It's good to see companies making reports public to provide some confidence that they're having reviews done, but in this case the scoping of this job seems a little odd, not sure if that's a bad reporting template or something else.
Last page of the PDF indicates that they just did an external VA and pentest, but looking at their product set , I'd have expected (at least) a review of the web, desktop and mobile apps and the browser plugins for it to be a "thorough security assessment and penetration test" (as quoted in the blog).
Not to say external reviews have no value, but they're only part of what's needed.
The only PDF linked in the blogpost is "Bitwarden Network Security Assessment Report", and it does indeed only cover network related topics. Their earlier report from 2018 covers lots of web/desktop application assessments: https://cdn.bitwarden.com/misc/Bitwarden%20Security%20Assess...
So I wonder if they just forgot to mention that this second audit report doesn't cover that, or if there are more reports coming.
Heh. You’re proposing around... well, ${a lot of money} worth of work.
When I was a pentester, I once ran the numbers and concluded that each pen test must have cost some absurd amount of money for us to be profitable. And they do, because it’s effective. But I wanted to point out a likely possibility: they wanted to do what you were saying, and concluded a million dollars spent on a pentest was beyond reach.
a review of the web, desktop and mobile apps and the browser plugins
If a million dollars sounds like an overestimate, you’re right to be skeptical. But $270k seems entirely reasonable; that’s $30k per app, for 9 apps.
So it might be tempting to feel like “it’s just a browser plugin though. How can the cost be anywhere comparable?”
Because pentests are billed in days, and a day on a plugin is a day on an app.
Yeah I'm fairly well aware how pentests are billed (I've been in testing for ~15 years as a buyer, seller and tester :) )
My point was, that there was a gap between how the blog appeared to be billing the test "thorough security assessment and penetration test" and the report's statements around scope.
Obviously companies can't always afford all the testing that they need to get as much coverage as they could, but when your major selling product is a downloadable application, a comprehensive review would usually at least touch on it as part of the work performed, for it to be called thorough.
What does it cost to hire somebody reputable to perform an audit like this? Its something I want to look into for one of my own projects, but I have no frame of reference for what is a reasonable price for a simple full stack app (way simpler than bitwarden for sure)
Pentester for 10 odd years: usually for an external test you would scope it at X days depending on the number of IPs etc. And it should note that an external test really doesn't find much. External is usually £750/day for 1-2 days testing and one reporting. Internal testing (ie. Auditing a domain and all computers attached) is about the same price, maybe a bit more, and takes a bit longer usually. A build review is hardening the server itself, takes about a day and a day reporting. App testing is totally dependent on the app itself (this is where people have a crack at an actual installed web application usually using user accounts etc. And runs a bit more - £800+ per day usually. Specialist stuff (hardware testing, code review (what I used to do), social engineering, hardcore app testing (stuff like auditing bespoke network devices, high frequency trading apps, etc. Etc.)) is typically 1-1.2k a day.
You can get it cheaper but a lot of it - for better or for worse - really comes down to the skill of the individual consultant. You can pretty much halve these prices, but then you'd end up getting stuff outsourced to India and it wouldn't be any good. Depends if you care about the security of your product or just want a box ticked for some arbitrary compliance and want it done as cheap as possible.
I haven't been a tester/consultant for a few years now, but the prices hold up. That being said one development which has happened since I've left the industry is the advent of crowd sourced pentesting. I know a lot of friends who moonlight with these things and are very good at their jobs, and the rates are lower. The name crowd strike comes to mind, but I'm not 100% sure if that was the company or not. I know a lot of good UK based companies (if it's a web app/remote then the physical testers location doesn't matter) if you needed.
Appsec pentester for 6 or so years: The 1-1.2k a day figure (GBP) is relatively low for 2020. I know you mentioned that i's been a while; just trying to shed some light.
Boutique Firm X billed at 285/hr with an average of 60 hours for a small application. That comes out to $2,280 USD a day.
Standard Small Consulting Firm Y billed at 250/hr. In the past 6 years I have yet to see anything below 235/hr, which is still $1880 USD/day (1479, GBP).
