Password manager recommendations?

twitter logo github logo ・1 min read

Password managers are one of those tools that people don't tend to swap around because it can be a real pain. I have hundreds of credentials and going through the process of setting up new passwords is something I don't have time for, and only consider when my password manager has an outage. Like today.

We set up our password manager years ago and now I'm wondering if it's time to switch to something else. What are your suggestions?

Below are two open source password managers I'm looking into:

GitHub logo buttercup / buttercup-desktop

🔑 Javascript Secrets Vault - Multi-Platform Desktop Application

Buttercup Desktop

Cross-platform, free and open-source password manager based on NodeJS.

Buttercup Build Status Build status Latest version Github All Releases Backers on Open Collective Sponsors on Open Collective encryption Join the community on Spectrum



Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

This is the Desktop application in the Buttercup suite, and there's also a mobile app and browser extension so that you can access your credentials anywhere. You store your credentials (login information) in a secure archive, which can then be stored on your own computer or any of our supported cloud services (like Dropbox, for example).

Archives are encrypted using the AES specification, and cannot be read by anyone besides those with the master password. Brute-force decryption is not technically possible. You should not share your archive with anyone, but rest assured…

GitHub logo bitwarden / server

The core infrastructure backend (API, database, Docker, etc).


appveyor build DockerHub gitter chat

The Bitwarden Server project contains the APIs, database, and other core infrastructure items needed for the "backend" of all bitwarden client applications.

The server project is written in C# using .NET Core with ASP.NET Core. The database is written in T-SQL/SQL Server. The codebase can be developed, built, run, and deployed cross-platform on Windows, macOS, and Linux distributions.



These dependencies are free to use.

Recommended Development Tooling

These tools are free to use.


cd src/Api
dotnet restore
dotnet build
dotnet run

visit http://localhost:5000/alive


cd src/Identity
dotnet restore
dotnet build
dotnet run

visit http://localhost:33657/.well-known/openid-configuration



You can deploy Bitwarden using Docker containers on Windows, macOS, and Linux distributions. Use the provided PowerShell and Bash scripts to get started quickly. Find all of the Bitwarden images on Docker Hub.

Full documentation…

twitter logo DISCUSS (139)
markdown guide

I also use LastPass and I like it!
Currently on the premium subscription (bought through a makeuseof deal) and I can say the android app improved over time.

Sometimes there are apps or views where LastPass can't manage to show the configured overlay with autofill but they made a handy tile for the notification bar to trigger the LastPass autofill dialog manually so this isn't painful anymore.

Screenshot of android tile

See tile "LassPass Autofill"

Do you use it on Android?

Last I remembered, it wasn't working well (buggy Auto fill), and so I disabled it completely and used Google's native AutoFill and only drop into LastPass when it's not saved in my Google also.

Curious if you experienced similar things at all?


Sometimes, yes. I then have to go to the app and copy paste manually


I use it on Android. It used to get disabled a lot so I had to keep re-enabling it but that seems to have fixed itself since I updated my Android to Oreo.

Oh... Good to know. Now if LG would only update my phone from 7.0...


I love LastPass as well. Except for this morning, the outage is driving me nuts!


This is where I would recommend Bitwarden, works well offline with synced data and once online syncs with my desktop app as browser addon, but the only problem I had was when i imported all of my browser passwords and disabled auto save within Chrome and Firefox, Bitwarden has become a bit slow ever since but its normal to be slow when you've got nearly 8K logins including yours and other peoples


yep, this is a problem with any services. The only solution I know is to have an offline password manager with multiple copies of the db, and sync it with devices through dropbox or something like that. But then what about handy browser extensions..

Buttercup actually allows you to sync via Dropbox, so you can host your vault file there and let DB do the sync'ing, and Buttercup has clients to allow you access to these sync'ed credentials on all major platforms (including within Chrome+Firefox using an extension). Disclaimer: I'm the author.

