upnorth

Level 36
Verified
Trusted
Content Creator
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
 

blackice

Level 13
Verified
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
Agreed, it's hard to tell if lastpass is full of holes...or if they just are the biggest target for bug hunting since they have the largest user base.
 

Protomartyr

Level 2
One thing that's always been on the back of my mind is the amount of development behind these extensions. In my case, it's LastPass (that I'm currently using) versus Bitwarden (which I plan on switching to soon).

I've heard nothing but good things about the developer of Bitwarden. He's managed to put out a free product that rivals even the paid password managers. But from what I can tell he's the only one working on the project at the moment. What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden. I'm still going to switch eventually as I'm really impressed with the work he's done and I do like how there's a self-hosting option available.

I'm glad that LastPass has been patching these vulnerabilities quickly. Being one of the most popular password managers makes them a big target, but they do have the manpower to find and fix anything that comes up. Can I expect the same from Bitwarden?
 

blackice

Level 13
Verified
One thing that's always been on the back of my mind is the amount of development behind these extensions. In my case, it's LastPass (that I'm currently using) versus Bitwarden (which I plan on switching to soon).

I've heard nothing but good things about the developer of Bitwarden. He's managed to put out a free product that rivals even the paid password managers. But from what I can tell he's the only one working on the project at the moment. What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden. I'm still going to switch eventually as I'm really impressed with the work he's done and I do like how there's a self-hosting option available.

I'm glad that LastPass has been patching these vulnerabilities quickly. Being one of the most popular password managers makes them a big target, but they do have the manpower to find and fix anything that comes up. Can I expect the same from Bitwarden?
My question is who are all the coding experts who are pouring over the “open source” software that’s supposed to make us all safe? Are they trustworthy? I sure can’t check that code myself.
 

Protomartyr

Level 2
Yeah it's a common misconception of open source software. The code might be available for review but who actually has the knowledge to check it?

From LastPass Bugcrowd Update – 1H 2019 - The LastPass Blog
Additionally, LastPass is regularly audited both internally and via third-party assessments evaluating internal controls that protect the security, confidentiality, integrity, availability and privacy of the information with which our customers entrust us. LastPass maintains SOC2 Type II and SOC 3 reports, as well as a TRUSTe Verified Privacy certification.
The last time Bitwarden was audited was in November 2018 from what I could find:
 

Umbra

Level 14
Verified
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
Sometimes they just can't or won't, because the way the software was coded, fixing a discovered vulnerability would requires a recode from scratch.
Like Comodo 10+ disappearing rules bug, bug by design, requires heavy recoding for a bug encountered by few. Not worth the effort for them, so I ditched Comodo because I consider this bug as a serious vulnerability.

What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden.
You will do like I and every person with common sense will do, find an alternative.
 

gmaister22

Level 2
I do not mind paying I actually prefer paying for something that crucial so that I know that the developers make money out of it so they doing their best. That's how business work. I already pay 60€ a year for 1Password family plan. I am just looking for a good alternative (paid) because I do not like how 1Password works with autofilling

Last pass is year ahead for auto filling but I am worried about their security....