Worth noting that (IME) US day rates are a lot higher for pentest work :) your US rates sound similar to what I've seen but Morrbo's UK rates sound ballpark right for the UK (I'd have said a little higher but it does depend on the company and work)
When I did pentesting for a consulting firm the daily rate was £2000-2500 (depending if we had to pay reverse VAT for non UK/SM clients, and some other factors) we worked with financial firms and software companies primarily, there for remote on-site would be the same + expenses.
More bespoke services like proper red teaming, DDoS simulation IOT/connected cars/hardware were about double that.
£800 a day is the very bottom of the price scale in the UK for general SME public sector companies.
Sounds a bit much. Could you have names of firms running this sort of service? and are they recruiting?
When I was working in financial firms, there were internal red teams running vulnerability scanners or manual pentest (manual requires much more planning and coordination) . No point in paying external firms £10k per app to run an automated test. I am gonna have to consider changing side if audit firms are really billing £2-4k a day for this.
We didn’t run automated vuln scanners, the majority of the work was app focused grey box testing, VA was only performed in the rare cases where we actually were testing against a live prod environment nearly all of our testing was done pre-production, quite often it would start pre-QA/UAT.
Let me guess, Big-4? boutiques in the UK don't usually charge that kind of day-rate and the big banks all use their purchasing power to get day rates down.
£800/day is low, but not unheard of especially if you use freelancers/small boutiques, but £2k/days is more than I've seen for most things in the UK.
Those prices might stand up for contractors -- but are a bit low to bring in a commercial outfit, at least for any of the larger reputable security consulting businesses. Would suggest starting prices would be closer to £1000 a day. And rates are significantly higher in the US.
Accountability and consistency is a real concern in crowdsourcing. There is a reason we dont spend too much time designing an idea and then crowdsourcing all development. Why would security be different?
The crowd sourcing stuff that I've seen comes in two different formats usually. There is the one where you put your URLs/IPs up there a d say "this is in scope"and someone finds something wrong, you pay them (ie. Someone says this has xss, you pay them a few hundred dollars) which has relatively little risk in terms of you only pay for what you get. The other ones are where you'd be allocated a test which then gets shipped out to some consultant anywhere in the world. I agree these are more risky (as you pay a flat rate). These are the ones I was hinting at that my friends moonlight on,but you do need some proof of technical ability and have to take a fairly decent entrance exam to participate in which (from what I've heard) hasn't been subject to the rampant cheating/"preparation" that other UK based aptitude tests/things like OSCP have. I'd personally go to a reputable vendor and ask for a senior consultant, but it's definitely a viable alternative especially if money is tight. Disagree about the pricing though, 750 (excl VAT) a day for external testing is pretty reasonable these days even for big vendors. App testing though, yeah, the prices can easily push 1k+ depending on what it is.
Just for reference, the former example you give is just a bug bounty as far as I can tell.
The discussion of relative merit of bug bounty versus a pentest is well trod ground, so I won't rehash here except to say I would never consider a bug bounty replacement for a pentest, and if you're asked for a pentest report as part of third-party vetting etc. many organizations will be concerned to see a bug bounty program compiled report.
The latter example sounds like https://cobalt.io/. I've seen several reports and all I can say is if I were vetting a third-party or otherwise looking for assurance of security posture I would still want to see a "real" pentest from a reputable firm.
was going to say similar things. A bug bounty has value -- and its effectively to incentivise someone who finds a vulnerability to tell you, rather than exploit it or sell it to someone who will exploit it. Its the same as a pen test.
I dont want to name companies and start a war, but the industry is moving in a dangerous direction with some of the other options -- there are companies offering pen testing where those companies have no full time employees. They post the scope, and their registered users can sign in, take the work, and deliver it. Quality is all over the place. And things like confidentiality, data processing, etc, and any way to confirm a corporate entity adheres to their contractual obligations? Nonexistent.
Interesting how little pentest rates have moved on in the UK in the last 20 years. I was a customer of big UK testing companies back then and rates were around that already, so there's been effectively no increase there in that timeframe, if you're still getting work at the £750-£1000 range.
