.
posted by deezil at 8:24 AM on January 26, 2023

Another vote for Bitwarden!
posted by kenchie at 8:37 AM on January 26, 2023

I switched to 1Password when I read about the hack in December and it has been great. The migration was easy and the software is better and easier to use. I don't know all the technical stuff, but I appreciate that there are two secret keys, and one is a giant string of numbers, so even if the encrypted data is stolen (as with happened with LP), it would be nearly impossible to decrypt the data.
posted by Mid at 8:37 AM on January 26, 2023 [1 favorite]

Said it over on the blue, but I also use Bitwarden and am very happy with it. Admittedly, I don't use many features, but everything "just works" and it being open source is a plus. (which doesn't mean eyeballs are looking at it, or if they are they are non-nefarious eyeballs.)
posted by a non mouse, a cow herd at 8:59 AM on January 26, 2023

I have also transitioned to 1password (I have a family plan that is multi-generational) and am generally loving it so far. Cycling my financial passwords was significantly more painful than the initial switch. I find the password fill to generally work better than lastpass once I set it up on my phone / tablet, and I'm also a big fan of having the second secret key.
posted by thecaddy at 9:09 AM on January 26, 2023 [1 favorite]

I switched from 1P to LP and now to Bitwarden. All my switches were because of pricing changes. One of the former two used to have a lifetime option, which I paid for, and then they switched to annual and refused to honor the lifetime purchases.

Bitwarden is very good. My only complaint about it is that I can't access it on Chrome with my fingerprint on Mac. Otherwise, I have no complaints. For anectdata, I'm on a Mac laptop and an Android phone and tablet.
posted by dobbs at 9:12 AM on January 26, 2023

I am a big fan of 1password.

One especially great feature: it's designed so that an attacker would have to compromise both their server and your computer to get at the contents of your secure store. Which is great!
posted by billjings at 9:20 AM on January 26, 2023

On the strength of chrisamiller's recommendation, I just migrated myself to 1Password from LastPass prior to pulling my other family members in.

The move was seamless, except for some weird thing involving my github account and 1password's built-in 2FA widget, which has resulted in my being locked out of my github account. 2FA seems to be working everywhere else, so I'm not sure what's up.
posted by jquinby at 9:26 AM on January 26, 2023

I just (literally yesterday) switched to 1password from Lastpass and I'm pretty happy with it so far. Paid for the family plan so my wife and I can easily share credentials.

I spent probably a couple of hours reading poorly written blog posts about password managers and couldn't find much to distinguish between 1password and BitWarden. I went with 1password because it seems a bit more polished than BitWarden, but those were the only two I really considered.

Some features of 1password I like so far:
  • When you create the account, it produces a pdf for you to print out that contains your secret key (and has a spot to write down your primary password, if you want to do so).
  • Your secret key is required in addition to your primary password when you install the extension on a new machine or in a new browser. (Or perhaps this is a setting you can change?)
  • You can also require multifactor authentication.
  • It automatically logs you out when closing the browser or after some period of inactivity. (Lastpass had this as a setting but it wasn't turned on by default -- a bafflingly bad choice.)

posted by number9dream at 9:27 AM on January 26, 2023

I’ve been a fairly happy Dashlane user for several years. My one current complaint is that they don’t, at the moment, have the “dead man switch” function to allow emergency access by someone else in case of incapacity or death. They say they’re bringing it back though.

At one point I considered leaving; I would have gone to Bitwarden. I actually set up an account and found it less user-friendly than Dashlane, but that could have just been because I am more familiar with Dashlane.
posted by 2 cats in the yard at 9:47 AM on January 26, 2023

Just another vote for Bitwarden. I'm about to try to get my mom on it, which I only expect minor trouble with - a big endorsement as these things go!
posted by BlackLeotardFront at 10:17 AM on January 26, 2023

Another vote for 1Password. I can’t compare to BitWarden; I can say that compared to LastPass, everything is significantly smoother. LastPass was so buggy and now that’s just … gone.
posted by eirias at 10:27 AM on January 26, 2023

Bitwarden is what I use. Never had any trouble with it.
posted by kathrynm at 10:56 AM on January 26, 2023

I moved from LastPass to 1Password and found it compared poorly to LastPass in terms of usability. Seems much less intuitive and is missing various features I used a lot in LastPass. The security is better than LastPass though so in that crucial regard it is better.

I haven't used Bitwarden or Dashlane (not heard of Dashlane so thanks for the suggestion 2 cats in the yard) so I can't compare but I will try both at some point and get away from 1Password to something more to my liking.
posted by underclocked at 11:03 AM on January 26, 2023

Still using KeePass, about a decade after migrating from 1Password.
posted by scruss at 11:07 AM on January 26, 2023 [1 favorite]

I moved from LastPass to DashLane and have been quite happy with it. I'd been increasingly frustrated with LastPass' poor Android integration and DashLane is so far ahead of it that I'm kicking myself for not having migrated earlier.

Friends report good experiences with 1Password as well.
posted by kdar at 11:11 AM on January 26, 2023

Okay, I will be the voice of dissent on 1Password. I’ve been a long time user on Mac and iOS (10 years or more) and the app quality has significantly decreased in recent years. This decrease in quality aligns with their decision to take VC money, and changes they’ve made to the code base (going electron). The experience may be much better on Windows or other platforms, but as a Mac user, I’ve been actively exploring other options. The option I’ve been investigating recently is Strongbox, which is an app designed to use KeePass, an open source database format. You can choose whatever hosting options you want for storing your database, or store it locally. I don’t have an opinion on it yet, but it came up in my research as a good option
posted by bluloo at 11:18 AM on January 26, 2023 [1 favorite]

I'm using Bitwarden.

