Pass on LastPass; KeepassXC or Bitwarden is better.
HTML-код
- Опубликовано: 20 фев 2021
- Websites Mentioned:
+ KeePassXC - keepassxc.org/
+ Bitwarden - bitwarden.com/
LastPass will be updating its free version soon to be less good, it restricts your password synchronization to one TYPE of device. Wendell talks about two alternatives, KeePassXC & Bitwarden. Don't get grifted!
Hope you enjoy!
~ Editor Amber
**********************************
Thanks for watching our videos! If you want more, check us out online at the following places:
+ Website: level1techs.com/
+ Forums: forum.level1techs.com/
+ Store: store.level1techs.com/
+ Patreon: / level1
+ KoFi: ko-fi.com/level1techs
+ L1 Twitter: / level1techs
+ L1 Facebook: / level1techs
+ L1/PGP Streaming: / teampgp
+ Wendell Twitter: / tekwendell
+ Ryan Twitter: / pgpryan
+ Krista Twitter: / kreestuh
+ Business Inquiries/Brand Integrations: Queries@level1techs.com
IMPORTANT Any email lacking “level1techs.com” should be ignored and immediately reported to Queries@level1techs.com.
-------------------------------------------------------------------------------------------------------------
Intro and Outro Music By: Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
creativecommons.org/licenses/b... 
Наука
Bitwarden recommended. Migrated from LP. Works on my mac and android just fine.
Hi..
Are you using the extension on safari?
My safari extension stops working after quitting safari and I need to re-enable it manually from safari preferences :(
Same here, been using LP for almost 6 years now. But with their upcoming policy changes I’ve just migrated to bitwarden.
how is the autofill on mobile?
@@garycoleman8906 I would say it’s pretty good.
@Robert Maclean I hope it doesn't and that they collapse and fail. Short-sighted profiteering. I'll gladly pay for a good service, but not when that service degrades so badly it's embarrassing.
I figured $40 a year for a family plan supporting 4 people, with the option to have a family folder to share, was a pretty good deal, but we spend so much time now nursing logins on Android that they should pay us.
Oh, for the Halcyon days of 2014 LastPass.
Anybody else remember when Wendell was just a torso sat behind four computer monitors?
I still have some t-shirts of him from teksyndicate
Don't forget the viking horns and beard
Speaking of _The Syndicate_ is, and shall remain *forbidden on this Channel...*
The days when you weren't sure if Wendell was just camera shy, or if he had done something crazy illegal and didn't want to be in the public eye.
He was like Wilson from Home Improvement
Who else is here after the LastPass database leak?
Here we go again.
oddly enough, i just saw another youtuber talking about LastPass as though it was still a viable password manager
Ha, yup.
Bitwarden is the only way to go
step1 - entice users
step2 - trap users
step3 - exploit users until collapse
silicon valley, and a lot of industries, are on step 2.5
@@mritunjaymusale Making their video cards shitty (banning vm usage for consumer cards and the mining bs for example) is not step 3, that's just believing they are at step 3. And it only works temporarily during massive shortages. Or are you talking about a service i am currently not aware of?
I mean that's still a dick move but still 2.5 at best.
@@fgregerfeaxcwfeffece Maybe true for Nvidia but I believe Apple is already at step 3.
And by the time you get to step 3 you have already become unsustainable. So in step 3 you continuously exploit with no room for respite.
@@adblockturnedoff4515 Well, that's why i never opposed it on apple. They absolutely are doing it. Thankfully they have no real monopoly (Well, i am biased i can barely see use for their "product"). Just one of the heaviest vendor lock-ins imaginable.
@@fgregerfeaxcwfeffece They have very real monopoly on their platform, but I see what you mean. They do create good products that work well with each other and are intuitive to use. But their business practices and the way they treat their customers is horrible. They blindly chase after profits and clout. Not a single shred of human emotion. The whole phrase that even the biggest of companies are run by humans doesn't apply to them. Sad.
@@adblockturnedoff4515 It's easier to have everything work when only whitelisted test cases work to begin with. And that's why i see apple as barely having a product. With this high price and this low functionality that's simply not a good ratio.
I actually had this conversation with a co worker just about 2 years ago:
A: Oh Linux is so hard!
B: Why did you use it?
A: Because what i tried was impossible with everything else.
