Password Security Catch-All Thread

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

Breaking into the business marketplace is incredibly difficult. Companies like Microsoft have double digit IAM market share, while Lastpass is at 0.06%. But the other companies that do individual and family password management are all in the same boat, only about half the size or less. 1Password is at about 0.01%. Bitwarden is at about the same, so is Dashlane (which starts at $5 a month). About as many people use Google Chrome password management as do Bitwarden! And Lastpass is by far the most popular of the individual password managers.

I get that you had personal experience with Lastpass that left a bad taste, but if they are money-grubbing, it's hard to argue that the entire sector is not doing the same. The difference in pricing for the paid ones is usually a dollar or less per month, for the ones (like Norton and NordPass) that are not tied to an even more expensive service.

People should not be afraid of Lastpass or Bitwarden or 1Password or Dashlane... Just evaluate according to your requirements. None of them will break the bank; indeed, one instance of password theft on your bank account could cost you $50 if a card was compromised and you didn't report it in time, which is around the cost of any of these services family licenses, so have at it! You won't regret it.

Bitwarden self-hosted (with occasional JSON backup exports stored in a VeraCrypt vault) remains my approach.

The money grubbing/typical acquisition behavior to me would be how drastically poor Firefox support became after the acquisition. It lagged behind in features and was buggier than the Chrome equivalent. And their response to support queries got worse too.

So by that same token, if you had a good personal experience that didn't leave a bad taste, that's fine. But after they were acquired it did go downhill as a product. So it wasn't just marketing.

Maybe they recovered, but I switched over to Bitwarden once it seemed reasonable to do so and haven't looked back, and haven't had any problems either.

Pricing-wise, if you don't need multiple licenses then $10/year for Bitwarden or $36 for Lastpass is a bit larger than a few cents a month.

I've used it on Firefox the whole time and no issues. To each his own.

I’ve since moved on to Bitwarden and am very happy with it - including it’s UI compared to LastPass.

MannishBoy wrote:

...Their first screw up was moving too much stuff into the free category, then they swung it back way too far the other direction...

Robear wrote:

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

Sorry for cherry picking but it is a big part. That is bad business, not marketing. At that point BW was not only more financially stable but also a better value. I jumped ship too.

*The android extension working better (in most ways) was just the bonus.

Robear wrote:

I've used it on Firefox the whole time and no issues. To each his own.

Which would make you lucky, but also unlikely to have needed to open a support request, or to have experienced their unresponsiveness and decline in the quality of their service.

So again, it wasn't just marketing. For some of us the quality of the product AND service declined.

Not to pile onto LastPass, but the degradation of Firefox support is what pushed me to try Bitwarden in the first place. Not sure what the state of things is now.

I honestly have no idea what y'all are talking about. I've been using LastPass with Firefox as my primary browser (occasionally Chrome/Edge/Safari), on PC and on iOS, and I don't think I've ever run into anything that would remotely give me reason to switch to anything else. It just works, and is straightforward enough that my kids and parents can use it easily enough.

merphle wrote:

I honestly have no idea what y'all are talking about. I've been using LastPass with Firefox as my primary browser (occasionally Chrome/Edge/Safari), on PC and on iOS, and I don't think I've ever run into anything that would remotely give me reason to switch to anything else. It just works, and is straightforward enough that my kids and parents can use it easily enough.

Me neither, but that doesn't discount other users' bad experience of course. I stuck with Lastpass because my not so techie wife is used to it (mostly on Chrome and Android) and it hasn't been worth the hassle. She has more issues with the Chrome extension being unresponsive sometimes, so YMMV.

Robear wrote:

I get that, but that's not a money grab, that is - by your own description - bad marketing. At least with the equivalent license for Bitwarden, you're saving $0.67 dollars a month...

But I'm saving infinity percentage wise, because Bitwarden give me everything I need for free. To the point I feel I will probably upgrade to the $10 tier just to contribute to something I value.

