Episode 26: A New Password Manager
Say Hello to the Free and Open-Source BitWarden
Part I: A New Password Manager for Me…
My longtime readers know that I use a password manager. They also know that I insist that everyone else does the same. Using password managers should be a regular part of your ongoing security hygiene because:
They enable you to keep and use unique, long, & complex passwords for each of your accounts.
They enable you to keep and use your personal and credit card information in a safer way for your online shopping.
They make working & shopping safely on mobile devices far easier.
Safer? Yes. A password manager auto-fills your username, password, address, or banking info fields when you surf a website. That process is considered safer than manually typing the info or copying/pasting it yourself.
For years I used a password manager called LastPass. It’s a great product and if you still use it, you’re doing well and fine! I continue to recommend LastPass. However…
About six months ago, I’ve switched to a competitor of LastPass called BitWarden. BitWarden is easy to use, works on every major computer and smartphone OS, has nearly every feature I’ve come to love in LastPass and… it’s open source.
That means that anyone - ANYONE! - can go online and look at every line of BitWarden’s code (here’s the link to do that, by the way). It is highly advised in both security and privacy communities to use open-source whenever possible for three reasons:
With thousands of eyes on the openly-available code, it’s far less likely that any dirty tricks or hacks will get passed along to consumers.
With thousands of eyes on the openly-available code, it’s far more likely that problems in the code can be spotted and fixed.
No secrets = safer software.
LastPass, which is owned by LogMeIn, Inc, owns the code and doesn’t share what’s in it with the rest of the world. It’s proprietary and, so I’m clear, there’s nothing wrong with that approach. Adobe, Apple, Microsoft, and others don’t share their code willingly either and it doesn’t make them or other software providers malicious. But… it’s still considered safer when you can see the code for yourselves.