Neat! I'll have to look into that now. I'm currently a very happy LastPass user (though not for work, so I actually got by without knowing about the outage). But that does sound like an interesting solution.


Reading comments and thinking to try something else, maybe there are better solutions.


Did you know that LastPass has been hacked completely at least twice?


Take "hacked completely at least twice" with a pinch of salt.

Unsure about twice but here is an official post by LastPass themselves.

From my experience, I'd recommend BitWarden as the free version will suffice on Android/iOS will suffice for most people along with proper sync between desktop / mobile apps along with being quite user-friendly.


1password is amazing product. I used LastPass but switched to 1Password.

  • Really pretty and nice UI
  • Family plan. the price is very fair but you could guarantee that all your credentials so be safed across family and it's also great to have share vaults where you could put common things
  • Touch Id support. Use it on Mac and iPhone, so it's really fast and secure way to access to your vault.
  • 2fa codes support. First of all you could keep all your codes in 1password + it will be auto copied to your clipboard. it so useful

I think that's my best features I use every day in 1password


None of these features (apart from the name of the family plan) are unique to 1password, as far as I'm aware.


I would argue the first point about clean aesthetic is unique to 1password, especially in comparison to LastPass.

I've never used it so I don't know. Is there anything about the UI that makes it easier to use, or do you just mean eye candy?

Can't compare it properly with LastPass because I switched 2 years ago.

  • auto copy of one time passwords
  • on iOS now keyboard has integration with third party password managers
  • ability to create custom fields and store important docs such as id, certificates etc
  • password share with family
  • my wife is non tech person but she did not have any problem with 1password and migrating all her passwords from notebook to a better place 😄
  • onboarding instructions are good, even if there are a lot of security measures
  • clean look, easy navigation and search on all platforms

I'm the guy who always complain about things, because still a lot of problems everywhere. But I can't say anything bad about 1password.

I also am currently not using LastPass, but these apply:

  • ability to create custom fields and store important docs such as id, certificates etc
  • password share with family

These two are opinion-based and I think the same about LP:

  • onboarding instructions are good, even if there are a lot of security measures
  • clean look, easy navigation and search on all platforms

I don't know about iOS integration (or what you mean by keyboard integration), and I can't speak for your wife!


I use KeePassXC too, with it's browser plugin. And KeePass2Android on mobile. And very happy with that couple!


I love KeyPass2Android, glad I switched from KeePassDroid which just lagged behind feature-wise.

KeePass has a nice chrome extension too, though initial setup is a minor pain.

Which one do you use? I was using CKP - KeePass integration for Chrome, but it doesn't work since I started to use KeepassXC instead of the original (and mono-built) keepass

I use chromeIPass with the original Keepass app. I hadn't heard of KeepassXC before but it seems to be popular on here so maybe I should give it a go


Ooh, movement in the KeePass world - I might move across from KeePass2 myself :)


I was really happy when it came out! I'd had to buy MacPass to get a good kdbx-compatible password manager on OSX (nothing against it as a product but I prefer open source), and the less said about dealing with the Mono version on Linux the better.

Amusingly I use the mono version on Linux the most, then KeePassDroid on my phone. I even re-wrote Andrew Schofield's excellent HIBP plugin in so it would work on Linux/mono despite that not having TLS1.2+ support :)



I've switched from Lastpass to Bitwarden because it wasn't working on Firefox (which I also switched out of to something else). Bitwarden is so much smoother and less intrusive on the browser. I also like it a lot that Bitwarden is open-sourced.


I am also thinking about the switch, one for the open-source nature of BitWarden, and second I think LastPass was just bought over by LogMeIn, heard that it was a rather dodgy company.

Anyway, couple questions - how much hassle was it? How does it perform on mobile? (Android Auto fill etc)


Not OP, but I made the same transition and IIRC it was as close to a one-click operation as you can reasonably get. AutoFill has not failed me yet on Android.

