2y ago

1Password vs BitWarden

Just wondered what people are using for their password management.

I’m currently using 1Password on a family subscription for both password management and 2FA (and then Authy for the 1Password 2FA). But I’m seeing a lot more posters — particularly since joining Lemmy — championing BitWarden (either cloud or self hosted) and Raivo OTP as a cheaper, almost-as-functional alternative.

So is it worth the switch? Will I lose out on anything by doing so?

I’m currently running BitWarden with a free account to see if I can live with it. But I must admit, 1Password is a staple app for me and one that I would say is priceless to my workflow and setup.

Just interested in your thoughts and trying to stimulate conversation!

157 comments

Bitwarden is open source (https://github.com/bitwarden) and was audited by privacytools.io, so I’m in team bitwarden !
It is perfectly integrated with all my devices and browsers, and it’s free to use.
- Jup bitwarden is pretty awesome! I use a self hosted vaultwarden. You can link it with the bitwarden browser extensions.
- If to choose it will be Keepass 🙂
  
  Same. I even self-host it now, no getting caught up in massive data breaches for me!
- Been using Bitwarden for some time. Really like it.
- Y no one mention self hosted valutwarden
- FYI privacytools[.]io has long been commandeered by the BDFL who apparently accepts—how do i put this impartially?—financial incentives for supporting specific software.
  Privacyguides.org is the version maintained by the original privacytools team that have been doing the lion's share of the work since 2019
  
  There’s a huge drama between privacytools and privacyguide, I’m not sure anyone here can tell what happened internally after reading both side of the story.
  Yes privacy tools accept sponsoring but it should be transparent about it ? It was the case before, I’m not using the site anymore so idk if things have changed in a bad way I’m sorry I promoted it.
- Question for you since you mentioned how it's integrated with all your devices. I currently do not use a PW manager (I know, shame on me). Let's say I get bitwarden, do I need to go back and change every password on every website to the bitwarden-generated password?
  It just seems like I'm "In too deep" in a way where it'll be a pain in the ass to set up.
  
  If you have stored your credentials in your browser, you can export them to Bitwarden. It’s fairly easy and will save you a lot of time.
  The point of using Bitwarden (or any password manager) is that you have no idea what your password is. From a security pov you « should » update your credentials but no need to rush, one step a time 👍🏼
  
  When I switched to bitwarden I updated my password to a more secure (bitwarden-generated) password each time I logged into a site and stored it on bitwarden. Painless. That's how I got better passwords across the board and incrementally moved over to bitwarden.
  
  Are you forced to? No. Should you anyway? Yes. I did what @else@lemmy.fmhy.ml said: just change them when you login. That way it doesn't feel like a grand undertaking, and you still end up with extremely secure passwords that you don't have to remember.
  Also, i recommend generating your master password. If my senior mom staring down the barrel of alzheimers can remember a 12-digit string of random characters (after emptying out all the space wasted by a few dozen passwords), you can too
  
  You can just add your current passwords to bitwarden, no need to change any passwords if you don't want. It actually takes less effort than you might think. Just add your username and password each time you need to login to something and everything will be added pretty quickly.
  
  I felt the same as you. Here's how I managed to deal with my piles of accounts: get BitWarden set up, and pick a few main accounts to enter in and generate new passwords for. Delete your login data and cookies from your browser, then add accounts to BitWarden and generate new passwords as you come to need them. That way it's one at a time not all at once. Made it manageable for me! (BitWarden even prompts you if you'd like to save a login if it's never seen it before)
- +1 for Bitwarden, have used it for years. In general, always go open source, especially for privacy / security tools.
- Bruh that site doesn't do the audits themselves and if they did I would steer clear of anything they say they audited, look at all the sponsored suggestions, who would trust a site with those on it

Odd seeing so many people prefer Bitwarden specifically for the polish and UI. Those are the reasons I chose 1Password. Both work! Both are actually pretty good solutions. But after using Bitwarden for quite a while for work, I set up 1Pass for my personal stuff. It's just nicer and easier to manage, imo, even as a tech savvy user.
- And this is why I love places like Lemmy. Balanced, different opinions 🙂
  I personally have no issues with 1Password (except that v8 is Electron), but just tempted to try the alternatives given how strong a following Bitwarden appears to have.
  Either way… it’s good to have options.
  
