Notes on password managers
I recently tried the Orion web browser. What makes this browser unique is that it isn’t a reskinned version of Chrome/Chromium. Instead it uses WebKit, the same browser engine as Safari, with many of the same privacy protections. And, the killer feature: it runs extensions built for Chrome or Firefox.
One extension that I use is 1Password. Unfortunately, while the Chrome and Firefox versions of the 1Password extension do load in Orion, they don’t really work. There are lots of people asking for this on the community forum, but given 1Password’s recent focus on enterprise customers, and the likelihood that an executive at a Fortune 1000 company has ever heard of Orion, don’t expect it to be supported any time soon.
So I decided to try some other password managers. To be clear: I don’t really want to switch from 1Password, and I wouldn’t do it just for Orion support. But it’s good to stay informed.
The features that are important to me are:
- Good Mac and iOS support
- Ability to share a subset of passwords among family members
- A subscription is okay, if reasonably priced
Simple, right? These are my notes as I’ve tried various competitors.
Bitwarden
Bitwarden is one of those open source projects that turned into a company. Unfortunately it shows. The app is very functional, but the UI/UX is janky. We’re talking CAPTCHAs to login to the desktop app; modal dialog boxes that have to be scrolled to get to the buttons at the bottom; low-effort implementation, like an import feature that doesn’t detect duplicates; and so on. You know the deal: a programmer-designed web site bundled as an Electron app.
Feature-wise, it’s got it all. They have a family sharing plan and good pricing. It can store multiple entry types including logins, credit cards, and secure notes.
The browser extension mostly works, including in Orion. I like that it doesn’t try to autosubmit forms, but I couldn’t get it to copy one-time codes to the clipboard.
A major drawback is that you can’t set up one-time passwords from the desktop app, only from the mobile app.
Bitwarden is acceptable, but I would be annoyed by the bad UI/UX and have a nagging worry about how safe it is. You can’t judge a book by its cover, but with so little attention paid to UI/UX details, it makes me wonder how much attention they paid to details like encryption and security.
Remembear
This is the polar 🐻❄️ opposite of Bitwarden in terms of UI/UX. The grizzly bear graphics and puns are cute and polished. The UI is native, thoughtful, and friendly. It supports multiple entry types too.
It doesn’t offer a family plan, so it isn’t a true option for me. But it looked like so much fun that I had to try it.
I couldn’t get the browser extension to work in Orion. It’s also expensive (but the pricing would be fine if it was for a family plan).
NordPass
Like Remembear, this is a password manager from a VPN company. Although it’s an Electron app, it’s very well designed and feels mostly native. I had a hard time getting its browser plugin to work in Safari (eventually I got it to work), and I could not get it working in Orion.
Sorry if I’m not going into much detail here, but at this point a basic UI for storing multiple item types is table stakes. NordPass passes this test, but switching from 1Password feels like a lateral move, and 1Password is more widely used, supported, and likely to continue to be supported going forward.
Dashlane
Dashlane is another well-known password manager. I get the feeling it’s the second-biggest player in the Mac market, after 1Password.
It was okay as a 1Password replacement but they seem to be in some kind of transition between feature sets and user interfaces, as some of the documentation I found mentioned features that changed names or were not available in the desktop app. I was able to install the desktop app, but it is deprecated, which puts Dashlane out of contention for me and my family.
LastPass
I used LastPass a few years ago. It felt similar to Bitwarden. Remember when I said that a bad UI/UX makes me wonder if they paid attention to details like encryption and security? Well, LastPass doesn’t give me confidence.
Are some of those old? Yes. Are some of them possibly not security breaches depending on your PR department’s definition of a breach? Perhaps. Am I going to try LastPass again? Nah.
The end?
I’m growing tired of installing and testing password managers. Maybe later I’ll try one of the true open source options like KeepAssXXX (I may have spelled that wrong). If so, I’ll post about it.
For now I’m a moderately unhappy long-time 1Password user. Unhappy that they are focusing on enterprise users over consumers; unhappy that they’re abandoning their native app; and wishing they had a less corporate/enterprisey response to questions on their community forum. On the other hand, it’s a proven system. I’ve already invested time and money in it, and it would take effort to move my whole family.