Bitwarden or Proton Pass

What yall thoughts on this ?

Proton Pass if you pay for Proton Unlimited. Otherwise, Bitwarden.

Don’t put all your eggs in the same basket.

Hands down Bitwarden . I haven’t used proton pass much but definitely bitwarden would by my first choice. They have been around for a long time now and are excellent for security in cloud password manager space. Their support is also good.
Their free plan inlcudes unlimited passwords , yubikey support which is the most a free password manager is offering in the market.

Proton Pass is a lot more user-friendly, much easier to sort passwords and a really nice much better working integration with SimpleLogin for random alias username email addresses.

Proton Pass however does not allow you to set up a legacy plan like Bitwarden has in case of death or emergency. Proton really should introduce that option.

Proton does not have support for biometrics authentication on desktop, so you will rely on a pin in your browser or no authentication at all.

Neither have fully launched passkey syncing support, but it seems that Bitwarden is further in the works on this, so that is something to consider.

sign
Tested also Proton but in the end it’s all about the many small differences that make Bitwarden

I would never trust any cloud service with this kind of data, regardless of whatever encryption or other methods they would use. So, Bitwarden as long as you’re self-hosting.

Why? Can you go more in detail?

How is self-hosting gonna make it more “secure” according to you. If you don’t trust cloud , it doesn’t matter where and how you host it.
I am not sure what are people worried about as everything is zero-knowledge encrypted.
Also bitwarden code is open source , you can compile app yourself. Using their cloud service would be much better than hosting yourself unless you are a business.

According to this website, the Bitwarden agreement you make when you say “I agree” states that you agree they can:

You are tracked via web beacons, tracking pixels, browser fingerprinting, and/or device fingerprinting

No info on Proton Pass, but they do show what we agree for with ProtonVPN, which I assume is similar.

I agree with you, I guess the main benefit would be getting the premium features (like TOTP 2FA and emergency contact/dead-man’s switch) for free.

Is this website providing legit information ?

When you are self-hosting, you assume the daunting task of protecting your data. Still, you are dependent on the same encryption methods provided by Bitwarden or Proton, unless you are devising your own cryptography.

Indeed. It is also annoying that Proton Pass does not have option to lock itself on browser restart, unlike Bitwarden. So, you have to enter your pin like every hour.

It depends on the apps and services, there might be missing information for some apps. Keep in mind that the review is based on the Terms of Service, not the underlying technology of the apps.

For instance, Telegram has a score of C, while whatsapp is given D. If I had to choose between the two, I would opt for whatsapp, since Telegram does not have E2EE for group messages and individuals (for default). Therefore,

As with everything we research, we rely on the many to inform us of scams.

The website claims that they read those legal agreements that we all sign when we use someones “free” software or websites, then they parse out the good and bad in what we have agreed to. It is a window into how they use claim to use our information.

it’s community run, so take things with a grain of salt and see what is actually going on. It can possibly help you to understand things but I would just read the actual policy instead. The TOSDR project tries to reduce complexity but I am not sure that it really does. This specific line was copied from the privacy policy section in the part about the website, not about the product itself. The marketing website of Bitwarden surely leaves things to be desired, but this isn’t part of the policy for the product itself. Take that for what you will.

Sure. While I trust the math behind encryption in general, you still rely on the cloud service to almost never make mistakes. Sometimes mistakes happen: #1, #2, #3, #4. Now, some services definitely are better than others making it less likely for a single mistake in isolation to actually lead to compromise of any interest data. I just like to have another step here, call it defense in depth if you will: hosting the data on my own infrastructure.

Regarding open source: Yes, it is. Otherwise I wouldn’t consider it in the first place. Regarding their cloud service: I haven’t said that “I don’t trust cloud” and I also haven’t said anything about the “zero-knowledge encrypted” state of the data in my initial comment. I simply stated my preference. You have not really made it clear why their cloud service is better “unless you are a business”. There are definitely downsides to hosting things yourself, including a password management solution. But I think that it’s a bit too much of a blanket statement to say that individuals cannot and should never host things themselves. Especially if I’m not specifically targeted for being a PEP or similar, then self-hosting can work fine.

However while I do incidentally actually self-host Bitwarden, my initial comment also was only an answer to the question “Bitwarden or Proton Pass?” from the OP. If we’re generally talking about password management, I would recommend KeePassXC to most people. It’s fine though if you use something different, all is better than using the same password everywhere.

I’m thinking of switching to proton pass if there’s a sale for cyber monday/black friday soon for usability and UX, but I had a question for more technically inclined users.

Is there a tangible difference in the security or reliability of Proton and Bitwarden’s encryption and data protection protocols? Is there a substantial enough difference to warrant using one over the other for an average user?

I’ve read through documentation for both services, but when it comes to encryption protocols and diagrams, I start having trouble following along. I’d appreciate some clarity from someone here on this

I don’t’ know if my MacBook is the problem, but Proton Pass has been pretty bad in my experience. For over a month it didn’t work on the Mac, Passwords wouldn’t open. I downloaded the iPad app to it, and it wouldn’t save entries there either.

These issues got fixed and it worked until about a couple of weeks ago. Now iPrroton Pass doesn’t work on Safari. When it tries to enter the password, the Proton Pass text box goes all black and it can’t be closed. I have to force quit Safari and start all over again.

Plus, I go to a client site that somehow has a firewall on ProtonMail/Pass, so I can’t open it there. They have put firewalls around VPNs as well, so haven’t been able to get around it yet.

IMHO, Proton Pass is really a half baked product. I love Proton Mail, but can’t recommend Proton Pass. I moved over from 1Password, and really regret it.

Many products of Proton feel this way, especially if you use them cross-platform (e.g. on Linux). They really should focus on doing a few things, but these properly, not developing something new again and again, which no-one asked for and are better alternatives out there anyway.

Couldn’t agree more. My Proton disappointments (have been moved to a new thread).

As for the original question of this post, I have not used Proton Pass personally, and have not used Bitwarden recently.

Regardless, I would recommend you use the best tool for you personally. If you find Bitwarden nicer to use than Proton Pass, or the reverse, then use what works for you.

But more generally, I have to agree with this:

You should really use the best service for each one of your singular needs, and not use the same one for everything.

While Proton’s (still developing) ecosystem is nice, you should really evaluate Proton Mail, Calendar, Drive, Pass, and VPN as separate products. It’s fine to use them all, if they’re genuinely the best options for you (and they are pretty good).

But, if Bitwarden works better for you, or Mullvad works better for you, etc., then you should use them. Using the whole ecosystem is not required, and not really recommended (if it makes sense for your use case to use other products), since you’ll be relying on them for a lot of your stuff.

My personal setup (has been moved to a new thread).