Bitwarden vs LastPass: Free Fighting in 2020
Bitwarden and LastPass are two of the best password managers around, offering excellent free plans, solid security and a long list of features. When it comes to free password management, it doesn’t get much better than these two. However, only one can win in our Bitwarden vs LastPass comparison.
Over a series of rounds, we’re going to compare the two point-for-point to see which is the better option. Along the way, we’ll touch on security, pricing, support, ease of use, features and more, all before declaring a winner.
Before diving in, we want to make a note that certain aspects of a service shine more when compared directly against another service. Because of that, we recommend reading our Bitwarden review and LastPass review to get an idea about how these password managers perform against the rest of the market.
Setting Up a Fight: Bitwarden vs LastPass
We have six rounds before us, each of which are relevant for Bitwarden and LastPass. The two will duke it out tit-for-tat during a round to see which reigns supreme. Each round is worth a point, and at the end of our comparison, we’ll tally all of the points to declare an overall winner.
However, as we note in all of comparisons, there’s a decent amount of room for personal preference. This is especially true for two tools like Bitwarden and LastPass, both of which offer strengths in different areas. Because of that, we recommend reading through each section and coming to your own conclusion.
We’ve done the heavy lifting of using both services to determine which is better, and although we’ll take a definitive stance, the better tool for you could change based on what you need. Bitwarden, for instance, isn’t as flexible when it comes to entry types, but it has much better support than LastPass.
- Multi-device sync
- Android, iOS Mobile apps
- Free plan
- Multi-device sync
- Mobile apps
- Free plan
Bitwarden and LastPass both have excellent security, though one is certainly better than the other. Starting with the latter, LastPass offers the standard security for password managers. That includes a zero-knowledge model, AES-256 encryption and a slew of options for two-factor authentication and multi-factor authentication.
In order to authenticate your account, LastPass needs only a master password, unlike the two-secret-key model of Dashlane and 1Password (read our Dashlane review for more on that). Still, your master password is sent through 100,000 rounds of PBKDF2 hashing in order to unlock your vault. That means LastPass never sees or stores your password.
Furthermore, because the key derivation function is used to generate the authentication key, your master password never actually leaves your machine.
LastPass’ encryption isn’t the end of the story, unfortunately. The service was hacked in 2015, resulting in countless accounts being stolen. That said, the attackers made off with a bunch of gibberish. LastPass’ zero-knowledge model means that the necessary data needed to decrypt any vaults wasn’t included in the breach, so no plain-text data was compromised.
Bitwarden’s Open Source Approach
Bitwarden has similar security to LastPass, including AES-256 encryption for your vault and a zero-knowledge model. However, the source code is also publicly available, allowing anyone to dig through it for security vulnerabilities. German cybersecurity firm Cure53 did just that, finding nothing but some minor issues with Bitwarden.
The greatest threat to password manager security comes from authentication, and on that front, Bitwarden is solid. It uses a string of generated keys and hashing to authenticate your account, but that’s only if you choose to use Bitwarden’s servers.
As we’ll get into in the “features” section, Bitwarden offers a self-hosted option, removing much of the security risk when using a password manager.
Because Bitwarden operates on an open-code base, that means vendor lock-in isn’t possible, either. All of Bitwarden’s source code is available, and the community has already used it to create tools that can read its file format. Because of this, you’ll still have access to your passwords even if Bitwarden goes bust.
Although LastPass has solid security, despite its unfortunate run-in with hackers, Bitwarden offers more. Because the source code is available for audit, it’s inherently more secure, allowing the developers to catch vulnerabilities before they become an issue. Furthermore, Bitwarden offers a self-hosting option, which eliminates nearly all of the risk of using a password manager.
Point for Bitwarden
There’s a lot to talk about between Bitwarden and LastPass when it comes to pricing. Although one is targeted as shareware and the other is a commercial product, both offer excellent free plans, each earning a spot in our best free password manager guide. When it comes to paying, however, there are some differences.
