This has aged amazingly well. Thank you, Wendell! I just spent the last six hours changing passwords, tying up some loose strings as far as 2FA is concerned, as well as migrating everything off Lastpass to something hosted on my home server. Should have done this years ago, but the recent data breach scared me enough to get the ball rolling.

Anybody else remember when Wendell was just a torso sat behind four computer monitors?

Bitwarden recommended. Migrated from LP. Works on my mac and android just fine.

"It's like running water inside your hosue getting more expensive, or electricity getting more expensive" - Texans staring from the corner.

step1 - entice users step2 - trap users step3 - exploit users until collapse silicon valley, and a lot of industries, are on step 2.5

Wendell: "I don't want this to get technical or take too long" Me: "Sounds good. I guess I'm going to need my calculator, some paper, Visual Studio Code Editor and plenty of water to stay hydrated."

I meant to migrate away from Lastpass when I saw this video when you first released it. Sadly, work got in the way and procrastination. How did that bite me on the butt. Migrating now, changing all the passwords and notifying clients who may also have been affected. This video made a handy reference and giving it my clients saved me a lot of time.

I started with Bitwarden 2 years ago as my first password manager and I have absolutely no regrets

been using KeepassXC for couple years now because has win and Linux versions, and supports using keys with password. thanks for the video.

Jumping from Lastpass to Keepass has been on my backlog for... probably a decade now, but this recent move forced me to make the jump. I've started on Dashlane, migrated to Lastpass, and considered Bitwarden... but ultimately the objective was to go Keepass synching stuff on my own. I have to say, there are reasons not to do it... go for something like Bitwarden instead for instance. But I'm insisting... because ultimately, I don't wanna rely on someone else's server/service, so as good a time as ever I guess. The general problem with Keepass is the general problem with several other FOSS software, which I also have highly adopted in recent years - it's fine for me, but if I'm gonna put it for someone else to use, like say, my mom who is in a permanent tech illiterate state, it starts getting harder. But even for me, the decisions are taking longer than I'd like. Problem is, there are too many options, not that much material for research, and videos like this one are not that numerous, so it ends up not covering specific cases like mine. For desktop it was kinda easy. Original Keepass is kind outdated but fine, KeepassXC is more modern with newer features, so there you go. I still ran into some weird problem though. Not sure why, but Keepass XC was refusing to import a Lastpass CSV file inside an already created database... it keeps trying to create a new database instead. So I had to do it via standard Keepass, and then open the database via KeepassXC. Perhaps because I'm trying to create a new database with a keyfile, not sure what's the issue. On Android, things got worse. I tested KeePassDX, AuthPass, TinyKeepass and am currently using Keepass2Android... all of them have something that doesn't work, works weirdly, or is kinda messed up somehow. I think TinyKeepass doesn't support key files, KeePassDX I couldn't find a way of using biometrics alone do unlock the thing (requirement for my mom), AuthPass wouldn't accept my master password no matter how many times I tried for some reason. Keepass2Android is older and has a bit less friendly UI, but seems to be working... I just didn't fully test it yet to tell. But the general problem is the same - compared to Lastpass, all these versions of Keepass seems to be generally more difficult for someone like my mom to use. You have bugs here and there, the interface is kinda convoluted and complicated, and you end up having to go through this familiar path of trying and testing things out... I'm also trying to sync the database through my Synology NAS, future plans to build a server running NextCloud for it. I'm not sure what's the ideal way to do it. I'm using a mix of DS Drive for Android and PC, or an older app called DS cloud for Android, and trying to sync things up that way. For me personally anything should work fine, but for my mom it has to be seamless and under the hood. No weird glitches, need for constant confirmation, reliant on configuration, and whatnot. Just not sure if this will work out ok because I'm not sure how these apps deal with file conflicts and simultaneous usage. Of course, the best thing about it is that when I manage to make it work for us, no more fears of a service cutting off features and ramping up prices out of nowhere. Going the same route for Google Photos... for now, it's Synology Moments, and when I can get back home and build my own servers, it'll be NextCloud. Depending on how it goes, how easy to use the interfaces are, I might just keep the Synology for family usage, and reserve NextCloud for my personal stuff...