B: See why this comparison is a bit unfair then because you basically equated impossible with "easy" or at least not as hard for the other side?
A: Okay, valid point..
Or in other words it's easy to never fail if you never do anything hard. Just avoid everything hard and never fail.
Sounds good until you look at all the missed opportunities. But i get it. Loss aversion psychology just leads you down that fallacy. That's just a known and well documented flaw in human psychology. We value loss harder then missed opportunity but in reality they are exactly equal. Money shows this very clearly. It doesn't matter if you lose 500 currency units or not gain 500 currency units. The result is you being short 500 as opposed to the alternative.
That also leads to the next common apple fallacy: They retain value!
Not really, if "A" buys a 1200$ iPhone and resells it after 2 years for 800$ "A" lost 400$.
Meanwhile "B bought a 200$ used One+ use it 2 years and drops it in the old phones drawer. (Of course it lasts longer, but i don't see the point in further beating a dead horse. Besides, the point was the 2 years period, so anything after that doesn't count no matter how much it goes in my favor. )
"B" saved 200$ compared to the great value retainer if if "B" just threw the phone into a river.
Or in other words after 2 years "B" is already 200$ ahead (even if the phone lost ALL value) if we are talking monetary gain. Not a good start i would say.
Now the common point would be: it's unfair to compare bought new to used etc. But the value retaining argument is usually used in against exactly buying cheaper.
I simply see impossible as a straight fail. So Apple products have to many fails to be considered. Biggest one: it's either locked or unsafe.
And on a business evaluation of a product you compare everything to other options at the same price and i don't see apple winning on single metric by that standard. But i am open to change my mind. So go on, tell me what's great. Only concrete use cases no marketing bullshit like "intuitive". Nothing is intuitive. there is no such thing as common sense. You only know what you learned.
The only thing that comes to my mind is a very narrow by its nature and my main contra argument:
Limited software lowers administration cost. They are glorified v-techs or gaming consoles, not computers.
I define computer as a general purpose device. Apple products are distinctly not that.
So i frankly can't see how the treatment is not part of the service. Sounds like plain old fin dom to me. And i don't kink shame.
"It's like running water inside your hosue getting more expensive, or electricity getting more expensive" - Texans staring from the corner.
*house
First thing I thought of.
@@minespeed2009 Any idea what causes prices to be so high at least compared to the US? I would hazard a guess of politics but I'm sure there's more to it because you pay literally 4-5x as much. That's not a ~30% tax.
@@minespeed2009 It's not 80%. According to Verivox it's 6.5 cents/kWh (www.verivox.de/strom/themen/eeg-umlage/) which is around 25%.
@@minespeed2009 In Sweden a few years ago when the environmental party came into power in a coalition government, a tax was introduced on solar power production that you use yourself (if you sold it you did not have to pay the fee, but instead some other fees, at least then you did a small profit).
They had to back down and remove the tax for small scale production (home size, but a few larger apartment buildings would still have to pay) after public “outrage”.
This has aged amazingly well. Thank you, Wendell!
I just spent the last six hours changing passwords, tying up some loose strings as far as 2FA is concerned, as well as migrating everything off Lastpass to something hosted on my home server. Should have done this years ago, but the recent data breach scared me enough to get the ball rolling.
Wendell: "I don't want this to get technical or take too long" Me: "Sounds good. I guess I'm going to need my calculator, some paper, Visual Studio Code Editor and plenty of water to stay hydrated."
😆
Jumping from Lastpass to Keepass has been on my backlog for... probably a decade now, but this recent move forced me to make the jump.
I've started on Dashlane, migrated to Lastpass, and considered Bitwarden... but ultimately the objective was to go Keepass synching stuff on my own.
I have to say, there are reasons not to do it... go for something like Bitwarden instead for instance.
But I'm insisting... because ultimately, I don't wanna rely on someone else's server/service, so as good a time as ever I guess.
The general problem with Keepass is the general problem with several other FOSS software, which I also have highly adopted in recent years - it's fine for me, but if I'm gonna put it for someone else to use, like say, my mom who is in a permanent tech illiterate state, it starts getting harder.
But even for me, the decisions are taking longer than I'd like. Problem is, there are too many options, not that much material for research, and videos like this one are not that numerous, so it ends up not covering specific cases like mine.
