Bitwarden or Proton Pass

vilna@lemmy.world to Technology@lemmy.world – 112 points –

Hy,

In your opinion do you prefer Bitwarden or Proton Pass and why?

It seems proton pass have better integration with Firefox.

Good and bad?

Thanks.

86

Am I a boomer for still using KeepassXC synced via Dropbox?

KeepassXC + SyncThing in my case, to skip the middle man (Dropbox/Google drive)

Nah, still a great solution if you like. That was my solution for years until just about a month ago I switched to bitwarden because it seemed easier to protect with a yubikey. I've liked it so far.

I took the opportunity to export all my passwords from Firefox, chrome, and KeePass, then spent about a day cleaning the whole mess up and removing duplicates, THEN imported the csv into bitwarden. Still getting used to not using chrome/Firefox for auto filling and storing passwords, but I like that my passwords don't feel so spread out across multiple browsers/dbs.

No sir, I did this for years. I used Kypass on my iPhone so I could use my passwords on my phone as well. I ended up switching to Bitwarden for easier 2FA implementation and granular password sharing rather than having to share my whole vault or manage a separated shared vault

What kind of 2FA setup do you have?

I use Bitwarden with DUO as my Authenticator app. I know that you can set up keepass with 2FA via an extension but I didn’t find it as portable with my existing apps which is why I decided to make the switch

It works but partitions can and will happen and a merge afterwards is non-trivial AFAIK.

9 more...

I like Bitwarden because I can host my own server and control it all. Not sure if the other service does set-hosting. Maybe you can do the same with that?

I've been thinking of setting up my own server. Does hosting your own server feel secure? I feel capable of setting up my own server but I'm not sure if I trust myself to secure it appropriately.

Yes, it’s secure and of course can be further secured by other services, like vpn and scanners and such. I front my stuff with Cloudflare certs on their free tier as well.

Just use complex passwords for the admin and logins. They also support two-factor authentication which is easy to setup.

Bitwarden isn’t a brand new solution. I don’t understand the comment in Firefox, though, Bitwarden has no issues with it that I’ve found.

I've used Bitwarden heavily in various browsers and Android. It's really great and very effective at filling in passwords. Every now and then there's a site that does something weird to make it autofill a bit wonky, but I can only recall seeing that happen with registration forms (sometimes the enter + confirm your password fields seem to confuse it). It's near perfect at sign in forms that I've used.

There are issues with Firefox private browsing windows that don't happen in Chrome. Quoting their help article:

  • Your vault will lock every time the browser extension closes, unless you set vault timeout to Never.

  • Unlock with PIN will work only if the Lock with master password on browser restart option is not selected.

  • The badge icon will not update to show vault state (locked or unlocked).

Not huge issues, but definitely annoying on a daily basis.

I don't have experience with the second point but the other two don't happen to me; it works as it should.

Really? With Firefox in a Private browsing window - are you certain?

Here's mine, with the vault currently locked, but not showing any locked state (point 3):

And for point 1, just unlock the dropdown extension, exit the extension window, then click on the icon again. It will be re-locked when it shouldn't.

If you're really not seeing this, would you mind telling me how you fixed it?

I missed that you said in private tabs. I can reproduce it there but BW also says that private tabs support is still experimental when you try to do it.

Don't combine email, password manager, or 2FA authenticator together with the same company. All 3 should be completely separate from each other.

Bitwarden has a distinct advantage for this reason alone.

Been a longtime user of Bitwarden (free, and over the last year paid). It's a straightforward/good but a bit boring UI, connects very well and easily into browser, phone etc. Works well, highly recommended, and having 2FA on paid version is awesome.

Been trying out Proton Pass for the last few days since I already pay for Proton Unlimited. It's got a good UI and so far it's been working well in Firefox and on my phone. It's much better integration with Simple Login features so I like the slightly more seemless sign-up ability. It's not 100% feature parity with Bitwarden paid though.

Bottom line - I prefer proton pass as a heavy proton user already BUT if I just wanted a standalone password manager, Bitwarden is probably better. Both are good options though, and competition is good.

(Possibly a silly question: Is there anything wrong with a boring UI? What makes a good UI not boring?)

Nothing wrong with a utilitarian boring UI/UX. It's not going to be a determining factor but a nicer looking and feeling experience is...nicer.

I was just about to ask this too. I think boring is better than complicated, Especially for something you use everyday and that too, on autopilot a significant amount of time.

Bitwarden+vaultwarden server = free enterprise access 👍

I love this. I have it running on my Synology which has native docker support, reverse proxied through a wire guard tunnel to a digital ocean droplet.

Bitwarden. I’ve used it for years, never been unreliable. I pay for it.

Bitwarden is an open source, very popular choice, tried and tested. The Firefox extension works great, as do the mobile apps. The free version includes most of the features if you want to try it out.

If you're considering paying for the most polished experience, 1Password is the nicest in my opinion. Stay away from LastPass. No opinion on Proton Pass, it's still new. But I still choose Bitwarden because I like that it's open source, and I COULD choose to self-host a server if I got paranoid (I probably won't).

Bitwarden is what I am using and I am having no problem with it so far.

I've never used Proton Pass so I can't comment on which is better. However, my wife and I have both used Bitwarden for a number of years and have no complaints. Works with Brave, Chrome, Firefox; works on Linux, Mac and Android. We don't have Windows or iPhone so can't comment on those. We can share selected passwords between us.

And it all just works.

Works great with iPhone. It gets a little angsty when you have the Apple keychain or whatever it’s called activated sometimes. Honestly it is just a matter of selecting which to use, but the software gets a little confused sometimes.

I prefer Bitwarden just to not put all my eggs in the same basket

Thanks for all comments and opinions. I'll give a chance to bitwarden.

