KeePass vs LastPass: Will Open Source Win in 2020?
Since the beginning of time — in our case, the beginning of the internet — people have been arguing about open source versus commercial software. Commercial products come with the benefit of usually being more accessible, while open-source software can feel like you need a degree in computer science. We’re going to compare two such products in this KeePass vs LastPass matchup.
These two tools sit among the best password managers around, able to keep your passwords secure across multiple devices. However, they cater to far different audiences, with LastPass focusing on usability and KeePass on functionality.
We’re going to compare the two across a series of rounds, covering their security, pricing, ease of use, support and more. That said, we recommend that you read our LastPass review and KeePass review to get a better understanding of how these tools perform against the larger password manager market.
Setting Up a Fight: KeePass vs LastPass
Over the next seven rounds, we’re going to compare KeePass and LastPass point for point, getting into detail about where they excel and where they fall behind. Each round is worth a point, and at the end of the comparison, we’ll tally the points to declare a winner. That said, our ranking isn’t all you should consider.
KeePass and LastPass are two password managers on opposite sides of the spectrum. LastPass is a focused, streamlined experience that lets security live in the background. KeePass, on the other hand, gives you control, sacrificing usability in favor of greater functionality.
They appeal to very different users, so declaring one as definitively better is tough. Thankfully, both offer excellent security, which is the most important aspect at the end of the day. Because of how different these tools are, we recommend that you read through each section to get a feel for the features and functions that are most important to you.
- 1
- 2FA
- Zero-knowledge
- Multi-device sync
- community Mobile apps
- Free plan
Free - 2
- 2FA
- Zero-knowledge
- Multi-device sync
- Mobile apps
- Free plan
1. Security
KeePass and LastPass are both excellent password managers when it comes to security, though they have some different hurdles to overcome. LastPass is a browser-based tool, allowing you to store as many passwords as you want and sync them across your devices. KeePass, on the other hand, is a local-only password manager.
Much like the Steganos Password Manager, KeePass doesn’t offer multi-device sync on its own. The only way you can sync your passwords is by using a third-party plugin that integrates with some of the best cheap cloud storage companies, like Google Drive (read our Google Drive review). Consequently, that also means that syncing is tough to regulate.
KeePass is an open-source password manager, but unlike Bitwarden, it takes a very hands-off approach (read our Bitwarden review and see how Bitwarden compares to LastPass). Because of that, it’s hard to say if unofficial add-ons or ports are as secure as the source code. If not handled properly, some plugins can inject malicious code into your KeePass directory, infecting your computer.
LastPass has tighter control over syncing, but that comes with its own concerns. For instance, LastPass suffered a data breach in 2015, with the attacker stealing tons of encrypted passwords. Thankfully, because of LastPass’ zero-knowledge model, no user account data was compromised.
Talking Encryption
With storage out of the way, let’s talk encryption. As a word of caution, we’ll be getting into the weeds here, so be sure to read our description of encryption if you don’t understand the concepts.
Out of the box, both of our competitors protect your data using AES-256 encryption. However, KeePass goes a step further, with support for ChaCha20 in the base installation, plus Twofish, Serpent and GOST through unofficial add-ons. AES-256 is the best option for most people, though, so we recommend sticking with it.
In order to unlock your data, both tools use a key derivation function, with LastPass using 100,000 rounds of PBKDF2. KeePass supports AES-KDF and Argon2 in its most recent Edition, the latter of which is more modern KDF.
Although KeePass uses more modern encryption algorithms, LastPass’ security is more than enough to keep you protected. For us, the concerns surrounding the use of third-party plugins are too big to ignore. Because of that, we’re going to give the win to LastPass, though KeePass is still a fine option as long as you thoroughly vet the plugins you use.
2. Pricing
Although we normally have a “free plan” round in our password manager comparisons, we’re combining it into the pricing round for this match. That’s because KeePass doesn’t actually have any pricing. It’s completely free; the only way to support the development team is through a donation button on the website.
