Alternatives LastPass. Comparative evaluation of six password managers
- Transfer
UPD: The original version of the article included an assessment of five password managers, which is reflected in the URL and in the text. Later, another Zoho Vault was added to the benchmark table.
For eight and a half years at home and at work, I used LastPass password manager, setting it up just a couple of years after the release of the first version. Therefore, it is logical that, having taken over as vice president of management at Quantopian (and then director of IT security), I introduced LastPass as a corporate password manager. For several years he has satisfied us both in terms of functionality and the quality of support provided by the company.
However, in 2015, LogMeIn acquired LastPassand the situation began to change. Both product quality and support began to deteriorate from the moment of purchase, so now is the moment when we decided to abandon this program and evaluate alternatives.
We created a detailed checklist and checked five password managers for it: LastPass, 1Password , Dashlane , Bitwarden and Keeper . In the end, we decided that Bitwarden would be the best choice for our company, and we began the migration process from LastPass to Bitwarden.
Obviously, our priorities and requirements may not coincide with yours, therefore, below is a description of the functionality on which we focused in our assessment.
Even if our priorities are different from yours, you can still use our assessment! Below is a table with the results [in the original version of the articlethere is an interactive grid that can be customized to leave only those requirements that you need and compare any 2-6 products with specific characteristics - approx. trans.].
We use a password manager on Mac OS, Windows, Linux, Android and iOS. It should support all these platforms. Most importantly, full functionality cannot depend on an application that is available only on Mac OS and / or Windows. In other words, the lack of full support for Linux immediately puts an end to the program. This excludes 1Password and Dashlane.
Recently, we started issuing Yubikey tokens to all employees with the requirement to use them for two-factor authentication in all possible applications and services. Although support for YubiKey was not considered as a strict requirement, it also influenced our choice. Of course, we would reject any password manager at all without the support of 2FA. Fortunately, all five products have this kind of support in one form or another.
In addition to working passwords, we recommend employees to use a password manager for personal passwords, and try to simplify this task. Despite various problems with LastPass, we have to admit that their “linked personal account” functionality is the gold standard for this particular problem. Therefore, we evaluated other products in comparison with LastPass on this issue. Dashlane and Keeper poorly solve the problem, the rest offer quite adequate solutions.
Obviously, since we were going to switch from LastPass to a new service, the ability to import data from LastPass was important. Fortunately, all products have this feature.
A number of functions that we have reviewed are relevant only in the corporate (i.e., business) environment. For example, for personal use, you probably will not care about linked personal accounts, detailed access control, or what opportunities the company administrator has, but this is also important for us.
Last but not least, it is important for our password manager to be actively supported and for technical support people to respond to support questions, feature requests and bug reports. We definitely confirm this in the case of Bitwarden. For example, at some point during our evaluation, we submitted a Bitwarden error report through their Github; one of the maintenants fixed the bug after 17 minutes , and just a few days later the patch went into release.
In an interactive table with comparative assessments , all items in the checklist are displayed by default. But if you scroll down, you can uncheck the boxes with unnecessary characteristics and / or select two specific programs for comparison.
Did you make a similar assessment for yourself or your company? If so, what was the final choice and what are the decisive factors?
May safety be with you!
For eight and a half years at home and at work, I used LastPass password manager, setting it up just a couple of years after the release of the first version. Therefore, it is logical that, having taken over as vice president of management at Quantopian (and then director of IT security), I introduced LastPass as a corporate password manager. For several years he has satisfied us both in terms of functionality and the quality of support provided by the company.
However, in 2015, LogMeIn acquired LastPassand the situation began to change. Both product quality and support began to deteriorate from the moment of purchase, so now is the moment when we decided to abandon this program and evaluate alternatives.
We created a detailed checklist and checked five password managers for it: LastPass, 1Password , Dashlane , Bitwarden and Keeper . In the end, we decided that Bitwarden would be the best choice for our company, and we began the migration process from LastPass to Bitwarden.
Obviously, our priorities and requirements may not coincide with yours, therefore, below is a description of the functionality on which we focused in our assessment.
Even if our priorities are different from yours, you can still use our assessment! Below is a table with the results [in the original version of the articlethere is an interactive grid that can be customized to leave only those requirements that you need and compare any 2-6 products with specific characteristics - approx. trans.].