Cool man! That's exactly how it went down, it was one click for me!

I'm going to be trying out BitWarden for a bit.

Part of me says if LastPass isn't breaking, there's no need to change. The other part says open-source :p

LastPass isn't breaking, there's no need to change. The other part says open-source :p

That's more or less how it happened for me, yeah


Bitwarden has ties into the new Android autofill stuff, which makes it super smooth to use on Android. I believe it has the same for iOS.


The switch was super fast. Would recommend! Yes auto fill works very well but you might need to manually enable it


I'm a LastPass user, I'll definitely consider the switch!


Switched to Bitwarden Premium, my LastPass Premium expires in a month anyway :D

I'll decide then which one to keep.


I'd never heard of it, but it looks interesting.


I'll just chime in here regarding Buttercup (I'm one of the authors) - There are a lot of great comments here (nice seeing so much opinion in the password manager space) and I thought I'd quickly cover our product and why I wrote it and why I'd recommend it.

Buttercup is a password vault that's available on every major platform - we have a desktop application on Windows+Mac+Linux and a mobile app on iOS+Android. We also have a browser extension for Firefox+Chrome (with more browsers on the way). We use vault files to store an encrypted copy (AES-256, PBKDF2 derived keys, GZIP compression) of your passwords and secrets in a variety of locations (Dropbox, NextCloud, ownCloud, WebDAV supporting services, the local file system). Buttercup's browser extension also allows for form filling and login actions via its UI. Buttercup is also free and open-source, so you can see how it's put together and what we do at every turn. It'll remain free and has a very long-term roadmap so we'll be busy building it for the foreseeable future.

We have our own hosting service planned as well (will land most likely in Q1 2019), which will become a source of revenue to keep our company afloat. We'll offer free personal hosting so that everyone can take advantage of storage-agnostic vaults.


You may have a new user 😃. For now, is it self hosting? Does one have to set up the app apis too?


That'd be swell! We're a friendly bunch I promise. "Self-hosting" yes, but you can simply host it in a free Dropbox account to get started - No need to run up any servers yourself. In our opinion Dropbox is perfectly fine for this use, and because it has file versions you're even better protected against overwritten values etc. (we have an in-built history system in our vault files which will soon be exposed to the user - kinda like time-travel).

No need to set up any complex APIs etc if you don't want to. I personally use an ownCloud server where I host my vault. Others have used everything from Box through to Yandex (WebDAV services).

thank you, I would be happy to give it a go. Will test-drive it over the weekend 😃


I use 1password. Although I have tried others I have found a better experience with 1password. It might just be a personal preference.

However, the standout feature for me using 1password is its iOS integration. Not the app (although it's related) but the AutoFill Passwords integration. 1Password is nicely integrated with using that feature and it's probably the way I use it the most.


Pass is also kinda cool (passwordstore.org/). Synchronized via git. Minimalist Unix philosophy & design.


I used the free version of LastPass in the past, but I have switched to 1password for a few reasons:

  1. 1password has a very nice UI and a very intuitive UX.
  2. On MacOS, 1password supports TouchID. On iOS, it supports FaceID for easy, seamless authentication
  3. 1password also supports Two-Factor (a.k.a. Multi-Factor) Authentication tokens. I used to use Authy for this, but it is really nice to have both passwords and 2FA managed by the same app.
  4. Family plan allows me to share passwords with my family securely.
  5. 1password has a CLI client, which is nice for scripts/programs that need to programmatically access passwords and 2FA tokens.

Go to the account in question > edit > click add new one-time, then you can point the camera at the qr code or type the secret manually.


My question wasn't clear enough. I was asking about point 5. the 2FA tokens in the 1password CLI


LastPass does everything in your list except the faceID (I don't know if it does that).


I can't compare/contrast, but I've been using BitWarden for over a year and have no complaints. Importing from LastPass was a breeze and I was able to set up my YubiKey for 2FA in maybe five minutes. The mobile app is performant and consistent with the browser plugin. I tell everyone who will listen to use it.


