Selecting a new Password Manager
I am also one of those users that used LastPass until a few days ago with full satisfaction. A breach can happen to anyone, but by leaving customers in the dark and exposed is especially worrying. By not giving insight who, what and where customers are at risk and what to do to best mitigate that risk is also extremely dangerous. So, to speak the trust in the product and company behind it is gone straight out of the window. But then an important question pops up, what next? Should I still use a password manager or fallback to analog paper?!
Why Use a Password Manager?
Our online world revolves around accounts with passwords. To stay safe from data breaches, you need to create strong and unique passwords for every account, but remembering them all without help gets particular tricky. Defaulting back to analog paper is a no go for me with over 1100+ accounts and unique passwords. Time to look for a replacement, that will generate, store, and secure my most important digital assets with end-to-end encryption in a digital vault.
Before I could start looking for a good replacement solution, I first had to determine for myself what my minimum requirements are for such a solution. I used the following minimum requirements to find a suitable replacement:
- Import Function for LastPass – because I do not want to migrate 1100+ accounts with passwords manually.
- Exit strategy – so that if I need to switch again in the future, I know the possibilities are there to export and purge the data from the vault are available. Never hope to use it, but better safe than sorry right?!
- Highly Secure – how is the data being secured and how are they storing my data. Also 2 Factor Authentication on top of the master password should be possible.
- Offline mode – I travel a lot around the globe for my work and I need a possibility to access the vault to search for data. Can be read only, I do not need to modify it.
- Family friendly – as the security dad in the house my family members look at me for reducing their risk and increasing their security posture online. Family subscription, easy to use, sharing possibility between family members and having an emergency access setup, just in case something happens to me, comes to my mind.
- Wide and deep Platform support – I am using all major operating systems like Mac, Windows, and Linux and on Mobile devices have access on iOS and Android. Integration with several browsers but especially Brave should be supported.
- Sync between all devices – any changes on one device should automatically sync to my other devices.
All kinds of flavors
On my search I found lots of different password managers out there. I tested the five most promising to me more thoroughly that ticked all boxes of my requirements, namely: NordPass, 1Password, Dashlane, Bitwarden and RoboForm.
All of your passwords, credit cards, and personal info in a single secure place.
I tried to import the LastPass.csv file but unfortunately it did not work. Then I tried to open the csv file in Microsoft Excel and save it again as a .csv file. Now import starts to work but I ended up with an access denied after several tries. Also, after working with the product, I got locked out during the setup and it said my master password failed and no recovery could be done. I must create a new account….
The removal of your account will require verification of your identity and you may need to send them several letters for confirmation. When I read that, I was oh really, so that was a red flag right away on top of the issues I already experienced with them around login and import of data.
NordPass uses the XChaCha20 encryption, has a zero-knowledge policy, multi-factor authentication, and biometric logins.
Internet access is required to fully use your NordPass application. However, even if you are not connected to a network, you can still access your items with Offline Mode.
While in Offline mode, you will be able to view all of your NordPass entries and copy any information stored inside them. You will not be able to edit, delete, or add any new entries to your vault, nor will the autofill feature work with the Offline Mode.
It is easy to share passwords with other family members. Emergency access is also configurable on your account.
Integration is available for the following browsers through extensions: Chrome, Firefox, Edge, Opera, Safari but unfortunately not for Brave. Regarding operating systems they support Windows, macOS, Linus, iOS, Android.
Sync between all devices You can access passwords, notes and credit cards saved to your NordPass account on any device.
1Password is the easiest way to store and use strong passwords. Log in to sites and fill forms securely with a single click.
My import through the website worked fast, easy, and successfully.
Through your profile you can easily access the Danger Zone, where you can permanently delete your account including subscription and data stored.
Two factor authentication can easily be enabled and connected to a TOTP application on your phone. 1Password did a nice write up about what if 1Password gets hacked in a blog about their security model. It goes into end-to-end encryption, secret key creation (SRP) and more. Your data is protected by a 128-bit Secret Key and Account Password – dual-layer encryption unique to 1Password.
Yes, you can access all your passwords and other items from any of your devices, whether you’re online or offline.
You can easily share passwords between family members when needed. After creation of a user account and password first thing that gets created is an emergency kit with a secret key.
This one-pager should be printed, for whenever you get locked out of your account or something bad happens to you and store it in a physical secure location. Have it stored where family members would be able to access it in the event of an emergency.
Supports Chrome, Brave, Firefox, Edge, and Safari through extensions.
Sync between all devices
You can access your data everywhere you need it. Any changes you make on one device are immediately available everywhere else. There’s no limit to the number of devices where you can use 1Password. Install it on all your computers and mobile devices to always have your information with you. After everything is in sync, it’ll be available even if you need to go offline for a bit.
Drive collaboration, boost productivity, and experience the power of open source with Bitwarden, the easiest way to secure all your passwords and sensitive information.
