Loading
  • Home

  • App picks

  • App comparisons

App comparisons

8 min read

Bitwarden vs. LastPass: Which password manager is best? [2024]

By Luke Strauss · November 30, 2023
Hero image with the Bitwarden and LastPass logos

A password manager securely stores all of your passwords in one place, so all you have to do is remember one password instead of, say, 300. Out of the top password managers, Bitwarden and LastPass have historically been favorites.

I've been using LastPass to manage my passwords for over two years, so I'm already very familiar with it. Still, I spent time testing the ins and outs of both options—creating, updating, and using login credentials on various types of websites and researching each platform's reputation among security professionals to uncover which is right for whom. Hint: LastPass doesn't fare so well after multiple security breaches in 2022 that involved user data being stolen, including encrypted password databases.

Read on for my analysis of Bitwarden vs. LastPass.

Bitwarden vs. LastPass at a glance

Unlike full-service platforms used to meet an entire business's accounting or website-building needs, Bitwarden and LastPass serve a relatively straightforward purpose: password management. This makes them more similar than they are different in terms of how you use them, but Bitwarden's security is absolutely superior.

  • Bitwarden is best for users looking for a platform with advanced security measures and insights and the most affordable pricing.

  • LastPass is only best for those who prioritize aesthetics at the expense of strong, industry-standard security measures.

Bitwarden

LastPass

Security

⭐⭐⭐⭐⭐ Open-source software with military-grade encryption; defaults to 600,001 password iterations; no known data breaches to date

⭐ Closed-source software; doesn't encrypt all user data; defaults to 600,000 password iterations; security incident in 2022 compromised user data, including encrypted passwords

Interface

⭐⭐⭐ Simple yet outdated

⭐⭐⭐⭐⭐ Intuitive and modern; uses block format that adapts to browser size

Credential autosave pop-up

⭐⭐⭐ Outdated and easy-to-miss pop-up

⭐⭐⭐⭐⭐ Clear pop-up that can't be missed

Password generator

⭐⭐⭐⭐⭐ Can specify minimums for character types; includes options to also generate passphrases and usernames

⭐⭐⭐⭐ Can generate passwords that are easy to say and/or easy to read

Security reports

⭐⭐⭐⭐⭐ In addition to weak and re-used password reports, it includes reports for exposed/breached passwords, saved unsecured websites, and sites lacking two-step authentication

⭐⭐⭐⭐ Provides an overall security score, major alerts, and dark web monitoring; flags re-used and weak passwords

Price

⭐⭐⭐⭐⭐ Extensive free plan; paid plans start at $10/year for individuals and $2/user/month for businesses

⭐⭐ Minimalistic free plan that limits users to one device type; paid plans start at $36/year for individuals and $4/user/month for businesses

Bitwarden vs. LastPass similarities

Bitwarden and LastPass have a lot of similar features—after all, they serve basically identical purposes. Here's what's more or less the same between the two password managers when it comes to features specifically:

  • Customer support availability: Both companies offer assistance after you fill out a support form. Free resources and training are also available.

  • Password generation: Both platforms automatically generate strong and unique passwords.

  • File storage: Both platforms provide encrypted file storage, so you can add important documents like your birth certificate, SSN, and more.

  • Categorization: Both platforms enable you to create folders to separate and categorize your login credentials.

  • Desktop apps: LastPass and Bitwarden both have a desktop app.

  • Browser extensions: Both platforms have extensions for all major browsers, including Google Chrome, Firefox, and Safari.

Bitwarden's security measures outrank those of LastPass

While Bitwarden and LastPass both make honest efforts to protect user data, Bitwarden's security measures far outrank those of LastPass. For one, Bitwarden defaults to 600,001 password iterations, which refers to the number of times a password is hashed to keep it secure. Users who signed up before February 2023 have a previous iteration count of 200,001. LastPass, on the other hand, defaults to 600,000 as of July 3, 2023. While that's now basically on par with Bitwarden, the default for LastPass users who signed up before that can vary from just one to 100,100, depending on their sign-up date. That said, both platforms allow you to modify this number manually for additional protection against brute-force cyberattacks.

