- AI networking a focus of HPE’s Juniper deal as Justice Department concerns swirl
- 3 reasons why you need noise-canceling earbuds ahead of the holidays (and which models to buy)
- Unlocking the Future Through the Industrial Strategy: A Policy Blueprint for the UK's Digital Transformation
- Your power bank is lying to you about its capacity - sort of
- Linux Malware WolfsBane and FireWood Linked to Gelsemium APT
Open Source Password Managers: Overview, Pros & Cons
Password managers are becoming increasingly popular. Fueled by the frequency with which user passwords can be compromised via phishing and brute force techniques, password managers are now seen as a more secure alternative. There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option.
In this article, we explain how open source password managers work, discuss their benefits and drawbacks and offer popular solutions from which to choose.
What is an open source password manager?
Most password managers are proprietary, meaning their code is designed and owned by a specific corporation and is not subject to change by users. Open source password managers, however, use code that is publicly accessible and can be modified by users.
Some open source password managers are available for free and allow a community of users to contribute to, revise and update the software over time. Other providers of open source password solutions are a hybrid between open source and proprietary — their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy. Some of these open source password management distributions are free to use but may have fees for maintenance and support.
Open source password managers and the various hybrid alternatives are especially popular in organizations that:
- Already have in-house expertise in open source tools.
- Have already implemented open source solutions broadly in the enterprise.
- Wish to keep costs low.
How do open source password managers work?
Open source password managers work in much the same way as their proprietary competitors. Some are locally installed and passwords are retained on the local device. Others are web-based and the passwords are stored in the cloud. Like proprietary password managers, open source solutions store passwords using encryption, require user authentication for access and integrate with web browsers and other applications.
Compared to closed, proprietary password managers, open source password managers offer more control over the application’s functioning. For example, an open source password manager’s source code can be modified to include a feature that comes standard in a proprietary solution. If a proprietary password manager doesn’t include a certain feature, there’s often no option to add it.
Open source password manager benefits vs. drawbacks
Open source password managers foster collaboration and community involvement, leading to developers contributing to the code to improve functionality. However, the reliance on community development can lead to stagnation or discontinuation. When it comes to using open source password managers, there are benefits and drawbacks. Users must balance the benefits with the drawbacks to determine if an open source password manager is the right choice.
Benefits of open source password managers
Here are some of the benefits of open source password managers:
- Open source password managers are either entirely free or far less expensive than proprietary competitors.
- Developers can customize the password manager to fit their specific needs and workflows.
- With the eyes of an entire open source community on the source code, there is a greater chance that vulnerabilities will be spotted and can be corrected before serious harm results.
Drawbacks of open source password managers
There are, of course, a few drawbacks in opting for an open source solution over a proprietary password manager.
- Enterprises deploying open source tools need to have access to skilled developers who know open source code well and have security and integration expertise.
- Open source tools typically lack the support provided by other password management vendors.
- Usage licenses for open source tools can sometimes be restrictive and may lack the security warranties and accreditations that some industries require.
Popular open source password managers
There are a large number of open source password managers. The most established ones include Bitwarden, Buttercup, KeePass, Passblot and Proton Pass.
Bitwarden
- Bitwarden is probably the best known open source password manager.
- It can be integrated into just about any web browser.
- It can run in the cloud or locally.
- Bitwarden has pricing plans for organizations large and small.
- Pricing is between $4 to $6 per month per user.
KeePass
- KeePass is best for Windows-based systems.
- It offers multiple strong encryption options.
- It is primarily designed for desktop use, but plugins can be used for access via web browser.
- KeePass is free but users will need to engage in its user community for support.
Passbolt
- Passbolt can be self-hosted or run in the cloud.
- The community edition is free.
- The enterprise edition costs $49 per month for 10 users and includes support, SSO, account recovery and other features not found in the community version.
- Higher education, local government and IT organizations are among the key use cases for Passbolt.
Proton Pass
- Proton Pass adds to the Proton product portfolio that includes ProtonMail and Proton VPN.
- The user base tends to mainly be those using other Proton products who want to add a password manager.
- It costs about $2 a month per user.
Buttercup
- Buttercup is a largely local tool but can be extended into the cloud.
- It focuses on individual users of macOS, Linux and Windows, but small and mid-size organizations use it too.
- It is free.
Should your organization use an open source password manager?
Open source password managers are attractively priced or sometimes completely free. That is a big reason why many opt for them. Organizations with internal resources trained on open source and familiar with its deployment should do fine with such tools. For those that lack expertise in open source and security, the best solution would either be a well-supported open source password manager (like Bitwarden or Proton Pass) or to seek a proprietary password manager designed for enterprises.
Similarly, those who seek heavy customization of password management or have very specific security needs may find open source tools provide more freedom. But with freedom comes responsibility. Those deploying an open source password manager should be willing to solve many of their issues internally or rely on the user community to crowdsource solutions.