The import was done easily through import data on the tools menu. Select LastPass and it finished within a minute for 1130 items.
I had to refresh the website to see the vault was really purged, but it worked fast and easy.
Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices. Since it’s fully encrypted before it ever leaves your device, only you have access to your data. Not even the team at Bitwarden can read your data (even if they wanted to). Your data is sealed with AES-CBC 256 bit encryption, salted hashing, and PBKDF2 SHA-256. All Vault data is encrypted by Bitwarden before being stored anywhere. To learn how, see Encryption. Bitwarden also did an extensive write up about their security principles and how the infrastructure is designed in this security white paper.
Any unlocked Bitwarden app can be used offline in read-only mode, for example when using airplane mode on a mobile device or when not connected to your self-hosted server.
Most functions of Bitwarden are accessible in offline mode, however you won’t be able to make edits to or add vault items, attachments, or sends or import new vault items.
Bitwarden has multiple family friendly options like placing items in a collection within the Bitwarden password manager makes it easy to share among multiple users securely. Also you can grant and manage emergency access for trusted contacts easily. Trusted contacts may request access to either View or Takeover your account in case of an emergency.
Bitwarden has the most comprehensive platform support I have seen compared with all other solutions I tested. It is available for Windows, macOS and Linux. Bitwarden also integrates with Chrome, Safari, Firefox, Vivaldi, Opera, Brave, Edge, Tor and DuckDuckGo for Mac. For mobile it is supported on iOS and Android.
Sync between all devices
Install and Sync All of Your Devices. Secure cloud syncing lets you access your sensitive information from anywhere on any device.
You’ll never need to remember or type your passwords again.
There are multiple ways to import the LastPass.csv file into your vault and I must say they all are easily and fast.
You can easily delete all files by going to https://online.roboform.com/login then go to My settings, select User Settings and scroll down to Storage and select Delete All Files.
To protect your data, RoboForm uses AES-256 bit encryption with PBKDF2 SHA-256 and supports two factor authentication (2FA) to access your account.
Desktop and mobile apps provide offline access to RoboForm data. In addition, the desktop and mobile versions offer optional local-only storage.
Sharing important information with your family has never been easier and more secure. Share Logins, Identities, and Safenotes with the click of a button.
RoboForm has integration with Edge, Safari, Chrome, Firefox & Brave browsers. It is available for Windows, macOS, iOS and Android.
Sync between all devices
The data is synced automatically across all browsers and devices where you use your RoboForm account.
Security-first password manager for any device, browser, or platform.
Easy to use function, browse to the LastPass.csv file and started importing 1130 items, but it looked like it never finished no matter what I tried. After more than 15 minutes I saw my accounts and passwords pop-up suddenly.
By uninstalling Dashlane from any device first, then you can go to the account delete page wait for the email to come in and confirm the deletion.
Dashlane did a great write-up in a whitepaper about their approach to security and is using multiple security measures to secure the access and data. The master password only know by you is used to generate the symmetric Advanced Encryption Standard (AES) 256-bit key for encryption and decryption of the user’s personal data on the user’s device. Also 2FA can be enabled with TOTP to make it even more secure.
The web-first version of Dashlane runs locally on your computer and doesn’t require an internet connection to access it. There are a few things you need for offline access. You should have:
- Logged in previously and registered your device to your account
- Disabled 2FA for each login (offline access will still work if you have enabled 2FA for each login on a new device)
Enjoy up to 10 separate Premium accounts all managed under one affordable plan. This was the highest in price per month, but it is also for 10 accounts while the others I tested support 5 or 6 accounts under a family subscription. The sharing feature works perfectly and easily.
Dashlane is available on Windows, Mac, iOS and Android platforms and supports Internet Explorer, Chrome, Firefox and Safari browsers. They are actively working to support a Linux environment and will support Edge as soon as extensions are allowed. But unfortunately, no Brave support here for me.
Sync between all devices
Data is stored locally on all devices. Dashlane syncs your data across your devices—computers, phones, and tablets—and you can access your data from several devices at the same time.
I checked out several password managers, including KeePass, KeePassX, Remembear, Keeper, 1Password, Dashlane, NordPass, Bitwarden and RoboForm. They all have interesting features but the three solutions I hesitated between where: 1Password, RoboForm and Bitwarden.
NordPass was lost on me right after the problems started with importing data from LastPass and then all of a sudden, my master password was incorrect. (Which wasn’t because I had that on a copy/paste base for the testing purposes). Dashlane does not have Brave browser support yet, which is a shame for me because I really liked the solution they have.
From the three solutions left I thought the Bitwarden solution is the one that fits my needs for platform support and all requirements I set at the beginning the most, but I must say the 1Password one was a close runner up, where RoboForm was the cheapest of the 3 solutions left.
Photo Credit: Liam Tucker on Unsplash