I have been a fan and user of LastPass for years, but the latest news of another security incident has me looking at moving to some alternatives. I am particularly concerned that LastPass did not encrypt the entire backup that they keep off-site of user data. This in my opinion is a breach of good security measures and has now exposed all the websites I have accounts at. This opens up my accounts and those websites to brute force attempts to try and hack my accounts.
Here are the services I am looking at that you might also want to try.
This is my number one contender for replacing LastPass at the moment. Some of the things I like about Bitwarden:
- End-to-end encryption. They state that they encrypt all of your data before it ever leaves your device. Not sure if this is 100% true yet or not, but it would prevent the problem that LastPass now has that some hacker(s) have a list of all possible websites where I have accounts.
- Open source. If I want I can go look through the code if I want. I am sure better coders than me exist that have. Plus I just like to support open source projects.
- Has a similar feature set as LastPass like autofill, syncs across all my devices.
- Options for lots of browsers, desktop operating systems and mobile. I think I can replace LastPass across with Bitwarden on everthing I have.
- Pricing wise I am just using the free account right now but even the Premium account is only $10.00/year.
It has been quite a while since I tried 1Password and it looks like it has improved. In fact the features and options are very similar to LastPass and I am certain it could replace LastPass for me on my devices. There is a list of things that concern me about 1Password. It is closed source, like LastPass so there is really no way for me to confirm that they perform end-to-end encryption and encrypt all user data. From what I remember LastPass promised zero-knowledge and we have now learned that is a lie because they had knowledge of what sites I visited. 1Password is triggering the same feeling. How do I trust this is true? Pricing is more that Bitwarden but not as expensive as LastPass is for a premium account.
The Advanced plan with Dashlane appears to offer everything I have been used to using with LastPass. They also offer a white paper on zero-knowledge security that I will be reading to learn more about what they do. Dashlane has some of the same red flags that make me nervous as 1Password, how can I trust them? If the LastPass hack has reminded us, don’t trust that these services are actually encrypting all data. These questions all need to be addressed and I don’t see a great deal of information Dashlane that will answer or confirm that they encrypt all user data.
As I mentioned it appears the Advanced plan will do everything that I had with LastPass and it starts at $2.75/month billed annually. Again a little more than Bitwarden but not as expensive as LastPass.
Keeper ended up on my list of services to check out because of PCMag. I had not heard of them before finding them there and I am curious. They do have a zero-knowledge policy, but again what does that mean? Will need to confirm that is means all data is encrypted and hidden from them.
Pricing they are competitive coming in at $35.00/year for unlimited devices and storage.
Password Managers I’m Not Considering
These are the password managers and services I am not looking at to replace LastPass.
Browser Password Managers
I will not switch to using any browser based password manager. This includes Chrome, Edge, Firefox or Safari. I need a password manager that works on multiple operating systems and mobile devices. Even with sync I am not locking myself into any one browser for password management. Not to mention I share enough data with Google and other browser companies that they don’t need to have all my passwords as well. Thanks but no thanks.
Apple iCloud Keychain
I cannot imagine being locked into just Apple for saving and filling passwords. Again I use multiple devices and multiple browsers so using Apple iCloud Keychain is a non starter.
This is based on my limited experience of just the website, so my opinion might change if I actually created an account. But this website just feels off, maybe it is the annoying chat bot that keeps dinging or the large amount of recent awards and media coverage that links to no where. I might circle back around to trying them but when a website takes a lot of time trying to convince you with social proof but with no links to that proof it just makes you wonder.