Ask HN: 1Password vs. LastPass vs. Bitwarden for teams ?

To be honest, all of these are fine. The very fact that you're going to be rolling out a tool and educating your staff in secure password management is a huge win regardless of which option you choose.

That said, for a team size < 25 I would recommend 1Password. The product is fantastic - best in class - and they are regularly pushing improvements across all platforms.

For teams 50+ I would choose LastPass which has better 'enterprise' features, but despite having used it at work for 7 years I still really dislike it. This could be because I've been using 1Password in a personal/family capacity for about 12 years!

I've been using 1Password for the last 4 years, both with a family account and a work account.

It works perfectly for team management, since you can categorize passwords by vaults and give individual members. or teams, access to specific vaults. You can give guests outside your organization access as well. Beyond passwords, you can also share company cards, credential files, and 2FA tokens.

In addition, 1Password does a great job of letting you know when you should rotate your passwords, when you've re-used passwords, and when any password you've used has been leaked (in conjunction with https://www.haveibeenpwned.com). This helps ensure better security practices across the team.

Only downsides I've come across: - Granular permissions are really hard. For example, at my last job, we had vaults per client we worked with. However, not everyone that works on that client needs access to all of those passwords. The only way around this was to make/manage hundreds of vaults for Client+Function variants. - There's no way to guarantee security of passwords stored in someone's personal vault. - Users can create a vault and remove owners/admins from it (unless this has changed).

I have used LastPass for a long time, for personal usage. Recently I have begun using 1password in a team context and It is really nice. I vote for 1Password for team usage.

Bitwarden is open source and you can self host it if I'm not mistaken.

Former LastPass user here.

I've used 1pass for teams and family, and LastPass and I would choose 1password hands down every time. My experience with LastPass has been miserable, from functionality to UX it's just a bad product in my opinion. I do wish the Windows client for 1pass was a little more polished, but it does have all of the functionality I expect and the UX is generally the same as macOS it's just a little rougher around the edges.

I tried bitwarden when 1Password changed to subscription because it is cheaper but at least on OS X the 1Password app is so mich better I simply paid the 60.

Of these three, only one is really safe: Bitwarden. With the other two you have to trust without proof that you are safe. With Bitwarden, you trust and know that you are safe because the source code is open.

Automatically translated.

Bitwarden for my team and also family.

Open source. Using the hosted service though which is reasonably priced.

The UI/UX is a bit clunky, especially for sharing. But it does the job for the most part.

If you are interested in checking a completely different approach, you can look at Secrez https://github.com/secrez/secrez. It is a CLI secret manager that supports git repo for distribution. Using other packages in the suite, Secrez allows direct communication between local desktop accounts using SSL tunneling. Disclosure: I wrote it.

Personally I've been using KeePassXC with self hosted Nextcloud sync for many years and it works great on desktop, apart from minor merge conflicts when server or clients been offline for long. I haven't found a good solution for iOS but Keepassium and Minikeepass is OK for occasional logins. I think it might bee more of a Nextcloud issue on mobile.

I think it's totally insane to let a third party manage your passwords.

I had to make a call for the startup I work at. I went with 1pass and it has gone well. I had tried lastpass before and loathed the UI.

The only thing it lacks is a more powerful granular permissioning now that we've scaled. Ideally, there'd be a way for each new hire to automatically get an account and roles via LDAP, and immediately have access to necessary secrets based on that with no manual step.

I use BitWarden and run my own vaults. Pretty easy to set up using docker on a Linux machine.

I've had some trouble with the BitWarden anrdoid app not wanting to help fill in login information, but I put that down to user error - it's close enough I just can't be bothered to dig deeper.

I use the built in Apple one, works great but now I'm trapped. Not sad about it yet.

I use BitWarden, pretty happy.

Used both LastPass and 1Password across massive teams, and 1Password wins IMHO.

We use Passbolt, in its self-hosted version, at work and is loved by everyone.

Thanks everyone. Looks like 1Password is winning based on the comments so far.

I've only used 1password so far. I'm a big fan of the company's thoughtful approaches to design. Totally worth the $60/yr for my family.

I've been using Enpass for quite some time now. And I see no reasons to switch. It does what's supposed to do, and works well on MacOS and iOS.

keepassxc makes my life easier.