I switched to Bitwarden when LastPass started using silly tactics to make customers pay. I didn't switch because of the price - the service pricing of Bitwarden was a pleasant surprise.
I switched because I lost all trust in LastPass.
Managing credentials and sensitive information is all about trust. The second I lose trust in that kind of service, I don't just stop using it, I will most likely never even consider coming back as a customer and I will warn people against them. I don't give second chances to services that are trust based.
I'm pretty happy with Bitwarden so far. But if they betray my trust I'll be out of there in a day, never to return. I switched from LastPass to Bitwarden in a day. LastPass never gets a second chance.
What the VCs have to understand is that if their greed makes them push Bitwarden to engage in silly tactics, they risk driving away their customer base.
> I don't give second chances to services that are trust based.
You might run out of services then at some point.
Human beings are fallible, full stop. Also, a company isn't an individual -- management teams change, corporate priorities change, security practices improve. Judging a whole company by what a few employees did or didn't do a decade ago isn't always going to yield an optimal approach.
Refusing to give any company a second chance ever is pretty extreme. Each individual case needs to be handled on its merits -- what happened, why did it happen, do you think the company learned and implemented new policies, how many other undiscovered vulnerabilities do you think are still there? But also, how many other undiscovered vulnerabilities do you think are still there for competitors as well? Just because a competitor hasn't had a breach doesn't necessarily means it's better, it might just be lucky so far.
2001-2007, I had multiple bad experiences with Compaq, Lexmark and HP. These were so bad in terms of cost and frustration I vowed I would never buy their products or services again. It's been... 15+ years. The tech world of today is not quite the tech world of 2003. Should I ever bother with a Compaq or HP again? I probably won't, but the 'avoid at all costs' just isn't there with me any more. Perhaps I've mellowed slightly in the past 15-20 years.
I am still firmly in never-again-Hewlett-Packard camp after almost 20 years.
The final straw for me was purchasing an HP laser printer (probably the 6th or 7th one I ever bought) and it shockingly had the same extreme-low-quality level that I had experienced with HP laptops, CD ROM drives and other peripherals.
It is probably not fair but I blame Carly Fiorina for this degradation of once reliable hardware manufacturer.
Compaq hasn't existed in any meaningful sense in 10-15 years. HP formally retired the brand in the early 2010's, although it had all but faded away several years prior to that.
> Judging a whole company by what a few employees did or didn't do a decade ago isn't always going to yield an optimal approach.
Not the OP but i have a similar stance. However a mistake from individual employee doesn't mean that i instantly loose trust. Its the handling of the mistake what matters to me. Sweeping it under the carpet, dening their mistakes or outright lieing about mistakes is what results in me loosing trust.
> You might run out of services then at some point
I prefer using services for my password management (I'm a bitwarden user who's currently happy as well), but I would jump back to some sort of self-hosted or even offline/manual sync solution if I thought that was the only way to keep my passwords safe. I like the convenience of a service, but I would sacrifice it over my security if it got to the point where I had to choose between the two.
I actually used to use KeePassXC and have my (encrypted) password file sync'd through Dropbox, but their Android client changed to no support a way to have the file stored offline but also automatically sync changes, so I ended up swapping to Bitwarden. In the past I had used Nextcloud instead of Dropbox, so that would probably be one of my first ideas if I did end up deciding to stop using bitwarden.
Any reason not to use Password Safe[1]? It seems to do it all and doesn't require you to trust some Move Fast And Break Things startup's online service.
BitWarden is based almost entirely on open source so it's possible to branch the project. Given some of the language on their website and their more recent attitude towards OS licenses, my prediction is that they will use the new funding to build as many closed source modules as possible to increase user switching costs, similar to what Google is trying to do with Chrome on top of Chromium. But that is a slow process that takes years, and a lot can happen between now and then.
I don't think Dell or HP make their own computers anymore - consumer stuff is all outsourced to Taiwanese/Chinese OEM's (Quanta,Wistron etc ...) - they probably still only make servers in house.