1 year after, a pair of breaches shows that LOTS of things are stored UN-encrypted by LastPass. I'm so glad I have used synced KeePass for years, even long before this video was published.

"Electricity getting more expensive... It doesn't make sense" Laughs in Brazilian

Thank you, Wendell! I was actually thinking that I will have to start paying them, but here you are helping us to save money!

I went from lastpass -> keepass 2 -> self hosted bitwarden on unraid with ssl and custom domain. Works very well across all devices.

I've been a paying Lastpass customer for about a year now. I pay $48 a year for a Family Plan for four of us. Bitwarden is $40 per year. So while that's cheaper, the cost of switching (in time) makes me stay put for now. I realize that's a slippery slope that could have us get locked in for longer due to increasing amount of time required to switch as the password lists grow. I need the family plan because I've got grade-school kids that I'd like to have learn good password management habits. I'll see how things shake out for a bit - but this is good info to consider.

You should have heeded Wendell's warning. LastPass has been fully compromised. I'm going to self host to keep my stuff secure. (Although my current manager is physical and the only plane of attack is breaking into my house, bypassing the dogs, and finding my password book.)

Dude. This information made my month. Encryptr just end-of-lifed and I thought they shut down permanently leaving me without all my passwords or keys for crypto. They turned the servers back on this weekend for people to migrate their data off, and Bitwarden was super easy to setup and migrate to. Great video!

Been using Bitwarden for a year-ish now ever since dashlane hiked their prices and haven't looked back. Highly recommended 👍

For a single user scenario I would agree, when you have 4 family members with shared folders and passwords, lastpass takes the cake for me. I can update a password and my wife doesn't even have to know, it will just sync to her account and work for her

Thanks for this video Wendell. I always come back to you when I'm doing security spring cleaning. Been using Lastpass for a few years and with their recent change I wanted to double check what the options out there are. Just switched to Bitwarden!

I’m switching to bitwarden as well. I was happy to pay for LastPass as a way of supporting them and maintaining for the free users, but not really into the idea of eventually losing access (if I can’t use it in both my phone and desktop it isn’t useful) to an important piece of software if times are though financially.

Must be a sign when this video came up on my recommended. I stuck with Lastpass despite the service changes last year, thought i could still work with the limitations which was still livable. But with the recent big hack, pretty much lost faith in them.

Bitwarden is great for the lazy/busy technical user.

I've been using LP for the last 8 years or so. Switched to Bitwarden instantly last week and did the same with my parents this weekend. Keypass looked great as well but ease of use is much more important b.c. I gotta set up the whole family. Very happy with Bitwarden so far, I like that that it's all a bit more rudimentary looking than LP while having better useability imo

Been using BitwardenRS on my home server for about a year now. It is great! I use the browser plugins, desktop application, and phone app with fingerprint access, super convenient. I had exported all my passwords from Chrome password sync (yuck, I know), then I used bitwarden to help me set unique super secure passwords for all my websites. My next step is to develop a high availability strategy in the event my home internet takes a nap while I'm on vacation or something..

I already left from Lastpass and started using Bitwarden. I was using Lastpass for last five and a half years.. pffff We use keepass at work also. Good, but not for everyday use (for me). Anyway, it was nice listening to you, giving information to people and comparing solutions.

Trying to create a value where there is none or trying to press water out of a stone is what is ruining many products and companies. A company that offers something like password manager shouldn't be expected to make YOY gains until the end of time.

Good presentation, I've used KeePass and Bitwarden, like them both. Even self hosted Bitwarden. For the price I let them host it and pay for the extra features. Like using my Yubi Keys as an extra layer of protection. Both KeePass and Bitwarden are great for managing thousands of pwds. Last Pass sucks and pulling your passwords off Last Pass is not for the faint of heart, they make it more difficult than needed.

