(no title)

I would give 1Password the advantage if for no other reason than they've been at it longer, and thus have seen more crazy stuff. I believe Bitwarden claims to have multiple security audits, so I do believe they take it seriously, but (and this part is just my opinion) they execute so much other stuff so poorly that alone lowers my trust in them. For clarity, 1Password also has multiple security audits, and have done a very good job of publishing the specifications for their formats, which further contributes to my trust in their execution

Bitwarden's previous(?) on-premises deployment script was a raging tire fire, which I openly admit is not exactly a _security_ issue, but it further lowers my lack of faith in them

With all that said, I think both Bitwarden and 1Password are miles and miles ahead of LastPass, so one will for sure be better off just picking one and trying it out. It seems to be a reversible decision, if you wanted to switch again

In other threads about this I was reminded that 1Password also has a security key that is known only to the client, and thus would not be leaked in the event of a cloud breach. In order to unlock the vault, one needs both pieces of information: the secret key and the master password. The secret key is cached on the client, which is why I had forgotten about it, but it is required for unlocks nonetheless

Thus the advantage goes to 1Password here, since Bitwarden does not require that "second factor" known only to the client (and I'm not talking about 2FA for logins, I mean for the vault)