Yep, more competition, more knowledge and more efficiency is meaning that you can't really push big prices unless you're either going for a massive company (I've seen my day rate as high as 1800 before for doing relatively generic work for gov organizations). When I first started contracting we were replacing a big-4 consulting firm charging 3200/day for some stuff (!) For a UK insurance comoany. Alternatively as I mentioned if you're doing specialist work (code review, hardware, some forms of SE, mainframe testing) you can definitely push the numbers up depending on the client. I have friends still working at several of the larger companies and the day rates really around about 8-900/day on average but they just supplement it by tacking an extra day on whenever they can. All depends on the customer and the sales guy tbh.
On average I'd even say that my day rate went down compared with 10 odd years ago - when you needed an interview at GCHQ to get CHECK - as there were just few people doing it whereas there are loads now.
Your comment really surprised me as I didn't expect that this was just a pen-test, but after visiting the link, indeed it was!
I think it's a bit sneaky as for a product like this, people expect this to be a code and crypto audit. The "network" part should be emphasised and in the title of the page, instead of just the PDF.
In this business the title "External Penetration Test and Vulnerability Assessment" means the auditing company has run qualys/nessus* against bitwarden.com.
$8k - $12k for a "platform" that hires 100% outsourced pentesters of highly variable skill and quality, and takes no liability themselves, and whose pentesters are located in developing countries and good luck getting damages out of them, ever, regardless of their platform "reputation" pretend points. also communication tends to be difficult as the norm is ESL.
$25k for a US-based boutique firm with in-house pentesters of vetted high quality, who accept liability and against whom you can actually expect to enforce an NDA and/or extract other damages. source code and design audit starts at about this price.
then, you can run your own program on top of the bounty platforms, however scope and focused work is not going to happen (a lot of the work is boring), and it will cost you a lot of your own time. the money you save DIY is not worth your own time investment.
if you actually want a good pentest, go with a boutique, quality firm. if you want something to give to an auditor or to meet a VSA, go with cheap.
The attached PDF is an automatically generated report.
You can get something like that for £5-10k if you go through one of the typical audit firms (KPMG, Deloitte and co).
In addition you can look into some ISO certifications or industry specific regulations. It's basically a checklist of a thousand questions: do you use TLS? are your applications protected by authentication? can custom folks access personal data of customers? are there audit logs of support accessing customer information?
Just ask them. Cure53 is one of the most reputable one's, and remember always make white-box testing, you want to test your system, NOT the security researcher.
We (https://www.bullet-train.io/) recently had a third party perform a pretty in depth security audit - cost was low to mid 4 figure Euro. Result was a ~20 page report - I felt it struck the right balance of cost / effectiveness.
Unfortunately, it varies wildly. Some firms can perform fully automated remote scans for a few hundred $$$ and it can move all the way up to 100+ page reports with manual pen testing for literally hundreds of thousands of dollars.
What you want or need will fit somewhere in between.
And finally pretty usable on mobile, too! I have waited for this and just migrated from 1password (which was very easy, despite I lost my structure... I wish there were an open password database standard which password managers would use)
Enpass is another alternative with good cross device and platform support. Under the covers they use SQLCipher[1] which I’m guessing you could build your own interface for.
It wasn't in the scope of this audit, but it's still somewhat concerning... PBKDF2 with SHA-256 (a super fast hash with hardware support) as a key derivation function (which should be slow and difficult and hard to do in hardware)? That doesn't sound right. The answer provided (cross platform compatibility) doesn't sound satisfying.
Ptacek, 2015: In order of preference, use scrypt, bcrypt, and then if nothing else is available PBKDF2.
Latacora, 2018: In order of preference, use scrypt, argon2, bcrypt, and then if nothing else is available PBKDF2.
You care about this if: you accept passwords from users or, anywhere in your system, have human-intelligible secret keys.
But, seriously: you can throw a dart at a wall to pick one of these. Technically, argon2 and scrypt are materially better than bcrypt, which is much better than PBKDF2. In practice, it mostly matters that you use a real secure password hash, and not as much which one you use.