  For sure. I set my father up on Bitwarden because he gets a lot more out of the free tier, and it’s hard enough to convince him he needs a password manager, let alone one that costs anything, lol.
- This is also my experience with Bitwarden and 1Password.
  I used Bitwarden for a long time and even selfhosted it, but it just didn’t feel that polished, especially on the phone. Then I tried 1Password and everything just works seamlessly.
  In the end, I think it’s just a matter of taste.
  
  Same for me. Self hosted bitwarden, wanted to love it, didn't love it.
  Went to 1Pass family and we ain't moving.

Another vote for Bitwarden

Bitwarden.
I used to have 1PW, but their browser plugin just completely stopped working for me (and a lot of others).
Then I switched to BW. It has so much better UI, plugins and apps. Oh and it's cheaper.
And if you want, you can host it yourself

I do think 1Password is a bit more polished than Bitwarden, and auto-fills more reliably for me (depending on the website, of course). I use 1Password for work, but choose Bitwarden for personal use because I value an open-source solution that I COULD self-host if I wanted to. I don't self-host, because I'm lazy, but I COULD if I wanted to. It's also a very cheap family plan compared to 1Password, I'm still trying to convince all my old people to use a damn password manager! But one could argue that using 1Password's more polished interface instead of Bitwarden might make my life easier....
- Haha I hear you re: the old people. My parents use a notepad, and they scribble out old passwords and write down the new ones. It’s beyond archaic. And my dad has dementia which is just a recipe for disaster.
  I’ve added them to my 1Password family and setup a separate vault for them to use, and I have a few of their key passwords shared with my vault in case they lock themselves out of important accounts.
  But I’m sure if I did decide to switch to Bitwarden I could move them over pretty easily.
  
  Right, that's the beauty of using a GOOD password manager, whether it's Bitwarden or 1Password. They both make it relatively easy to export and import all your passwords.
  
  My mom took to it pretty easily, but then again, someone changed her Amazon password and it took ages for her to convince Amazon to unlock her account, so she was pretty motivated to take steps to prevent something like that from happening again.
- I haven't had a problem with auto fill. Especially once you regularly use their default ctrl+shift+L to autofill. It may also be worth noting that some custom fields, if you make the name the exact same as the field, it will include that in the autofill. One of the sites I use has a company ID, and it autofills that too.

Ive used both, Bitwarden feels more mature plus it's open source. But 1Password is probably more user friendly for less tech savvy people.
- Thanks. I’m tech savvy so that’s not a problem. Just always used 1Password based on recommendations. More than happy to go open source, and 1Password 8 feels like a step backwards from 1Password 7.
  
  Just out of curiosity, why exactly is it a step back? I've heard this comment several times but, having only used 1Password 8 (which I quite like), I have nothing to compare it to.
  
  I agree that 1password 8 is a step backwards when they switched to electron from native app on Mac. I’m still sticking on 1password 7 because of that.
  
  I feel the same. I therefore use Bitwarden myself(not selfhosted as I don't trust myself to host important things quite yet), and control 1Password for the rest of the fam.

KeePass is great. Has all the features I want and then some. Everything is stored locally, you can encrypt with password and private keys and it even has the ability to sync dabases on a on a home server. I use it on windows and android. Since 99% of the time I make password updates on my phone I'll just sftp the database file to my server and then use it to sync with my windows machine next time I'm on it.
- I also use KeePass. Been using it for 2-3 years now. No complaints. Like you said, it has all the features I need and then some.
- What's the advantage of sftp over something like synching to automatically keep it updated on all your devices?
  