For desktop it was kinda easy. Original Keepass is kind outdated but fine, KeepassXC is more modern with newer features, so there you go.
I still ran into some weird problem though. Not sure why, but Keepass XC was refusing to import a Lastpass CSV file inside an already created database... it keeps trying to create a new database instead.
So I had to do it via standard Keepass, and then open the database via KeepassXC. Perhaps because I'm trying to create a new database with a keyfile, not sure what's the issue.
On Android, things got worse. I tested KeePassDX, AuthPass, TinyKeepass and am currently using Keepass2Android... all of them have something that doesn't work, works weirdly, or is kinda messed up somehow. I think TinyKeepass doesn't support key files, KeePassDX I couldn't find a way of using biometrics alone do unlock the thing (requirement for my mom), AuthPass wouldn't accept my master password no matter how many times I tried for some reason. Keepass2Android is older and has a bit less friendly UI, but seems to be working... I just didn't fully test it yet to tell.
But the general problem is the same - compared to Lastpass, all these versions of Keepass seems to be generally more difficult for someone like my mom to use. You have bugs here and there, the interface is kinda convoluted and complicated, and you end up having to go through this familiar path of trying and testing things out...
I'm also trying to sync the database through my Synology NAS, future plans to build a server running NextCloud for it. I'm not sure what's the ideal way to do it.
I'm using a mix of DS Drive for Android and PC, or an older app called DS cloud for Android, and trying to sync things up that way. For me personally anything should work fine, but for my mom it has to be seamless and under the hood. No weird glitches, need for constant confirmation, reliant on configuration, and whatnot.
Just not sure if this will work out ok because I'm not sure how these apps deal with file conflicts and simultaneous usage.
Of course, the best thing about it is that when I manage to make it work for us, no more fears of a service cutting off features and ramping up prices out of nowhere.
Going the same route for Google Photos... for now, it's Synology Moments, and when I can get back home and build my own servers, it'll be NextCloud. Depending on how it goes, how easy to use the interfaces are, I might just keep the Synology for family usage, and reserve NextCloud for my personal stuff...
This was super helpful. I'm looking to get off the LP family plan on to 'XC -- your comment probably saved me a few hours.
I started with Bitwarden 2 years ago as my first password manager and I have absolutely no regrets
Bitwarden is great for the lazy/busy technical user.
Thanks for this video Wendell. I always come back to you when I'm doing security spring cleaning. Been using Lastpass for a few years and with their recent change I wanted to double check what the options out there are. Just switched to Bitwarden!
Thank you, Wendell! I was actually thinking that I will have to start paying them, but here you are helping us to save money!
Must be a sign when this video came up on my recommended. I stuck with Lastpass despite the service changes last year, thought i could still work with the limitations which was still livable. But with the recent big hack, pretty much lost faith in them.
been using KeepassXC for couple years now because has win and Linux versions, and supports using keys with password.
thanks for the video.
*because
@@alvallac2171 sorry ty for correction
I've been using KeepassXC along with NextCloud. Been working great. I also use key files to make it harder to crack the encrypted database. The only issue is the firefox plugin can be flaky at times but still works fine most of the time.
@@Darkk6969 Thats good, love keepassxc. I have not used plugins, I generally use the portable version from a usb thumbdrive. I have 300 random keyfile documents on the same drive and turn off so it won't remember it along with a password---great for Linux as well, same DB files. Another great thing about keepass is it works on many "locked down" corporate computers without admin having to authorize it (good luck with that)
Been using Bitwarden for a year-ish now ever since dashlane hiked their prices and haven't looked back. Highly recommended 👍
You should have heeded Wendell's warning. LastPass has been fully compromised. I'm going to self host to keep my stuff secure. (Although my current manager is physical and the only plane of attack is breaking into my house, bypassing the dogs, and finding my password book.)
thanks for the information, see you soon lmao
@@GabrielM01 Are you threatening me with hacking? Or, are you threatening me with breaking into my house?
@@Hidyman people cant take a joke anymore?
@@GabrielM01 Oh, sorry, I take my privacy seriously, next time throw a winky face in there.
@@Hidyman sure, my bad
I went from lastpass -> keepass 2 -> self hosted bitwarden on unraid with ssl and custom domain. Works very well across all devices.