This should be part of the business of building computers. From smart phones to desktops should come secure otherwise these programs seem based of the old mafia style “protection” rackets

I saw the news about LastPass when it first came out, and I kid you not I had 3 accounts migrated over to Bitwarden within 15 minutes. It was so easy and I'd been looking for an excuse to ditch LastPass and this was the final straw.

I was using Keepass/Dropbox and found that combination worked quite well. I’ve moved to Bitwarden as the integration is better, especially across multi-device/multi-platform

Man. This is timely and useful. Still can’t decide my next step, but this explains a couple options. Thanks, my guy.

This video is just on time. I was using LP and now I'm looking for an alternative that I can trust. Thank you : )

I'm old school, I have a note book with really long passwords written in pencil. Some of the passwords characters are different than how they are written.

I would love to see Wendell do an additional video discussing password managers that ship with antivirus software. I've read that they are typically not even close to as good, but it might be worth commenting on these in light of changes to LP.

I've been using KeePass + Kee browser plugin on desktop, works very good. Also KeePass supports ChaCha20 that is even better than AES256.

I am a user of 1Password for more than 15 years. Sometimes I am tempted to move and save a buck, but I am too lazy to maintain this solution for me and family. Up to now I have a very good experience, and pretty sure that it will be like this unless they are sold.

Whatever alternate you choose, remember to keep a backup of your passwords just in case, you probably have a few hundred or so passwords and really don't want to lose them, so even if you don't plan on using Keepass it isn't a bad idea to import them anyway or if nothing else at least get veracrypt and encrypt your password export.

I prefer keeping my passwords on a local level and not online. Yes I'm aware that things can be encrypted before they are sent and what not. Just keeping things offline that you don't want others to know is just a better way to be sure if you ask me. I don't have to worry about an encryption being broken or a databreach among other things. The only real downside is that I don't have the convenience of a quick one password login, and I'm more than OK with that.

Personally use keepass + Kee + rsync mostly. Kee is pretty good as a browser extension and allows for far better domain fine tuning than lastpass ever could. At work, we do use Lastpass on a company level as at the time I chose it, it was a good option for sharing passwords between people (yes we are single account freeloading on software that charges per account).

I just switched from Lastpass to BitWarden. Glad I did. I was able to export all my passwords from lastpass to bitwarden really easily. So I was able to make the switch without a hitch.

Considering the LastPass hacking discloser the other week, this video aged Hella Well

3:37 the electric infrastructure in Texas collapsed due to own lack of foresight and maintenance. there's scarcity. let's drop some surprise $10,000+ charges to the user's electric bill.

Ive been using bitwarden. Then I heard your summary at the very end. Thanks for labelling me as a "less technical user", for using bitwarden. 😜

Let's try again: Use KeePass + rclone, dont use any of the commercial products, they are all honeypot. You dont control the app, you dont control the remote rest data == you dont control your passwords.

Thanks Wendell. I didn't mind when Lastpass was $1/month for mobile to deskotp sync. No problem. I'll help keep your servers up and get people paid. I get it. Then it went free to help users forget what it used to cost. Ok, that was strange. Now they want $51CAD/year. ($4.25CAD/month) NO! Alternative implemented in 30 minutes. All data moved. Extensions and phone apps installed. Done. Logmein has done nothing but slowly destroy their own products over time.

+1 for bitwarden it's FOSS and it has a self host option if you don't like their cloud option. Even if they ever go closed, we can always use the service prior to it going closed and know it's functional. a fork can always exist.

Bitwarden sounds like the thing for me since Ive been wanting to get my parents to use a password manager, and they aren't technically inclined. I want to use the same service as them if only because then I would be familiar with the service and how it works if they ever have a problem. To many times they have called me about something I have never used or heard of before and always takes time quickly learning how to actually use whatever they are trying to use to fix the problem.