Can someone with security industry knowledge comment on how much weight we should give this? Are these sorts of things something you can just buy and they'll go out of their way to give you a favourable report because you're the client? Is Insight Risk Consulting known and credible?
This was an external infrastructure test which carries no real weight for the app itself. It just makes sure that stupid stuff like ssh open to the internet, no public CMS available etc. Hasn't happened. That being said bitwarden do do more in depth security audits but this particular audit doesn't really mean too much.
The report itself was automatically generated by one of the popular scanning tools. It's 1 hour to run the automated scan and 1 day to format the PDF nicely for the customer.
The thing is half worthless, verifying that the CDN has TLS and raising warnings about obscure HTTP/CORS headers.
But occasionally it can find some really bad misconfiguration or library with a critical vulnerability in dire need of an upgrade. (Of course they would never publish a report finding issues like that).
I recognise Insight (going by the name & logo) as one that is on at least one of our larger clients' (we work on systems to manage regulatory compliance, primarily with investment banks) PSLs for application penetration testing. Assuming this is the same company and not some small-fry crook who is trying to steal their thunder (I've not looked in any depth beyond "I know that logo"), that would suggest that the report is not of the "pay to pass" variety. There would be some noise if a company on the banks' security provider PSLs were found to be offering pay-to-pass security audits.
Such companies sometimes offer a range of penetration testing options from relatively superficial to aggressive, in-depth, and detailed, so you'd need to read the report (I will when I have more time as we are considering Bitwarden for our credential management) to see if what it is saying is sufficiently reassuring.
> Are these sorts of things something you can just buy and they'll go out of their way to give you a favourable report because you're the client?
That happens.
I can't comment on Insight Risk Consulting, as I don't know that company. They write they had a previous audit from Cure53. That's a well known and very skilled security company and I would expect that you can't buy an "please ignore as many vulns as possible" report from them.
That has nothing to do with it being open source. In close-source systems I've seen penetration testers find security issues that have been present for years despite annual audits during that time. This is one of the reasons why our services get at least annual penetration testing, even the legacy ones that won't have changed since the last test. It is not a bad idea to cycle through providers too, on the off chance that some may use different tooling that exposes certain flaws more readily than the techniques used by others.
Being open source just increases the chance of a problem being spotted if there are sufficiently clue-up people looking. Being open does not at all guarantee that any given problem will be spotted during the normal course of work. Security issues can be dues to combinations of flaws in widely spaced code so even if working directly on one part you might not realise there is an issue in conjunction with another part. That is why it is necessary to have tests/audits like this, for oth open and closed source systems, where someone is task specifically to look for security problems.
It isn't right to criticise Bitwarden for being tested and issues being found (unless those issues are systemic and/or just plain stupid, or you believe the project's response to resolve them is too slow or incomplete). Instead concern should be aimed at security related products that are not regularly subject to external audit at all. Not having any issues because you have not checked for them is a much greater worry!
I think that was the point of the previous comment.
That, despite the software being open-source and therefore more likely to have bugs spotted, and despite having a bug bounty program, the auditing company found a moderate, therefore they must be thorough.
I wonder if that's the case here. I don't work in that space but the issues they found seem like they might be low hanging fruit. I've pasted them below for anyone that's curious.
> The Cross Origin Resource Sharing (CORS) configuration on Bitwarden server APIs allows for any clientorigin to access its endpoints.
> The Content Security Policy (CSP) configuration on the Bitwarden web vault application allows for'unsafe-inline' CSS styles to execute.
That is why it is important the reports from security audits include what was looked for and at least a little detail about how.
If they were appropriately thorough and all they found were low-hanging fruit, then that is a good thing.
Of course a detailed report is no absolute guarantee: we once had a test done that I think was more than shoddy: there was not nearly enough activity on the web server over the testing period for the amount of automated work they claimed to have done, and I spotted an issue a couple of weeks later that at least one of their documented processes really should have picked up on. That company is no longer in business thankfully.
If you were selling bogus report results for clients you'd still include a non-major thing or two. Gives a better impression of legitimacy than full marks across the board.
These audits are reassuring, but I'm hoping someone can speak to a question I have...
