NOTE: This post is not affiliated with any password management software and is not sponsored or supported in any way by any of the companies mentioned. This is simply an informational post to help you, the user, decide what might work best for you as well as shed some light on my own thought process around choosing a new password manager.
I admit it. I was a LastPass acolyte. Anyone that talked tech with me for more than 10 minutes knew I loved LastPass. I’ve told co-workers to jump on board. Some have- and they drank the kool-aid, too. They fell in love with never having to remember more than one password again. They had that warm fuzzy feeling any time they auto-generated a super-secure password. You know the feeling I’m talking about…
Okay, maybe you don’t- and ordinarily I’d say if that’s the case, then this post isn’t really for you. But with cyber security concerns at an all time high, even if you don’t care about “nerd stuff” like password managers, you should still probably read this.
If you’re unfamiliar with password managers and how amazing they are at saving you time and mental anguish while improving your security, then I think it might be time for you discover this wonderful world. But first let’s back up… why are we even talking about this? What did LastPass change? why am I jumping ship?
All of these questions and more will be explained in just a few short paragraphs… but for those of you who are uninitiated, let’s take a look at the world of password managers.
NOTE: If you don’t need an overview of password managers and are all caught up with the LastPass shenanigans, feel free to skip to the “So What Are the Alternatives” section of this post.
What’s a Password Manager?
A password manager, well… it’s kind of what it says it is. It manages your passwords for you. You don’t have to remember (or in many cases even fill in) any passwords ever again! Well, okay… except for the one password that logs you into the password manager. That one you really should remember. Really… don’t forget that one. Other than that, the password manager does it all for you! In fact, usually you don’t even have to come up with a password ever again. The password manager does it for you! That’s right- a password manager creates and stores your passwords for you in a secure “vault”, then autofills the password for you when you have to log into an app or site! Sounds pretty great, right? Well… it is!
But how does this work? Is it Secure? So glad you asked!
Without going too far into the tech-jargon, the majority of popular password managers use a kind of encryption called one-way hashing. So even though you are “storing” your passwords somewhere in the cloud… you’re not… not really. What you are really storing is an encrypted version of your actual password. The “one-way” in a one-way hash means that it is all but impossible to reverse engineer the encryption to get the actual password. Because of this, even if the password management company is hacked and user accounts are stolen… they cannot read any of the password data. So … yeah, it’s pretty secure.
In addition to security, many password managers have some other great benefits, not the least of which include:
- Auto-generation of secure passwords
- Auto-saving passwords upon first login/sign-up
- Auto Form filling for credit cards, addresses, etc.
- Multi-factor authentication options
- Cross-platform support (works on desktops, laptops and phones and other mobile devices)
- Syncing across all devices
- Emergency access for a trusted friend or family member
Some also provide a VPN, though it should be noted that not all password managers provide all of these features. Especially not in their free or entry-level tier.
LastPass’s Change in Service
Effective March 16th, 2021, LastPass is changing its service model, specifically the free tier of usage (which is what many people use). You will effectively be asked to make a digital “Sophie’s choice”… do you want your password manager to work on all of your mobile devices… or your desktop devices. You can no longer have both. If you’d like both, you are welcome to join the paid tier to the tune of $30/year.
Now I’m not an anti-capitalistic. I understand that businesses need to be profitable in order to function. However, giving your customers something for free for years, only to turn around take (half of) it away to monetize it is a bad look on any company and is sure to get some backlash.
At first glance many might say “$30 a year is not that much. Why not just pay for it?”. That is a reasonable question. In fact many other password managers appear to be around the same cost if not higher. For the most part it’s a fair market value. In fact, in doing research for this article, I can honestly say that LastPass Free tier feature set was amazing. So amazing, in fact, that they should’ve either never offered all of the features in the free tier, or found another way to monetize. The drug dealer-like strategy of “first one’s free” is not uncommon, and LastPass is not the first company to go this route- nor will they be the last. Unfortunately, they are in a line of business- password protection- that demands trustworthiness… and this ain’t it.
Consumers like myself immediately see red flags at an action like this. If this is their approach now, what will their service model look like in another 2 years? 5? How much more will I have to pay for essentially the same level of service? While nothing lasts forever, this strategy to squeeze more profit out of existing features leads to trust issues between consumer and provider, unfortunately.
Having said all of the above, if you are already a LastPass user and think $30 is a fair price, You will get a few bonus features including a security dashboard, 1gb cloud storage, dark web monitoring and emergency access (if something happens to you, someone you trust can access the account). LastPass has a great service and if you are okay with the rather sudden change, then by all means stick with them. Their product is amazing and it works very well.
For the rest of us, it’s time to try to find another service! Let’s take a look at some of the more popular options.
So What are the Alternatives?
The world of password managers is vast. The below is a collection of some of the most popular, well-known, and trusted services today. We will take a brief look at each, with a short list of major pros and cons for each service.
Disclaimer: I have not personally experimented with each and every one of these services. Many of the pros and cons below are based on each company’s site, their feature set list, pricing guides and user interface examples as well as other user reviews from various sources.
KeePass has recently become far more useful with it’s 2.0 version. Once a windows only service, this open-source project has recently become Mac and Linux friendly! While every single feature is free, there is also a very high degree of setup involved. The more features you want active, the more setup. While you get more control with this service, you are also sacrificing ease of use. Setting up cross platform access requires third party cloud storage to host the database and some non-trivial setup to implement. Also, as with many open-source endeavors, the UI is unfortunately lacking any sort of modernity. You can, however, completely self-host this service and keep it offline for a hyper secure environment. With the complications attached to this kind of setup, though, this one isn’t for the faint of heart or tech beginner!