Starting with Bitwarden, it’s an open-source piece of software and, like KeePass, is totally free (read our KeePass review). There’s a paid plan, but Bitwarden has made sure that all its core functionality is available in the free version. That includes unlimited storage, multi-device sync and two-factor authentication options.
The paid plan — if you can call it that — adds 1GB of encrypted file storage, a few more 2FA options, customer service and password health reports.
“Paid” is a relative term here, though. Bitwarden Premium costs less than $1 per month, clocking in at only $10 for the entire year. In the context of the free plan, Premium feels like an option to support the developers more than anything else.
LastPass has a more conventional pricing structure, fit with a premium personal option at $3 per month and a family option at only $4 per month. However, compared to other free password managers, like RememBear, LastPass stands out with its free plan (read our RememBear review). That’s because it includes unlimited storage and multi-device sync.
The free version actually makes the paid one look bad. Upgrading to Premium comes with a few goodies, namely one-to-many sharing and LastPass for Applications, but at $3 per month, the plan isn’t worth it.
That said, LastPass offers a family plan, which provides protection for up six users for only $4 per month, which is even cheaper than 1Password (read our 1Password review).
Not to be outdone, Bitwarden actually has a family plan of its own, and it’s only $1 per month. It supports up to five users and is fit with unlimited sharing and storage. Although it lacks features like application autofill, Bitwarden’s Premium and Family options are far cheaper than LastPass’, all while offering most of the functionality.
Point for Bitwarden
3. Ease of Use
When it comes to open versus commercial products, ease of use is usually the main difference (read our KeePass vs LastPass comparison for an example of that). Despite being a free product, Bitwarden is very easy to use. That said, it has a handful of small differences from LastPass.
Bitwarden is a desktop-based experience, meaning there’s a local application for managing your passwords. There’s also a browser-based version through the Bitwarden website, though it doesn’t offer nearly as many options as the desktop app. The interface is surprisingly clean, with your entry types in the left-side menu, plus folder organization and a search bar.
Although Bitwarden is very impressive for software built on open code, it has a few critical oversights. First, it only supports secure notes, identities, credit cards and passwords. There aren’t any custom fields or entry types to store other information. Furthermore, you must specify which URLs you want to fill that password on.
Thankfully, you can get over these issues by using the browser extension, which, like the local application, is surprisingly easy to use. With the extension, you can quickly view your vault, generate a new password and capture logins as you work your way around the internet.
Although Bitwarden’s usability is impressive, it’s no match for LastPass. Based entirely in your browser, LastPass goes wherever you go, no matter if you’re on Windows, macOS, ChromeOS or Linux. The browser interface is very easy to get around, too, allowing you to organize entries into folders and filter them in a variety of ways.
In the context of Bitwarden, LastPass’ kicker comes in the form of custom entries. Out of the box, LastPass already supports a long list of entry types, including passports, server information, software licenses and more. However, you can also create your own custom entries, allowing you to store whatever you want.
There’s some automation going on in the background, too. For instance, LastPass has universal settings for URL identification, whereas you’ll need to enter that information manually in Bitwarden. Although Bitwarden is still easy to get around, there are enough small improvements in LastPass to put it on the board this round.
Point for LastPass
Even with their free plans, Bitwarden and LastPass are stuffed with features. LastPass offers a good range on its free plan, including a security challenge where you can quickly view old, reused and weak passwords. LastPass also includes an automatic password changer, but it didn’t work the last time we tested it.
However, paying brings in some benefits, mainly in the form of hardware 2FA with the FIDO U2F standard and LastPass for Applications. The latter allows you to take the autofill experience in your browser and use it on local applications. Although not a huge deal, it’s a nice bonus if you’re paying the subscription fee.
Bitwarden offers similar features, though it splits them up differently between its free and paid options. For instance, the password health screen — which shows weak, exposed and old passwords — and the relevant data breaches are reserved for the paid plan. Still, with how cheap Bitwarden is, it’s hard to complain.
However, Bitwarden’s greatest feature is self-hosting, which is available no matter if you’re paying or not. Using Docker, you can easily host Bitwarden’s server infrastructure on your home NAS. You can always use Bitwarden’s servers — it doesn’t use cloud storage like Password Depot — but self-hosting is the best option if you’re concerned about security.
