KeepassXC vs Bitwarden

I’ve been using KeepassXC for a while now but it’s never worked quite well in browsers or on mobile.

Both the browser extensions and mobile apps fail to detect login and password fields most of the time and I’m forced to go the copy and paste route to login to website and apps.

Copying and pasting is less secure because you lose the automatic host checking. For example, an attacker could email you a link to awd.amazon.com where you’ll enter your email and password for aws.amazon.com. With automatic host checking, the app will not provide you with login details for awd.amazon.com and you’ll be able to notice that it’s a phishing attempt.

Another security issue is with the clipboard. If you allow passwords to linger in your clipboard, you might accidentally paste it somewhere or a rogue process might even be able to extract it.

Copy and paste is also tedious.

Enter Bitwarden

Bitwarden is written in Electron so the desktop app is slower than KeepassXC but it also comes with a CLI interface.

Personally, I don’t mind Electron apps as long as they provide solid user experience and Bitwarden doesn’t disappoint in that regard.

Both in browsers and mobile apps, the autodetection works 100% of the time. The user experience is much better than with KeepassXC. No more copying and pasting passwords.

Since I use the TOTP feature, I decided to grab a premium membership. That way, I also support the company — two birds with one stone.

Another thing about Bitwarden is that it uses PBKDF2 when KeepassXC used Argon2 which is considered more secure. However, there has never been any incident where PBKDF2 was cracked, provided that the passphrase used was strong enough. By default, Bitwarded uses 100k as the iteration count, which might not be high enough if you use a weak passphrase but personally, I think it’s good enough.

If you’ve been using KeepassXC, I encourage you to try out Bitwarden, I’m sure you’ll fall in love with it like I did.