The Bitwarden password manager has lot of friends in the IT security industry due to being built on open-source software. Open-source software is regarded to be more secure and higher quality than proprietary or licensed software because it is constantly being reviewed and improved by the open-source community. However, platforms built on open-source software can also be difficult to use.
Therefore, when Bitwarden was launched in 2016, it filled a gap in the market between less secure but user-friendly password managers and open-source password managers which were difficult for non-technically minded people to use. Five years later, Bitwarden continues to make friends with personal users and business users alike due to its value-for-money and transparent security.
But how does Bitwarden compare to more established password managers such as RoboForm (launched in 1999) and LastPass (launched in 2008)? With their first-to-market advantage, one might expect RoboForm and LastPass to be more mature and fully featured than Bitwarden. However, as our comparison of Bitwarden vs RoboForm and LastPass demonstrates, that´s not the case.
What Bitwarden, RoboForm, and LastPass Do
Bitwarden, RoboForm, and LastPass are vault-based password managers. This means users can store login credentials, payment details, and other sensitive information in an online vault that can only be accessed with a user-created master password. The master password is also used to derive the encryption key for each user´s vault, so it is important the password is complex to prevent bad actors hacking the vault, and kept safe because Bitwarden, RoboForm, and LastPass all operate under a zero knowledge model and cannot recover master passwords if users forget them.
Vault-based password managers have several advantages over browser-based password managers such as Chrome and OS-based password managers such as iCloud Keychain. In most cases, users can access their vaults from any device and autofill login credentials, payment details, and other sensitive information regardless of the browser or operating system. Users can also manage accounts offline and securely share vault items with trusted contacts via an encrypted messaging service – even if the trusted contact does not have a Bitwarden, RoboForm, or LastPass account.
From a personal security perspective, all three password managers have auto logout capabilities. This means users are logged out of their vaults automatically after a period of inactivity – preventing other people with access to the user´s PC or mobile device accessing their password vault. Users can further secure password vaults with two-factor authentication (requires a premium subscription in some cases) and check for weak, reused, or compromised passwords using the password manager´s audit capabilities (which can also vary according to the plan and provider).
How Does Bitwarden Compare to RoboForm and LastPass for Personal Users?
All three password managers offer a selection of “freemium” options for personal users. Typically, personal users can take advantage of a free feature-limited version of the platform or pay a subscription fee to access more advanced features. In addition, all three password managers offer a premium family plan which provides up to six personal vaults per subscription, allows family members to share an unlimited number of files and folders between them, and store up to 1GB of data. Bitwarden also offers a free “organization” plan for two users with basic core functions.
When you analyze the differences between the free options for personal users, Bitwarden compares favorably with RoboForm and LastPass due to supporting data synchronization across an unlimited number of devices and device types. RoboForm doesn´t synchronize anything unless you pay for a premium subscription, and LastPass´ free plan makes you choose between synching between mobile devices or synching between PCs and laptops. It may also be important for some users that RoboForm doesn´t provide web access to user vaults under its free plan.
All three password manager include a password generator, unlimited password storage, one-to-one sharing, web form autofill, and automatic logoff. The asterisk (*) alongside LastPass´ automatic sync capabilities indicates that synchronization only takes place between the mobile devices or PCs selected in the Device Type category. Other factors to be aware of include:
Apps and Browser Extensions
Desktop apps (Windows and Mac) and mobile apps (Android and iOS) are included in the free plans (Bitwarden also provides apps for Linux, along with a selection of browser extensions. All three also include browser extensions for Chrome, Firefox, Edge, and Safari. LastPass also has extensions for Opera and IE browsers, while Bitwarden provides additional extensions for Opera, Vivaldi, Brave, and Tor browsers.
Two Factor Authentication
There are various tools users can take advantage of to secure accounts with two-factor authentication and not all are supported in Bitwarden´s and LastPass´ free plans (none are supported in RoboForm´s free plan). For example, Bitwarden´s free plan supports Authenticator apps and email, while its premium personal plan adds support for Duo, YubiKey, and FIDO2.
Although Bitwarden does not advertise any support options, there is an easy-to-navigate help section on its website, and you can (1) email the company from its website requesting technical support. Bitwarden also has a monitored community forum in which users can seek advice if needed. By comparison, both RoboForm and LastPass don´t make it easy to find answers to any questions, and the Live Chat provided by RoboForm is limited to office hours from Monday to Friday.
All three password managers claim emergency access is available in their free plans but, when you read the fine print, the capability only allows you to receive emergency access, not grant it. This means under the free plan you cannot maintain a digital legacy in your vault in case of death or incapacity, or grant vault access to a trusted contact in the event you forget your master password.
The family plans offer value to groups of three or more users compared to each having an individual premium plan. Bitwarden´s Family Plan comes in cheapest at $39.96 per year, while the LastPass Family Plan is considerably more expensive at $52.95 per year. RoboForm has a sliding scale of family subscription fees depending on the period of time you are prepared to commit to. A one year subscription costs $47.75, but only supports up to five users.
How Does Bitwarden Compare to RoboForm and LastPass for Business Users?