You may be right. Their hard pivot to a business model that didn't suit me may have helped them win financially. Maybe that was their goal, running off a bunch of accounts that didn't pay them much if anything may have been the right move. Up their revenue per account number.

I know that they had to make me pretty irritated to get me to switch cause there's quite a bit of perceived friction and nervousness about switching something so important. Now that I've moved, good luck getting me back as a customer.

I will say I've never fully moved from their MFA app. I'm spread across Google, LastPass, and MS. Slowly migrating to MS for it's cloud sync and the fact I have to use it for various clients in my job anyway.

Articles going around saying LastPass's master passwords may have been compromised.

Not linking anything in particular since it doesn't appear definitive as to exactly what's happened yet.

LastPass is claiming that's not what happened, and that blocked login attempts were instead a result of attackers attempting to access accounts using credential leaks from other services, and sometimes either succeeding (don't reuse passwords!) or getting the login function temporarily locked for those accounts.

Don't know if that's the truth, but that's their claim so far.

I finally tried migrating from LastPass to BitWarden, and my fears they were unfounded.

I dreaded the migration process, but it took me all of 15 minutes to set up an account, transfer my password vault and enable 2FA on my iPhone. For other devices it's just a matter of installing the Firefox plugin and logging in.

I was also afraid BitWarden would be less streamlined than LastPass. We've been on the LP Family Plan for years, to get my tech-unsavvy wife on board the experience needed to be smooth. Honestly: I like the UI of BitWarden better!

I'm going to run both side by side for a few days, in case any hiccups pop up. Our LastPass subscription runs until August anyway. But it seems like we'll be saving 38/48EUR per year, and bid farewell to a company with iffy communication on their security breaches.

Yay! I too made the move from LastPass to Bitwarden last year and could not be happier.

dejanzie wrote:

I finally tried migrating from LastPass to BitWarden, and my fears they were unfounded.

I dreaded the migration process, but it took me all of 15 minutes to set up an account, transfer my password vault and enable 2FA on my iPhone. For other devices it's just a matter of installing the Firefox plugin and logging in.

I was also afraid BitWarden would be less streamlined than LastPass. We've been on the LP Family Plan for years, to get my tech-unsavvy wife on board the experience needed to be smooth. Honestly: I like the UI of BitWarden better!

I'm going to run both side by side for a few days, in case any hiccups pop up. Our LastPass subscription runs until August anyway. But it seems like we'll be saving 38/48EUR per year, and bid farewell to a company with iffy communication on their security breaches.

I prefer the simple UI of Bitwarden. LastPass was a little too messy back when I quit. I love cross platform apps that maintain the UI across versions.

Don’t forget to delete your LastPass account once you’re satisfied with Bitwarden.

The only thing LastPass did better when I switched, and Bitwarden still doesn't do this, is do an automatic auto-fill and login on some websites. I feel like LastPass always took one click less than Bitwarden / IIRC you didn't have to move the mouse cursor to the top corner of the screen to click into the menu. I've gotten used to it, but it's still something I wish I could make happen more like LP.

Edit: Just realized you mean you want it to automatically submit the login, too.

I'd be surprised if they added that anytime soon because even autofill is described as "while generally safe, attackers with fake websites could take advantage of this to steal credentials." If autofill is still off by default and labeled experimental after 4+ years, I imagine they'd take even longer to test something that automatically submits.

There's a feature request for the icon thing, so that could be more likely. But the dev response was that the feature is potentially "invasive" and they want to make sure however they approach it can be implemented across multiple platforms.

What I use since migrating are the keyboard shortcuts (you can set shortcuts for autofill, generating a password, and opening the vault).

You can also select Bitwarden from the right-click menu (if you don't want to use your keyboard and don't want to move your mouse to the extension area).

But yeah, there's no option to auto submit, if folks are used to that.

mrtomaytohead wrote:

The only thing LastPass did better when I switched, and Bitwarden still doesn't do this, is do an automatic auto-fill and login on some websites. I feel like LastPass always took one click less than Bitwarden / IIRC you didn't have to move the mouse cursor to the top corner of the screen to click into the menu. I've gotten used to it, but it's still something I wish I could make happen more like LP.

