In my last post, I talked about why the password is going to slowly start fading out of our day-to-day lives. One suggestion I gave is to use a password manager until the password is no longer necessary. In this post, I’d like to go in-depth as to why I chose Bitwarden as my password manager.
Like when choosing my email provider, I started by listing off all my requirements for a password manager:
- My password manager should be proven to be secure. This is a given, but I didn’t want to choose an insecure app which might have a bug allowing it to be hacked easily;
- Has publicly auditable source code. I figured this would be an easy way of helping to ensure security;
- Is trustworthy;
- Works on multiple platforms. I was using Firefox at the time, but wanted to try out a few other browsers (like Brave, Opera, and Vivaldi), so I wanted to be able to switch browsers easily without needing to re-enter all of my passwords. This also included my potential switch from iOS to Android as well as from Windows to Linux, so apps were needed for all platforms;
- Syncs across devices. I want my passwords both on my laptop and on my phone;
- Has an easy way to export passwords to another app if something went wrong.
With this list of requirements in place, I looked into a few options.
These apps were ones I tried out, but due to not meeting one or more of the previous requirements, I didn’t end up using.
Apple’s built-in keychain was my source of passwords until I went to college. I used a Mac going to before college, but Apple’s keychain doesn’t work on Windows, so I couldn’t keep using it. In addition, there’s no easy way to export your passwords, so I had to manually copy/paste all of my passwords into my eventual password manager.
Firefox Lockwise was also an option I briefly considered. Built into Firefox, I figured this would be an easy option should I stick with Firefox as my browser. Ultimately, however, I chose not to use it when I began to consider other non-Firefox browsers. Firefox Lockwise also shut down their mobile apps in December of 2021, so I’m glad I chose an alternative!
Keepass (and later KeepassXC) was the first password manager I looked into. It seemed to have a lot of awards listed on their website, though I wasn’t sure how to determine which of these were legitimate and which (if any) were fabricated by the creators to make their app look better. It had a number of unofficial ports and other apps for nearly any platform you could think of, so it certainly worked across platforms!
Being open source and given the number of reviews I read about it online, the app certainly seemed trustworthy (even if it had an outdated interface). I really liked how I could add as many fields as I wanted to an entry and even attach files to a password if needed.
The killer feature, however, was autotype. Autotype made the app type your username and your password for you, pressing whichever other keys (tab, enter, etc) you tell it to depending on the website. It’s hard to describe just how cool this feature feels to use!
Keepass also supports a number of plugins to add additional functionality and they offer developers the chance to develop their own.
A few problems came up while looking at the app, however. The biggest problem, ironically, was working across devices.
It certainly seemed that the Windows app was secure and well-recommended, but none of the other apps for other platforms or plugins shared this boast. In addition to trusting the developer of Keepass to keep their app secure, I’d have to trust whichever developer programmed the browser extensions or the mobile apps I used to maintain their apps. A chain is only as strong as its weakest link, and I had no way to trust that one of these other apps wouldn’t be the weak link leaking all of my passwords.
On that note, how could I even trust the other apps? While most of them are open source, I couldn’t find any reviews from security experts on the other apps. I don’t have to want to trust a whole lot of unrelated apps with the keys to my digital life.
In addition, I could never find a good app for Android. I found Strongbox for iOS which worked great, but I couldn’t find a good Android app with the needed functionality.
Finally, we have the issue of syncing. Since Keepass is only officially released for Windows, it’s not explicitly made to sync passwords. In addition to setting up Keepass, I also needed to tell Keepass to save the file storing my secured passwords on another cloud provider (Onedrive at the time). I also needed to give whatever app I used on my phone permission to access my entire Onedrive. I didn’t feel comfortable with this, and ultimately abandoned Keepass when I discovered the alternative I went with…
Bitwarden is the app I currently use as my password manager. Bitwarden is another open source password manager, and not only does it look more modern, it also syncs across devices! At the time, they advertised how it works across all sorts of devices on their front page, and all of these extensions and apps were officially supported by Bitwarden! I only have to trust one entity, Bitwarden, rather than a slew of random developers making apps for different platforms.
In addition, Bitwarden was proven to be secure. It has undergone numerous security audits, which (at the time I chose Bitwarden and that of writing this review) haven’t found any major problems in any of their platforms. They also release the details of the security audits to be read by users. Check them out if you’re technically minded!
Being open source and meeting numerous certifications, I figured that they were trustworthy enough for me to use.
They have an option to easily export your passwords, but the most important feature they had was their cross-device sync. After the mess of trying to set up Keepass to sync across devices, Bitwarden just works. You create an account and enter your password, and it just works. It syncs across devices and browsers so easily, I knew there was no way I was going back to the mess of setting up my own syncing system.
Ultimately, I have stuck with Bitwarden for the past few years and it has worked great!
Ultimately, I think Bitwarden and Keepass have different use cases. If you’re just storing passwords on one device and you’ll never need to access them elsewhere, Keepass can be a good solution. Ultimately, however, I think Bitwarden has the best all-around product and I plan on continuing to use them for the foreseeable future.
While I still deeply miss the autotype feature from Keepass (it’s such a cool experience I haven’t found replicated elsewhere), I think Bitwarden’s security audits, modern interface, and cross-device sync more than make up for this lack. I suggest Bitwarden to anyone looking for an easy way to secure their digital lives in an easy, practical way.