Bitwarden also encrypts all user data, while LastPass's encryption practices have faced criticism for being insufficient. According to security researcher Jeremi Gosney, "With LastPass, your vault is a plaintext file and only a few select fields are encrypted." 😬

LastPass was the target of a monthslong cyberattack in 2022 that should cause folks to raise an eyebrow (or panic and change all of their passwords immediately). In August 2022, LastPass confirmed that its infrastructure was breached.

While company leadership initially assured users that no customer data was compromised,  a March 2023 statement confirmed the breach involved two separate incidents leading to unauthorized access to most of LastPass's highly sensitive customer data, save for users' main passwords.

With the databases under their control, the hackers could brute-force the main passwords. If someone used a short, insecure password instead of something long and complex, or re-used a password that had been leaked in a database breach in the past, the hackers could unlock their database in moments—yikes.

In response, LastPass rebuilt its entire development environment, improved its alerting capabilities, rotated all potentially affected credentials, and raised the aforementioned default iteration count, but this doesn't fix things for anyone whose data is already in the hands of the hackers. If you're a new customer, this is more of a major red flag than an actual ongoing security issue. Still, if you've been using LastPass for a few years, you should consider anything in your password vault as potentially vulnerable—especially if you didn't have a strong main password.

Security professionals have widely criticized LastPass's response to this breach, claiming it lacks transparency and shifts blame away from the company. It's important to note that the issue is still ongoing, with recent incidents linking LastPass to major cryptocurrency heists, raising concerns about the security of stored crypto keys. This ongoing pattern of breaches underscores the vulnerabilities in LastPass's security measures. For these reasons, Bitwarden hands down earns the title of the more secure platform.

LastPass offers a modern design and user-friendliness at the expense of some advanced features

Since I've been using LastPass to manage my passwords for a while, I was already really familiar with the platform's offerings. It's also why Bitwarden's advanced features stuck out like a sore thumb (a thumb that's sore from enthusiastically thumbs-upping).

For example, LastPass provides a relatively basic security dashboard. Mine shows me an overall security score, an alert board for the really important security notices, and a "dark web monitoring" section listing which of my email addresses have been spotted in shady corners of the internet and should be monitored. I can also view my at-risk passwords to see which ones are weak and/or re-used.

Screenshot of the security dashboard in LastPass, showing the user's overall security score (91.6%) inside a green circle
Security dashboard in LastPass

These insights were enough to prompt me to update my main password and several of my other passwords, but they simply don't stack up to Bitwarden's multitude of security report options.

Reports dashboard in Bitwarden

As you can see, Bitwarden goes the extra mile with its reporting. Unlike LastPass, the platform reports on which of my passwords have been exposed in a data breach, which unsecured websites I have saved, and which sites don't have two-factor authentication enabled.

Bitwarden also gives the user more customization capabilities when generating and saving passwords. Both apps offer a really cool random password generator, but Bitwarden's has some unique features, including the option to create a username and passphrase and to specify a minimum quantity of numbers and special characters.

Bitwarden's password generator

LastPass comes with its own unique options, like generating passwords that are easy to read or say, but I feel that Bitwarden's username and minimum-character options make it the platform to beat for password generation.

LastPass' password generator

Bitwarden's added customization options don't end there. The app enables users to enter multiple URIs (encompassing both URLs and URNs/names, such as ISBNs) for its passwords. For example, if I wanted to use the same login information for multiple sites, I could add both sites' URIs to one Bitwarden item. Plus, for added security, Bitwarden gives users the option to re-prompt their main password when autofilling for certain sites.

Bitwarden allows multiple URIs

Despite Bitwarden's advanced features, its interface feels a little dated when comparing the two platforms. LastPass's interface displays all of your websites in a block layout (which I personally like better) using large logos that are more accessible. You can also sort folders and website names alphabetically or by most recently used to quickly find what you need.

LastPass' interface

The difference in aesthetics is even more distinct when looking at both platforms' desktop applications side by side. LastPass's application is visually appealing and has legible contents. Bitwarden makes me feel like I'm about to send an email on Microsoft Outlook (no offense, Outlook).