Downright prophetic lol I'm happy I took this advice

Using Bitwarden for some years now... can't live without it... Just awesome 🥰

cool video thanks for putthing this all together. only 1 sarcastic remark: "capitalism bad because companies want to make more money over time. here use this alternative tool" (poor paraphrase of Wendell) the existence of the alternative tool is the power of capitalism. you have gotten frustrated with lastpass? switch seriously, thanks for putting this together!

Be warned. When self-hosted, Bitwarden's data directory stores a PLAINTEXT list of what sites you visit (as well as your email address, and your recovery question)

I don't mind finally paying for something I have been using for free. They give me value, so I am glad to return some value back to them. The workman is worthy of his hire.

Family pricing for LastPass and Bitwarden seems to be very similar though. Also, seriously, for most folks running Linode or NextCloud or their own containers is just LOL. Next step: Just spin up a Kubernetes cluster, configure a few Helm charts, run some NGINX on the front end, pull that Bitwarden container, and bam, as Todd Howard himself would say: "It just works".

All the workarounds you described over many apps and setups are exactly the reason why I left keepass and happily pay the 50 bucks for a turnkey solution like lastpass.

i love how enthusiastically talks stuff i have no idea what is for.

Migrated to Bitwarden. Took literally a few clicks using my laptop and then setting it up on my phone took another few clicks. Getting face unlock gets a bit finicky but I managed. Works just as good as LP if not better. Really liking the simplicity of it.

Running KeepassXC with Syncthing. Using my Yubi key for MFA. I love how keepass can store MFA codes too for different services too. Haven't had a single issue with the set-up yet.

One thing lastpass helps where keepass and even bitwarden aren't easy on is password sharing. That being said - great video

The biggest features that made LastPass so good are the browser extensions and the mobile application. If Bitwarden can match those (especially the iOS app making use of the system password auto fill) then I would definitely consider switching

I am one of those effected by this change on Lastpass. They had the by far best free password manager solution out there. Over time they limited here and this latest limitation means I have to switch/pay the premium. I was considering 1Password but Bitwarden also looks decent and I will check it out but it feels like I will probably go with 1Password.

A few months ago I migrated from LastPass to Bitwarden self-hosted and I'm really happy with the change. The setup was a little bit involved but that didn't bother me. The web browser integration is excellent as you said, and that's a big deal to me.

Both utilities that you mentioned as not getting more expensive over time are in fact getting more expensive over time; electricity and water.

It's kind of amazing that a decision to use KeePass around 2004 remains not only viable but a preferred solution over 15 years later. The biggest difference is that the software has kind of stagnated, even when considering the wealth of plugins, so that the XC variant is probably more generally recommended. You can even still use the original version if you've been resisting .NET all this time.

i'm selfhosting BitWarden for over a year now, couldn't be more happier with the works.

I have been using Keepass for over 10 years. And am fine with it. Glad I didn't stray to something else. Now I am using it on Linux. I tried KeepassXC, and still like the original better. I may try it again, but KeePass gets it done. I also use KeePass2Android. Regardless, the data file, your passwords, is an encrypted file and you can move it around. I use a cloud service to hold the KeePass file that I replicate to from my devices.

Keepass + Dropbox. Not the slickest UI, but works so well for me over 10 years of doing dev work.

I agree with the sentiment in general, and everyone needs to decide what is valuable for them. However, there are some things in life you should WANT to pay for. Email service and a password manager are in that category for me. To be clear, the alternatives to LastPass are good, and i may switch at some point. But I expect LastPass to invest in defending against attackers. This is a highly attractive single point of failure and I want to pay money for someone to help the hackers away, as much as is possible. Don’t cheap out on security and privacy.

Wendell: "I don't want this to get technical or take too long" Me: Strong doubt on both of those :)

i dont always watch Level1Tech but when i do i learn i was looking for some new password managers since lastpass is changing and bam of course you got us covered

been using bitwarden for years and love it.

Hi Wendell, What is your take with the browser password managers, both Chrome and Firefox have pretty solid ones, but how are they encrypted?