Quantopian Password Management Priorities
We use a password manager on Mac OS, Windows, Linux, Android and iOS. It should support all these platforms. Most importantly, full functionality cannot depend on an application that is available only on Mac OS and / or Windows. In other words, the lack of full support for Linux immediately puts an end to the program. This excludes 1Password and Dashlane.
Recently, we started issuing Yubikey tokens to all employees with the requirement to use them for two-factor authentication in all possible applications and services. Although support for YubiKey was not considered as a strict requirement, it also influenced our choice. Of course, we would reject any password manager at all without the support of 2FA. Fortunately, all five products have this kind of support in one form or another.
In addition to working passwords, we recommend employees to use a password manager for personal passwords, and try to simplify this task. Despite various problems with LastPass, we have to admit that their “linked personal account” functionality is the gold standard for this particular problem. Therefore, we evaluated other products in comparison with LastPass on this issue. Dashlane and Keeper poorly solve the problem, the rest offer quite adequate solutions.
Obviously, since we were going to switch from LastPass to a new service, the ability to import data from LastPass was important. Fortunately, all products have this feature.
A number of functions that we have reviewed are relevant only in the corporate (i.e., business) environment. For example, for personal use, you probably will not care about linked personal accounts, detailed access control, or what opportunities the company administrator has, but this is also important for us.
Last but not least, it is important for our password manager to be actively supported and for technical support people to respond to support questions, feature requests and bug reports. We definitely confirm this in the case of Bitwarden. For example, at some point during our evaluation, we submitted a Bitwarden error report through their Github; one of the maintenants fixed the bug after 17 minutes , and just a few days later the patch went into release.
Interactive grid with benchmarks
In an interactive table with comparative assessments , all items in the checklist are displayed by default. But if you scroll down, you can uncheck the boxes with unnecessary characteristics and / or select two specific programs for comparison.
results
| Function | 1Password | Dashlane | Bitwarden | LastPass | Keeper | Zoho Vault |
|---|---|---|---|---|---|---|
| Chrome support | Yes | Yes | Yes | Yes | Yes | Yes |
| Firefox support | Yes | Yes | Yes | Yes | Yes | Yes |
| Edge support | Yes | Yes | Yes | Yes | Yes | not |
| Safari support | Yes | Yes | Yes | Yes | Yes | Yes |
| Mac OS support | Yes | Yes | Yes | Yes | Yes | Yes |
| Windows support | Yes | Yes | Yes | Yes | Yes | Yes |
| Linux support | weakly | weakly | Yes | Yes | Yes | Yes |
| Mac OS console client | weakly | not | Yes | weakly | Yes | not |
| Windows console client | weakly | not | Yes | weakly | Yes | not |
| Linux console client | weakly | not | Yes | weakly | Yes | not |
| Android support, with auto-complete | Yes | Yes | Yes | Yes | Yes | weakly |
| Android Chrome AutoComplete | Yes | Yes | Yes | Yes | Yes | not |
| Android autocomplete work profile | Yes | Yes | not | Yes | Yes | Yes |
| Android autocomplete shows full usernames | Yes | Yes | Yes | Yes | not | not |
| IOS support, including auto-complete | Yes | Yes | Yes | Yes | Yes | Yes |
| Two-factor authentication | Yes | Yes | Yes | Yes | Yes | Yes |
| YubiKey support in browser (Enterprise) | not | not | Yes | Yes | Yes | not |
| YubiKey support in browser (Personal) | not | not | Yes | Yes | Yes | not |
| YubiKey support in Android | not | not | Yes | Yes | not | not |
| YubiKey support in iOS | not | not | Yes | Yes | not | not |
| Saving passwords in Android | Yes | Yes | Yes | Yes | Yes | Yes |
| Saving passwords in iOS | Yes | Yes | Yes | Yes | Yes | Yes |
