Both Bitwarden and LastPass have generous free versions. But confusions kick in when you decide to pay. Let’s find out the right one.
I’ve been a Bitwarden user for quite some time now. With 201 logins and a few notes, it hardly lets me down. Barring a few, Bitwarden’s free version is enough for personal use and you rarely think of subscribing to the premium editions.
And that’s a huge threat to the other password manager companies.
But LastPass is a veteran in this industry, almost a decade older than the open-source Biwarden password manager. Besides, LastPass free tier is almost as powerful as Bitwarden’s, if you can let go of sync with multiple devices.
However, we’ll check out the free and paid plans of both of these contenders to crown the best. In addition, it would help to know that LastPass offers all its premium features in the 30-day generous trial. But, with Bitwarden, I couldn’t find any such paid trial for personal use (business users have this) as of this writing. Still, Bitwarden has a 30-day money-back policy for its paid subscriptions.
So, without any further wait, join me for a detailed:
Bitwarden vs Lastpass
This article will compare these two on eight important parameters:
- User Interface
- Export & Import
- Autofill & Capture
- Password Generator
- Security Features
- Extra Goodies
- Supported Platforms
This is the same pattern we followed with Bitwarden vs 1password, giving us the clarity one needs to decide between the two password managers. Notably, this comparison is mostly about their respective browser extensions on a Windows PC.
Both extensions give you the counter for the number of logins you have on any specific website. Upon clicking, you’ll get the login username.
Personally, I like how Bitwarden gives a clean look with all the settings nicely stacked at the bottom without any clutter.
LastPass isn’t bad though, but this would be confusing if you have multiple accounts for a particular login. Then you would be scrolling the tiny area between Open My Vault and LastPass Search. However, this is handy only in editing the credentials on the go, or copying username/password and is not a deal-breaker in daily usage.
But Bitwarden goes one step in aesthetics and lets you theme the extension with various modes: Light, Dark, Nord, and Solarized Dark. Again, I could not find such an option with LastPass. While theming a password manager extension is not a big thing as you’re not going to spend hours inside.
Still, someone has thought more about the user preferences and deserves a pat on the back.
Import & Export
Importing passwords is a one-time thing but can be quite annoying depending on the utilities at hand. In cases similar to mine, where there are more than 200 entries and a few notes, a no-hassle import is what we look for.
Bitwarden import paves way for a few clicks process for anyone jumping over the fences. You have a very long list of officially supported password managers.
And even if you don’t find a name here, export from your current password manager, download any export template from the listed software and proceed with the import. But while you can import practically from anywhere, this isn’t listed, leading to ambiguity among users.
LastPass, in contrast, has limited options to migrate from. For a premium password manager, the official support could be more. Regardless, you can click Other, download the export template, and arrange the contents to import.
So while Bitwarden gives more choices upfront, LastPass tries to make up for it with the ability to import from everywhere with its export template. However, the same is possible with Bitwarden, but they haven’t listed there.
Coming to exports, Bitwarden permits JSON, and CSV formats, while LastPass has this in just CSV. Both have an option to export the encrypted vault. But LastPass lets you choose the encryption key at export, whereas Bitwarden uses the key attached to every account.
It means you can use the LastPass encrypted vault with the set encryption key. However, the Bitwarden encrypted export can only be used with the same account as each account has a default encryption key and you can’t use it anywhere else. In addition, if you ever rotate your encryption key, the export file will no longer work.
I tried to import the exported file to the same Bitwarden account and was instantly successful. However, LastPass took a lifetime of waiting to process the file and ended up in an annoying processing loop:
The fact that LastPass couldn’t process its own file and never came up to the point to ask for the encryption key makes it look bad. It should be noted that I waited only for 10-15 minutes. Still, if Bitwarden can do that in a split second, there is no reason LastPass should’ve taken that long.
AutoFill & Capture
Autofill is an essential feature for any password manager, especially if you have a single login for a website.
Bitwarden tags this feature as still in beta, which isn’t a good thing considering it’s been almost six years since its initial release. However, it has worked every time without any single case of failure.
The point where it falters is when you have multiple accounts on a website. In those conditions, it either fills the first one or waits for you to click the extension and select the correct one. And when you see even the recently launched Avira Password Manager doing it better than Bitwarden, you feel irritated.
In contrast, LastPass does it smartly and gives the option to click right there to select the account you wish.
But LastPass couldn’t autofill even when I confirmed that it’s turned on in the settings. Then I asked Google and came to know that it’s a common issue with LastPass and there are many tutorials to remedy this:
I didn’t try anyone though, but that’s a big thumbs down for the veteran in the industry that its autofill isn’t working out-of-the-box.
However, both Bitwarden and LastPass could perfectly capture the new logins and give prompts to save in their respective vaults.
Ergo, this section was a mixed bag for both. While Bitwarden failed with multiple accounts, LastPass couldn’t autofill single ones. Still, LastPass with the pop-up inside the empty fields has a slight edge. So let’s declare the…
Winner: LastPass, by a small margin
Bitwarden has a great password generator. You have an excellent variety to configure your password as you wish, lowercase, uppercase, numbers, etc. And you can also tell it to use a specific quantity of numeric or special characters.
In addition, you can create easy-to-remember passphrases, which are (almost) equally strong as passwords.