Yeah, keepass is ok, but the browser/mobile integration is about on par or better than lastpass with bitwarden, also confused why Wendell said it was harder to setup? I mean if you can follow terminal instructions on how to setup docker then btiwarden_rs is really easy and thanks to ngnix proxy manager, forwarding that to a domain is also really easy these days.
@@vgamesx1 That was confusing. I assumed he meant that the official Bitwarden self-hosted install was too difficult, as opposed to bitwarden_rs which is fairly easy but is an unofficial 3rd party effort.
I have been considering doing the same, if it's as simple as just running a docker container and proxying traffic to it, I just might do that. I've been lazy with my password management stuff, so I probably should do better than I am rn.
I've been using LP for the last 8 years or so. Switched to Bitwarden instantly last week and did the same with my parents this weekend. Keypass looked great as well but ease of use is much more important b.c. I gotta set up the whole family. Very happy with Bitwarden so far, I like that that it's all a bit more rudimentary looking than LP while having better useability imo
Man. This is timely and useful. Still can’t decide my next step, but this explains a couple options.
Thanks, my guy.
A few months ago I migrated from LastPass to Bitwarden self-hosted and I'm really happy with the change. The setup was a little bit involved but that didn't bother me. The web browser integration is excellent as you said, and that's a big deal to me.
I have been using Keepass for almost a decade now. Fantastic software! My company uses LastPass Enterprise in our IT dept. It's terribad.
Damn. Sorry to hear that. My company recommends KeePass and lets us go for it.
Only reason I'm happy to use LastPass Enterprise for work is the auditability and it's perceived trust.
It makes me mad every other day (especially on Android) but if there is a breach and auditors scrutinize your secret-management, you don't want to explain and vouch for any self-hosted or DIY solution. Same reason I use Bitlocker over something like Veracrypt which is arguably a worse choice. When the auditor hears "my drive was Bitlocker encrypted" he moves on to the next question. If he hears "I used Veracrypt", I now need to convince him how it's as good or better, how I managed my key to that etc. For personal stuff I use the alternatives e.g. Linux, BitWarden etc. but my work involves handling very sensitive data so I have to play into the security theater of the standard choices. You don't want to be the interesting person in the post-breach audit interviews.
@@QuickQuips I'm surprised my company recommends KeePass (they tend to mess up alot), I've been using it for a couple of years now and couldn't be happier.
"Electricity getting more expensive... It doesn't make sense"
Laughs in Brazilian
And Germany. (Where the price for electricity has gone up 100% in recent years) ...
2002 it was 16 €cent/kWh. 2021 it is 32 €cent/kWh (32 €cent are 0.39$)
I see alot of Brazilians post things about Brazil and expect world to know what it means.....
@@murphy7801 I think my comment was pretty straight forward. We had an increase in our electricity.
It was 4% form 2020 to 2021. Honestly, that doesn't sound too bad comparing with other countries in the comments.
I'm sorry that other Brazilians are venting in the internet, our government is very controversial.
@@pacifico4999 no more just commenting on interesting phenomenon, not saying you shouldn't be doing it.
*Texas has joined the chat*
This should be part of the business of building computers. From smart phones to desktops should come secure otherwise these programs seem based of the old mafia style “protection” rackets
I meant to migrate away from Lastpass when I saw this video when you first released it. Sadly, work got in the way and procrastination. How did that bite me on the butt. Migrating now, changing all the passwords and notifying clients who may also have been affected. This video made a handy reference and giving it my clients saved me a lot of time.
Dude. This information made my month. Encryptr just end-of-lifed and I thought they shut down permanently leaving me without all my passwords or keys for crypto. They turned the servers back on this weekend for people to migrate their data off, and Bitwarden was super easy to setup and migrate to. Great video!
I would love to see Wendell do an additional video discussing password managers that ship with antivirus software. I've read that they are typically not even close to as good, but it might be worth commenting on these in light of changes to LP.
I've been a paying Lastpass customer for about a year now. I pay $48 a year for a Family Plan for four of us. Bitwarden is $40 per year. So while that's cheaper, the cost of switching (in time) makes me stay put for now. I realize that's a slippery slope that could have us get locked in for longer due to increasing amount of time required to switch as the password lists grow. I need the family plan because I've got grade-school kids that I'd like to have learn good password management habits. I'll see how things shake out for a bit - but this is good info to consider.