Here we go again: Some company (in this case, Bitwarden) "betrayed" its customers by doing what every other firm does. And Hn goes brrr over it.
I wonder, aren't the majority of HNers working at a for-profit company funded by VCs?
> What the VCs have to understand is that if their greed makes them push Bitwarden to engage in silly tactics, they risk driving away their customer base.
They don't care as long as they can extract their profit before that happens. This is VC, they will prioritize medium term gains over long term stability.
On HN, VCs are either ruthless short-term profit extracting machines or overly optimistic clowns investing in hopelessly unprofitable companies on the promise of future growth, depending entirely on the point currently being made.
tbf both may very well be true at the same time. There's certainly a larger number of both AI powered juice makers as well as "freeze your head" longevity startups than anywhere else
I bailed on lastpass when they doubled the annual price for the second year in a row. They had also just been acquired by LogMeIn, who didn’t have a great reputation.
I don’t know if I can manage another service switch. I can do it just fine, but my wife is more resistant to these kinds of changes and we need to be on the same page on this.
LastPass pricing model is what turned me off. I am happy to pay for services I use regularly, but I remember the pricing model didn't seem appropriate for what they were offering. The short cutoff period added insult to injury.
I checked out Bitwarden and it seemed like a better version of LastPass that just happened to be free. Their paid model doesn't appeal to me so I don't subscribe, but I would enjoy paying if they offered something that did.
(Off-topic: Bitwarden seems like an exact LastPass clone all the way down to the UI. Do they share a similar codebase or something? Like was one forked from an OSS version of the other?)
Same, I even remember paying for LastPass for a bit. It was more that I wanted to support a service I liked (same reason I pay for other services). Though I find BW's paid model a bit surprising. I know it is only $10/yr, but the only real value here is 1GB storage and yubi/fido keys. I don't have yubi keys (they seem cool but also a pain in the ass) and 1GB seems rather small.
Looking at Google, Dropbox, and Apple, storage pricings range from 4GB/$ (Apple) to 20GB/$ (Google's 5+TB plans). I'm willing to bet that offering 5GB would make it more worthwhile and a very small fraction of your users would actually use it. What are you going to store? Your passport photo and driver's license? I wonder if there would be a psychological effect here because it is really hard to tell if 1GB is enough or not. At least your average person has no idea.
One paid feature that can be very important is designating emergency access contacts. A family member had a stroke last year (doing much better now) and one thing that made life much easier was having access to his passwords - in this case because I'd set him up with Keepass years ago and still had the password saved.
Ugh, I'm paying for LastPass because I haven't gotten around to switching to Bitwarden yet. They list a monthly price, but they actually charge you annually, so you're essentially locked in for a year (if you want to make the most of your money).
I didn't mind paying for Lastpass, but I started planning to move away when they were bought by LogMeIn because I've seen that company's acquisitions before.
Jumped from a paid LP plan to a Bitwarden family plan with sharing and emergency access and quite happy.
I mean, it's not as if these companies care for customers like you anyway. What they want is someone who is willing to purchase their product w/o making a fuss about the negative parts of their business. In fact, I bet LastPass is happy you left.
Doesn’t really matter what Lastpass did wrong, does it? The point is that trustworthiness is the single most important value for someone who wants users to entrust them with their credentials. Another point is how easily they can lose users. The poster lost trust in them, and was able to swap them out in a day.
I switched because I lost all trust in LastPass.
Managing credentials and sensitive information is all about trust. The second I lose trust in that kind of service, I don't just stop using it, I will most likely never even consider coming back as a customer and I will warn people against them. I don't give second chances to services that are trust based.
I'm pretty happy with Bitwarden so far. But if they betray my trust I'll be out of there in a day, never to return. I switched from LastPass to Bitwarden in a day. LastPass never gets a second chance.
What the VCs have to understand is that if their greed makes them push Bitwarden to engage in silly tactics, they risk driving away their customer base.