Bitwarden Lastpass



You are looking for a LastPass alternative? Recently LastPass changed their free tier – which was a less than popular decision which makes it pretty much unusable for many users. Fortunately I use a very different solution to store my passwords and here I am sharing how to do this: just host a password manager yourself. Ditch LastPass and instead use the great self hosted password manager Bitwarden.

Bitwarden Web Vault. Bitwarden has similar security to LastPass, including AES-256 encryption for your vault and a zero-knowledge model. However, the source code is also publicly available, allowing anyone to dig. Securely share passwords with any user Unlimited password sharing with LastPass Premium vs zero sharing with Bitwarden Premium. Protect your account against threats 24/7 Automatically detect threats in real-time while Bitwarden users must manually run security reports. What follows is a list of some alternative password managers and where you can find instructions for importing your LastPass data.

Lastpass
How to install Bitwarden_rs with Docker

LastPass alternative or why you should self host your password manager

Lastpass

I am not a huge fan of storing data as important as all your password in an external service. Of course it is convenient but you basically give control over your whole (online) life to someone else. And even if they do not deliberately misuse this data it is enough for them to make one mistake in securing it. Managing all this important data makes them a great target.

Or imagine for a second – the totally unrealistic – idea that the company hosting your data just decides to randomly change their payment policies 😉

Instead I am personally a huge fan of self hosting these kind of important services. With todays technology like Docker and cheap computers like the Raspberry Pi it is easier than ever before.

I have written here about my small smart home server which runs Docker(-compose) and is pretty easy to set up. Just follow the guide and run this docker-compose file from my GitHub repository. I do also have access to a bigger server which runs all kinds of software for family and friends. It also uses a Linux distribution and hosts all the software in Docker containers. Installation of Bitwarden was pretty simple with this setup. Here is how to do it.

Bitwarden

Bitwarden is now the best free password manager for most people—since it works across all of your devices to add convenience and security to your logins—and setting it up is quick and easy.

How to install Bitwarden_rs with Docker

First lets talk about how Bitwarden works. Bitwarden can be used just like any online hosted service by paying a monthly fee (or using the free version to give it a try). It is open source which I personally really like for such an important piece of software. The best part is though that all official clients allow you to switch to a self hosted server instead of using theirs.

Bitwarden vs bitwarden_rs

So we can host our own Bitwarden server. But how exactly? There is a pretty extensive documentation on how to do that provided by Bitwarden. Personally I found it overly complicated as I was just looking for something I could include in my already running Docker-compose setup.

Instead I found Bitwarden_rs a Bitwarden compatible server written in Rust and also open source. While it is not official or developed by the company behind Bitwarden for me it worked really well and the installation is much easier.

Running bitwarden_rs via Docker-compose

So lets install bitwarden_rs. First you need a Server that is able to run Docker. While MacOS and Windows are now able to do that just do yourself a favor and use a Linux based system. Ubuntu or Debian server distributions are pretty good and easy to setup and use.

Next you need to install Docker. This can usually be done via the packet manager of the distribution you choose. Once it is done you need to also install Docker-compose. Sometimes this can also be done via the packet manager, sometimes (like on the Raspberry Pi) it is a little bit more complicated. For the Pi I described it here.

Now we can finally use Docker to start our Server. Created a bitwarden.yml file with this content:

This will require you to also create a .env file containing the variables in {}. Mine looks like this

You should also pay attention to the ports that are exposed here. Port 3012 is used for websocket communication, port 80 for the web interface. Here I redirected it to port 5080 on the outside. You can change it to any port you want to use.

Bitwarden Lastpass

You can now start the server via docker-compose -f bitwarden.yml up -d. Just wait a while and you should be able to open the webinterface on the port you specified. You can also use docker-compose -f bitwarden.yml logs -f to check the logs for the container.

You should now be able to download the official Bitwarden clients for any platform (there are also Apps for Android and iOS) and use them. Before login in make sure to find the option to use a custom server and point it to the machine you are using to host your bitwarden_rs server.

Making your server accessible from everywhere

Bitwarden Lastpass Import

Now there is one drawback to this approach so far: your server is only accessible inside your network. Great for security but pretty inconvenient. You could use a VPN to access your network from anywhere but I chose to go another route. I pointed a (sub)domain I own to my router (dyndns) and used Traefik as a reverse proxy to point incoming requests to the right Docker container on my server.

Sounds complicated? Well it is but once you understand the concept it is actually pretty easy to set up with Docker. I will write a more in depth article about this but here is the short form: I point password.my-domain.com to my dyndns service. This service always points to my router. The router forwards incoming HTTPS traffic to my server.

On the server runs Traefik (still in version 1) on Docker. This so called reverse-proxy inspects the incoming requests and decides based on the password.my-domain.com subdomain that this needs to be routed to the bitwarden_rs container. It also automatically creates lets encrypt certificates for secure access. Once Traefik is running this setup can actually pretty easily be handled via labels in Docker-compose. This is how it looks like for the Bitwarden server.

Bitwarden Lastpass Reddit

The labels tell Traefik to redirect incoming traffic for the password subdomain directly to port 80 on the bitwarden_rs server. No external ports needed actually. The same is dome for password.domain.com/notifications/hub wich is the websocket traffic that is directed to port 3012.

Bitwarden Transfer From Lastpass

As Traefik itself is run from another Docker-compose file I also crated a custom Docker network called traefik_proxy that connects all containers that should be available via the proxy.

More LastPass alternatives

Lastpass

There are a lot of other password managers out there but Bitwarden is pretty good. I personally often use another program that seems to be even more secure: KeePass (2). It looks pretty old and does not come with a server at all. It works very well though and saves all its data in a encrypted file. I use my own Nextcloud instance to sync this file with my mobile devices, but something like Dropbox should also work. There are Apps for all major platforms supporting this.

Whatever solution you choose in the end: think about security and control as much of it yourself as possible.