What happens if you lose the YubiKey? How do you backup it up?

This is what keeps me from using YubiKey as a single 2FA token and having an alternative 2FA method like cell phone kind of defeats the whole purpose :/


But me and my GF have each a YubiKey. On lastpass you can set a backup YubiKey, so I can use hers, in case my own are gone. In addition, you can print a list of OTP and use that.

Dont know what BitWarden offers, tho.

That's great to know! I believe BW lets you do this too, though I'm not positive. I know it offers the printable OTP list - they're very similar products, really.


I do have it backed up by cell phone 2FA. I see what you're saying, but I don't feel that undermines the advantages. I have my YK attached to my car keys - if I lose those, I've got all kinds of problems.


Importing from LastPass may be what gets me to switch over much sooner.


1Password. A subscription also gives you up to 5 family accounts where you can have shared vaults. Multi domain for an account. Pretty solid UI. And the killer is if you're on iOS, you can now use it instead of.the default key chain, which means it's super easy to enter username /password for apps too.


I tried many, but in my opinion 1Password is the most comfortable one!
macOS integration is awesome, there are browser extensions for the top browsers, it has a cli which makes it possible to integrate 1Password in to your scripts or build tools and the iOS integration is best in class! It never felt so smooth on my iPhone.

There are also versions for Windows, Android and Linux (however Linux is only possible via a chrome extension), but I had no chance to try them.

You can also create family or company accounts, so that you can easily share logins or secure notes.

Definitely worth a try!
I love 1Password and couldn’t imagine a live without it ❤️


I'm a bit late to this party, but we had @perry_mitchell on The Changelog last week to dive deep on Buttercup and what it's all about.

We talked through encryption, security concerns, building for multiple platforms, Electron and React Native pros and woes, and their future plans to release a hosted sync and team service to sustain and grow Buttercup into a business that’s built around its open source.

Worth a listen if you're curious about an awesome open source offering!



It was a great chat! We love building OSS and Buttercup is how we're satisfying our desire to create software. Let us know if you have any suggestions/critiques, we're always happy to hear new ideas.


I’ve used LastPass, Dashlane, KeepPass,and 1Password. 1Password is the only one with decent enough UX that I actually stuck with using it. I have a family plan that we use to share credentials, and since my job uses it, I can just enter my work or personal Master Password into the Chrome extension depending on what I want. It’s somehow even easier on iOS, where the two vaults are both accessible with one password.


What about the managers' (other than 1Password) UX did you consider problematic?


Big fan of keepassxc.org/

This one also handles 2FA Time-based One-time Password TOTP.

Use it every day, it also can sync across any device, has browser integrations, and is open source.


I've been using KeepassXC across Windows, Mac OS X and Linux for probably 3 years now. Never knew there was also a TOTP feature hidden in it! That's so awesome!


Yeah, and it now supports autofill on Android, which makes it so so much more useful to me.

Not open source to my knowledge, though, which may be a dealbreaker to people around these parts. But it's very user-friendly and syncs fantastically so I have it on all of my devices, including my work computer to maintain a local copy of all my work credentials (we got switched to monthly password changes, so fuck remembering that).


I use KeePass on Windows, KeePassXC on Ubuntu, and MiniKeePass on iOS.

I don't want and I don't need "cloud sync". I feel copying the encrypted password database manually (e.g. upload to/ download from my private server) is more secure.

Question for iOS users: Any suggested alternatives to MiniKeePass? MiniKeePass has not been updated for a long time and it does not support the Argon2 KDF (also mentioned here).


BitWarden all the way!

I've been using it for a few months now and I have literally 0 complaints. The web vault is nice (although I don't use it much), the browser extension works very well and the mobile app is awesome as well.