  Well I own and manage the server for one thing, so it makes sense for me. Considering the sensitivity of this I try to keep as much of it as possible under my direct control. I only have three devices that I need all of my passwords on, and with KeePass you just click the drop-down and select the sync option when you need to update. I have an sftp client on my phone and will just upload the database whenever I need to. There is an auto syncing option on the client, but I don't use it. It's definitely not the most convenient option out there, but good security is rarely convenient.

If your workflow is how you like it I would stay.
Vaultwarden might be worth looking into when you have time or want to set it up to check it out. Self-hosted Bitwarden compatible server written in Rust. Lets you store OTP for free which is a convenience I enjoy.
- Will definitely look into Vaultwarden. Always looking for containers I can add to my stack!

I recommend KeePass, used it for years, open source, not hosted, can use a key file for added security and works well with nextcloud, drive, Dropbox, etc
- KeePass is the way. Keep all these newfangled web services away from my passwords. And there's plenty of different open source projects available that all works with the KeePass format.
  
  Keepass XC + syncthing. doesn't have to touch the cloud at all. It's what I do, though I have investigated Vaultwarden for work. But no real SSO / AD integration with it is potentially a deal-breaker. Though I get that it's probably complicated to add.

I've used BitWarden for a few years now and I really like it. I've set it up on both my PC and phone browsers, and it does its job well. Never paid anything for it, the free tier is generous enough for casual users like me.
It being open source sold it for me.

1Password is way better, but it's more expensive and not open source.
Bitwarden is, like most open source apps, jankier than 1Password. Not as mature. But people that care a lot about their software being open source will use it because it's the best open source option we have at the moment.
None of them is a bad app.
- "Way better" is an exaggeration in my mind. It may have a few nicer things here and there, but name one thing 1Pass can do that Bitwarden can't? It certainly has a different UI, but I definitely preferred this over my former LastPass account.
  
  This “what can one do that the other can’t” is never a good argument. Specially against someone that was talking about quality.
  A horse and a 2023 Lamborghini can do the same things, transport-wise. But that doesn’t mean that the quality is the same.
- More expensive and closed source
  vs
  free or cheaper subscription, can even be self hosted and open source
  I'll pick the later
  
  Yes, each one with their choices. I have the income to pay for better quality, so I use 1Password. But you can't go wrong with any of those two.

Another vote for Bitwarden

I'm using a combination of KeePassXC on Windows/Linux, KeePass2Android and Syncthing for database synchronization, plus a Yubikey for 2FA. Granted, it's not a setup I'd recommend towards non-tech people, but it would take a lot before I'd switch:
Works completely local, so I never have to worry about being locked out for any reason.
Despite that, I still get the benefits of online synchronization through Syncthing.
KeePassXC has by far the most powerful autotype functionality, which is a big timesaver since I often need to type passwords into non-browser windows.
The last point in particular was a dealbreaker when trying out Bitwarden/Vaultwarden a few years ago.
- Sounds like a pretty sweet setup to be fair. I’m completely Apple so couldn’t replicate that entirely.
  But from the feedback so far I’m leaning towards either Bitwarden or Vaultwarden for password management. And for OTP, guess I could use Authy or Raivo, but probably the latter.
  
  Bitwarden and vaultwarden do support storing OTP. I guess there is some security in separating the services though if that's what your going for.

@schmurnan
I'm a HUGE 1Password fan--and have been for years. It is always the very first app I install on any device. Paid for every upgrade since v4 when I discovered it.
I was sceptical of the switch to Electron, but it's just the front end. The backend is written in Rust and performance has been great. It's not native, but that's a current trend right now...
I was even sold on the subscription model, and now manage a family account for my wife and kids.

Another vote for Bitwarden. I love it and recommend it to everyone.

I use Bitwarden after trying out several recommended alternatives. It's what works best for me and my workflow (individual personal and work use). The browser extension is a lifesaver.
I remember trying 1Password and deciding against it for some reason, but I don't remember what. My overall impression now is that it was a fine product, but Bitwarden was a better fit. I'd say use whichever meets your needs.