LastPass isn’t lagging though. Its password generator is as robust if you don’t use passphrases that are simply absent. Again, it’s good to have extra features and we have all the right to expect it from a premium password manager that LastPass is.
That being said, it’s not a deal-breaker unless you want only something that you can remember. In that case, LastPass can’t help you.
But there is one other thing where LastPass trumps Bitwarden. Since Bitwarden doesn’t show up in the empty fields. You’ll be using a password generator separately followed by a necessary copy-paste for new registrations.
However, with LastPass, you can readily generate passwords there itself which adds to the user experience.
Personally, this feature is of great use for me as I keep registering at new websites for testing and all. But even normal users will be right at home using this feature followed by the prompt to save new accounts.
Bitwarden uses AES-256 bit encryption to protect the vaults. This is the highest you can get in any commercial application, even banks use these encryption standards.
Generally, a master password protects your Bitwarden password vault. You need to enter it every time you close your browser or the application. In addition, you can set a pin to use in place of the master password.
Notably, you can only use the pin for unlocking the password manager and not when you completely log out of Bitwarden. Besides, there is a provision to set a vault timeout option triggering a lock or log out.
On top of it, Bitwarden supports deauthorizing all sessions from its web vault.
Bitwarden permits biometrics use for unlocking the password vault without entering the master password every instant. And finally, you have two-factor authentication with email & authenticators in the free plan, and Duo Security, YubiKey, phone call, SMS, etc., in the premium subscriptions.
Similar to Bitwarden, LastPass protects you with AES-256 bit encryption.
Coming to everyday usage, you can set a vault timeout. And likewise, you have a choice to set LastPass to log out on browser exit. The free tier has many multi-factor authentication (MFA) options such as SMS, Google & Microsoft authenticator, Toopher, Duo security, etc. The paid subscription permits Yubikey, Fingerprint sensors, etc.
Moreover, you can set Trusted Device which can bypass MFA and you can directly log in with the master password. This trust lasts for 30 days. Afterward, you will need to use the MFA again for one more month of Trust.
In addition, the LastPass web vault gives a list of mobile devices accessing your vault and the option to revoke authorization selectively.
This section has been very close for both the candidates. Each of them has robust security features and picking up the victor seems difficult.
However, Bitwarden gives you a choice to set a pin that is arguably more user-friendly. On the other hand, LastPass lets you reset your account with a mobile phone even when you lose your master password. This feature is definitely a plus and a great advantage for me personally, as I have a complicated Bitwarden master password which if I lose will render my password vault useless.
In addition, LastPass has an SMS multi-factor in the free plan which is undoubtedly more secure and infinitely more user-friendly than the authenticators. Because you risk losing the vault if you delete the authenticator app. In comparison, your mobile phone number is more permanent and provides the same security.
Conclusively, not everyone will like it, but personally, I think LastPass has this round.
Bitwarden has to Send, which enables you to send a time and access restricted, password-protected text to anyone. This also entertains a receiver without any Bitwarden account. And if you’re on a paid subscription, it has the feature to send files up to 1GB.
Moreover, the paid plans come with Bitwarden’s own authenticator. And you get some premium features like Emergency access (to someone) and Vault health reports which are about compromised passwords in your vault.
LastPass has a similar feature to Bitwarden Send in which you can share any password or note. But it requires the person at the other end to have a LastPass account before giving access to the share.
In addition, this wasn’t as robust and couldn’t work the second time I used it.
Talk about LastPass paid goodies, you get similar Emergency access features and Security Dashboard for dark web monitoring.
Overall this section would have been a tie if LastPass hadn’t faltered in the sharing. In addition, the ability to use Bitwarden’s share with just a URL is seriously great and takes it ahead in the race. So we have our…
Bitwarden has native applications for Windows, Mac, and Linux. In addition, the browser extension is available for Chrome, Opera, Brave, Vivaldi, Firefox, Edge, Safari, and Tor.
For the geeks out there, Bitwarden supports a command-line interface for Windows, Mac, Linux, etc. And obviously, Biwarden wasn’t going to skip over iOS and Android.
LastPass has apps for Windows, Linux, Mac, iOS, and Android. And you will find browser extensions for Chrome, Firefox, Edge, Safari, and Opera. Likewise, there is apparently a command-line interface too which isn’t in the download section but is mentioned in the support section.
So you have more browser extensions listed on the Bitwarden download page and it’s more tidy, cutting any unwanted confusion. Although by a tiny margin, shall we declare our…
Bitwarden has an always-free plan which is loaded with features. This only misses out on some premium features like Vault Health Reports, Emergency Access, and Priority Support. However, you can check for breached usernames for free.
But the best feat of the free version is the unlimited device sync.
The paid plan in Bitwarden is just $10 a year, less than a dollar per month.
Similarly, LastPass has a nice free plan. This almost matches Bitwarden’s free offering if not for the cap on device use. The free subscription works only on a single device, either a computer or a smartphone. Now, this is a huge letdown as most of us have computers and smartphones both. So, it will be good to see at least two devices sync in the free plan.
Its paid plans start from $36 per year, way more than Bitwarden bills.
Undoubtedly, Bitwarden is the more economical offering and gives much more for less, or even free.
So there you have it. It’s 5-3 in the favour of Bitwarden password manager. While LastPass had its moments and won some battles, the overall war sees a clear winner in the open-source offering.