Moving between them is pretty simple.
Lastpass - export to CSV
Bitwarden - import from CSV
Securely delete CSV.
Done.
I was using Keepass/Dropbox and found that combination worked quite well. I’ve moved to Bitwarden as the integration is better, especially across multi-device/multi-platform
This video is just on time. I was using LP and now I'm looking for an alternative that I can trust.
Thank you : )
Glad we could help! ~ Editor Amber
Trying to create a value where there is none or trying to press water out of a stone is what is ruining many products and companies. A company that offers something like password manager shouldn't be expected to make YOY gains until the end of time.
There should be some free quality password managers just there are with antivirus. Security hacks affect everyone. We need public health for the internet.
i love how enthusiastically talks stuff i have no idea what is for.
I’m switching to bitwarden as well. I was happy to pay for LastPass as a way of supporting them and maintaining for the free users, but not really into the idea of eventually losing access (if I can’t use it in both my phone and desktop it isn’t useful) to an important piece of software if times are though financially.
Same, i've used lastpass for years, back when they were 12 bucks a year i paid that without issue. but then they made the free tier and the pay tier essentially identical, so i went free, now theyre basically ripping me off. They also make it seem like you get that cheaper discounted rate as 'grandfathered deal', nah its not, its just for 1 year and then you're bumped up to 36 (or likely more i'd bet) after the first year. sorry logmein not worth it.
@@gigatigga Same here, used free LastPass for a couple of years, then payed the 12$/month until it became free. Moved to Bitwarden a few months ago since I would rather have a open source/source available product for this. I happily pay the 10$/year for Yubikey access.
@@gigatigga Lastpass was the first 'free' service that I ever paid for just because I wanted to make sure it stayed a functional company. Never used any of the premium features.
When it went to $36 I dropped the payments because while its a useful service its not $36 a year useful and I never used any premium features to begin with.
Switched to Bitwarden 2 or 3 years ago now.
I use my phone and Mac interchangeably, and since i'm on "Free" the only way to use password on my iOS device is type it in by hand... I wouldn't mind paying for Premium if only security was better handled (without breaches).. but to me, it doesn't justify paying for something hackers already know about.
I'm gonna try Bitwarden,
Good presentation, I've used KeePass and Bitwarden, like them both. Even self hosted Bitwarden. For the price I let them host it and pay for the extra features. Like using my Yubi Keys as an extra layer of protection. Both KeePass and Bitwarden are great for managing thousands of pwds. Last Pass sucks and pulling your passwords off Last Pass is not for the faint of heart, they make it more difficult than needed.
I've been using Enpass for a few years now and it's great (although the pricing is a bit questionable now, but I got it back when it was a 10-20€ one time purchase).
While closed source, it synchronizes using many cloud services (Gdrive, WebDAV etc.) and supports custom fields with autofill and unlocking via biometrics (even on Windows).
i dont always watch Level1Tech but when i do i learn
i was looking for some new password managers since lastpass is changing and bam of course you got us covered
Been using BitwardenRS on my home server for about a year now. It is great! I use the browser plugins, desktop application, and phone app with fingerprint access, super convenient.
I had exported all my passwords from Chrome password sync (yuck, I know), then I used bitwarden to help me set unique super secure passwords for all my websites.
My next step is to develop a high availability strategy in the event my home internet takes a nap while I'm on vacation or something..
Bitwarden clients cache password file, so you can use your passwords even without Internet connection. This should be enough to survive a brief nap, but high availability is a good thing nevertheless.
@@VaKU. it might be an issue if you changed the password and the cached password is out of date.
If you're running bitwardenrs you should be able to access your passwords even without internet since you can use the local IP to access the docker.
@@VaKU. I'm assuming running it on a local machine, not running on linode. You could run bitwardenrs on a raspberry pi if you wanted to. Really no reason pay for linode, when a you can get a raspberry pi for cheap and cost you very little to run. Should easily be under $1 of electricity every month unless power is very expensive in your area.
@@joemann7971 Thanks, I know that and have several RPis. I'm hosting BitwardenRS on my NAS. My earlier comment was an answer to @Chris Burnes on the point of "a high availability strategy in the event my home internet takes a nap while I'm on vacation".