I know that encryption primitives are almost never the breaking point in systems like this, but I wonder in situations like this where breaches would allow adversaries to attempt offline attacks whether they are particularly pertinent.
Specifically, while the number of iterations on the PBKDF2 SHA-256 function are high (100,001 on the client), PBKDF2 always felt to me like a footgun when compared to scrypt or argon2 which don't have as many (any?) insecure modes of operation.
The website states that AES is used, but is it in an authenticated mode (e.g. GCM ?)
Finally, their website states that they use "popular and reputable crypto libraries" and that they don't roll their own crypto, but the libraries they use are awfully low-level. Something like libsodium or FilSottile's age would be something I'd be more comfortable with when considering a hosted method.
In the meantime, I think I'll keep using KeePass2 (w/ Argon2 and ChaCha20) and synch'd with SyncThing to minimise my attack surface.
I don't see PBKDF2 as a full footgun, but maybe as the minimally still-acceptable method. When I was building my system for E2E messaging (pritact.com) I started out with PBKDF2 but kept mentally revisiting the iteration count before biting the bullet and switching to Argon2.
PBKDF stretching is a mitigation against bad passwords. The difference between PBKDF2 and argon2id is marginal because you'd need to have chosen a password that's in a narrow window between "So bad that PBKDF2 doesn't save you" while "Not so bad that argon2id can't save you either".
Stretching isn't magic. If your password is 'jszymborski' then no practical KDF will prevent bad guys just guessing "Um, maybe it's just jszymborski?" and getting in. And on the other hand if it's two dozen random alphanumerics you can use SHA256() as your KDF and be absolutely fine.
Because their users will (even if told emphatically not to) use bad passwords, Bitwarden needs a PBKDF with stretching here to buy those people more margin, but nit-picking the choice of PBKDF is missing the wood for the trees. As an end user the right thing to do regardless is use good passwords, which of course is how we got here...
PBKDF is (at best) a sub-optimal choice: their entire business model is zero-knowledge storage of cryptographic secrets. They really need to switch to Argon2 and some sort of PAKE protocol.
However, they need a cross platform solution that integrates with .NET and will also work on a budget smartphone. I've sketched out such an architecture, but I lack the time and budget to do it.
Bitwarden. Works well and the integration with 2FA/TOTP is amazing. I highly recommend to not rely on a single (mobile) device for 2FA. Loosing or breaking it might shut you out of certain accounts forever.
Same, used to be LastPass but the more I learned about them as an entity I realised that they were not what they once were and I switched to Bitwarden.
I also found this suited my devices and usage, Linux, Android, Mac, Windows... happy across the board.
Also... employers tend not to use Bitwarden, they pick 1Password or LastPass, so it means I can have both work and personal on my BYODs.
Yea, I used to keep my passwords and backup codes in two separate KeePass vaults. Now I use Bitwarden for passwords but still use KeePass for my backup codes.
I use the notes for each entry in Bitwarden to indicate what kind of 2FA I have enabled and whether I have a backup code already stored in the other vault.
I guess answers here will be skewed towards Bitwarden, because those who already use it will likely be more interested in this thread.
I also use it at my company, and personally with my wife. Also got my mum to use it!
At my company, we also use it for server secrets, using envwarden: a simple wrapper we created and open-sourced[0] for managing server secrets with Bitwarden.
Love this and currently testing it for deployment at my company. Thanks for making it, it feels 1000x more straightforward than Vault, etc.
I'd love to hear an official stance on it from Bitwarden to know their take and whether they're considering supporting this important use case in an official capacity (e.g., sponsoringor providing some kind of support for the project). Seems like it could be a big differentiator over other password managers.
BitWarden. Used to use 1Password, and while I don't mind paying for a service, especially a 'security' related one, I couldn't see the benefit over what I was getting with BitWarden.
I use Bitwarden_rs (https://github.com/dani-garcia/bitwarden_rs) and self-host it in a Docker container on my Synology NAS. I only allow access to it from my internal home network.
