I’ve been an avid user of Bitwarden since 2016, and have grown accustomed to it. However, I feel more and more annoyed by it.
What’s wrong with Bitwarden?
Some of the recent update, apparently mainly the new dress for its browser extension, have also made it much more cumbersome to use. The most impactful nuisance is that the extension sometimes loads for over 5 minutes before showing my passwords (note: that happens in multiple browsers and no matter if I was already logged in or not). I also tried many different things (reinstalling the extension, using a VPN, not using one, etc.), but nothing changes this.
What are the alternatives?
I’d be happy to try something new, but when it comes to reliable, ideally open-source password managers, there aren’t that many choices:
Proton is new-ish, and I’m not the biggest fan of the company’s aggressive marketing strategy. I don’t like the all-eggs-in-one-basket approach (and also just got locked out of my account recently, which was a clear reminder for this).
KeePassXC is nice, but the cross-platform support and usability is poor and rather outdated, IMHO.
and then… we’re slowly reaching the end of reputable open-source password managers (that don’t need self-hosting)
Is closed-source really an alternative?
There’s a variety of closed-source password managers, but that’s the main issue I feel slightly uncomfortable about: they’re closed-source…
What are you guys using, and do you think it’s even worth looking at closed-source options? I’m looking at 1Password, Enpass, and RoboForm currently, and while there’s a lot about 1Password, there’s very little to no real info on the latter two…
That’s egregious, but it extremely snappy for me. Is your computer older, have a bad network, or perhaps something else? I’d contact their support on this issue as well.
Nope, it’s pretty decent, actually. I also encountered this issue on both Linux and Windows machines, in different browsers, and I kind of run of ideas what else I could try to improve this.
Do you have a large number of saved passwords or other data? Or perhaps you’ve set the encryption iteration count high? Aside from that I have no idea, and would def contact support.
Setting your KDF iterations too high could result in poor performance when logging into (and unlocking) Bitwarden on devices with slower CPUs. We recommend that you increase the value in increments of 100,000 and then test all of your devices.
If you are unhappy and cannot resolve the issues, PG has recommendations for you to try. I really like Proton Pass and that’s what I use. 1Password is also a solid option and has a lot of features unless you’re already in the Proton ecosystem in which case only Proton Pass makes sense.
I’d ask on the Bitwarden forums to see if there’s a fix for your issue or if it could be reported as a bug. Other than that, I think you laid out the situation pretty well in your post in realizing there’s no ideal option. If you really can’t get Bitwarden to work, I’d give a +1 for trying out Proton Pass next. Assuming you don’t wanna deal with KeePass or Psono, 1Password is the next best option.
I do have a large number of passwords, yeah, around 1,000. The encryption keys iteration is on standard value, though. I think contacting support might be an option.
I’ve seen people reporting similar issues for a while on the forums, but no real solution yet. But frankly, it’s been a while since I looked. Then it worked normal again, and now the issue has reappeared…
Yeah, I’m tempted to go with Proton, despite my dislike for its overall presentation.
Out of curiosity, why is it that 1Password has such a high reputation compared to other long-term players like RoboForm or Enpass? All three are closed-source, which I know is a no-go for many on PG. But if 1Password is an option for some, why not the others? Like I pointed out, it’s really hard to find reliable info about them.
I haven’t fully read these threads but my assumption is that because 1Password offers excellent usability and security (some might argue better than Bitwarden and Proton Pass) they kinda bend the rules a bit to include it as an option for anyone who found open source options lacking.
1Password has really good reputation among security experts, does multiple audits each year, and the secret key feature essentially ensures that even if 1Password were breached, your data would remain safe, even if your master password wasn’t very secure.
Regarding these other options you mentioned, both have issues regarding their audits. Enpass hasn’t had many or even any audits depending on the client. RoboForm has apparently only been audited once, and the report doesn’t give any details about the actual findings, so not very transparent behavior from them.
Both are also using PBKDF2, when more modern alternatives are available and RoboForm’s 100,00 iterations are insufficient.
Regarding RoboForm, I also noticed that their Android app requires a whopping 62 permissions, which is a pretty insane number for a password manager.
True, the last app audit is a while ago… And I also noticed that the client isn’t updated very often on Linux, it seems.
I’ve had a look at the report, and I agree that this report isn’t exactly telling very much. Some stuff has been found and fixed, but what, we can only guess.
I like what you said about 1Password. Perhaps it’s worth trying it out.
While theres really no perfect solution, personally for me keepass is the closest to perfection. Only cons of it for me is sharing. Obviously cloud pw manager like bw, protonpass etc got better fine tuned sharing capability compared to local only pw manager like keepass but i like everything else about keepass. Libre, foss, local only, edit history for all entries etc. Bw haven’t got edit history for all entries and its been requested since 2021.
Thanks! So far, this seems to have improved things!
I got to admit, though, I’m still a bit torn as I’ve been trying out 1Password and Proton Pass during the last few days. So, I’m still not sure whether I should stay with Bitwarden or try something new.
Bitwarden has been my trusty companion for almost a decade now, but frankly, 1P’s feature list and UX/UI outclass Bitwarden significantly. I like the travel feature, the secret key (mostly because if something happens, my not-so-techy husband could manage to get access by just using two passwords), and the link / vault sharing.
Proton Pass is much better now than just a few months ago, but I still dislike the company’s all-eggs-in-one-basket approach to things and that it tries to push this to users so much (i.e. ‘why not also use our mail, VPN, and so forth’). That Proton is EU-based and open-source are technically the only two facts I really love about Proton. A lot of the other factors (e.g. link / vault sharing) are now similar to 1P.
So yeah, I’m honestly a bit confused now. I kind of like 1P the most in terms of features and usability, at least for my use case, but I’m still concerned over the closed-source aspect. Almost everything else I use daily is at least partially open-source (e.g. Tuta, Notesnook, LibreOffice, GnuCash). But I don’t know, 1P seems just kind of… good Is that a dangerously wrong idea / feeling?
Bitwarden is still miles ahead of ProtonPass and it’s cheaper.
1Password has a lot of issues on Linux and GAPPS-free phone/profile. I listed them here:
I still installed 1Password now to check if the QR scanning is working, and unfortunately it is still Google-dependent.
For me, a password manager is primary used to fill and generate passwords, I’m not looking at it much. If it ain’t broken - don’t fix it.
If you don’t have Linux and don’t plan to, and you’re using GAPPS, then I’d say 1Password is completely fine. Keep in mind it’s price whilst comparing to BW.
I have been trying 1P with the Brave (flatpak) extension on Pop!_OS 22.04 and the .deb package for a few days, and I couldn’t see any issues so far. In fact, the experience was way smoother than with Bitwarden. Is there a particular advantage of Wayland over X? I know Wayland is more advanced, but does this matter in this case?
I think this might be a question of use case. I wouldn’t say I have the highest threat model, and I am using a Pixel 8 as my main phone, though I minimised the usage of Google’s own services quite a bit (still being aware of what I’m using there). Since I’m using a Pixel with Google’s Android, I don’t think the QR scanner issue matters much to me.
To be honest, I read the entire Remove 1Password thread, and I feel a bit overwhelmed now. I also read many other posts here and elsewhere about the other candidates (incl. BW and PP), and the more I read, the more I feel lost on this
Is that a dangerously wrong idea / feeling?