The process is simple, requiring only Docker and a handful of command-line prompts. Although it’s an optional feature, the fact that self-hosting is built into Bitwarden with some ease is impressive. As is the case with other aspects of Btiwarden, there are enough options for techies to dig in, all while keeping the core experience for newcomers intact.
That doesn’t make this round an automatic win for Bitwarden, though. The two are close in terms of features, with LastPass offering more options for casual users and Bitwarden catering to techies. For us, the standout feature is self-hosting, giving Bitwarden the win this round. That said, depending on what you’re looking for, it could easily go to LastPass.
Point for Bitwarden
5. Business Plans
With Bitwarden and LastPass offering generous free plans, it’s safe to assume most of the cash flow is coming from business subscribers. LastPass has a more robust range of business plans, catering to outfits large and small, which is why it earned a high spot in our best password manager for small business guide.
Bitwarden also earned a spot in the guide, mainly because it’s so inexpensive. Comparing it to LastPass, you can save big. For instance, Bitwarden’s Teams plan, which starts at five users for $5 per month, costs only $2 for each additional user. A similar plan at LastPass costs $3 per user from the get-go.
Bitwarden’s price for its top-tier business plan is $3 per user, and it includes integration with Active Directory, user groups and more. Compared to Zoho Vault, Bitwarden’s business subscriptions are very impressive, including top-level features for a fraction of the cost of the competition (read our Zoho Vault review).
LastPass has one big advantage, however: multi-factor authentication. Although it’ll cost you a pretty penny, LastPass has contextual MFA, much like OneLogin (read our OneLogin review). Instead of just using a time-based code, contextual MFA looks at a variety of factors when authenticating an account, including the IP address, time of day and more.
Calling this round is tough. LastPass has MFA available while Bitwarden doesn’t, but it charges a high price for such a feature. Bitwarden, on the other hand, is much cheaper and is fit with plenty of business features, to boot. However, you’ll still need to shop à la carte for MFA.
Considering how cheap MFA can be, we’re giving the win to Bitwarden. That said, it could change depending on your business needs.
Point for Bitwarden
Although password manager support is usually bad, and open source software support is even worse, LastPass and Bitwarden offer decent customer service. LastPass comes with a knowledgebase, forums and contact via email. That said, email support is only available if you use the knowledgebase first.
You’ll need to find a relevant support article, then click the “contact support” button on it to land on the contact form. Although we understand directing users to self-help resources first, burying the contact form within the knowledgebase is just confusing. Thankfully, LastPass is saved by an excellent community forum, which is active at nearly all hours of the day.
Despite being totally free, Bitwarden goes even further in terms of customer service. Surprisingly, there’s a full knowledgebase stuffed with useful articles. Bitwarden offers a link to its email support on every knowledgebase page, even the main one. That way, there’s no question about where to go to talk to a human.
Bitwarden offers forums, as well, though they’re not nearly as active as LastPass’. There are two sections: feature requests and user-to-user support. Although plenty of members are on-call to help others out, the forums aren’t as fleshed out as we would’ve hoped.
Overall, though, it’s hard to say that LastPass offers better customer service. Considering Bitwarden is, at its core, a free password manager, the level of support is jaw-dropping. Even as a fully commercial product, LastPass struggles to keep up, pushing it even further behind in this final round.
Point for Bitwarden
7. The Verdict
With only a single win out of six rounds, LastPass is, unfortunately, the loser of this comparison. Bitwarden offers enough in terms of features, security, pricing and support to be a better password manager. Bitwarden also has the benefit of available source code, meaning it’s much more flexible.
That’s not to say that LastPass is a bad password manager (far from it, in fact). Bitwarden offers enough small advantages to be a definitively better password manager, but that’s not to downplay the fight LastPass put up. It’s a great password manager in its own right, offering some features that Bitwarden can’t stand up to.
For us, however, Bitwarden is still the better option. Do you agree, or should LastPass be the winner? Let us know your thoughts in the comments below and, as always, thanks for reading.