Using a trusted password manager has become one of the top methods of password storage. But these apps are not all one and the same. Some password managers are open source, while others are closed. So, what's the difference between an open and closed source password manager? And should you stick to the former for increased security?

What Are Open and Closed Source Password Managers?

If you're into software development, or just technology in general, you may already know the difference between open and closed source software. But if not, don't worry. It's pretty easy to understand how these programs differ on a basic level.

In short, an open source program has its code open to the public. In other words, anyone can view and access the code. This doesn't mean that the original program can be edited by just anyone, but allows individuals to alter the app for their own use, identify bugs and vulnerabilities, and become part of a community focused on improving the software overall. In other words, if a person decides to modify the open source software of a password manager, that doesn't mean it will affect your version of the app.

However, open source software communities are often helpful in alerting companies of issues within their code, which can allow them to save money and time, as well as avoid technical issues and hacks.

Closed source software, on the other hand, does not offer its code to the public. It remains under the control of the legal owners (often the company or individual who developed it, or the party that bought it from the original owners). Random individuals do not have the right to modify, copy, or add to closed source software. Again, this can only be done by the legal owners and those who have official permission.

close up shot of code on computer screen

When it comes to open source password managers, those who wish to alter, copy, or add to the software for themselves or others can add more useful features, iron out security issues, and even make the app more enjoyable to use. When the password manager is closed source, however, these options are not available to just anyone, which many argue limits the program and its potential.

So why, exactly, should you consider an open source password manager? What are the benefits?

Why You Should Use an Open Source Password Manager

When it comes to password managers, security should always be your priority. While ease of use, cost, and other factors also come into play, you need to know that, above all else, your passwords are being protected. But how can an open source manager help with this?

Let's start with vulnerabilities. Software vulnerabilities are commonplace, and come in the form of errors in programming code. Code bugs are sometimes minor, while others cause huge issues. Not all code errors are security risks, but those that do pose such dangers are known as vulnerabilities.

A vulnerability is essentially an avenue that malicious actors can exploit to attack a program. This may be very small, and only give a cybercriminal limited advantages, or can be so dangerous that they make the software itself an open door to hackers. Reputable software developers do what they can to iron out vulnerabilities before releasing a program, but if the program's code is particularly extensive, this can be tricky.

This is where open source code can come in handy. When a password manager's code can be read by anyone, the chance of spotting a vulnerability becomes that much higher. With more eyes on the code, it becomes easier to identify and weed out these bugs. A lot of companies are alerted of security vulnerabilities from their community, not just their cybersecurity team. Having another group of individuals checking over code can be invaluable, both for developers and users.

When an experienced coder looks over a program's code, it can also be considered an audit. Security audits can be performed by a company's own team, an official third party, or those who simply know what to look for. Of course, a company cannot use an uncredited individual's audit as oath. Legitimate audit firms are needed to confirm the integrity of a program's code. Many reputable VPNs are independently audited, as it's important to confirm that their software and policies are up to scratch.

However, if hundreds of individuals say that a program's code is faulty, you then have something to consider before signing up for the password manager in question.

And this is especially useful if the password manager you're looking at has not gone through any independent audits. An independent audit takes place when the software code is assessed by an unbiased third party, rather than members of the company that developed the code itself. This kind of objective examination can highlight flaws that the software providers may not want known by the public. We'd all like to think that companies are always honest with us, but this sometimes isn't the case.

That isn't to say that closed source password managers are not safe. A closed source app can still be secure if the developers ensure they employ adequate security features and run regular audits. On top of this, open source password managers can still be hacked or run into technical issues. The key point here is that publicizing the code lets more people check for bugs, weed out vulnerabilities, and make their own modifications.

person using password manager on smartphone
Image Credit: Ervins Strauhamanis/Flickr

Additionally, open source software can come with drawbacks, such as restrictive usage licenses and intellectual property disputes. Open source software also doesn't come with security warranties, which is something to keep in mind.

But there are some undeniable perks that come with using open source password manager apps, perks that closed source apps simply don't offer.

Top Choices for Open Source Password Managers

There are a number of great open source password managers out there today, such as:

  • Bitwarden.
  • Psono.
  • KeePass.
  • Passbolt.

Again, not all closed source password managers are unsafe—not by any means. Whether a software program is open or closed source does not affect the security features used, and the privacy policies enforced by the mother company. There are also closed source password managers out there that are considered to be highly secure, such as 1Password and NordPass.

But if you want that added layer of security in your password storage app, it might be wise to consider installing, or switching to, an open source password manager.

Open Source Password Managers Have Some Useful Advantages

If you're looking to keep your password as safe as possible, it's worth considering an open source password manager app. This way, you can enjoy the security features offered by the app, as well as the added knowledge that its code is being looked at by tens, hundreds, or even thousands of other people.