I’ve been a happy keepass user for a good year or so now. I pull the db onto my phone and tablet and use strongbox to access it mobile wise

Been using Lastpass for over 10 years, even paid for premium service for a few years. But then they made the premium features I cared about free, so I stopped paying. Figured they already made enough money from enterprise users. New price of $3/month is too much, they used to charge just $1/month. Great service while it lasted. With the changes to lastpass free, I switched to bitwarden, may even pay for it since $10/year is fair for yubikey support. So far it's working nearly as good, no regrets.

Just switched to Bitwarden yesterday after 8 years of LastPass lets see how it goes. Might be trying KeePassXC as well

Thank You for the wake up as I needed to wakeup & smell the Coffee. Keep up the good work.

I've been thinking of getting off LastPass for years because I'd rather have the actual database stored locally and be able to use it anywhere I can save it (syncing through MEGA between PCs and phone, works great), but for years been on the fence about it because I didn't feel like putting in the effort to reorganize all my accounts. That was until I saw the news, forget LastPass man. And KeePass has been working absolutely better, even just simply loading account details into forms is faster somehow. Can't recommend enough.

Switched to BitWarden and I’m hosting it on a Synology NAS. Completely worth it and the data isn’t in the cloud.

One detail that was not mentioned- you can log into Bitwarden on Android phones using biometrics so you do not have to enter in your long passphrase every time... Select Settings->Security/Unlock with Biometrics.

Swapped from LastPass to Bitwarden last year when I was doing a complete security overhaul, couldn’t be happier

Not a techie so I like simplicity. I've used LastPass since 2009, and it's awesome. I've tried Bitwarden last year and it's way more technical & not as easy to use as LastPass. Sorry but LastPass is still the king of PW managers.

I'm using both KeePassXC and a self-hosted Bitwarden. I love both. KeepassXC for stuff I don't ever need sync'd, bitwarden protected by a Yubikey for everything else. Works great. I used to use LP but their software went to crap long before their business model did.

Wendell, perspective is everything here. I totally get why you'd not want to pay more than you have to, for something like this, or air, or light, or water. I used to use Roboform for years. Then like 8 years ago I switched to LastPass when I wanted something a little more multi-platform, and a little more comprehensive. Not everyone's use-case is the same, right? For example, you've already pointed out why Lastpass will probably never go away unless they make some seriously stupid maneuvers - the sketchy Docker container for Bit Warden - no thanks, dude. Roll my own sync with KeePass - ain't nobody got time for that unless Sysadmin is also your main "title" at home. If I'm a busy family man with grown adult kids, I think I'll just keep paying for LastPass and enjoy the multifactor token (hard and soft) integration, multiuser support, and numerous other features that I've had for years for only 4$ a month - as opposed to less features and more headaches for $3 a month. Are we arguing over a dollar a month here? Nah, not me. Not worth the headache dude! Now, if we're talking base-level service / software costs and if that's good enough for you, then YES by all means, use the one that makes the most sense* (* "free" usually = "great"!). Yes, LastPass costs more than it did 5 years ago. But the alternatives seem to offer me fewer features at only a marginally lower price, and it doesn't seem worth it to change. Good video as usual, but different strokes for different folks, and what's good for you isn't necessarily going to be good for everyone out there. :)

Bought by PTC and went to crap and costs 3 times what it used to. You nailed it.

Most people are not going to work out how to securely access a password db across multiple devices. Lastpass is offering a service that does this for them. I would not use it, I use keepass and syncthing and a vps, but Lastpass provides a useful service that normal people will pay for rather than working out their own solution.