Comparison of Bitwarden's and LastPass' desktop interfaces

One of the most convenient aspects of using a password manager is that it automatically fills in your login credentials. If you only have one account for a website in LastPass, your credentials will autofill without you needing to lift a finger. If you have more than one account, just click the LastPass logo that appears next to user input boxes, and fill the box with the correct info in two clicks.

Autofilling passwords in LastPass

Bitwarden has a similar autofill feature, but it's not the default. Instead, you have to do one of the following:

  • Navigate to the Bitwarden browser extension's settings, scroll down to Options, and enable Auto-fill on page load manually.

  • Navigate to the Bitwarden browser extension and select the login information you want to insert.

  • Right-click on the user input box, navigate to Bitwarden, hover over Auto-fill, then select your account.

  • Hold control+shift+L (or command+shift+L on a Mac). This command can be customized in Bitwarden's settings.

Autofilling passwords in Bitwarden

I know—exhausting, right? Ok, not quite. But LastPass prioritizes user experience by making autofill as straightforward as possible—though it seems they don't put the same effort into securing their users' data.

Bitwarden's next UX hiccup involves saving new passwords. LastPass's pop-up box asking whether you want to save a new password mimics Google's—it's attention-grabbing and clear.

Screenshot of LastPass' Remember Password pop-up feature
Saving a new password in LastPass

Bitwarden's, on the other hand, is all too easy to miss.

Saving a new password in Bitwarden

See that teeny-tiny bar under the URL? That's Bitwarden's pop-up for remembering your password. LastPass's red branding helps make it stand out, while Bitwarden's blue branding, coupled with its use of small text and pop-ups, makes it relatively inaccessible. It's a small thing, but these kinds of small things mean a bigger learning curve.

Bitwarden's free plan is much more generous and is a bit more financially accessible for individuals

Bitwarden's free plan is relatively extensive, granting you access to all core features, including unlimited storage of logins, access on any device, free sharing for two users, a password generator, and 24/7 email support. Meanwhile, LastPass's free plan only grants you access on one device type (desktop or mobile) and doesn't provide access to personal support.

While Bitwarden clearly has the upper hand when comparing free versions, the two solutions' paid plans are a bit more comparable. Take a peek at Bitwarden's pricing plans as well as LastPass's to compare each option.

As you'll likely notice, the two platforms have very comparable business pricing, though Bitwarden does take off a dollar per user for those who opt for annual billing. The biggest price difference is for Premium plans for individuals. LastPass charges $36 per year for its Premium plan for individuals, whereas Bitwarden only charges $10 per year. Additionally, they both offer family plans consisting of up to six Premium accounts. LastPass Families costs $48 per year, while Bitwarden Families is $40 per year.

Bitwarden vs. LastPass: Which password manager is best for you?

When it comes to password security, Bitwarden clearly surpasses LastPass in getting the job done. Ultimately, Bitwarden is best for those seeking the most advanced security features and the lowest-cost option for password management. LastPass, on the other hand, is best for those who want to save time and headache by investing in a user-friendly password management experience at the expense of comprehensive data security measures. You might have to change all your passwords every few years in a panic because of a database breach, but hey, it's easy to update them in LastPass while you do.

At the end of the day, a password management platform is meant to do two things: manage and organize your passwords while ultimately keeping them secure. Bitwarden manages to pull off both. LastPass might be nice to use, but it still has a decent number of question marks over it.

Related reading: 

  • LastPass vs. 1Password: Which password manager should you use?

  • 8 tools you need in your security stack as a freelancer

  • 7 security behaviors to protect yourself from hackers

  • 5 ways to protect your site and improve your digital security with automation

  • iCloud Keychain vs. 1Password: Which is best?

This article was originally published in January 2023. The most recent update, with contributions from Allisa Boulette, was in November 2023.

Get productivity tips delivered straight to your inbox

We’ll email you 1-3 times per week—and never share your information.

tags
mentioned apps

Related articles

Improve your productivity automatically. Use Zapier to get your apps working together.

Sign up
See how Zapier works
A Zap with the trigger 'When I get a new lead from Facebook,' and the action 'Notify my team in Slack'