I found Steve Gibson's analysis in Episode 904 of the Security Now! podcast to be useful if you want more technical info. (show notes pdf)
posted by kidbritish at 11:35 AM on January 26, 2023

I'm using KeePass. It was the first password manager I used and I haven't had a reason to leave it. It is a lot clunkier sounding to use than these other options, or maybe I'm just not using it properly, but I don't mind that extra amount of intentionality when I'm signing on to stuff. Besides I have two factor set up wherever I can so I'm already opening the authenticator app or checking for an SMS message.
posted by any portmanteau in a storm at 1:04 PM on January 26, 2023 [1 favorite]

Been happy enough with Dashlane for many years. My workplace was using LastPass for awhile and I liked Dashlane's interface better. I'm also bummed that the "dead-man switch" is gone, since I had gone through the effort of setting it up before. I don't have experience with any of the others.
posted by polecat at 2:19 PM on January 26, 2023

Bitwarden. I'm satisfied they know their security, there is little to no chance that it will turn into a for-pay rugpull like lastpass did, and the code is auditable which helps programmers keep their defensive mindset in place. (As lastpass demonstrates, closed source security lasts for as long as 'trust us' holds any weight.)
posted by How much is that froggie in the window at 2:28 PM on January 26, 2023

I switched to 1Password today and was impressed by how easy it was. The only hiccup was on LastPass’s side, where the export of my credentials was incomplete until I did it on their desktop app rather than the website.
posted by synecdoche at 5:03 PM on January 26, 2023

I am working on switching the family to 1Password from LastPass. My kids are Windows/Android users, my wife and I are Apple; she uses her iPad as her only computer and is generally happy with the Apple Keychain; I use Keychain and 1Password because I also maintain Windows machines. It is, to put it mildly, Complicated.
posted by lhauser at 5:40 PM on January 26, 2023

1Password security has an advantage over the others because it uses a secret key as well as a master password:

It means that if (when?) the servers are compromised and the database is stolen, it is effectively uncrackable even if you have chosen a mediocre master password. This isn't as true for its competitors.

I agree with bluloo above that 1Password usebility has declined since they took the VC cash and moved to electron. However I do think it has picked up again a bit recently.
posted by riddley at 7:06 PM on January 26, 2023 [1 favorite]

Wirecutter has an opinion that 1password comes out ahead of Bitwarden, but it’s not free.
posted by waving at 2:57 AM on January 27, 2023

Also, if you are switching to 1Password, they are currently advertising that they will provide a credit for the amount of time remaining on your old password manager's bill. (I haven't taken advantage yet but have initiated the process.)
posted by synecdoche at 4:26 AM on January 27, 2023

I haven't taken advantage yet but have initiated the process

I followed their instructions yesterday and had an email back by mid-afternoon. They ended up knocking 50% off the first year's bill, which I thought was extremely generous - I only had a month left on my current LastPass subscription and figured I'd get a few bucks knocked off for that remaining month.
posted by jquinby at 6:48 AM on January 27, 2023

Spotted this story in the daily infosec news that gave me pause. I'm not a Bitwarden user (although I do use Dashlane, which works via a similar mechanism) but it sounds like the hackers are gunning for password managers that utilize any kind of "master password" scheme to access/encrypt a password vault, and are actively working towards phishing methods that will intercept the master password from unwary users. Definitely be on your guard, whatever system you use!
posted by Strange Interlude at 7:37 AM on January 27, 2023

Strange Interlude makes a solid point that I'll endorse: security is like gardening in that it needs regular attention and that things change over time. There's a few good answers right now but that will change over time, and we want a range of good answers rather than one head-and-shoulders-better -- and so universal -- answer. If you go with the "one to rule them all" you'll be in the tallest-poppy bucket and if one attack works on your bucket, you're an easier target for attackers. (While I've jumped between metaphors, let's jump back to that gardening one: monocultures, like a whole acre of lawn grass or everyone using one password vault suite, are vulnerable to their weaknesses being exploited at scale.)

I'll also add a MetaTalk thread for the idea of anonymising posts from long-standing accounts that share their password managers. It's one thing to share your incidental life details week-by-week in a Free Thread or MetaTalkTails, but maybe anonymity is needed when taking about where you keep your car keys in your home or where you keep your computer passwords. This thread and the other two in the wake of 1Password are too late, but not too late to think again.
posted by k3ninho at 2:47 AM on January 28, 2023

One thing that I don't understand about 1password that I would love to piggyback on this thread - what is the 2-factor authentication thing that it is offering me? Does it do something with 2FA that comes from other apps/sites? And is there a separate 2FA thing that you can do to secure 1Password itself, or is that the same thing? Also, why doesn't it accept Google Authenticator in the 2FA functionality? Sorry if this is somewhat confused - I don't really understand these features on the app.
posted by Mid at 8:48 AM on January 28, 2023

It has a built-in 2FA feature which you can use to secure accounts which support it. If the app shows you a QR code, 1Password can scan the page and configure it pretty easily. Some sites show you a long text code instead. You can still configure 1Password’s 2FA with the code but there is an extra step or two. I just used it on an iPad and the login process was shockingly fast.

You can secure access to your 1Password account itself with 2FA and the recommend either Microsoft Authenticator or Authy; I chose Authy. I only need it to log into 1Password.
posted by jquinby at 7:07 PM on January 28, 2023

« Older Volunteer from home?   |   Pulse oximeter with alarm Newer »
This thread is closed to new comments.