In February 2021, LastPass announced that personal users of its free password manager service would no longer be able to synch passwords, card details, and other sensitive information across all devices without upgrading to a Premium plan. Many users of the free LastPass service were inconvenienced by this change of policy and started looking for alternative password managers.
One of the options considered by LastPass users was Bitwarden. Bitwarden is recognized as one of the leading open source password managers, and while being built on open source software isn´t a priority for most former LastPass users, Bitwarden´s free service includes all the features and capabilities of LastPass´ former free service.
Bitwarden versus LastPass Free Service
We´ll start our comparison of Bitwarden´s free service versus LastPass´ free service by looking at the features and capabilities both password managers have in common. These include a password vault in which you can save login credentials, payment details, and other sensitive information, a password generator, basic two-step login, and an encrypted one-to-one messaging service.
The primary difference between the two password managers is that Bitwarden automatically synchronizes vault data across all devices and operating systems, whereas with LastPass you can only sync across mobile devices or PCs and laptops unless you upgrade. In addition, Bitwarden also supports Linux operating systems and offers more browser extensions than LastPass.
A further feature of Bitwarden´s free service is a two-user “organization” plan that provides couples with individual password vaults and shared folders into which they can save shared login credentials (i.e., Netflix, Amazon, Deliveroo, etc.). This free service is a lot simpler to use than having two free LastPass accounts because when one shared password changes, it only has to be changed once.
Bitwarden versus LastPass Premium Service
For personal users willing to pay for a premium service, there are again similarities and differences between Bitwarden and LastPass. For example, personal users who subscribe to either company´s Premium service get Vault Health Reports that alert users to weak, re-used, and compromised passwords, advanced multi-factor login, email support and 1GB in storage.
In addition, both premium plans provide the option for users to share their master password with a trusted contact for emergency access should the user ever forget their master password. In fact, the only discernable difference between the two premium plans is the price – Bitwarden´s premium service costing $10 per year, while LastPass charges $36 per year.
It is the same case when you compare Bitwarden´s Family Plan with LastPass´ Family Plan – premium plans for up to six users. Although LastPass advertises a Family Manager Dashboard, it has much the same capabilities as Bitwarden´s “Owner” dashboard, and this time there is a smaller difference in price – Bitwarden´s Family Plan costs $40 per year, while LastPass charges $48 per year.
Bitwarden versus LastPass for Businesses
When individuals use password managers to better secure personal accounts, they are often responsible for introducing them to the business they work for. In this case, the introduced password manager for business use is most often the one the individual is using for personal use because that is the one they are most familiar with.
However, for businesses that do not yet have an employee advocating one password manager over another, or who are evaluating the benefits of several recommended password managers, both Bitwarden and LastPass offer a choice of business plans – “Teams” and “Enterprise”. However, unlike what the names suggest, both plans may be suitable for businesses of all sizes.
Bitwarden´s Teams plan supports an unlimited number of users and is more fully-featured than the LastPass Teams plan which limits the number of users to fifty. However, LastPass teams allows businesses to apply up to ten password policies to enforce best practices on employees (i.e., passwords must be of a certain length and complexity).
The two Enterprise plans are similar in their capabilities with the exception that – since July 2021 – LastPass charges a premium for advanced MFA and advanced SSO. Although LastPass also provides a free family plan for each user, the total cost of a fully-featured LastPass Enterprise plan is double that of Bitwarden once you take all the additional costs into account.
Bitwarden versus LastPass for Security
Up until now, our comparison of Bitwarden versus LastPass has focused solely on price and capabilities. However, there is one further factor both personal and business users need to take into account, and that is security. This is because whatever password manager you choose to use has to keep passwords, payment details, and other confidential secure – whatever the financial cost.
In this respect, both Bitwarden and LastPass operate a zero knowledge model. In this model, user data is encrypted before it leaves the device (the encryption key is the user´s master password) so any data stored on the password managers´ servers cannot be read by an employee of the company or a cybercriminal in the event of a data breach.
In addition, Bitwarden´s software is constantly being reviewed by the open source community to identify vulnerabilities. Bitwarden operates a bug bounty program, and if a vulnerability is discovered, it is usually discovered quickly and a patch applied to the software before the vulnerability impacts the security of password vaults and their contents.
However, that´s not the case with LastPass who has a history of releasing upgrades with serious security flaws. More recently, it was revealed in February 2021 that the LastPass Android app has seven trackers monitoring user activity. While LastPass claims it is possible to opt-out of activity tracking, users have experienced difficulty finding the opt-out settings.
Conclusion: Bitwarden Wins on Price and Security, and on Most Capabilities
Although there is no record of LastPass customer data being exposed due to a security flaw, the number of reported vulnerabilities should discourage individuals and businesses from subscribing to a paid LastPass plan, while the LastPass free service is extremely limited. Bitwarden stacks up well as an alternative to LastPass on price and security and on most capabilities.
You can find out more about the Bitwarden password manager by visiting https://bitwarden.com, where personal users will be able to set up a free account within minutes and businesses can register for a free trial of Bitwarden Teams or Bitwarden Enterprise. Alternatively, you can test the strength of your existing passwords without creating an account, and – if you find any that are weak and likely to be compromised – create new passwords using the Bitwarden password generator.
Bitwarden versus LastPass FAQs
What´s the difference between vault-based password managers such as Bitwarden and LastPass, and other types of password manager such as Chrome?
Vault-based password managers tend to be more secure inasmuch as you can configure the vaults to log you out automatically after a period of inactivity. Browser password managers such as Chrome do not have this capability; so, if you don´t PIN-lock your device or sign out of Chrome after each session, your passwords can be accessed by anybody with access to your device.
In addition, browser password managers only work for a specific browser. You can´t (for example) use the Chrome password manager if you want to log into an account via the Firefox browser. Similarly, you cannot share passwords securely with another person if (for example) members of your family use the same Netflix, Amazon, or Deliveroo account.
What is password-less login?
The term password-less login is a bit of a misnomer because although you can use biometrics, Single Sign On, or another federated identity program to access and unlock your vault, you will still have to enter your master password to decrypt the content of your vault. Furthermore, if you are using SSO or another federal identity program, you still have to log into the program to get started.
How important is it that security solutions are built on open source software?
Although there are some very secure solutions built on proprietary software, those built on open source software tend to be more reliable because the code is reviewed by the open source community. However, as this article on Open Source Security Software explains, a security solution that contains open source elements is not guaranteed to be free of unpatched vulnerabilities.
How responsive is Bitwarden for customer support?
Response times to emails sent to Bitwarden for customer support vary according to the day of the week and time of day. However, if you require an urgent response to help resolve a problem – and the problem isn´t covered on Bitwarden´s comprehensive Help pages – the company has an active community forum and monitors threads on GitHub and Reddit.
What are the advantages of self-hosting Bitwarden?
The option of self-hosting Bitwarden is primarily provided for large businesses that operate in regulated industries and need to know where sensitive data is at all times. By self-hosting the Bitwarden platform, the data stays on the businesses´ servers rather than in cloud servers maintained by Microsoft Azure.
If you don´t require the self-hosting capability for regulatory reasons, it is better to use Bitwarden´s servers (in the Microsoft Azure Cloud) because you need a considerable amount of technical knowledge to install Bitwarden and manage procedures such as patching and back-ups. You are also responsible for the security and availability of your own data.