Bitwarden has better features and more clients are available for it. Proton Pass doesn't offer anything that Bitwarden does not except for a slightly nicer looking browser extension and mobile client.

I have access to both and tested them recently, so I think I got a pretty good picture of them both.

I prefer proton pass since I pay for proton and get access to everything so it's convenient and it makes alias emails for me. It's usually better not to keep all your eggs in one basket though.

1 more...

I subscribe to both services, and each has its own unique advantages. Proton's ability to generate disposable email addresses for questionable or bothersome websites is a standout feature that makes it worth the investment. Additionally, Bitwarden's thorough third-party audit instills confidence, and its excellent autofill functionality coupled with the option to self-host data is highly appealing. Moreover, the ability to unlock your vault using a YubiKey adds an extra layer of security to Bitwarden. While Proton shows promise and has great potential.

I use Bitwarden because it easily syncs across devices, and it's also more secure.

Do you have a source for the secure part?

Maybe they mean the security audits over the years: https://bitwarden.com/help/is-bitwarden-audited/

That can say something about the safety of Bitwarden, but it cannot tell you that Bitwarden is more secure than Proton Pass.

You could argue that there have more/fewer audits.

It’s a very reasonable choice to go with Bitwarden on the grounds that they have a longer track record with good audits and that you therefore trust them more.

Just don’t say that it is more secure unless you know it is so.

I've been happy with bitwarden and have no desire to change, so doubt I'll even try Proton pass. Going from no manager to bitwarden was a bit of a setup pain, mainly just because I had a bunch of logins that I had to change passwords for. And I have had no issues with it in Firefox.

If you already use some other Proton services, Proton Pass may be an option.

Basically thats the reason i wont use it. Dont want my password manager and my main mail provider having the same login credentials.

Too be fair... It is zero knowledge...

But I do agree that it is too centralized and would be a single point of failiture.

If someone gets access to your email and you password manager.... Holy shit!

I don't get why proton went this route, nobody asked for it

Fix the drive and provide proper contacts tool that can used within a phone.... That's whay I see people asking for actually.

Both are open source. I will use the free version. Proton pass seems to have a UI more polish.

i trust proton quite a lot, but the open source part seems to be only partially true. on their github, i can only find client side code (ie. browser extensions, mobile apps), not the server code, which bitwarden does publish

I think it depends on the mobile device you use. I've read that proton is better on iPhone and bitwarden doesn't integrate that well with it but it's seamless on android. I also haven't had any issues with bitwarden and Firefox and they've been my combo since I started using bitwarden a couple years ago. I haven't given proton pass a full on try yet though and I pay both companies for their awesome services so I'm a bit of a shill for both. I don't think you can make a bad choice here.

I use Bitwarden on iOS and have for years now. I have never run into any major issues. Occasionally I’ll have to jump out to the Bitwarden app to copy a password but that’s usually because the website I’m trying to log into has their form set up weird/wrong.

I was copying passwords and usernames all the time. This comment made me realize I didn't configure it properly

I subscribe and Proton Pass will generate email alias forward to your protonmail account. It is fantastic. Now to clean up all the accounts I used under bitwarden

Recently found Bitwarden from a Lemmy recommendation. I have been very satisfied thus far.

Integrates with Safari & Arc on MacOS, Edge & Chrome on work PC, & Safari on iPhone and iPad.

I have both. Had Bitwarden for many years but trying out Protonpass as an alternative. Bitwarden still the one for me at this moment

I love bitwarden. I don't use Firefox though. Any password manager you hold the keys on is good though. Used a few years now

I have all things in Proton except password manager. I'm already using Bitwarden, and I don't think keeping all your eggs in one basket is a good idea. That and I don't want to support it, as Proton should be focusing on improving their existing products instead of creating new ones.

Passwords are keys, not eggs. You wouldn't hide your house keys all over town, you'd keep them on your key ring and maybe give a spare to a single trusted person that explicitly would not be carrying it around town exposing your key to the risk of theft.

Eggs are pretty nutritious though (superfood alert), and you can bet your bottom dollar that I would be sharing all my eggs with the townsfolk. You know, as a learning experience, to teach about their worth.

Just started trying to use bitwarden since the LastPass breach, and importing has been a nightmare

Can't seem to get lastpass export to work.

The hard on's y'all get for password managers, and the Firefox circlejerks is baffling. Leads me to believe these "federated" instances have a double entendre everyone glosses over because of their shiny new toys.

I use random passwords for every account and using a password manager is the best way I've found to manage that. Is there another method that you prefer?

I get it, and they definitely make things easier on people. But how many times have we seen instances of people abusing their custodial privileges? My gripe is with the push I've seen to get people using these tools, more than the existence of them in general. Mnemonic techniques to remember your passwords will always be superior from a security perspective. It's the same as crypto, "not your keys, not your coins."

Mnemonic techniques are okay, but won't you have to come up with a different one for every service you use? I mean if there's a pattern, then a breach in any one of them could compromise all your passwords.

I myself use mnemonic password for my master password. And I've started to make my passwords longer randomly generated ones. I use a file based password manager as well. I think that's a good mix of security and convenience.

That's a good point, thanks for explaining. Something I try to remember is that you not only have to trust the company who's managing your data, but you also have to trust them to protect it from bad actors.

I'm trusting Bitwarden for now, but eventually I'd like to move to a self-hosted option like Vaultwarden. I think that's the best way to go if you're confident in administering it.

1 more...
1 more...

This is just one of the weirder comments I've read, like what did I just read here. Lol

Vote with your feet if you don't like the consensus

Also, do you have some reason for this apperant disdain?

1 more...