I've been subscribed to 1Password for around 8 years now, and don't intend to cancel it any time. It's super convenient, updated frequently, and seems to be audited independently to ensure security too. Just recently they've added a few features that make my life as a developer with multiple machines so much easier. OTP on every logged in device too, so I don't need to constantly migrate the horrible Authy setups, or whatever else people use
- Yeah the ssh-agent was something I didn’t know I wanted until they added it. Now it’s so nice not having to generate new ssh keys and update all my severs and VMs every time I set up a new machine, and if/when I need to rotate keys, I only have to update one.

Bitwarden.

Keepass, Keepass2Android and Syncthing to share between devices.

keepass

KeePass for me. I manage my own database, don't rely on clouds and etc.

I self host a Bitwarden server fork called vaultwarden. It works with all the official Bitwarden apps and browser extensions and I am very happy with it. I never used 1password though so I cannot comment on any missing features.

Bitwarden with a free account here, and it does everything I need it to do (and more than I'd expect for free). Between the app on my phone and browser addons/extensions on PC, I honestly don't know what else I'd personally need from it (or any other password manager). Plus, it's open source.

I've used both and they're both great. I didn't like the migration process for Bitwarden -> 1Password. I think I ended up downloading some python script to change the format of my Bitwarden export to a format 1Password could understand. I imagine the migration process is a lot better now since it's been about a year since I've done that.
Outside of that, I like the design of 1Password better, and it also tends to auto fill more reliably as well. iirc Bitwarden has auto fill as well, but it didn't work great for me, so I ended up copy pasting passwords instead. Not a huge deal, just something to keep in mind.

Bitwarden anothe vote

Keepass > Bitwarden > 1Password

You’re all awesome. So much feedback for me to work with.
I’d say the vast majority are recommending Bitwarden (or Vaultwarden should I want to self host), with lots of shoutouts for 1Password as well. Honourable mentions for KeePass as well as a few others.
I’ll continue to run Bitwarden in parallel to 1Password for a little while longer to see if I prefer one over the other. I’ll definitely look into self hosting it as well, although I don’t currently have a domain name so would either have to get one or do the slightly more convoluted method of getting self-signed certificates.
Thanks all for taking the time to indulge me — very much appreciated.

I use Bitwarden and I’m planning on switching to self hosting Vaultwarden soon.
- I may look into VaultWarden because I do have a bit of self hosting going on as well…

1Password is good from what I understand, but yes it's expensive compared to the competition. It just... is, and they don't mind because they're going primarily after enterprise business.
BitWarden is pretty much the leader in the field and has been for some time, not counting self-hosted only apps e.g. KeePass.
Not to mention, the Premium plan only costs $10/year or $1/month. I used the free version for sharing passwords with my SO for years until I wanted to start storing TOTP codes, which requires premium.

Bitwarden here

I was a big time LastPass user. Switched to Bitwarden when LastPass was bought by LogMeIn... what was that, 6 years ago?
It's free, it gives me everything I need, and I can even self-host it, giving me ultimate peace of mind.
Bonus: Bitwarden has a LastPass migration tool (I'm sure they have it for others) - made the move a matter of minutes.

A password journal of course.
...or maybe I just like making y'all cringe a little.

Full disclosure: I've never used 1Password so can't really comment on it compared with others, but I'm currently running a selfhosted Bitwarden re-implementation (vaultwarden) and am generally pretty happy with it. I've only ever used LastPass as a password manager before (aside from a seeding algo back in the day), and while I really don't like their business practices or security history, their extension has or at least had a bit better consistency on Firefox than Bitwarden does, at least with regards to detecting username/password fields and detecting when a new credential is being created and asking it to be saved automatically. That being said, it's something that I can live with considering it's free software. As far as I'm aware, in terms of features all the big players in that space are pretty evenly matched, though I do remember some advanced feature that 1Password offered over others; maybe related to privilege access management in enterprise.