| Fingerprint login to Android | Yes | Yes | Yes | Yes | Yes | Yes |
| Fingerprint login in iOS | Yes | Yes | Yes | Yes | Yes | Yes |
| Sync between devices | Yes | Yes | Yes | Yes | Yes | Yes |
| Import from LastPass | Yes | Yes | Yes | Yes | Yes | Yes |
| Differences in work and personal profiles when importing from LastPass | not | not | not | Yes | not | not |
| Saving the folders LastPass folders in some form when importing | Yes | doubtful | Yes | Yes | Yes | Yes |
| Linking a personal account (or equivalent) | Yes | weakly | Yes | Yes | not | not |
| Save location (work / home) at the time of creation | Yes | not | Yes | Yes | not | not |
| Save location (folder / collection / space) edited in web application | Yes | not | Yes | Yes | Yes | Yes |
| Meaningful verification of master password strength | Yes | not | Yes | Yes | Yes | Yes |
| Linux password history | Yes | not | Yes | Yes | Yes | Yes |
| Windows password history | Yes | Yes | Yes | Yes | Yes | Yes |
| Password History on Mac OS | Yes | Yes | Yes | Yes | Yes | Yes |
| Secure notes | Yes | Yes | Yes | Yes | Yes | weakly |
| Attachments to notes in Linux | not | not | Yes | Yes | Yes | Yes |
| Attachments to notes in Windows | Yes | Yes | Yes | Yes | Yes | Yes |
| Attachments to notes in Mac OS | Yes | Yes | Yes | Yes | Yes | Yes |
| Shared folders with access control on Linux | Yes | not | Yes | Yes | Yes | Yes |
| Shared folders with access control on Windows | Yes | Yes | Yes | Yes | Yes | Yes |
| Shared folders with access control on Mac OS | Yes | Yes | Yes | Yes | Yes | Yes |
| Different groups with customizable access control | not | not | Yes | not | Yes | Yes |
| Subfolders | not | not | Yes | Yes | Yes | weakly |
| Confronting invisible forms of autocompletion | Yes | Yes | Yes | not | Yes | unknown |
| The browser plugin fills only the specified form. | not | unknown | not | not | unknown | Yes |
| Browser plugin displays icon in form margins | Yes | Yes | not | Yes | Yes | Yes |
| Browser plugin offers to save new sites on Linux | not | Yes | Yes | Yes | Yes | Yes |
| Browser plugin offers to save new sites on Windows | unknown | Yes | Yes | Yes | Yes | Yes |
| Browser plugin offers to save new sites on Mac OS | unknown | Yes | Yes | Yes | Yes | Yes |
| 2FA support when authorizing in the password store | not | not | Yes | not | not | not |
| Autocompletion in the browser is disabled by default. | Yes | not | Yes | not | not | Yes |
| Autofilling in the browser can be disabled | Yes | not | Yes | Yes | Yes | Yes |
| Administrator can reset passwords | Yes | Yes | not | Yes | not | not |
| The administrator has access to the private data of other users. | Yes | not | not | Yes | Yes | not |
| Admins can reinstall 2FA users | Yes | not | not | Yes | not | Yes |
| 2FA can be enforced at the corporate level | not | not | not | Yes | Yes | Yes |
| It is possible to audit 2FA at the organization level | Yes | not | Yes | Yes | Yes | not |
| Export to Linux | not | not | Yes | Yes | Yes | Yes |
| Export under Windows | Yes | Yes | Yes | Yes | Yes | Yes |
| Export under Mac OS | Yes | Yes | Yes | Yes | Yes | Yes |
| Attachment export | unknown | unknown | not | not | not | not |
| Response to bug reports and feature requests | not | unknown | Yes | not | not | unknown |
| Open source | not | not | Yes | not | not | not |
| There is a self-host function | weakly | not | Yes | not | not | not |
| Corporate license, month | 7.99 | four | 3 | 6 | 3.75 | 3.6 |
| Cost per user, month (without attachments or YubiKey) | 2.99 | 4.99 | 0 | 2 | 2.5 | 0 |
| Cost per user, per month (with attachments and YubiKey) | 2.99 | 4.99 | 0.84 | 2 | 2.5 | 0 |
| Is the page with the service status informative? | Yes | Yes | not | Yes | not | Yes |
| The number of service drops in the last 6 months | one | 12 | 0 | 12 | 0 | 2 |
What do you think?
Did you make a similar assessment for yourself or your company? If so, what was the final choice and what are the decisive factors?
May safety be with you!
Only registered users can participate in the survey. Sign in , please.