PROS: Fully open-source option (free). Can be synced using cloud-storage for encrypted database.
CONS: A lot of setup required (doesn’t work out of the box). Poor quality UI.
1Password has a full feature set, is a mature product and the per device security key protection is top notch. Unfortunately, there is no free tier and the autofill feature is still lacking.
PROS: Full feature set (web monitoring, 2FA, browser extension). Per-device security keys.
CONS: No free tier. Autofill reportedly buggy.
Dashlane has one of the more expensive paid plans and one of the more restrictive free plans. The free plan limits you to one device only and restricts the amount of passwords you can store to 50 or less. The paid plan, however does include a VPN service now, which explains the price hike. Though transfer speeds compared to other VPN companies are lacking.
PROS: Great UI. Added VPN functionality.
CONS: Very costly paid plan. Free plan limits to 1 device and only 50 passwords.
Nord is sort of the opposite of Dashlane. Instead of a password management company extending into the VPN market, Nord is a VPN provider extending their services into password management. Nord’s VPN service is considered top notch, and NordPass is held to that same high standard. They use a different advanced algorithm for encryption than most other providers, but they are all close to equivalent in terms of security/protection.
PROS: Nice UI. Uses a more advanced encryption algorithm.
CONS: Free plan has 1 device limit. Combining the VPN and Password manager service costs, it is close to the same expense as Dashlane.
Norton is best known for their antivirus software suite. Their password manager is relatively basic and no frills, but it’s free. It has all the most important features like autofill, 2FA capabilities and auto-generation of secure passwords, but misses out on other auto form fill features like addresses, but that’s a bit nit-picky. It’s a good service. It does, however, force you to use their (free) Norton Safe Web service as a requirement. Unfortunately, Norton also has a similar history of offering services for free and then forcing users to start paying after they’ve become invested. However, if you are already paying for their antivirus software and like their service and interface, this product is a great choice for you.
PROS: free service (for now), clean interface. Great choice for people already in the Norton “ecosystem”.
CONS: Based on Norton history, will likely become a paid service. Forced usage of Norton Safe Web product.
Bitwarden is a rare find in that while it is open-source, it also has a modern look and feel and is very easy to use out of the box. If you are tech-savvy and like tinkering, though, you can also (like KeePass) set up a completely self-hosted and offline password management system. It is also cross-platform and syncs across your devices. On the downside, the free tier excludes some great functionality including their built-in authenticator, health reports, and emergency access.
PROS: Free service has fairly robust feature set (though no 2FA for login unless paid). Much more affordable paid tier ($10/year). open source.
CONS: Limited feature set on free tier.
Hopefully the list above gave you a good foundation of the basic features of these services and helped you figure out which way you are leaning if you are looking for a new password management service.
In my case I really did love the LastPass UI, its ease of use and its feature set. So I wanted to find as close to a “like for like” as I could. I found it helpful for me to list the things I found myself using most often. That would help me in finding a similar service. The below were my most used features and, therefore, my requirements:
- Auto-generation of secure passwords
- Credit card info/address storage and fill
- Intuitive UI
- Browser extension
- iOS and Android integration
Armed with this set of features and a thin wallet as a guide, I’ve decided to make the jump to…
Bitwarden! Their free tier checks each of my feature boxes with the exception of one (and a half):
- The authenticator for multifactor authentication (an added security measure) is not available on the free tier, but it does integrate with third party apps like Authy.
- The autofill feature is still experimental, though I haven’t seen any issues with it in the week+ that I’ve been using it as long as the web page you visit has visible login fields. It even worked on my router login, and LastPass did not!
The paid tier of Bitwarden has a few features that I would like to have:
- Dark web monitoring/password health report
- Built-in authenticator
- Hardware authentication options (Yubikey, U2F)
- Emergency access
And given the very low cost compared to other password managers, I may be willing to give my hard earned cash over to them very soon! At $10/year, it’s about 66% less than the cost of most other comparable managers paid teirs out there!
So- if you’re a LastPass user like me… how big of a pain is it going to be to migrate to Bitwarden? Almost no pain at all, in fact! Let’s take a look at how easy it is to migrate.
Leaving LastPass- Exporting Your Secrets
First, you’ll need to create a Bitwarden account. Once you’ve done that, open a new tab and use your LastPass browser extension to drop down the LastPass menu. It is important to use the browser extension and not the website to get your export, otherwise you won’t get the option to get the CSV file.
Choose the CSV File option. You will be prompted to enter your master password again. When you do so, your local file explorer will open for you to name the file and save it in a folder of your choosing. Remember where this file is saved!
Hello, Bit Warden!
Now go back to your freshly created Bitwarden account and log in. In the upper left, click on “Tools” in the navgation bar:
In the next screen, select “Import Data” (1), then in the “Select the format of the import file” field, Choose the LastPass (csv) file type (2). Next, click the “Choose File” upload button and navigate to your exported LastPass csv file (3). Finally, click “Import Data” (4).
That’s it! All of your passwords are now in Bitwarden! You can now delete the csv file or save it somewhere very secure. Be sure to download the browser extension as well as the phone app. Make sure your phone app is set to allow autofill of passwords and that you choose Bitwarden as the service it references for those passwords.
If you don’t have a password manager… you should really get one. The upside is huge as far as security goes, in most cases the learning curve is low, and there are plenty of free options if you don’t need all the bells and whistles! Although I would say you should look for an option with at the very least cross platform compatibility to sync all of your devices together and auto-fill to make your life easier.
If you are like and decided to look elsewhere after LastPass’s “bait and switch” I hope this post has given you some direction and points to consider in your move to another service.
There are obviously plenty of other services out there. Which are you using? What did we leave out? Leave a comment below and add to the options!
Thanks for reading!