Around the middle of last year, I found out that I was able to get…
So, I’ve been a LastPass user for a long time. If you’re not a user of a password manager, you really should be. But going into all that isn’t the point of this post. The primary purpose is to be able to point other LastPass users I know to this post as a reference for my change from using LastPass over to a platform named Bitwarden.
So, the first question is obviously, “why the change?” Well, it has a few reasons. The first is that LastPass has gotten more interested in non-core services in recent years and has had scope creep like credit monitoring and other things bolted on and seems to pay less interest in its core functionality these days. Part of that has to do with another reason on my list, which is their sale to LogMeIn, Inc a handful of years ago, who has swallowed a number of services, to being swallowed themselves a couple years ago. Put simply, it’s not confidence boosting with the service slowly becoming a victim of a corporate buyout nesting doll. Probably as a direct result of the levels of corporate buyout, LastPass also recently had a bit of a thing with trackers, which I personally think was overblown, controversy-wise, but it is an indicator of their focus shift.
But the final nail in the coffin, and why I’m making the switch, is that on top of the other reasons, and probably also a result of the corporate buyouts, LastPass is making a change in their free plan to only allow use on one type of device, and making you go premium to use it on more than one device type. Now, let’s be realistic. This change is essentially forcing most of their users into going premium, cause most of us are using it on mobile and desktop/laptop.
To be clear, I’m not declaring any of these to be reasons to run around telling everybody to abandon LastPass and migrate off as I am doing. Any of these issues on their own wouldn’t likely have caused my migration by themselves. No, not even them forcing premium. But, taken together, with forcing premium use as this final nail, it seemed like the time to do some testing an research into alternatives. After a month of testing, I’ve decided on an alternative that I consider good enough to actually go ahead and make the switch. If you’re a happy LastPass user and you’re OK just paying the premium fee and continuing happily along, then I’m not here to tell you not to. If you wanna give the migration a try and see if it works out well for you, too, then here’s a bit of detail on my switch.
I’ve played with a number of the competing services, and they all have their pros and cons. Probably the most refined of them out there is Dashlane, but it’s also the most expensive, at roughly twice the cost of LastPass’ premium option, and doesn’t distinguish it enough over LastPass to justify that difference. Others are decent, but don’t do enough to encourage their use over LastPass, either.
But then we come to the platform I am moving to… Bitwarden. I was actually quite familiar with Bitwarden already, and had been following them on Twitter for a few years now, as they’ve been maturing and adding in features. Kinda keeping an eye on when they had caught up enough for my possible use. I initially became familiar with them a few years back while doing a little playing with their docker container self-hosted version on my unRAID server. If you don’t know what any of that means, don’t worry about it. From my first playing with it in that context, I liked what I saw. At that time, they were missing features that I considered showstoppers (mostly on the mobile side), but what they had was good, clean and showed a lot of potential. So, as I said, I had been keeping an eye on them.
Enter LastPass and their forcing people into premium. Well, it seemed like the natural opportunity to go and give Bitwarden a fresh try. See how they had been coming along. Much to my delight, they seemed to have added in the various features and functionality to make it day-to-day usable for me. One of the biggest things worth noting about Bitwarden is that at its core, it is an open source project. As I said earlier, you can actually self host it on a server side via docker, etc. For the simple fact of convenience, I’m not bothering to go that route, and I’m just using their hosted service. This is a big comparative plus against my earlier thing about LastPass now being buried in multiple levels of buyouts, and adds in that extra bit of confidence in them.
So, I guess that covers the “why” of my switching. Now, we move onto the “how”. Migrating from one to the other is pretty simple. Obviously, the first thing to do is to create a Bitwarden account (and follow their recommendations – particularly the DON’T LOSE/FORGET YOUR MASTER PASSWORD ONE!). After that, here is a page that Bitwarden has detailing the process of exporting from LastPass and importing to Bitwarden. One glitch I ran into was the fact that I had a handful of “secure notes” in LastPass that were large enough to choke the import process into Bitwarden. But, since I only had a dozen or so secure notes, I just removed those from the LastPass export file and that fixed the import into Bitwarden. Then, I just copy & pasted the small handful of secure notes from one to the other, which only took a few minutes. If you don’t use secure notes, or don’t have ones with a lot in them, then you probably won’t run into that glitch. If you do, hit me up and I can help you get around that glitch. Obviously, your next step is to add the Bitwarden extension to your browser(s) and add the app to your mobile device(s). Once you’ve made the migration, here are some tips and changes I would recommend:
- Turn on 2 factor authentication for Bitwarden. While 2 factor (or multi-factor, etc) authentication is something I recommend on any app/service that offers it, when it comes to your password manager, it should not even be considered option. Just do it.
- Enable the auto-fill options on mobile (iOS). I’m only a couple weeks into actively using all this, but for me, enabling Autofill Service and Inline Autofill, while leaving the older methods disabled, has worked perfectly well.
- Enable autofill in the browser extension settings by checking the box in Settings -> Options -> Enable Auto-fill On Page Load.
- Enable biometric unlock on mobile.
- Set either biometric unlock for the browser extension (if you have a biometric option on your computer), or for alternate convenience, use the option in Settings to Unlock with PIN (and uncheck “Lock with master password on browser restart”). Some of this is personal preference, but this is how I have mine set.
Bitwarden does have a premium option, too. But not only is it considerably cheaper, it’s not something most people will need to bother with. At the moment, I haven’t found the need to do the premium. I might at some point, since it’s only $10 a year. But for now, I haven’t.
Obviously, once you’ve used Bitwarden a while and are sure that it’s good enough to be your permanent solution, you’ll want to go nuke your stuff form LastPass.