Password Security Catch-All Thread

misplacedbravado wrote:
MannishBoy wrote:

I think LastPass's problem was they made the free plan TOO good for awhile.

That sounds about right. I started out with the free plan, then happily moved to the paid tier when they added mobile apps. I was a paid subscriber for just a year or two before they moved all the features I used to the free tier.

And human psychology being what it is, their asking $3/month for what they've been providing free for years is a grave insult to me. So now I guess I'll check out Bitwarden.

I had no problem paying (which I did for years) for LastPass until they tripled in price. Similar thing happened with Logmein and both owned by the same parent company. I switched to Bitwarden and haven't looked back. I could even use the free version of Bitwarden but I pay them 10 bucks a year to support them.

EvilDead wrote:
misplacedbravado wrote:
MannishBoy wrote:

I think LastPass's problem was they made the free plan TOO good for awhile.

That sounds about right. I started out with the free plan, then happily moved to the paid tier when they added mobile apps. I was a paid subscriber for just a year or two before they moved all the features I used to the free tier.

And human psychology being what it is, their asking $3/month for what they've been providing free for years is a grave insult to me. So now I guess I'll check out Bitwarden.

I had no problem paying (which I did for years) for LastPass until they tripled in price. Similar thing happened with Logmein and both owned by the same parent company. I switched to Bitwarden and haven't looked back. I could even use the free version of Bitwarden but I pay them 10 bucks a year to support them.

This was my path, too. Bitwarden is virtually the same as LastPass, and the transfer of information was super simple. Bitwarden’ interface handles some things a bit better, some a bit clunkier than LastPass, but it’s been a pretty easy transition.

I will say that I feel like it doesn’t grab new accounts / passwords as well as LastPass, which makes it a bit more challenging with the family.

Yeah, I was also on LastPass Premium till they tripled the price and switched to Bitwarden. I didn't realise at the time that LastPass Free actually had the features I'd originally signed up to Premium for so it wasn't necessary to switch, but I'd already made the change.

A couple of years on now and I'm pretty happy with Bitwarden. I'm currently on free, but I'll sign up for the paid service pretty soon.

What's the pros/cons of 1password vs Bitwarden? I should get around to setting up one of these at some point soon. I'd need to get both me and my wife on it, and ideally have a vault of shared passwords, along with some non-shared ones. It'd need to be pretty painless for her to use, and we'd need it on probably three different computers, plus several mobile devices (two of which are Kindle Fires with child profiles and the Amazon Kids wrapper).

I remember a while ago, I got a pretty strong recommendation to use 1password because it was better for security reasons that were over my head.

Been using Bitwarden free over LastPass over the past week and I have really liked it so far. The Interface is better, app is better and it's overall faster.

The only thing I don't like is that I can't right click a field and autofill the address and or credit card. It needs to be done at the top right extension icon. Not to big of a deal but it does take a tiny bit longer.

The CSV import to Bitwarnden did transfer all that Home/credit card info but all my picture secure nots are blank since they were encrypted I guess in LP and AFAIK CSV can't export images.

As someone who's been meaning to set something like up for years, I got a question.

if I lose my phone, how am I not completely locked out of everything?

Jonman wrote:

As someone who's been meaning to set something like up for years, I got a question.

if I lose my phone, how am I not completely locked out of everything?

Bitwarden is just a normal online account with a user id and password. You can log in from multiple devices including mobile and desktop.

HOWEVER, you should absolutely set up Two Factor Authentication because your password manager has all the keys to your castle. Two factor apps are meant to be used on just one device and is a pia if you lose your phone. Therefore, I use Authy which allows logins from multiple devices. It’s less secure, but as far as I know it’s never been compromised. It gives me that one extra sense of reassurance that if I lose my phone I still have access to my 2FA accounts.

What PaladinTom said AND make sure your master password is unique and very "strong". The best thing about a password manager is you only need to remember the master password and it can handle & generate all the rest.

Reminds me, I've also been using LastPass as an authenticator for TFA. Have they said anything about changing that? Don't think it's tied to your regular account, so I assume not. I also have some stuff in Google's tool as well as MS's.

Does Bitwarden use fingerprints to unlock on Android?

EDIT: Nevermind, see that biometrics were added at the end of January. I'd seen something saying it didn't support it.

I started using Bitwarden about six months ago and I'm not sure I could live without it now. Super convenient, especially with biometric log-in and the option to auto-lock for certain actions (e.g. phone screen off, browser close). With the government computer system requirement for increasingly arcane and long password that have to be changed every 30-90 days, Bitwarden keeps me sane and my passwords very strong.

Wow, Bitwarden is almost exactly like Last Pass, but better.

1password lacks polish, but doesn't have any trackers.

I made the jump from LP to Bitwarden today. Going to run them side by side for a couple of weeks while I put BW through its paces, then I'll probably sign up for the $10/year plan.

I've had LP premium for a while. I just checked and my account says "LastPass Premium User : Expires on June 21, 2021" so I have a few months to decide if I want to transition to something like BitWarden before I have to pay LP again.

I've been contemplating a switch for a while, at least since logmein took over (holy carp that was over 5 years ago; doesn't seem that long). I use LP on both browsers and on my android phone, but the android app has been unreliable at best.

They've also been nagging me since January that I have to update my billing information "for security reasons". This week I read this:
Security researcher recommends against LastPass after detailing 7 trackers
1Password has zero trackers, and Bitwarden two

(yes, that article does link back to the one that Garion posted)

The text of the article makes it sound like it's not a big deal, but it does have my attention, given that logmein doesn't have a sterling reputation to begin with.

From what I've read, moving data from LP to BW isn't very painful and people seem generally contented with the BW Android app, so maybe it's time for me to take it for a test run.