All that being self-hosted with the easiest deployment ever (literally "./bitwarden.sh start" or something like that and you are set). Also, free and open-source, wouldn't have it any other way.


I've been using KeePassX for a few years, but have been looking at shifting to Bitwarden for a little more ease of use on my phone. I think when I make the move to Bitwarden I'm going to go the self-hosted route though.


I had been using LastPass from 10 years, after read this post I decided move to BitWarden.
Migration was easy peasy japanesey.

What I miss from LastPass:

  • Security challenge and live alerts.
  • Main password request on some important passwords.
  • Professional UI on website.
  • Subfolders

I found BitWarden works good on all devices (desktop and mobile and browsers), quick, easy and works like a charm.

What I see on Bitwarden:

  • Can add additional fields on notes and can copy this data with on click/touch.
  • Can't filter secure notes by folder. Show all together.
  • Can be installed on macOS from brew cask install bitwarden
  • Can share password with other person (only one) for free.
  • Simple UI, maybe too much.

I still don't trust proprietary cloud provider solutions enough and have a good working setup based on the KeePass-standard:

with syncing based on iCloud Drive and Webdav (when the safe is not only used by my wife and me). I use AutoType on desktop and the iOS12 password extension features supported by Kypass on iOS.


1Password is the one piece of software I couldn’t live without at this point. It handles 2FA, password generation and storage, secure notes, sharing with vaults, and has FaceID integration.


1Password forever. I just spearheaded an effort to get everyone at work on 1Password Business account


I had a look at Buttercup and I like the UI.

Nevertheless, I am using KeepassXC because it is a well-known open source Password Manager and it works properly on Linux, Mac OS and Windows and it has a very good mobile application.
On Android I am using Keepass2Android.
You can send your password database on your device through the File Manager which is supposedly secure.


Instead of trying to focus on a single program, I try to see if they support the psafe3 file format. So my pass are stored on one (actually a couple) of those files I share with Dropbox/gdrive.

For the actual software:
On Windows: password safe
On Max: Password gorilla
On iOS: pwSafe

All of them open source.


I've been using KeePassX (keepassx.org/) for years. I use it on Linux and Windows. And I also have it synced with my Android by using Keepass2Android (play.google.com/store/apps/details...).

For syncing it between devices, I save my .kdbx on Dropbox. So every time I update the password database, I get the updates automatically on all other devices.


Dashlane is great, I've been using it well over a year and no tool has been more convenient. The autofill, prompt to save password, password generator are some really handy features. Plus it's great for working with teams - customizing groups, sharing credentials, removing users from groups and much more features to boost your productivity.


MyKi - non-cloud password manager and on-demand authenticator


LastPass is fantastic. We just added it to our workplace as a "company wide password manager" using the "Teams" product.

I also love the iOS integration since iOS 12 added the first-class auto-fill support for external password managers.


I prefer KeePass. It's open source, multiplatform. Most importantly, I control my own keyfile. I keep the keyfile synced between Mobile and Desktop.


What do you use on Mobile? I have done this route too, but was a little scared off by the mobile options. Now I've started migrating to LastPass. ( Also use their authenticator for MFA, which is handy )

I love KeePass, especially on the PC/Linux (Mac is a bit more challenging, in my experience )


I dislike the fact that KeePassXC hasn't been mentioned here, so while I'm late, here I go anyway:

KeePassXC is an open-source password manager with extensions for Chrome, Firefox and Vivaldi, and is cross-platform with apps for Linux, macOS and Windows; but also iOS and Android (Keepass2Android, the one I use, uses the AutoFill feature of newer Android releases, which is a pretty neat addition).

On top of that it can also hold files and strings as secrets with the password entry, and also manage TOTPs. Which is handy to get your 2FA in check and also encrypt the recovery files with it too.

Simply save the database in Dropbox or Google Drive to be able to access it anywhere, anytime!



We use 1Password at work, it also has Have I Been Pwned integration.
Have been using it on MacOS (with Chrome plugin) and on Android for almost 2 years and never had any issues.