I think that cached passwords may be a reasonably sufficient solution for a brief periods, when server at home is without connectivity.
Personally use keepass + Kee + rsync mostly.
Kee is pretty good as a browser extension and allows for far better domain fine tuning than lastpass ever could.
At work, we do use Lastpass on a company level as at the time I chose it, it was a good option for sharing passwords between people (yes we are single account freeloading on software that charges per account).
been using bitwarden for years and love it.
For a single user scenario I would agree, when you have 4 family members with shared folders and passwords, lastpass takes the cake for me. I can update a password and my wife doesn't even have to know, it will just sync to her account and work for her
I already left from Lastpass and started using Bitwarden. I was using Lastpass for last five and a half years.. pffff
We use keepass at work also. Good, but not for everyday use (for me).
Anyway, it was nice listening to you, giving information to people and comparing solutions.
I really like the background track you are using on this video, it fits very well
I'm using both KeePassXC and a self-hosted Bitwarden. I love both. KeepassXC for stuff I don't ever need sync'd, bitwarden protected by a Yubikey for everything else. Works great. I used to use LP but their software went to crap long before their business model did.
1 year after, a pair of breaches shows that LOTS of things are stored UN-encrypted by LastPass.
I'm so glad I have used synced KeePass for years, even long before this video was published.
Thanks soooo much.. was looking for something that wasn't last pass.. thanks good sir..
THANK YOU. Just the answer to the the question I was asking myself since the announcement.
I've been using KeePass + Kee browser plugin on desktop, works very good. Also KeePass supports ChaCha20 that is even better than AES256.
Isn't ChaCha20 only better than AES because it is faster? I can see that being good for some purposes but my AES password database decrypts so fast I don't notice it doing anything already.
I was actualy looking for something recently, thanks Wendel!
*actually
I just switched from Lastpass to BitWarden. Glad I did. I was able to export all my passwords from lastpass to bitwarden really easily. So I was able to make the switch without a hitch.
I am one of those effected by this change on Lastpass. They had the by far best free password manager solution out there. Over time they limited here and this latest limitation means I have to switch/pay the premium. I was considering 1Password but Bitwarden also looks decent and I will check it out but it feels like I will probably go with 1Password.
If you are going to pay for a manager 1Password is the way to go. Bitwarden is only good if you really want to self host it.
Love all the details and suggestions. Awesome content, brother. Thank you.
Thanks for reminding me of this. I made the switch to KeypassXC myself.
Using Bitwarden for some years now... can't live without it... Just awesome 🥰
The biggest features that made LastPass so good are the browser extensions and the mobile application. If Bitwarden can match those (especially the iOS app making use of the system password auto fill) then I would definitely consider switching
I left LastPass after they were bought by LogMeIn. Bitwarden on iOS can autofill since you can specify the password manager in iOS now.
Running KeepassXC with Syncthing. Using my Yubi key for MFA. I love how keepass can store MFA codes too for different services too. Haven't had a single issue with the set-up yet.
Bitwarden sounds like the thing for me since Ive been wanting to get my parents to use a password manager, and they aren't technically inclined.
I want to use the same service as them if only because then I would be familiar with the service and how it works if they ever have a problem.
To many times they have called me about something I have never used or heard of before and always takes time quickly learning how to actually use whatever they are trying to use to fix the problem.
Whatever alternate you choose, remember to keep a backup of your passwords just in case, you probably have a few hundred or so passwords and really don't want to lose them, so even if you don't plan on using Keepass it isn't a bad idea to import them anyway or if nothing else at least get veracrypt and encrypt your password export.
i'm selfhosting BitWarden for over a year now, couldn't be more happier with the works.
I've been running on KeepassXC + Keepass2Android + Syncthing for a pretty long time now. No complaints so far.
Protip: Run an always-on Raspi with Syncthing at home; this way, you basically get Dropbox minus the web UI.
3:37 the electric infrastructure in Texas collapsed due to own lack of foresight and maintenance. there's scarcity. let's drop some surprise $10,000+ charges to the user's electric bill.
It shouldn’t have come as a surprise. They signed up for wholesale rate plans. It’s a case of know what you’re signing up for. Not defending the electric companies. But people need to understand there’s a flip side to the ultra low bills they usually get.