I don't know much about 1Password, but I've been using BitWarden for years.
The autofill feature is nice, but sometimes you'll have to unlock the vault for it to continue to work, which can be a pain at times. It's pretty flexible, you can save personal information and cards on top of logins, and it has a password generator built in that I pretty much always use now for making my passwords. It's not fancy, but it's really functional, and works on all my devices without issues.
- Yeah all similar to 1Password. I think that times out after a week or so, so you have to put your master password in. I like the Apple Watch integration with my Mac so I just double click the Digital Crown most of the time rather than even using Touch ID.
  Sounds like the only thing I’m losing in switching from 1Password to Bitwarden is the ever-so-slightly more polished apps. But functionality-wise… nothing.

Long term KeePass user here. I switched to Bitwarden last year. I'd say if you're happy with 1password then don't worry.
- How would you say Bitwarden compares?
  
  In terms of integrating with website stuff, it is a lot better, KeePass wasn't designed to be web first. In fact, the vast majority of password managers aim to be used on the web. KeePass was never designed for that job. It's just an application to store passwords. KeePass has one feature though that not many other password managers can do, Auto-Type. Auto-Type can type your credentials into other applications. I work in IT and have many passwords for different systems and applications. I'm willing to bet I use Auto-Type about a hundred times a day to type my passwords for me. Bitwarden can't do this.
  Whilst the majority of my passwords at home are within the browser, there are applications that I wish it could type into for me. For example Steam, VeraCrypt, Epic Launcher etc.
  Basically, I use Bitwarden at home but at work I use KeePass. KeePassXC is also worth looking at if you like KeePass.

Bitwarden gets my vote.

I'm also part of the Vaultwarden crowd. I'll never trust something that isn't open source.
- Isn't Bitwarden open source?
  
  Yes, I'm using Vaultwarden as lightweight alternative to the Bitwarden server.
  I'm saying I don't trust 1Password. The OP asked for 1Password vs. Bitwarden. To me, Vaultwarden = Bitwarden and 1Password = Closed source crap.
  
  Yes, but they may not be singling out Bitwarden as not being open source. It's likely just that they use Vaultwarden as it's more lightweight. Also Vaultwarden is only self-hosted, so you can be sure what code is running on the server, whereas Bitwarden has a hosted option. I'd imagine there's a way to tell but from my understanding, you just have to trust that they run the code they say they are running.
- Thanks, I’ll look into it I think

I was using Bitwarden for a few years, it is a great option. Once you've adjust your workflow over to it I doubt you'd miss 1pass
I recently switched to Proton Pass as I've moved over to their ecosystem, it's it'll pretty early days and it's got it's problems but I am finding it reliable so far

I've been using 1Password since at least 2010 and been very happy with it so I've never seriously considered switching away from it. I've messed around with Bitwarden and thought it was pretty good though.

I've been using (and paying for) Bitwarden for a few years now. There are slicker solutions but it does the job for me and I don't really see any need to change.

I have no experience with BitWarden, but I do like 1Password. I previously used LastPass, and 1Password has much better browser/device integration, in my experience. I've been happy with it and intend to keep my family subscription.

Edit: apparently that’s no longer true and I just didn’t notice: https://support.1password.com/autofill-behavior/
_{I use 1Password, and I’m generally satisfied, but what really *really* sucks is that it only works with domains, but neither subdomains nor ports.}
_{So if you’re running your own server that gets annoying *extremely* fast, because you will have a very long list of suggestions to wade through.}
With Bitwarden (IIRC) one issue is that you cannot save a password when you’re offline, and – again IIRC – it doesn’t even drop a warning about that.
- @yA3xAKQMbq
  This is no longer true. 1Password supports subdomain matching
  @schmurnan
  
  Huh, I haven’t noticed that, good to know, thx!
- Also good to know, thanks.
  I feel your pain with the subdomains - I have a load of Docker containers that I access via reverse proxy and I get a list of every container’s credentials and have to scroll through and select them. Not the end of the world, but annoying for sure.
  
  Yeah, I have a vaultwarden docker just to store the PW for all the other services there… 😂
  
  Somebody corrected me, apparently that’s no longer true and I just didn’t notice (I guess it’s still the default setting), I have to try this out today: https://support.1password.com/autofill-behavior/

I'm on the 1password train. I like it, they're professional, and their extension works much better than lastpass

I'm using bitwarden. The free version has everything I need, but I pay for the premium because I want them to continue.

