When it comes to keeping passwords and other credentials in a convenient cloud vault without worrying about attacks from hackers, there is no compromise; this means choosing a password manager that is user-friendly and includes every feature that could keep even the most sensitive data safe. This is why most people have doubts when they hear the terms “open source” and “password manager” put together.
While the fact that open source programs are free of charge is worthy of praise, when average users hear that the software’s source code can be accessed publicly they might immediately and unfairly assume that this also means greater vulnerability.
However, most open source password managers are on par with or, sometimes, even better than their commercial counterparts – and we have six examples to prove that.
Why Pick Open Source?
As in the case of commercial solutions, the development of open source software is never truly finished. But unlike traditional password managers open source programs can be improved by anyone using that very solution. This might seem like a huge disadvantage at first but, actually, it is a feature where open source wins by a mile. Users can patch errors into the code immediately, whereas patches for commercial software are released much slower, giving a significant head-start to hackers.
Additionally, an open source password manager can be customized to your liking, even allowing the option to create plug-ins for solutions that normally would never be integrated into paid-for password managers (i.e. offline apps). But by far the biggest advantage over regular password management tools is that open source solutions are free with the option to donate to the original developers.
The Best of the Best: Six Top Open Source Password Managers
Developed by Dominik Reichl in 2003, KeePass is a Windows-based password manager also available for macOS and Linux computers. KeePass possesses bank-level (AES-256) encryption with SHA-256 hashing, multiple database import and export options online and offline, a strong password generator, and fully customizable and searchable password groups. The software is extremely convenient since it is fully portable, doesn’t require installation and saves its database into a single file, making data transfer virtually hassle-free. The program provides two-factor authentication and can be used with multiple keys to replace the password or use them alongside your master password for increased security. Additionally, the database can be locked to the current Windows account as well, so it can only be opened by the person who created it.
There’s a common misconception that says that open source programs cannot match the feature set or quality of design of their commercial counterparts, but frankly that isn’t necessarily the case. Luxembourger Passbolt is a prime example of just how wrong that attitude is. It is an open source solution that not only has an appealing user interface but also manages to include all the important features that commercial password managers have. For instance, it allows for fully editable and searchable passwords that can be shared with trusted parties and the option to safely copy credentials to the clipboard. Passbolt also features built-in password evaluation and generation, plus there is the option to receive email notifications regarding the state of your account. Although some features are in development, like importing and exporting passwords, autofill and two-factor authentication, it is already compatible with the most popular web browsers, namely Chrome and Firefox.
Clipperz is an online, single page password manager that, unlike many open source programs, can be used from mobile browsers as well. There are various import and export options supported and it features offline access, which is a huge asset when there is no internet available. Additionally, Clipperz allows for direct login to sites that have been saved to the program’s database and provides one-time passwords for quickly authenticating access from unknown devices. The safety measures don’t stop here, though, since Clipperz is host-proof, meaning that no information leaves the vault without being encrypted first with the 128-bit security level cryptographic system. In fact, the software itself is built upon proven and trusted cryptographic algorithms like AES, SHA2, Fortuna, and so on – so it is one you can trust.
If you want an open source password manager that has a desktop client for Windows computers and Macs, as well as an equivalent app available for iOS and Android devices, then Padlock is your choice. The program focuses on simplicity, meaning that it has left out all unnecessary features that might be present in most commercial password managers. Padlock is capable of storing more than just passwords, though, all of which can be organized into specific categories. But that’s not the only way in which Padlock resembles commercial password management solutions: the app can import to and export from various sources, has a built-in password generator, and provides the option to determine the time period after which the program automatically locks itself from further use.
But do note that as of 2018 the Padlock Chrome add-on will be discontinued!
LessPass is a very unique specimen since it is a three in one product: it’s an advanced password generator available on the company’s site, a browser add-on for Chrome and Firefox, and an Android app. It works like this: you enter the site or thing you want to associate a password with, provide your username and a ‘master password’ – which can be anything – and then LessPass creates a unique password using only this data. The most ingenious thing, however, is that if the same login credentials and the same master password are entered to LessPass’s interface, the software will always generate the same complex password with which you can access the desired site.
We left the best for the last – and that’s not an exaggeration. Bitwarden is just as presentable as any comparable commercial product, with an impressive visual design and feature set to compete with any top-tier password managers.
Bitwarden provides everything you would expect from a password manager: Windows, Mac, iOS, Android, and Linux support; unlimited syncing between vaults; extensions for all major web browsers; a built-in password generator; intelligent categorization of credentials that also allows them to be put into custom folders. There is even an option to create multiple credential collections within the same account and then share that content with other Bitwarden users in a secure manner. All data is protected by an AES-256 encryption, in fact, with the option for further reinforcement via two-factor authentication – including Google Authenticator and FIDO – and a time limit that automatically locks the software.
As an open source program Bitwarden is free of charge, but it also provides very generous pay-only solutions for families and teams for as little as $1 per month for the former and $5 per month for the latter, this premium package adding in unlimited collections, 1GB of encrypted file storage, and advanced two-factor authentication options.
Best Password Managers of 2019
|Editor's Choice 2019|