The 5 Best Open-Source Password Managers
If you use a computer to get online, then you’ve probably created a number of accounts across various websites. Some of us are juggling dozens. You may even have hundreds. A password manager can help you, your family members, and your work colleagues avoid the unsafe practice of using the same few passwords everywhere.
Most of the well-known options are proprietary web services that require you trust a profit-driven company with your online house keys. Open-source password managers keep these credentials in your hands only. You can install or self-host all the options on this list on your own machine. Which one is right for you?
KeePass is the granddaddy of open-source password managers, having been around since the days of Windows XP. KeePass stores your passwords in an encrypted database that you can access via a password or digital key. You can import and export passwords in a wide variety of formats. Plus a larger number of plugins and variations have sprung up over the years, such as KeeWeb and KeePassX.
Since KeePass is primarily a Windows app, there are quite a few adaptations out there for other platforms. KeePassX is a cross-platform version primarily intended to provide a more Linux-friendly version. If you use the GNOME desktop environment, you may want to check out Password Safe, which will look more at home with the rest of the interface. Committed open source enthusiasts can even run the app on a Purism Librem 5.
KeeWeb is a web app that you can run inside a web browser (we recommend using Firefox and optimizing its privacy settings ) or download as a standalone electron app, allowing you to access your KeePass database regardless of which machine you’re on (assuming you have a copy of your database available).
KeePass can also function as your team password manager. The simple approach is to store the database somewhere accessible to everyone on the team, with only the IT administrator having permission to change the file.
Download: KeePass Password Safe (Free)
Are you a LastPass user looking for a more transparent alternative? Check out Bitwarden. This is a web service that you can access from any computer with a web browser. There are also mobile apps available for Android and iOS.
If you head over to Bitwarden’s website and sign up, you will run open source software but still save your passwords on the company’s servers. That’s not going to sit well with everyone, which is why you can self-host your own instance.
While Bitwarden is great for individual use, the service is just as suitable for small groups or large businesses. You can share passwords and a few files across various user groups, secure access with multifactor authentication, and audit logs. An API is available for you to integrate Bitwarden with your organization’s tools.
Bitwarden runs on servers, in your browser, on your desktop, on smartphones, and via the command lines. Source code is available for all of these versions, under the GNU General Public License 3.0 (GPL 3.0) or GNU Affero General Public License (APGL).
Bitwarden vs. LastPass
The biggest difference between Bitwarden and LastPass is that Bitwarden is open source with its code made available on GitHub. That means its code is fully auditable for potential backdoors and other security issues. On top of that, Bitwarden offers self-hosting options, meaning you can run it on your own server or computer without dealing with the security hazard of using a middleman.
Download: Bitwarden (Free)
Passbolt is a self-hosted password manager designed specifically for teams.
Passbolt integrates with online collaboration tools such as your browser, email, or chat client. You can self-host the program on your own servers in order to maintain complete control of the data, which is encrypted using GnuPG.
The project is licensed under the APGL. At times when you need more functionality, you can extend Passbolt by building on top of the JSON API.
Teams without the expertise or infrastructure to self-host can use a cloud version that Passbolt provides. The developers behind Passbolt are based in Luxembourg.
Download: Passbolt (Free)
Psono is another option for teams looking for open-source enterprise password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.
In addition to sharing passwords, you can also manage files or folders. Browser extensions are available for both Mozilla Firefox (our preferred browser) and Google Chrome.
Psono is free for small teams, but larger companies will need to pay based on the number of users. Psono appears to come from a single developer, but at least the website is open about this. Such is the reality for many open-source tools. But with the code fully available, you’re free to extend or maintain the software as you wish.
Download: Psono (Free)
Teampass is a team-oriented password manager with a few characteristics that warrant a place on this list. One is an offline mode, where you export your items to an encrypted file that you can use in locations without an internet connection.
Teampass isn’t the prettiest app, but the layout is functional in a way that many might prefer. You can quickly define roles, user privileges, and folder access. You can then organize folders using a tree view.
Teampass is another tool that comes from a single developer. The software is licensed under the GPL 3.0, so you’re free to make whatever changes you like, as long as you don’t use the code in a proprietary product.
The software is free to use, but you have the option to pay for support.
Download: Teampass (Free)
The Best Open-Source Password Managers: Summary
The number of self-hosted password managers available today mean you no longer have to trade away control for convenience. You can run software on your own servers, with code that you can audit, and access passwords via a web browser or smartphone. The end experience is comparable to LastPass, 1Password, Dashlane, or any other proprietary service that requires you trust another company to safeguard your credentials.
Each of these open-source password managers encrypts your data. They also give you the choice to secure your encrypted data using multifactor authentication via apps (like Duo or Google Authenticator) or dedicated devices such as YubiKey.
Is self-hosting as easy as signing up for a cloud service? No. But a committed home user who knows how to follow instructions can set up any of these services. A company with resources to hire experienced web admins and developers may find this to be an easier approach than trying to convince a service provider to add in any extra features they require.
Open-source password managers aren’t the only way of securely storing credentials. There are other options out there, such as security-focused password managers. And for those concerned about how passwords are transmitted, for the open-source community, there are a variety of open-source VPN providers .