Hacker News new | ask | show | jobs
by darkhelmet 2781 days ago
We used LastPass for several years in our home, mostly because it was able to fill Firefox http basic auth dialogs. When Firefox switched to the webextension format, LastPass started using the Chrome version as the foundation for Firefox. This was a huge step backwards and my wife HATED it.

The biggest problem she had was that it was that the standard workflow of it capturing generated passwords became unreliable and it stopped automatically tracking the random passwords it generated. Whatever it was that she was doing, she kept losing passwords and getting locked out. It destroyed her trust.

We tried Bitwarden. It doesn't require the same leap of faith to use a random password. They're saved first before you use them. The usage flow isn't quite as smooth as LastPass was, but she hasn't lost any passwords since the switch.

She's almost forgiven me for making her use a password manager. Almost... :)
11 comments
otakucode 2781 days ago
Yeah, I noticed the change in LastPass' behavior. It turns out that it actually DOES save the random passwords it generates... it's just very well hidden. If you generate a random password for a site, register your account, and LastPass does not catch it and doesn't prompt you to save the account info, it's not lost. If you open the 'Generate secure password' page by itself from the context menu extension, you'll get a new random password. BUT, if you click the down arrow to the right of it, it will drop down a list of the prior generated random passwords for at least that browser session.

Utter madness, but it saved me a couple times.

link
paultopia 2781 days ago
That is very good to know! I've resorted to copying the new password to a temporary text file and then deleting it after I can confirm it's saved, which is an idiotic workflow, so very glad there's an alternative.
link
dcbadacd 2781 days ago
They added that feature after I and probably other users complained about it stupidly losing set passwords after the UI revamp.
link
SubiculumCode 2781 days ago
THANK YOU!!
link
satysin 2781 days ago
Very similar for me but with 1Password instead of LastPass.

My only complaint about Bitwarden is that the desktop app on macOS does not have support for Touch ID which is a shame. It has been a requested feature for a long time but no progress seems to have been made.

The desktop Bitwarden app is Electron based so I don't know if that is an issue or not.

Overall for £10/year for Premium or legitimately free if you don't need the Premium features you are a fool to not use it imho.

link
tgb 2781 days ago
Switched to Lastpass half a year ago and it's been a rocky move (I didn't have a password manager before). It's consistently been painful to use. For example, my work email transfers between different domains for log in versus viewing and I think even a third. Lastpass never manages to suggest the password at the right time because of this and I always forget where to find it. The mobile app routinely makes me type my long passphrase in twice in a row which is painful because it's easy to typo it. I also don't trust it saving randomized passwords it generates so I always have to copy them to clipboard and confirm that the account was added properly. I have had problems where data did not sync; I could see it in Mobile but not desktop or vice versa. It had been in my account for weeks at that point. Maybe I should try bitwarden.
link
dcbadacd 2781 days ago
LastPass has gone downhill since the acquisition. It's horrible compared to what it was before.
link
e40 2781 days ago
I moved from Lastpass to 1Password recently. Neither fill basic auth dialogs, and both companies state this is a feature not a bug. It still pisses me off.
link
jammygit 2780 days ago
I read a while back that browser-based password management with autofill is a big security risk. I can't remember the details, but the article author cited some actual exploits that have affected browser-based password managers.

I was considering switching to KeepassXC in response but didn't get around to it.

link
some1else 2781 days ago
I use the desktop app. With a global hotkey it's easy to paste passwords into SSH logins, secrets into vi, etc. With the added benefit of not having to rely on Chrome to isolate your entire password archive from the internet.
link
h1d 2781 days ago
This is partially because browsers don't have decent API to handle basic auth. Bitwarden will log you in via basic auth if you only have 1 matching entry for the URL but surely things can be better than this...
link
jjoonathan 2781 days ago
In the age of open source browsers that's only an excuse if they're being blocked from contributing an API.
link
h1d 2781 days ago
Are you suggesting password manager devs start sending patches to browsers? Getting used to all browser API isn't exactly easy to begin with, let alone there aren't many who has enough motivation to wait for that implementation to become wide spread for it to finally solve a problem that is only used by a few.
link
jjoonathan 2781 days ago
Also: it has a 50% (and decreasing) success rate at actually filling in passwords and no quick menu to copy/paste them.

Lastpass has been on my "replace at next opportunity" list for a while now. No time like the present.

link
killjoywashere 2781 days ago
I slowly migrated into LastPass from 1Password but could never be convinced to just give up on 1Password. I've heard many say 1Password is inferior for a variety of reasons, but it also works, which is important. And my wife uses it, which adds value. And then LastPass just started fading. To the point I really only keep it around to recover passwords that I didn't put in 1Password for some reason.
link
y4mi 2781 days ago
Last Pass still saves generated passwords, it's just become a hidden feature for some reason...

Each generated password is visible in the triangle drop-down to the right of the generated password. This list resets on restarts

link
vezycash 2781 days ago
>When Firefox switched to the webextension format, LastPass started using the Chrome version as the foundation for Firefox.

The backward change started after logmein bought lastpass.

link
gnud 2781 days ago
Yes, I use KeePass and Kee for Firefox. Before WebExtensions it was perfect. Now, it has a dialog that tries to intercept basic/negotiate auth, but it never works.

Luckily, keepass has a very nice auto-type functionality that works perfectly with basic auth dialogs. Now if I could just disable the Kee dialog that doesn't actually do anything...

link
debunn 2781 days ago
Is your "Always show global auto-type entry selection dialog" option checked in the Options \ Advanced \ Auto-Type section? Mine is unchecked, and for sites / applications that only have one entry, it just enters it without showing a dialog...
link
SubiculumCode 2781 days ago
Ahh that explains it. I've definitely sen a deterioration in performance by the last pass extension.
link
xxkylexx 2781 days ago
FYI: There is also a full history of generated passwords available in each Bitwarden client app. So if you manage to lose one during the onboarding process, it should still be available in the history log.
link
geekamongus 2781 days ago
This is true of Lastpass, too. Just click the down arrow next to the generate pw field.
link
bsharitt 2781 days ago
I didn't realize that. That is very useful to know. Thanks!
link
Wowfunhappy 2781 days ago
Ironically, this describes the exact problem I've been running into with Bitwarden on Safari.

Still less buggy than Lastpass's Safari extension though...

link