[mdibaiee]

LastPass is the worst piece of software I have ever worked with. We had a lot of trouble making sense out of its sluggish user interface and confusing terminology and more.

BitWarden is my choice, it's cheaper than alternatives, the UI is simple and easy to understand. It's open-source and battle-tested. You may want to self-host as well.

[Danski0]

+1 Lastpass created more chaos than solving issues in our company. Multiple dashboards that interfere with each other, horrible overview causing outdated/wrong rights, users having to restart several times before new passwords showing up, bad mobile support and much more.

[skrowl]

Upgraded from LastPass to BitWarden around this time last year. Amazing piece of software. I can't recommend it highly enough!

[wpietri]

Totally with you on both counts. It amazed me how clunky and buggy LastPass was. I used it both as a browser plugin (FF, Chrome) and as an Android app. In a truly impressive achievement of corporate standards, each platform had different issues, but all achieved the exact same level of low overall quality.

I switched to BitWarden a couple of months back and I'm very happy with it. I have quibbles, but it's a much more solid experience.

[znpy]

Lastpass was adopted at my previous employer, it was a mess to use and absolutely not user-friendly or intuitive.

Glad I don't have to use it anymore.

[klenwell]

Another thing that drives me crazy with LastPass is it won't give you a distinct URL for a note or folder (or whatever they call that particular resource) that you want to share.

So I end up having to give other members of my team step-by-step directions to finding the right file or folder every time I share one. And that's assuming the access permissions haven't got borked, which seems to happen more often than not.

I've been pushing my company to drop it for a while.

[jmkni]

I'm still rocking Keepass after nearly ten years now. I've tried Lastpass, and found it clunky/fiddly in comparison.

[sethammons]

I've been a KeePass user for at least as long. Sharing it with my wife and my multiple computers was done via Dropbox. I switched a couple of months back to self-hosted bitwarden. It is _much_ better. No need for file sync. Better UI. My wife actually _uses_ it now, as opposed to before she would avoid keepass. With Bitwarden, you get better control over passwords and who can see them and all that. Bitwarden also will host for you if that is not your jam. I highly encourage adoption of Bitwarden :)

[eli]

How do you share passwords between people with keepass?

[jmkni]

We use Dropbox. We all memorise the master password, then have the Keepass database in a shared Dropbox directory we all have access to.

[eli]

Got it. Yeah we did that for a bit, but it became apparent soon enough that we actually needed different access levels and keeping track of three or four different databases & passwords just didn't seem practical.

[MortenToudahl]

You should use this: https://pleasantsolutions.com/passwordserver

[jackdh]

How do you make sure you don't overwrite people's saves?

Surely this can't work for a larger organisation?

[jchw]

Looks like it can reconcile this automatically.

https://keepass.info/help/v2/sync.html

Probably better used with a filesystem that has strong guarantees though.

[jmkni]

Yeah you get a popup if somebody changes the database while you have it open

[tehbeard]

Google drive seems to work fine here. I believe there's also a plugin for it rather than save to the folder and deal with the rare save conflicts.

(This with 2 factor passphrase and key file, btw)

[farisjarrah]

I've done this in a team in the past and we just put the encrypted keepass database in a private github repo. It mostly works out fine, the only pain in the butt is everyone needs to ensure that they pull down their repo and make sure its all up to date before they add anything to it.

[angrydev]

We also use LastPass and it sucks so hard. Terrible UI, bad UX decisions, frequently breaks.

[lloydatkinson]

Was starting to think I was the only one that thought this. It's a total POS.

[justin_oaks]

I reviewed BitWarden about a year ago for my company. Ultimately the reason I rejected it was that I couldn't find a way to reset another user's master password. It is certain that users will forget their master password and need to have it reset.

Perhaps it has changed since, or maybe it was just hard to find. Oh well, too late now.

We ended up using 1Password. My only real complaint with it is the need to create a vault for sharing something from one user to another. That means that if any two people in the company want to share, they need to get an admin involved so the admin can create the vault.

[tracker1]

With bitwarden, the account's data may be encrypted against the passphrase afaik... Also, you can setup shared groups for passphrases that are meant to be shared and the way the browser extension works, you need to enter it each restart to use it, so it should be more common.

The whole point of a password manager is so you only have to remember one passphrase. Suggesting an actual sentence and not having byzantine passphrase requirements will help. My fiance is really bad with this one, I admit that I don't have much empathy here.

[storedbox]

Bitwarden is end-to-end encrypted. So, password "resets" aren't really a thing without also resetting the vault as a whole.

