Bitwarden and LastPass are both popular password manager tools, but there are several advantages to using Bitwarden over LastPass.
In the wake of the recent security breach of LastPass, many people are reviewing their choice of a password manager.
In Bitwardens’ case, they use PBKDF2 as the algorithm. Recently OWASP has recommended that the number of iterations used in generating the keys should be increased to 600,000 iterations.
At this time Bitwarden has already increased new accounts to the newer recommended setting, but existing accounts may need to be manually adjusted.
Advantages of Bitwarden
One of the main advantages of Bitwarden is that it is open-source, which means that the code is available for anyone to review and audit. This can give users more confidence in the security of the tool, as they can see for themselves how it works and identify any potential vulnerabilities.
You can also self-host Bitwarden which has additional advantages in that your data is secured on your own systems. If a breach of Bitwarden servers happens your data would not be exposed. It should be noted that the self-hosted feature is part of their licensed plans.
Another advantage of Bitwarden is that it offers a wider range of features than LastPass, such as the ability to store and share passwords with others, and the option to use a passwordless login. Additionally, Bitwarden offers a free plan, while LastPass offers a free plan with limited features.
How to increase security
To improve the security of Bitwarden, users can increase the number of KDF (key derivation function) iterations. KDF iterations are a way to make the process of deriving the encryption key from the master password more computationally expensive, which helps to protect against brute-force attacks.
To increase the number of KDF iterations in Bitwarden, users can follow these steps:
- Go to the Bitwarden Web Vault by visiting https://vault.bitwarden.com
- Click on the settings icon in the top right corner
- Click on the “Security” tab, then the Keys tab across the top.
- Scroll down to the “KDF Iterations” section.
- Increase the number of iterations as desired (we recommend at least 100,000)
- Click “Change KDF” (You will need to enter your Master password before being able to save these changes)
So is Bitwarden still safe to use? Yes, Bitwarden is an excellent password manager. While they currently only use the PBKDF2 algorithm there are talks of them deploying other options as well, such as Argon2.
Security is a complex issue that most users don’t have the expertise to know how to deploy or use and what is and is not secure. Bitwarden has at least made these options a little more transparent to the user.
If you are looking for a new password manager, that is secure and in your control, you should take a look at Bitwarden. If you would like assistance in deploying a self-hosted installation contact us.
Ben has been building VoIP solutions for over 15 years, has over 25 years of Linux administration experience, and enjoys problem-solving. When he is not coding something in Python, or tinkering with some project, you can often find him wandering through the forests and parks of the Pacific Northwest enjoying waterfalls, trails, and animals.