Where to Store My Passwords?

Where to Store My Passwords?

Password Managers vs Default Browser Passwords

The importance of strong, unique passwords for each online service cannot be overstated. This is where password managers come into play, offering a secure and efficient way to manage the multitude of passwords we rely on daily. Among the various solutions available, cloud password managers like Bitwarden and browser-integrated solutions such as Google Password Manager stand out as popular choices. Both approaches aim to alleviate the burden of remembering complex passwords, while also enhancing security. However, they do so in distinct ways, with differences in features, security measures, platform integration, and cost. Understanding these differences can help users make an informed decision on which password management solution best fits their needs. Let's delve into a comparison of using cloud-based password managers like Bitwarden versus relying on browser-integrated solutions like Google Password Manager to highlight their strengths and limitations.

Comparing cloud password managers like Bitwarden with Google Password Manager involves examining several factors such as security, features, platform integration, and cost. Here's a breakdown of these aspects for both:

1. Security

  • Bitwarden: Offers end-to-end encryption, meaning your passwords are encrypted on your device before being uploaded to the cloud. This ensures that only you have access to your passwords. Bitwarden's security architecture is open source, allowing for community review and audits. Also when saved to Bitwarden's database, the password is encrypted with your master password. So, you are managing the encryption key.

  • Google Password Manager: Integrated into your Google Account, it also provides strong security measures. Encryption is used both in transit and at rest, but Google manages the encryption keys. Google's infrastructure is robust and benefits from the company's extensive security research and development.

2. Features

  • Bitwarden: Offers a wide range of features, including password generation, secure sharing, two-factor authentication (2FA), and the ability to host the service yourself for additional control. It supports a broad range of devices and browsers through extensions, mobile apps, and desktop applications.

  • Google Password Manager: Seamlessly integrated with Chrome and Android, making it convenient for users heavily invested in the Google ecosystem. Features include password generation and a security checkup tool. However, it might lack some advanced features found in dedicated password managers like Bitwarden, such as the ability to share passwords securely with others.

3. Platform Integration

  • Bitwarden: Designed to work across many platforms and browsers. This cross-platform support ensures you can access your passwords from any device or operating system.

  • Google Password Manager: Best integrated with Chrome and Android. While it offers a high level of convenience for users within the Google ecosystem, it might not be as straightforward to use with non-Google browsers or operating systems.

4. Cost

  • Bitwarden: Offers a free tier with most essential features. Premium plans are available at a relatively low cost, providing additional features such as advanced 2FA options, encrypted file storage, and priority customer support.

  • Google Password Manager: Free to use for anyone with a Google account. There is no premium tier, as the service is included as part of the broader Google ecosystem.

5. Attack Scenarios

5.1. A malicious user got physical access to your computer

Using Google Password Manager, this user will access all websites with passwords you saved in the Password Manager.

Using Bitwarden, and activating prompt for Master Password on each auto-fill, the user will not be able to access any account.

5.2. A malware was installed on your computer

Using Google Password Manager, many malware showed that they can decrypt the passwords and read it in clear text.

Using Bitwarden, this case is not that straightforward, however, for planned malware that installs key loggers, they will ultimately read what you are typing and get your passwords.