[developer2]

Yeah. While I can understand wanting to be able to reset a user's password as an administrator of other users (eg. an IT department supporting those who forget their master password), it's also a security problem to allow such a feature. Basically, all user accounts under an organization would need to be encrypted with two separate passwords: the user's, as well as the IT/admin/company "master key". Having all users' passwords encrypted with a master key password to allow resets means all users' passwords across the entire organization can be compromised by a single IT employee's master key password.

Personally, I'm ecstatic that there is no recovery process to reset or recover a Bitwarden master password. No security questions. No email reset. No one-time use login codes (which would need to be stored somewhere not encrypted by a user's secret key in order to verify). Again, I can understand why an IT department would want that, but all that does is open up attack vectors that are very easy for an attacker to abuse.

The whole point of the master password is it's the ONE AND ONLY password you cannot forget or lose. One... lousy... password.

[jdlyga]

I experimented with Bitwarden for a little while, but it didn't have a good method for changing passwords. I ended up switching back to LastPass. But, I'm pretty frustrated with their buggy iOS app.

[developer2]

Can you elaborate? Changing a password with Bitwarden is just editing the field or–even better–a one-click button to (re)generate a new random password (including options for length and complexity requirements). If you are logged into the browser addon, it will also (depending how javascript-hacky the website is) prompt to save the new password when you modify the password in a website's settings.

Unless you're talking about mass-replacing a single password across a bunch of different entries? Which is certainly not a limitation of any password manager; reusing a password is just horrible.

[sequence7]

Lastpass has a feature called auto password change [0] that allows you to update a password directly from inside lastpass at the click of the button. It doesn't work for all sites but it's a pretty nice feature.

[0] https://helpdesk.lastpass.com/generating-a-password/auto-pas...

[secabeen]

I haven't had that problem with BitWarden in testing, but I can't change to BW until they come up with some solution for having both a work and and personal vault. The ability to link-in your personal LastPass to your work LP without actually giving your employer any access to your personal LP is really beneficial to my staff.

[Corrado]

I'm actually using BitWarden for work and personal stuff and it works wonderfully. BW allows you to "link" the two accounts and share things between them (or not). For example, my personal Gmail account information is in BW but its not exposed to my employer at all. On the flip side, I've created management accounts (ie. JIRA admin user) and shared them with the "IT" team in BitWarden; this allows all of the IT admins to get into JIRA if necessary.

[tracker1]

Can't you create a personal group, and have both accounts in that group?

[solumos]

You should try OneLogin - LastPass is a dream by comparison.

[dcchambers]

I can echo the frustration with LastPass. Definitely would not recommend it.

I used KeePass at a previous company and loved it.

[mfasduf]

Could you elaborate more on the problems with lastpass a bit?

[xnyan]

1) Slow, confusing and rarely updated (any any updates are just as likely to be a regression as an improvement in my subjective opinion) UI. The browser extension is terrible and up to last year, their hacky password-field-finding javascript slowed down several pages to to point it was unusable. It's still not great.

2) The business model of LastPass worries me. Unlike a 1Password (I tried it for a 3 month trial, don't use them or have any skin in the game for them) charges a lot more than LastPass and in addition to having a more smooth, speedy and performant application, they are charging enough money to feasibly be profitable just storing passwords.

LastPass has has more data breaches than the others (google). It's run by a domain register. In my opinion this influences how the password business is run, leading to a marketing-forward rent extraction password manager vs a good one.

[sabalaba]

- It frequently stops working and needs to have the chrome extension re installed (at least on Linux).

- It’s sluggish.

- The password sharing experience sucks.

- The drop down menus often get obfuscated in weird ways.

[tracker1]

Chrome extension was broken for several days, that was painful, pulling out my phone for long passphrases on various sites.

While I wish the bitwarden UI could stay over the top a little better, been really appreciating it vs lastpass... it's a bit simpler and less confusing overall. Not quite the same feature set, but that's okay..

I do wish the autofill wasn't two menus deep though. (right-click, bitwarden -> autofill -> list) wish it just expanded autofill (if less than say 5 matches) on the right-click menu.

[mc32]

That last one, the drop down menu getting some auto full garbage which obscures choices and interferes with selection is annoying.

[raverbashing]

You might not like it, but I have a long list of software worse than it, I really don't get the hate for it.

[actionowl]

The personal version works well in comparison. We liked it and adopted it for our company but using the enterprise version, that's when it really started to give us problems.