The nice thing about Bitwarden_rs is that you get features which you would have to pay for with normal Bitwarden. For example 2FA with U2F. As a note Bitwarden_rs is written in Rust.
That’s not what I would call the nice thing about bitwarden_rs. What I would call the nice thing is single-user total disk usage under 20MB and memory usage under 30MB, with totally negligible CPU usage. The official server requires SQL Server and quotes recommends 4GB of RAM and 25GB of disk space as a minimum, though I imagine the true minimum it could survive with would be a good deal less. (Still, I do appreciate being able to generate TOTP codes, which is paid functionality with the official server.)
While you can used the premium features without paying, I would strongly urge you to pay for a license anyway. It doesn't cost much and the Bitwarden folks are a small team doing a great product. I really like bitwarden_rs and wish the official server would adopt it or something similar. The official server is pretty darn heavy.
I also use Bitwarden_rs so I don’t have to host a MSSQL database, but it’s worth noting that the Bitwarden_rs server hasn’t been audited. It uses the same upstream clients (including web), but that doesn’t fully cover the implementation.
BitWarden. Switching our business from LastPass at the moment.
I found LastPass painful to use and sync between local vault and server side to be broken. No thought has been given to layout, commonly used options are buried and basic things like selecting the right credentials by subdomain do not work. Their recent UI refresh has simply made things slower rather like Google's admin UIs. They have rather annoyingly decided, against NCSC advice, that I need to see a reminder to pointlessly cycle my master password every time I log in.
The final straw was when they applied a large renewal charge without authorisation to a card they were not given permission to keep and then mishandled the resulting complaint in every way you could possibly imagine.
Bitwarden is cheaper and far more usable, I can't find any single thing that LastPass does better for twice the price.
Bitwarden. I used to use LastPass but I prefer Bitwarden because the clients are open-source (including optional self-hosting and a mobile app on F-Droid), the URL matching seems to be more flexible and intuitive to configure than I found on LastPass (more than just separate subdomains), and the syncing across devices and auto-fill using standard Android APIs works perfectly with the mobile app. I also pay the $10 USD/year for the premium plan mainly for native YubiKey 2FA without using TOTP codes.
I've considered using Pass or other open-source self-hosted/synced alternatives but I don't really want to fiddle with something like this quite yet because Bitwarden meets my needs perfectly.
Bitwarden, so does my (tech savvy but doesn't work in IT) wife. I'm using it in ipad OS, Android, Firefox, and Chrome. It works great with several different second authentication factors like hardware keys and the Google authenticator app.
One fantastic feature is that you can add the second factor 6 digit generator to a given password, just like an authentication app. When you log in by filling the username/password and hitting enter, your second factor is copied to the clipboard. That lets you just paste it in, which is very convenient for those annoying sites that make you log in with 2FA every 30 to 60 minutes.
I used pass (unix passwordstore) before. I found it extremely comfortable when I'm working with just my system. I did find the inconvenience of setting it up cross platform when it depends on my gpg key. How do people access their gpg keys in phones or a new laptop for example? Do you store it somewhere online? How do you make sure not to lose the gpg key? When I got my new system now, I forgot to backup my key and lost my previous passwords. This is the only challenge(?) I face. Other than that I love everything about pass.
Now I'm testing waters with bitwarden. I like the cross platform functionality so far and the self hosting option. I also like that I just need a master password and don't have to worry about keeping any extra keys safe. I'm not a security expert so I'm not sure whether encrypting before syncing with bitwarden servers is actually safe (this is what bitwarden does afaik). I'm yet to try out their cli option. I also wonder what would happen to my passwords if it shuts down abrubtly. Do I have a backup/copy of the passwords somewhere? This is something that concerns me, where I feel pass is superior. Maybe if there was an option for pass, to use passphrase for encryption rather than gpg, that'd be really cool (maybe not good security wise? I'm unsure on this aspect)
I also liked that when I add the URI of the website login, it gives the icon for it too. Bitwarden's user experience is top notch. I recommended my parents to try it out, except for a few basic questions they were up and running within a few minutes. That's something I really appreciate.