Thank You for the wake up as I needed to wakeup & smell the Coffee. Keep up the good work.
Just switched to Bitwarden yesterday after 8 years of LastPass lets see how it goes. Might be trying KeePassXC as well
Let us know how it goes! ~ Editor Amber
Dude, I like the way you think. I moved to Bitwarden last weekend and am loving it. Thanks for the knowledge.
I saw the news about LastPass when it first came out, and I kid you not I had 3 accounts migrated over to Bitwarden within 15 minutes. It was so easy and I'd been looking for an excuse to ditch LastPass and this was the final straw.
Downright prophetic lol I'm happy I took this advice
Seriously use a free resource people. And make sure it's your own.
Family pricing for LastPass and Bitwarden seems to be very similar though. Also, seriously, for most folks running Linode or NextCloud or their own containers is just LOL. Next step: Just spin up a Kubernetes cluster, configure a few Helm charts, run some NGINX on the front end, pull that Bitwarden container, and bam, as Todd Howard himself would say: "It just works".
If you can get by sharing the few passwords you need to share in the family manually, then you most likely can get by on the free version (if you use a yubikey you need a subscription and some statistics are only available to subscribers).
I like that self hosting is an option. I’m one of those who like the idea of self hosting. But I think that for the vast majority of people, it’s nothing they should bother to even consider.
(Currently testing self hosting Nextcloud, not sure if I’ll keep it yet. But I won’t self host Bitwarden, at least not now, since I trust them more with security, availability and backups than myself.)
I prefer keeping my passwords on a local level and not online. Yes I'm aware that things can be encrypted before they are sent and what not. Just keeping things offline that you don't want others to know is just a better way to be sure if you ask me. I don't have to worry about an encryption being broken or a databreach among other things. The only real downside is that I don't have the convenience of a quick one password login, and I'm more than OK with that.
I’ve been using DataVault for years and all data lies at the local level. You have to manually sync between devices. But it’s one password for the program across all devices. You can’t fix what isn’t broken.
Thanks, KeepassXC (combined with already using Syncthing) seems awesome, have changed over since I saw this video 4 hours ago. (full disclodure: I was looking for the video but still KeepassXC was the perfect fit for me.) PS: Anyone else read "Log Me In" as a "vailed" threat?
Ive been using bitwarden. Then I heard your summary at the very end. Thanks for labelling me as a "less technical user", for using bitwarden. 😜
:D ~ Editor Amber
Keepass + Dropbox.
Not the slickest UI, but works so well for me over 10 years of doing dev work.
Migrated to Bitwarden. Took literally a few clicks using my laptop and then setting it up on my phone took another few clicks. Getting face unlock gets a bit finicky but I managed. Works just as good as LP if not better. Really liking the simplicity of it.
Does it have the same auto fill functionality as LastPass?
Swapped from LastPass to Bitwarden last year when I was doing a complete security overhaul, couldn’t be happier
All the workarounds you described over many apps and setups are exactly the reason why I left keepass and happily pay the 50 bucks for a turnkey solution like lastpass.
I might be too late, but why couldn't you use Bitwarden?
It's kind of amazing that a decision to use KeePass around 2004 remains not only viable but a preferred solution over 15 years later. The biggest difference is that the software has kind of stagnated, even when considering the wealth of plugins, so that the XC variant is probably more generally recommended. You can even still use the original version if you've been resisting .NET all this time.
I am in EXACTLY the same boat, and hadn't really considered that. I started using KeePass back in about 2005 as a high school student, back when the original .NET version of KeePass was the only version, and I did it out of convenience more than anything - so many sites required weird password rules, and I kept forgetting my slight variations of my memorized password. I chose KeePass because it seemed like the only good option at the time. By now, I have switched to KeePassXC, I use it on multiple platforms, and it just generally works great and has nearly 2 decades worth of passwords in it. I never would have expected that now, 17 years later, not only are there lots of password manager options, but most of them are terrible and I backed the right horse initially. Feels good. I guess you can't go wrong with open source.
I use keepassXC as my password manager on my PC and keepassDX on my phone synced with syncthing which works really well
Very nicely put together. Been wondering what the difference between keepass and keepassxc was for years now.
Thank you for this timely information. I chose Bitwarden.
