Password Managers 2019

reystar

reystar

Level 3
Thread author
Verified
Feb 4, 2014
105
Hello

I have been using 1Password couple years now, but I feel sadly for a change. What do you recommend? What is the state of Password Managers at 2019?

I see password managers like Keeper and Dashlane getting bigger? While Lastpass seems to have really slow development?
 
  • Like
Reactions: notabot, DDE_Server, Venustus and 1 other person
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
 
  • Like
Reactions: motox781, fabiobr, DDE_Server and 5 others
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,763
upnorth said:
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
Click to expand...
Agreed, it's hard to tell if lastpass is full of holes...or if they just are the biggest target for bug hunting since they have the largest user base.
 
  • Like
Reactions: [correlate], mellowtones242, Handsome Recluse and 5 others
reystar

reystar

Level 3
Thread author
Verified
Feb 4, 2014
105
upnorth said:
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
Click to expand...
With so many vulnerabilities though, you might end up having serious trouble, like having your vault decrypted for example
 
  • Like
Reactions: [correlate], Threadripper, DDE_Server and 2 others
P

Protomartyr

Level 7
Sep 23, 2019
314
One thing that's always been on the back of my mind is the amount of development behind these extensions. In my case, it's LastPass (that I'm currently using) versus Bitwarden (which I plan on switching to soon).

I've heard nothing but good things about the developer of Bitwarden. He's managed to put out a free product that rivals even the paid password managers. But from what I can tell he's the only one working on the project at the moment. What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden. I'm still going to switch eventually as I'm really impressed with the work he's done and I do like how there's a self-hosting option available.

I'm glad that LastPass has been patching these vulnerabilities quickly. Being one of the most popular password managers makes them a big target, but they do have the manpower to find and fix anything that comes up. Can I expect the same from Bitwarden?
 
  • Like
  • +Reputation
Reactions: [correlate], Handsome Recluse, CyberTech and 7 others
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,763
Protomartyr said:
One thing that's always been on the back of my mind is the amount of development behind these extensions. In my case, it's LastPass (that I'm currently using) versus Bitwarden (which I plan on switching to soon).

I've heard nothing but good things about the developer of Bitwarden. He's managed to put out a free product that rivals even the paid password managers. But from what I can tell he's the only one working on the project at the moment. What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden. I'm still going to switch eventually as I'm really impressed with the work he's done and I do like how there's a self-hosting option available.

I'm glad that LastPass has been patching these vulnerabilities quickly. Being one of the most popular password managers makes them a big target, but they do have the manpower to find and fix anything that comes up. Can I expect the same from Bitwarden?
Click to expand...
My question is who are all the coding experts who are pouring over the “open source” software that’s supposed to make us all safe? Are they trustworthy? I sure can’t check that code myself.
 
  • Like
  • Applause
Reactions: [correlate], Handsome Recluse, CyberTech and 5 others
P

Protomartyr

Level 7
Sep 23, 2019
314
Yeah it's a common misconception of open source software. The code might be available for review but who actually has the knowledge to check it?

From LastPass Bugcrowd Update – 1H 2019 - The LastPass Blog
Additionally, LastPass is regularly audited both internally and via third-party assessments evaluating internal controls that protect the security, confidentiality, integrity, availability and privacy of the information with which our customers entrust us. LastPass maintains SOC2 Type II and SOC 3 reports, as well as a TRUSTe Verified Privacy certification.
Click to expand...

The last time Bitwarden was audited was in November 2018 from what I could find:
blog.bitwarden.com

The Bitwarden Blog

Blogs, news, updates, and information of all kinds can be found here at the Bitwarden Blog.
blog.bitwarden.com blog.bitwarden.com
 
  • Like
  • Thanks
Reactions: ForgottenSeer 85179, Mercenary, [correlate] and 9 others
F

ForgottenSeer 823865

upnorth said:
Personal I would be concerned if a company/vendor or developer didn't patch found/reported vulnerabilities. If a software is regularly patched, normally shows they actually care and those are the ones I tend to recommend.
Click to expand...
Sometimes they just can't or won't, because the way the software was coded, fixing a discovered vulnerability would requires a recode from scratch.
Like Comodo 10+ disappearing rules bug, bug by design, requires heavy recoding for a bug encountered by few. Not worth the effort for them, so I ditched Comodo because I consider this bug as a serious vulnerability.

Protomartyr said:
What happens if he no longer has the time to work on it? Will the project be abandoned? That's the only thing causing me to hesitate to switch to Bitwarden.
Click to expand...
You will do like I and every person with common sense will do, find an alternative.
 
  • Like
Reactions: [correlate], Threadripper, roger_m and 4 others
reystar

reystar

Level 3
Thread author
Verified
Feb 4, 2014
105
I do not mind paying I actually prefer paying for something that crucial so that I know that the developers make money out of it so they doing their best. That's how business work. I already pay 60€ a year for 1Password family plan. I am just looking for a good alternative (paid) because I do not like how 1Password works with autofilling

Last pass is year ahead for auto filling but I am worried about their security....
 
  • Like
Reactions: Divine_Barakah, [correlate], Handsome Recluse and 3 others

Similar threads

Gandalf_The_Grey
    • Applause
    • Like
New Update Bitwarden's app is about to get a lot prettier
Replies
2
Views
398
Passwords and passkeys
Researchspace
Researchspace
Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
You should change your password manager's clipboard settings now
Replies
4
Views
911
Passwords and passkeys
HarborFront
H
Gandalf_The_Grey
    • Like
    • +Reputation
ViperSoftX info-stealing malware now targets password managers
Replies
1
Views
1,209
News Archive
Zero Knowledge
Z

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top