1Password vs. LastPass vs. Bitwarden for teams ?

To be honest, all of these are fine. The very fact that you're going to be rolling out a tool and educating your staff in secure password management is a huge win regardless of which option you choose.

That said, for a team size < 25 I would recommend 1Password. The product is fantastic - best in class - and they are regularly pushing improvements across all platforms.

For teams 50+ I would choose LastPass which has better 'enterprise' features, but despite having used it at work for 7 years I still really dislike it. This could be because I've been using 1Password in a personal/family capacity for about 12 years!

I've been using 1Password for the last 4 years, both with a family account and a work account.

It works perfectly for team management, since you can categorize passwords by vaults and give individual members. or teams, access to specific vaults. You can give guests outside your organization access as well. Beyond passwords, you can also share company cards, credential files, and 2FA tokens.

In addition, 1Password does a great job of letting you know when you should rotate your passwords, when you've re-used passwords, and when any password you've used has been leaked (in conjunction with https://www.haveibeenpwned.com). This helps ensure better security practices across the team.

Only downsides I've come across: - Granular permissions are really hard. For example, at my last job, we had vaults per client we worked with. However, not everyone that works on that client needs access to all of those passwords. The only way around this was to make/manage hundreds of vaults for Client+Function variants. - There's no way to guarantee security of passwords stored in someone's personal vault. - Users can create a vault and remove owners/admins from it (unless this has changed).

I have used LastPass for a long time, for personal usage. Recently I have begun using 1password in a team context and It is really nice. I vote for 1Password for team usage.

Bitwarden is open source and you can self host it if I'm not mistaken.

Former LastPass user here.

I've used 1pass for teams and family, and LastPass and I would choose 1password hands down every time. My experience with LastPass has been miserable, from functionality to UX it's just a bad product in my opinion. I do wish the Windows client for 1pass was a little more polished, but it does have all of the functionality I expect and the UX is generally the same as macOS it's just a little rougher around the edges.

I tried bitwarden when 1Password changed to subscription because it is cheaper but at least on OS X the 1Password app is so mich better I simply paid the 60.

Of these three, only one is really safe: Bitwarden. With the other two you have to trust without proof that you are safe. With Bitwarden, you trust and know that you are safe because the source code is open.

Automatically translated.

Bitwarden for my team and also family.

Open source. Using the hosted service though which is reasonably priced.

The UI/UX is a bit clunky, especially for sharing. But it does the job for the most part.

If you are interested in checking a completely different approach, you can look at Secrez https://github.com/secrez/secrez. It is a CLI secret manager that supports git repo for distribution. Using other packages in the suite, Secrez allows direct communication between local desktop accounts using SSL tunneling. Disclosure: I wrote it.

Personally I've been using KeePassXC with self hosted Nextcloud sync for many years and it works great on desktop, apart from minor merge conflicts when server or clients been offline for long. I haven't found a good solution for iOS but Keepassium and Minikeepass is OK for occasional logins. I think it might bee more of a Nextcloud issue on mobile.

I think it's totally insane to let a third party manage your passwords.

I had to make a call for the startup I work at. I went with 1pass and it has gone well. I had tried lastpass before and loathed the UI.

The only thing it lacks is a more powerful granular permissioning now that we've scaled. Ideally, there'd be a way for each new hire to automatically get an account and roles via LDAP, and immediately have access to necessary secrets based on that with no manual step.

I use BitWarden and run my own vaults. Pretty easy to set up using docker on a Linux machine.

I've had some trouble with the BitWarden anrdoid app not wanting to help fill in login information, but I put that down to user error - it's close enough I just can't be bothered to dig deeper.

I use the built in Apple one, works great but now I'm trapped. Not sad about it yet.

I use BitWarden, pretty happy.

Used both LastPass and 1Password across massive teams, and 1Password wins IMHO.

We use Passbolt, in its self-hosted version, at work and is loved by everyone.

Thanks everyone. Looks like 1Password is winning based on the comments so far.

I've only used 1password so far. I'm a big fan of the company's thoughtful approaches to design. Totally worth the $60/yr for my family.

I've been using Enpass for quite some time now. And I see no reasons to switch. It does what's supposed to do, and works well on MacOS and iOS.

keepassxc makes my life easier.

We use 1Password for our team and it’s been great.

And why not Psono? As the main programmer behind Psono it makes me sad not even to see it listed here :(

Seldom mentioned but I love KeeWeb, it‘s a beautiful keepass compatible alternative.

Bitwarden

All three of these expose your entire password database to system memory every time you decrypt a single secret giving you no reasonable defense against malware.

LastPass, 1pass, BitWarden, and most other password managers doubled down on good UX, but the security is pretty terrible. They help users avoid using the same password for every site, granted, but is that really good enough?

Consider that every time you go to login to Twitter you also expose say your AWS root password or any TOTP backups, etc.

Compare to Mooltipass, Trezor Password Manager, or Password Store + Yubikey which all decrypt a single password at a time with a physical touch on an external device.

If an adversary has malware on your system and wants to dump 100 passwords they must get you to physically consent 100 times on an external device.

Presumably you would notice.

Today I only recommend hardware password managers. Pay for the hardware once and there is no monthly fee or any such nonsense, as the client software is all local and open source. Also no company gets the list of services you use and analytics of how often you use them for added privacy.

All three of these alternatives let you backup your encrypted password database to a git repo or cloud storage of your choice.

For technical teams where sharing is needed I tend to setup Password Store which lets us set up per folder sharing permissions and the database is just a shared git repo.

There are multiple cli and gui front ends available for mobile and desktop.