The business plans offered by Bitwarden, RoboForm, and LastPass build on the capabilities of the premium individual plans to accommodate the needs of every size of business from SMBs to multi-national enterprises. Consequently, Bitwarden and LastPass offer both low-cost “Teams” and full-cost “Enterprise” subscription plans, while RoboForm prices its fully-featured business plan according to the number of users and how long the business is willing to commit to a subscription. LastPass also has paid-for add-ons which come as standard in the Bitwarden and RoboForm plans.
One important note when comparing Bitwarden to RoboForm and LastPass is that Bitwarden´s Teams plan is effectively its Personal premium plan for an unlimited number of users with shared folders and administration controls. The LastPass Teams plan is also similar to its Personal premium plan; but, in addition to providing shared folders and administrative controls, LastPass allows businesses to apply up to ten customizable password policies and alerts administrators to compromised passwords automatically. However, LastPass´ Teams plan is limited to 50 users.
At the full-cost, fully-featured end of the scale, there is little to choose between the three password managers in terms of features and capabilities. All provide personal vaults for employees, have advanced reporting capabilities, and support directory integrations, API access, and federated login. All three business plans also support more advanced types of multi-factor authentication and biometric (password-less) logins. What differences there are can be found in the table below – notwithstanding that all three are frequently upgraded with new features and capabilities.
Although it has one more user type than its competitors, Bitwarden´s management hierarchy is the easiest to understand. At the top of the hierarchy is the account Owner, beneath which the Owner can assign Administrator, Manager, and User roles or create Custom roles to limit Administrator, Manager, and User permissions.
RoboForm´s four user types start with Company Admin, followed by Group Manager, Regular User and Limited User – a Limited User being unable to view or edit login credentials, but can access shared notes and contacts in read-only mode. Similarly, the LastPass hierarchy consists of Super Admins, Admins, Users, and Helpdesk Admins – who have read-only access to parts of password vaults to handle day-to-day support tickets regarding passwords.
Onboarding and Off-Boarding
Businesses have multiple options for onboarding and off-boarding users. Smaller businesses can onboard and off-board users manually or use an existing database to import users via a .csv file. Larger organizations can take advantage of SCIM bridges to synchronize the password managers with Azure AD or Okta, while Bitwarden and LastPass also offer the options of AD Connectors to connect to on-premises AD/LDAPs and customizable APIs for complex provisioning requirements.
As mentioned above, Bitwarden does not advertise support options, but you can (1) email the company from its website requesting technical support. RoboForm provides phone and chat support during U.S. office hours and online ticket support at all other times, while LastPass assigns each business a Customer Success Manager but doesn´t stipulate how you contact them.
Business Plan Pricing
For most businesses, ease of use and security will be more important considerations than price, but it is worth highlighting business plan pricing here because of the unique way in which RoboForm prices its service. Rather than charge a flat rate per user per year as Bitwarden and LastPass do, RoboForm charges according to the number of subscriptions required (up to 10, up to 25, up to 100, etc.) and the length of the subscription (one year, three years, five years, etc.).
At present, the price range varies from between $22.95 per user per year (up to 1,000 users / five year subscription) to $39.95 per user per year (up to 10 users / one year subscription). While these rates appear remarkably inexpensive compared to Bitwarden and LastPass, businesses should read the following section of this comparison about security before rushing to sign up for a RoboForm account as there is a tradeoff between usability, security, and price for this password manager.
How Does Bitwarden Compare to RoboForm and LastPass for Security?
As mentioned at the beginning of this comparison, Bitwarden has lot of friends in the IT security industry because it is built on open-source software that is available for the open-source community to review and test. Bitwarden also runs a bug bounty program that rewards members of the open-source community when they discover a bug. Consequently, on the rare occasional bugs in the Bitwarden software are identified, they are quickly reported and fixed.
It´s not the same with RoboForm and LastPass. To it´s credit, RoboForm publishes a web page listing the bugs that have been fixed. However, there are a lot of bugs being fixed and it is impossible to tell how long they have been impacting customers. Looking at the company´s social media channels, it would appear some of the bugs have been impacting customers for some time – an important consideration for anyone relying on the reliability and accessibility of a password manager.
With regards to security vulnerabilities, RoboForm and LastPass are unfortunately among the names that come up most frequently in vulnerability reports, while LastPass has suffered a number of significant security incidents over the past ten years – including one earlier this year when seven activity trackers were found embedded in the password manager´s code. Alarmingly, LastPass developers couldn´t tell what data was being collected or how it was being used.
Conclusion: Bitwarden Comes Out on Top on Nearly All Counts
Despite being a relative newcomer to the password manager market, Bitwarden is a clear winner when compared to RoboForm and LastPass. It would be nice to have telephone support, vault audit capabilities for free accounts, and the option to apply password policies in Team plans, but on the balance of what has been reviewed, Bitwarden is the most user-friendly and secure password manager of the three – with a competitive flat-rate pricing structure for premium and businesses plans.
You can find out more about the Bitwarden password manager by visiting https://bitwarden.com, where personal users will be able to set up a free account within minutes and businesses can register for a free trial of Bitwarden Teams or Bitwarden Enterprise. Alternatively, you can test the strength of existing passwords without creating an account, and – if you find any that are weak and likely to be compromised – create new passwords using the Bitwarden password generator.