My work uses 1 Password. It feels relatively safe. They claim that if you don't have your master key they can't restore your passwords. Can not ensure the validity of that claim.
Personally I use Bitwarden and KeePass for my passwords. They are both open source and audited by 3rd parties. I trust them.
- I assume Bitwarden is the same in terms of the master password? Again, I can’t say for certain.
  My wife almost lost her 1Password vault due to forgetting her master password. Thankfully we remembered it eventually.

Haven't used Bitwarden, but I've heard good things about it.
Until recently I was using Google Password manager and a half-hearted attempt a "system" for unique passwords. Luckily, I wised up and decided to raise my game... after a bit of research, I went with 1Password, and I've been very happy with it.
The integrations are okay, though not perfect. But the thing that has been most useful for me is the Watchtower stuff that basically gamified my security and forced me to change repeated or insecure passwords. I feel in much better shape now, and feel very confident in 1Password's encryption model. So, for me at least, it has been worth the money.
- Boo, Google! Haha j/k, each to their own 🙂
  1Password has been one of my go-to apps for years now, so I’m clearly happy to pay the $80 a year or whatever it is (I’m a Brit but I think it’s around that price). But it’s very good to know that I can get the exact same (more or less) functionality in Bitwarden for $10 a year. And I have the option to self host on my Docker stack on my NAS should the mood take me.
  I absolutely wholeheartedly agree about Watchtower — that’s a nice little piece of functionality. I saw Bitwarden can check if your passwords have been involved in a data breach, but nowhere near as many little add-ins as Watchtower. It feels like a credit score for your passwords 🙂
  
  Nah, it's okay. The google chrome built in password manager is one of the worst options

There's no point switching if you are using either of these two, so I'd just keep 1Password.
- I guess one is considerably cheaper than the other, so there’s that.
  But yeah, other than that, no real reason to switch if there is parity on the functionality.
  
  Barely for a family subscription that they are using, I think 1Password is worth the extra for the polish it has and their support. I suppose if you had a family of 6 then Bitwarden gets a lot more value back as I believe 1Password's is only 5 members included and $1 for extra beyond that.

I just use firefox to remember my passwords
is there an advantage to switching to some third party app like bitwarden?
I feel like firefox is good enough and very easy to view/manage my passwords, but open to arguments why others are worth switching to
- App fill is a pretty useful feature of most third-party password managers. When I open an app on my phone, it will recognize which login(s) are associated with it and autofill.
  Also, the ability to create and store secure notes has proved invaluable. I don't want to store things like safe combinations in plain text in my Google Drive.
- How does it store them though? I thought (this was maybe long ago) they they were stored plaintext on your machine instead of in an encrypted vault like password managers.
  
  I’ll be honest, I have no idea how secure the firefox passwords are stored… maybe I should actually research this some more
  but I would hope Mozilla has a reasonably secure method in place

I moved from 1Password to Bitwarden because I was struggling to pirate the former.
NGL, I think it is kinda stupid to use a hacked software as important as a password manager, same as with an antivirus, so for me the way to go has been to selfhost Bitwarden, haven't looked back since that.

Bitwarden is very good, but if you are already comfortable with 1Password I don't think it is worth the switch. A lot of people (myself included) just recently switched from LastPass to Bitwarden due to LPs issues and breaches. But 1Password is still very solid and highly recommended.

I’ve been using Bitwarden for years now, and I really enjoy the seamless experience across platforms. I use Windows at work, Mac/Linux/Windows at home, I also have an iPhone, iPad, Android tablets, and a Chromebook. Bitwarden works great everywhere. I originally chose it because it’s open source so I could host it myself if I wanted to.
I actually pay for Premium ($10/year) because I wanted to use FIDO hardware keys, but you also get 1GB for encrypted file attachments, which is handy.
BitWarden does everything I want, so I have a hard time considering paying far more for 1Password which does the same thing.

157 comments