So i agree with you 150%. Sorry to all those that read this i tend to get long winded :). I was with last pass almost since they started. I subscribed almost immediately ($12 a year) not so much because i needed the extra functionality more because i wanted to support the company. I was like "oh no...." when they got bought out by logmein. Joe SiegristJoe Siegrist (the founder of last pass) is a really great guy but the acquiring company (logmein) is a POS but i continued my subscription until one day, out of the blue, i get a cancel noticed from paypal (automatic charged me every year) with absolutely no explanation from logmein/lastpass. Apparently there was no thought for grandfathering for the subscribers who for many years. Thats when i left. So now then wanted $30+ for the same service even though the service had got no better. For example everyone had been asking for FIDO2/U2F support for years. Its still not there. So i switched to 1password for a short time (can't say anything negative about them) and to finally bitwarden. Again i don't need the premium features of bitwarden but i pay for it to support their effort. I just hope the same thing doesn't happen again. I've had multiple bad experiences like this through the years like evernote (which i used to love) & crashplan (there were many people abusing their service they should have just stopped the abuse rather than end the service).

We use keepass at my place of work believe it or not, it's a small crew so luckily not as bad as you might imagine but it does get tedious having to make manual pw edits everytime someone needed to change a pw for one reason or another. It doesn't happen that often but it can waste a surprising amount of time and makes me pine for cloud based storage (until i saw this video that is, thanks)

Seriously use a free resource people. And make sure it's your own.

Thanks soooo much.. was looking for something that wasn't last pass.. thanks good sir..

I'm a technical user. A lazy technical user to be precise, and I'm rocking the free tier bitwarden. Lovin it!

Thanks, KeepassXC (combined with already using Syncthing) seems awesome, have changed over since I saw this video 4 hours ago. (full disclodure: I was looking for the video but still KeepassXC was the perfect fit for me.) PS: Anyone else read "Log Me In" as a "vailed" threat?

I love the analogy for trying to decrypt AES 256, spot on.....it would take 100 years plus to get anywhere.....BUT.....with quantum compute with focus in cyber security, it may be possible to break AES 256 sooner.

I've been running on KeepassXC + Keepass2Android + Syncthing for a pretty long time now. No complaints so far. Protip: Run an always-on Raspi with Syncthing at home; this way, you basically get Dropbox minus the web UI.

KeePassXC is the way to go here. Excellent stuff.

What about Firefox lockwise?

I use keepassXC as my password manager on my PC and keepassDX on my phone synced with syncthing which works really well

I use the Bitwarden docker image and haven't had any issues but I do dread the day when something goes wrong. It's a total blackbox. Maybe remind folks to enable backups on their Linode instance if they're going to host all their passwords on it..

Been using Sticky Password for quite some time. I think i got it originally from one of those "free app for a day" thingys and when they went with paid option like last pass, they gave me free lifetime license (what was a cool thing to do).

For those debating whether they want to use KeePassXC or Bitwarden. I used KeePassXC synced between a few of my devices, I tried a few tools for sync, syncthing, a usb drive and others I don't remember. An issue I always encountered was that sometime I would modify the db on a few devices before they got a chance to sync with each other, this results in a synchronization conflict. Imo, these sync conflicts are the worst part of the experience, I managed for a few years, but Its part of the experience that @Level1Tachs did not mention and its the biggest difference between the two options. When KeePass db file is modified in anyway it looks completely different from the file system perspective, only when you decrypt your KeePass db file, by opening it in KeePassXC, can you understand the changes. Because of this no file sync service can resolve any sync conflicts on its own. This is where Bitwarden provides a lot of usability IMO, on the server it can reconcile these sync issues because on the server it can see the file. But that's a big tradeoff, KeePassXC is more secure but on Bitwarden you don't have to deal with sync issues. Tl;dr @Level1Techs forgot to mention that Bitwarden saves you from having to deal with sync issues, but it can only do this because you are trusting the Bitwarden server more than you trust a sync server with a KeePass file.

I started out with KeePass, but had trouble with synchronization. I didn’t trust the free services with the encrypted file (I know), and Nextcloud/own cloud at times created conflicted files. I switched to Enpass, cross platform, mobile platforms and syncing. It was a $10 lifetime app purchase for unlimited syncing from unlimited devices, but they have changed their offerings as time goes on. I still like it because I can use WebDAV with Nextcloud to keep the password file “local” and easily in sync.