+1 for bitwarden it's FOSS and it has a self host option if you don't like their cloud option. Even if they ever go closed, we can always use the service prior to it going closed and know it's functional. a fork can always exist.
One thing lastpass helps where keepass and even bitwarden aren't easy on is password sharing. That being said - great video
thanks for the recommendation. was looking for a new one to migrate from LP
Love bitwarden ! Subscription bought and been using it for 8 months now.
keepassxc is amazing. i have no problem with their browser plug-ins either.
Thanks for your advice Wendell!
I am a user of 1Password for more than 15 years. Sometimes I am tempted to move and save a buck, but I am too lazy to maintain this solution for me and family. Up to now I have a very good experience, and pretty sure that it will be like this unless they are sold.
Moved from Dashlane to Bitwarden. Loving it so far
I don't know if you do tutorial type content, but would definitely enjoy a video talking about how to roll out that bitwarden docker container (whether that 3rd party or the 1st party), maybe just general tips and tricks to running docker instances?
Well same with Dashlane lately...it went down the dirty drain.
I agree with the sentiment in general, and everyone needs to decide what is valuable for them. However, there are some things in life you should WANT to pay for. Email service and a password manager are in that category for me.
To be clear, the alternatives to LastPass are good, and i may switch at some point. But I expect LastPass to invest in defending against attackers. This is a highly attractive single point of failure and I want to pay money for someone to help the hackers away, as much as is possible. Don’t cheap out on security and privacy.
I’ve been a happy keepass user for a good year or so now. I pull the db onto my phone and tablet and use strongbox to access it mobile wise
I have a well established db file I just copy to new devices and add new passwords as I go. I only use 2 devices normally, so it works out fine. No sync needed.
Yeah, Keepass is just great. :D
@@larrygall5831 Sounds inconvenient to update database every time on both devices.
Thanks wendell I was looking for something to move on from Lastpass because the fee they wanted was just too much for the simple things I use. Bitwarden looks perfect. Just created my account.
Thanks for th video. Was looking into a password manager 😁. You gave me pretty awesome start. Keep up the good work 👍💪
We use keepass at my place of work believe it or not, it's a small crew so luckily not as bad as you might imagine but it does get tedious having to make manual pw edits everytime someone needed to change a pw for one reason or another. It doesn't happen that often but it can waste a surprising amount of time and makes me pine for cloud based storage (until i saw this video that is, thanks)
Been running Bitwarden in my living room for like, two years now... And I switched away from the last pass because I saw this coming a mile away. :D
KeePassXC on desktop. KeepassDX on android. Plus Syncthing.
BROTHER
YES!
this sounds like the best way forward, do you store any backups on any other devices? is it safe to store the file on google drive?
@@Liverblow1 If you use a secure method to create your database passphrase (realistically a diceware generated 6, 7, 8+ word long password that you remember in your head) you can store password databases on cloud storage like google drive or dropbox. If you want to be extra safe add a key file of 128-256 bits of ascii characters to keepass. Then you can print the keyfile out and save it as a hardcopy backup in your ammo and gold safe, just in case. (But I am pretty sure a decent passphrase would be sufficient.)
@@knightrider585 thank you I'll do that
Switched to BitWarden and I’m hosting it on a Synology NAS. Completely worth it and the data isn’t in the cloud.
My solution is iCloud Keychain. If the device I’m on isn’t from Apple, I can type the password out from my phone. I think this was a good choice long-term because I’m receiving it for free as a benefit of the Apple ecosystem, and I’ve had years already of just not worrying about it.
I use a mix of KeePassXC on my desktops for PC/Mac - and StrongBox for iOS - all sync via dropbox - works really really well
Wendell: "I don't want this to get technical or take too long"
Me: Strong doubt on both of those :)
Wendell, you're amazing sir. Lol. Not technical = energy calculations of a supernova. I don't think I could keep pace if you did do a deep dive.
Very useful information, thanks :-) I have been with Lastpass for many years, including as a paid user until they changed it, but don't like the new interface since some time ago now. I was hoping there would be enough complaints for them the change it back but it's still the same, so maybe time to move on. Curious about KeepassXC because I tried it a long time ago but decided Lastpass was a lot easier to use at the time. I've not heard of Bitwarden before now. My main requirement is the ability to work on any major OS. Working on the phone as well is a bonus, something I lost when I stopped paying Lastpass.