CTRL+SHIFT+L

Not quite the same, but quick.

And confusing, because that's also the keyboard shortcut for a bulleted list in MS products.

MannishBoy wrote:
mrtomaytohead wrote:

The only thing LastPass did better when I switched, and Bitwarden still doesn't do this, is do an automatic auto-fill and login on some websites. I feel like LastPass always took one click less than Bitwarden / IIRC you didn't have to move the mouse cursor to the top corner of the screen to click into the menu. I've gotten used to it, but it's still something I wish I could make happen more like LP.

CTRL+SHIFT+L

Not quite the same, but quick.

And confusing, because that's also the keyboard shortcut for a bulleted list in MS products.

I didn't know either of those shortcuts existed. Thank you.

mrtomaytohead wrote:
MannishBoy wrote:
mrtomaytohead wrote:

The only thing LastPass did better when I switched, and Bitwarden still doesn't do this, is do an automatic auto-fill and login on some websites. I feel like LastPass always took one click less than Bitwarden / IIRC you didn't have to move the mouse cursor to the top corner of the screen to click into the menu. I've gotten used to it, but it's still something I wish I could make happen more like LP.

CTRL+SHIFT+L

Not quite the same, but quick.

And confusing, because that's also the keyboard shortcut for a bulleted list in MS products.

I didn't know either of those shortcuts existed. Thank you.

OMG, as a heavy MS Office user, I use bulleted lists all the time. That has changed my life at work, especially taking notes to keep things organized.

Dumb thing is it doesn't work in PowerPoint. Silly MS.

MannishBoy wrote:

Dumb thing is it doesn't work in PowerPoint. Silly MS.

Yeah, it's that lack of cross-coordination that gets me. It's there on some things, but not everything. The worst offender is hitting CTRL+F in Outlook. WHY WOULD I EVER NOT WANT THAT TO BE FIND!? I've never been a big Office user as I spent most of my first chapter of my working life out of college using AutoCAD. I was the office wizard there, though. A few years before I left, I assembled a list of things to help others that they might not think of. The thing is, you don't always know what everyone else hasn't picked up yet, but having a rotating group of juniors, and checking in on them occasionally helped me pick out quite a bit.

mrtomaytohead wrote:

The only thing LastPass did better when I switched, and Bitwarden still doesn't do this, is do an automatic auto-fill and login on some websites. I feel like LastPass always took one click less than Bitwarden / IIRC you didn't have to move the mouse cursor to the top corner of the screen to click into the menu. I've gotten used to it, but it's still something I wish I could make happen more like LP.

If it makes you feel any better, the most recent LP update mostly breaks this for me.

Anyone have an opinion on which password manager will be the easiest to use on mobile and desktop for old parents who lack the lexicon to understand things like what they are supposed to do when they see a legitimate warning about "breached passwords"?

Edit: Bing AI tells me NordPass might be the easiest to use, but I'm open to real human experiences too.

I haven't been following LastPass for a bit, but definitely do not use that.

https://arstechnica.com/information-...

MrDeVil909 wrote:

I haven't been following LastPass for a bit, but definitely do not use that.

https://arstechnica.com/information-...

Well that's timely, as I just migrated my wife's LastPass account over to BitWarden, and deleted her (and my) LP account a few minutes ago.

Funnily enough, neither cost nor security are in the multiple choice options for the "Why are you leaving us" question.

The breach occurred in August 2022?!

Yep, and 2 months after a previous massive breach.

Okay, so for someone looking for a high-end for-pay password tool with app login on various devices and a good UI, what's the best?

Robear wrote:

Okay, so for someone looking for a high-end for-pay password tool with app login on various devices and a good UI, what's the best?

BitWarden, really. Not sure what high-end means to you though, but I used LP with MFA (first Google Auth, then Authy) for years, and can do exactly the same now on the free version. I actually like the BitWarden GUI better, it's more clear and concise.