KeePass vs Bitwarden: A Comparison of Free Password Managers20 Nov 2018
It’s been nearly 2 years since I originally wrote about How I Manage Passwords with KeePass. That blog entry was inspired by Troy Hunt’s post, “The only secure password is one you can’t remember”. Using KeePass was a wonderful experience, and I’m thoroughly convinced that everyone should use a password manager. The ease of use and level of security a password manager provides is way better than anything else you could do to remember your passwords. One of the most common ways a person can be hacked is by reusing the same password on many websites. The problem is that if any website has a data breach, all the websites you used that password on are compromised. And a password manager solves this problem by using a different password on every site.
Update: It’s 2020 now, and I’ve been using Bitwarden for well over a year. I’m still incredibly happy with Bitwarden, and I recommend it to anyone I can! It’s a great password manager, and I expect I’ll continue using it for a long time to come.
KeePass is a relatively old application. KeePass 1 was originally released for Windows XP in 2003, and KeePass 2 came out of beta in 2009. It shows - KeePass feels like a Windows application from the early 2000’s. (Its icons and toolbar are a bit dated.) Although the application itself is old, it’s still actively developed, and remains one of the most popular password managers. There are a large number of plugins available and because it’s open source, it’s pretty easy to find a KeePass-compatible application for any device or operating system.
Using “KeePass” as your password manager really entails using a combination of several different applications and services to work with a KeePass password database file. I used Dropbox to sync my password database between all my devices. I used Keepass2Android to read and store passwords from my phone. And I used KeePassXC on my Linux and macOS computers. (And if you’re using KeePass, I highly recommend all of these apps.) Although there are some browser plugins available for KeePass or KeePassXC, they always seemed finicky to me and I never found one I liked, so I stuck with the desktop application. If you decide to use KeePass, you’ll have to figure out what works for you. Maybe you prefer to use Google Drive to sync it across all your devices and need to find the best iOS app. But one way or another, you can make it work.
I was originally drawn to KeePass because it’s open source, and that remains one of its strengths. An open source password manager means that security experts (and anyone else who’s interested) can check out the source code and independently verify the strength of the encryption it uses. It also means that the application will always be free, so you won’t get sucked in to an expensive payment plan.
All in all, KeePass has widespread support for different platforms and plugins (although you’ll need to figure out how to sync the file to all your devices yourself). It’s very mature and also very flexible. Although the number of applications and plugins available can be appealing, less technical users might find it confusing and difficult to set up.
Bitwarden is the new kid on the block, with version 1.0 released near the end of 2016. It was designed - from the beginning - to be used in a multi-device environment and sync passwords over the web, providing an open source solution that can compete with other internet-native password managers. Although KeePass (and its derivatives) are open source, they aren’t designed to operate on the internet so they require additional services (like Dropbox or Google Drive) to make them sync across different devices. Bitwarden is an all-inclusive solution, providing a unified experience across every platform.
Bitwarden provides official desktop applications for Windows, Mac, and Linux; official phone apps for iOS and Android; and official browser plugins for Chrome, Firefox, and Safari (in addition to others). Because all the apps are officially supported by Bitwarden, there’s no need to find a 3rd-party application to support your device. And because Bitwarden has built-in support to synchronize your passwords over the internet, there’s no need to set up additional cloud storage systems. Ultimately, this leads to a smoother user experience that’s also much easier to configure.
There is a for-profit company behind Bitwarden, and they do offer different pricing plans for individuals and businesses. But as long as you’re not using it in a corporate environment, you shouldn’t have to worry about paying anything - it’s free for up to 2 users in an organization. While the pricing plans may make Bitwarden feel proprietary, it is indeed open source. And because it’s open source, it has all the same open source advantages KeePass does. If you were to pay for Bitwarden (in a corporate plan or a premium plan), you’d be paying for the company to manage running the software on the internet for you – the software itself is open source and therefore free. And in a way, this gets you the best of both worlds. You can use open source software and still have a company to lean on for support when you need it.
As I mentioned at the beginning of this article, I’m a Bitwarden user! To me, Bitwarden feels like the new version of KeePass, solving all the problems KeePass has about syncing passwords over the internet to multiple devices, and providing a nice, clean interface to use.
I’ve been using Bitwarden for a̶l̶m̶o̶s̶t̶ ̶a̶ ̶m̶o̶n̶t̶h̶ (update: years) now, and I’m really happy with it. I’m using the browser extension and the Android app, and I love how seamless and effortless the experience is. Although my experience with KeePass was good, there were minor annoyances here and there – like trying to find the right plugin or fiddling with the browser extension. With Bitwarden, all that friction is gone. I think the biggest reasons to use KeePass have always been that it’s free (no cost) and open source, so the code can be reviewed for security. I think Bitwarden also meets those criteria, and provides a more modern password management solution with none of the drawbacks of KeePass. The simplicity of configuring Bitwarden is the nail in the coffin for me, and it was really easy to import my passwords.
|Stood the test of time.||Built for syncing multiple devices.|
|Includes password generator.||Includes password generator.|
|Ported to every platform/OS imaginable.||Support for all major platforms.|
|Lots of plugins.||Seamless browser extension support.|
|Requires Dropbox to sync.||Easier to set up.|
|Harder for beginners to understand.||Professionally maintained.|
|Different application on each platform.||Seamless UI on all platforms.|
While I like KeePass, I think Bitwarden is even better, and I’d encourage you to give it a try if you’re thinking about using a different password manager or trying one for the first time. And if you’re considering switching from a different password manager, like 1Password or LastPass, I think you’ll be pleasantly surprised with how nice it is to use Bitwarden. If you’re ready to give it a shot, check it out at bitwarden.com!
Disclaimer: I’m not affiliated with KeePass nor Bitwarden, and I wasn’t compensated in any way to promote one or the other. I just like writing about useful software.