That's great. I think LastPass has a "Have I Been Pwned" thing going on too. They do a "security challenge" on your passwords, which is nice.


One more endorser to bitwarden here.

The only problem for me has been battery drainage on Android. Got around by disabling autofill. Page detection still works but I need to open the app and click to fill the forms. Which usually takes less than 5 seconds.


It's been a couple of weeks since this was posted and it encouraged me to take BitWarden for a test-drive. I've been a long-time user of LastPass, which I have no problems with (and will happily fight anyone telling me it's insecure...) but after reading some of the comments here I thought I'd try out BW.

I can say that it's pretty good, and apart from a couple of tiny niggles (like the web vault keeps telling me I should verify my email address even though I have already done so) it's really nice.

The auto-fill feature is better than LastPass's too - it doesn't glitch out as much. Importing and exporting is comprehensive, too.


On macOS I use KeePassXC which is community edition of KeePassX and on Android I use KeePass2Android. Database with passwords is stored on Google Drive so I can sync them easily + it's stored on Dropbox too just in case.


I use the password remembering feature in Chrome, I think it works fine. I hadn't heard of lastpass (and other options) until recently and don't see the point of them.

What I am considering is switching to a hardcopy of my passwords and using that, but it seems like a fair amount of effort.


I looked at Buttercup since the beginning of the project.
It is indeed very beautiful designed.

I personnaly am using KeepassXC as it is widely available on a lot of OS and widely watched by the community. Which is very important for a Password manager.


[Google translator, sorry, I'm too tired to write/think English]
Bitwarden always. This is the only one that I did not end up losing the password.
Even in programs that work with the cloud I ended up losing the passwords.

And I add, for 2FA passwords I use SASSPASS (with cloud) because I'm tired of having to ask to reset the passwords and accounts because the smartphone bugged and disappeared with my keys.
Whether it's the safest or not, I do not know, just know it works well enough for me.


I can't be using applications like this. I think I don't trust these kind applications. I remember my first Hotmail password. But if you asking how you store them, sometimes I'm using KeePass. Mostly I prefer to save them to my brain. I know, there are many useful shortcuts in these applications that my brain doesn't have.

I prefer KeePass.


Precision: (good) cloud password managers can NEVER access your passwords without your private key. Your private key is never sent to their servers, it stays local on your devices.

Recommendation: You should try Dashlane. It's multi-platform, regularly recommended by Apple, has all the latest features and integrations with the OSes.

Dashlane has been audited by Google security and no security flaw was ever found (LastPass and OnePwd had some). Dashlane's security is stronger. It also allows sharing passwords to a team, with the possibility of removing a team member later (the math behind that is super hard).

It's made by a team of more than 100 (mostly french) engineers.


Personally use Lastpass. I would make the swap to Bitwarden, if the auto-fill got improved on Android. Specifically when in browser like Chrome/Firefox, auto-fill tends to just not work on Bitwarden, and it's when I mostly use my auto-fill.


Just set you password to 'incorrect'

then if you can't remember it just put anything in and the login page will tell you:

you password is incorrect


iCloud keychain, purely because of apple ecosystem. Dashlane is great for sharing creds with teams. A team subscription gives you a personal one too.


Really happy with Enpass one time lifetime license and multiplatform.


grab yourself a yubikey
start using pass & gpg
ditch the gui's
secure your db's in isolated containers which you can tunnel into.
take a look at HashiCorp's Vault.


I'm using this one: remembear.com/
It has a really cool UI, and their Tunnelbear is excellent if you need quick VPN


I use 1Password too. Pretty solid so far.

Classic DEV Post from Jun 24 '19

What If I Want My Website to Last for 100 Years?

When all other resources fail me, technical blogs come to the rescue. They provide insight into my pr...

Jess Lee (she/her) profile image
Taiwanese American. Co-founder of DEV.