If anyone has self hosted bitwarden, how do you make sure that it is safe from attacks? I'm still exploring this option. Bitwarden uses azure and lets the MS team take care of managing the infra (I'm guessing this includes taking care of attacks).
I've used LastPass for years before switching to Bitwarden due to peer-pressure on HN/Reddit (posts like these, praising Bitwarden).
After a few months, I watched back to LastPass. Bitwarden never quite worked right and as far as I know doesn't provide a way to review access history (I was hacked and wanted to see if other IP addresses accessed Bitwarden).
I'm currently using MacPass on macOS and KeePaasium on iOS, and syncing both through Dropbox. But that means I need my Dropbox credentials, in addition to the KeePass file secrets, if I lose both the Mac and the iPhone (after a fire or a robbery for example). Not sure I'm comfortable with that.
I'm considering switching to 1Password or Bitwarden. But I'm not sure about BitWarden using the same password both for encrypting the vault and accessing Bitwarden server. Chrome for example has an encryption password which is different from your usual Google Account password.
I may be a little off in my description, but I believe that the Bitwarden server never sees your password. The client sends a derived key to authorize your access to the vault and then your password is used on the client side to decrypt the vault.
It all depends on the risk you’re trying to mitigate. A MITTM or a server attack won’t be able to gain access to your passwords, even if they intercept the data. A user with knowledge of your password or a key logged on your client could. However in either of those cases, you’re not protected all that much by having two passwords as opposed to one long one.
Bitwarden. Migration from lastpass took just a few minutes. I don't need fancy features and Bitwarden seems less likely to have RCEs in the client and other screwups.
1Password, and I've been happy with it, but I generally recommend Bitwarden to anyone who asks because of the free tier.
I intentionally use other things for my 2FA and TOTP so that my most important accounts are still not accessible even if you somehow get into my password manager. I use YubiKeys where I can, Google Authenticator when it has to be TOTP.
BitWarden for less "important" things like gaming, streaming, store, and forum logins. Things that would be more of an inconvenience if it were to be hacked.
For more important things I use KeePass and keep it all offline.
Pass and Browserpass or gopass bridge. There is also QtPass and Password Store for Android. Love having my passwords synced using Git and backed up encrypted in the cloud using GPG.
I'm another bitwarden user. I used to use lastpass but back when firefox switched to their webextensions lastpass didn't update right away so I switched.
I switched from KeePass to Bitwarden. KeePass worked great, but I decided it just wasn't worth it, as well as being potentially riskier, to manage it myself.
For example, if you use a third-party KeePass app on your phone, besides having to figure out a secure way to sync it, you also now have to trust the developer of the phone app as well. Larger attack surface.
This! Just sync your keepass file with your NextCloud (or Google Drive or whatever) and you're good to go. Has a mobile App and there are probably Browser Add-Ons available. Costs nothing and works like a charm.
I love the concept of making this public but I feel like the audit wasn't very thorough if all it suggested was two security headers that a free online scanner could have picked up.
I'd like to see a Open Source password vault which relies on open hardware storage for passwords. Clients only get rate-limited amount of passwords when the hardware is prompted to give, e.g. from physical button confirmation on the hardware, finger print. Point being that clients don't hold the passwords, just the usernames.
Problem with Bitwarden etc. is that if your computer or one of the devices gets compromised, then all of your passwords are lost at the same time. With hardware based vault you can mitigate this somewhat, with rate-limiting, physical prompt etc.
I have 1600 passwords, I use perhaps 10 different per week. If I get compromised I loose 1600 passwords, but with hardware based system I potentially loose just the 10 I used within the last week.
Throw enough money at Bitwarden and I am sure they would be happy to build out those capabilities. They really don't have extra funds for cool R&D like that.
Depends on what you need. Do all people need access to all passwords? Do you need to know which passwords a certain person accessed so you don't have to rotate everything when they leave?
Last page of the PDF indicates that they just did an external VA and pentest, but looking at their product set , I'd have expected (at least) a review of the web, desktop and mobile apps and the browser plugins for it to be a "thorough security assessment and penetration test" (as quoted in the blog).
Not to say external reviews have no value, but they're only part of what's needed.