Password Manager: Let’s Give Bitwarden a Chance!

I have been using password manager since 2017 since I think there should be an easy, secure, and handy mechanism to deal with passwords. Of course, by using password manager, life is a little bit easier.

And, I chose LastPass. Last year, I still renewed my premium subscription for US$36 per year. LastPass works really well, but at the same time I am sure other password manager applications — like 1Password, DashLaneKeeper — share similar quality of features. But, it’s about choice.

Most “popular” password manager applications also offer similar subscription price, around US$36/year. My LastPass subscription will end next April, and I am thinking of moving to other application that does its basic jobs like storing password (of course!), generating good passwords, and managing credentials in categories/folders. Also, it should be also work on multiple devices and browsers.

After reading many articles, I decided to give Bitwarden a try. And, I read pretty much information about Bitwarden. One of the big differences with other password managers is that Bitwarden is open source. The other reason is on the pricing. It’s only US$10/year for personal use, or US$40/year for personal (family/organization).

My decision is not related to LastPass’ upcoming plan regarding the limitation for the free account since I was a paying customer since day one. According to a blog post:

We’re making changes to how Free users access LastPass across device types. LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type

LastPass blog: Changes to LastPass Free

From the interface point of view, it’s not that beautiful — at least compared to LastPass. But hey, it’s about the features. As long as it works for me, I am fine with the interface.

About Bitwarden:

  1. Bitwarden official site
  2. Bitwarden on GitHub
  3. Bitwarden apps (desktop, mobile, including CLI)
  4. A detailed review about Bitwarden. CNET has some basic comparisons of multiple password managers.

Third year: LastPass

I started using LastPass for my password manager application in March 2017. So, this year, it’s my third year now. Before LastPass, I used 1Password. I didn’t remember the exact reasons why I switched to LassPass, but I think it was about the integration with applications in mobile devices.

I am satisfied with LassPass features. For some people, Google’s Password Manager will work. But, when it comes to more complex password and identity management, I think LassPass fits me more.

Is LassPass free? Unfortunately, not. I started my subscription for US $12/year (for Premium package). A year later, LassPass increased its pricing to US $24/year. And, this year, they increased the subscription pricing again to US $36/year.

Hat tip: LassPass was acquired by LogMeIn back in 2015.

LassPass offers competitive pricing compared to its competitor like DashLane (US $40/year), 1Password (US $36/year), and Keeper (US $30/year). Since LassPass works for me (until today), I think I will keep my subscription.

Trojan for Firefox: Trojan.PWS.ChromeInject.A

Here are a news about trojan from Greasemonkey — a Firefox addon. It is identified by BitDefender.

BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A” (the ChromeInject suffix refers to the Chrome component of Firefox). The trojan installs itself into Firefox’s add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.
Please note, this trojan is not actually the Greasemonkey add-on, and only identifies itself as such. Mozilla has confirmed that the official Greasemonkey release contained within Mozilla’s own extension repository (and available here) is malware-free. If you’re currently using Greasemonkey or are interested in doing so, there’s no reason to avoid the legitimate add-on at this time, so long as you download it from Mozilla’s page or an equally trusted source.
Source

What does this trojan do?

Once installed, the trojan is capable of identifying over 100 web sites. When an infected user visits a site the trojan recognizes, the parasite comes to life and records the login/password details being transmitted. Presumably it then goes back to sleep, quietly keeping an eye on further system activity.

How's your wp-config.php file?

WordPress relies on wp-config.php file to connect to database. Here, there are some basic settings about our WordPress installation like database-related information and language interface. When we upgrade our WordPress installation to new release, we can have our WordPress blog running without problem, even without touching wp-config.php file.
But, in some release, there are some new settings that should be — well, I’d rather say ‘recommended’ — added. For example, WordPress 2.5 introduced a new setting called SECRET_KEY. Read more about this new at Ryan Boren’s blog or WordPress Codex.
Do you have those setting in your wp-config.php? If not, it’s time to add it.
For the next release, there will be another new settings that can be added. So far, there will be WP_POST_REVISIONS. It’s related to Post Revisions feature that will be introduced in WordPress 2.6. Since I have taken the decision not to use that feature, I will turn this feature off for my coming upgrade. So, right now — I’m still using WordPress 2.5.1 — I added a setting to disable Post Revisions feature in my wp-config.php.
It’s always a good idea to have wp-config.php has the recommended settings, according to WordPress version we’re using. It’s never too late to fix your configuration file.