However, that doesn’t mean KeePass is the automatic winner. LastPass actually beat out KeePass in our best free password manager guide. That’s because LastPass offers multi-device sync on its free plan, as well as mobile apps. KeePass also has these features, but only through third-party add-ons and unofficial ports.
LastPass offers more to those who choose to pay, too, giving you the ability to share passwords and automatically fill passwords on your desktop. Furthermore, LastPass Premium subscribers get priority support. With KeePass, your support options are limited to the community forums.
If KeePass were going against any other password manager, it would be an easy decision because, well, it’s free. Considering how much LastPass offers on its free plan, though, we’re pushing the win into its corner for this round.
3. Ease of Use
Unfortunately, this round is pretty cut and dry. KeePass is a free, open-source tool, and LastPass is a commercial product. Being “open source” doesn’t inherently mean that a piece of software is more difficult to use, but that’s usually the case, especially compared to commercial products. In this KeePass vs LastPass battle, the stereotype reigns true.
KeePass is a local-only password manager, meaning you’ll need to download the app and any add-ons you want in order to access your passwords. Although it’s not the end of the world, the process doesn’t feel worth it unless you’re a techie. Densely packed with options, KeePass has a convoluted interface that doesn’t play nice with technophobes.
That’s not to say KeePass is necessarily difficult to use, just that it’s not very accessible. With nothing in the way of hand-holding, you’re forced to dig your way through its various options to discover what they do.
Password managers are all about making the browsing experience easier and more secure, so while we can appreciate KeePass’ various settings, we’re forced to point out its regressive design.
LastPass is much the opposite. It’s exclusively based in your browser, allowing you to access your passwords no matter what machine you’re on or what operating system it’s running. The browser interface is a joy to use, too, with multiple filtering and organization options, as well as import support for a slew of other password managers.
Furthermore, LastPass has support for multiple different entry types. Along with your passwords, you’ll be able to store bank account information, your driver’s license number, health insurance information and more. LastPass even supports custom entry types, allowing you to create your own templates.
There’s really no contest here. KeePass has a dated and dense interface that, for most people, isn’t worth the hassle. LastPass may lack some of the knobs and buttons of its competitor, but it makes up for it with a streamlined and easy-to-use browser interface.
4. Features
KeePass may be a little difficult to use, but that’s because it’s stuffed to the brim with functionality. You’re given granular control over how you create, encrypt and store your databases, down to which authentication method you want to use and the form of encryption. You can even set the number of iterations for the key derivation function.
Our favorite feature, however, is KeePass Portable. As we’ll get into in the next section, KeePass only officially supports Windows, though there are ports for nearly every platform from the community. In addition to the Windows app, KeePass also has a portable version for Windows.
If you’re unaware, “portable” versions of software don’t require a local installation. Instead, you can load them on a USB drive or something similar and launch the software from any machine. With KeePass, that means popping your databases on a flash drive and carrying your passwords wherever you go.
You could argue that multi-device sync is the more elegant solution to that, and on that front, KeePass falls flat. Out of the box, it doesn’t support any form of multi-device sync.
That said, you can integrate it with your cloud storage services if you use plugins. For instance, KeeAnywhere allows you to sync using Amazon Web Services (AWS), Dropbox, Google Drive, OneDrive and more.
Comparing LastPass’ Features
By contrast, LastPass offers a more traditional list of features seen with other password managers. That includes a security challenge where you can view your weak, reused and old passwords, as well as seamless autofill across your browsers. It’s clear LastPass’ features are focused more on the user experience and less on functionality.
In addition to the security challenge, LastPass also includes an automatic password changer similar to Dashlane’s. However, based on our testing, it doesn’t really work.
On paper, LastPass supports eBay, Facebook, Twitter and more, but we couldn’t update our passwords on any of these sites. There are security concerns with automatic password changers, too.
Outside of that, LastPass offers Authenticator, a two-factor authentication tool that made our best 2FA apps guide. Although LastPass Authenticator is great, it’s not a password manager feature, per se. You can use Authenticator independent of LastPass.
This round is tough, as both of our competitors have a lot of features, but they are features targeted at far different audiences. We’ve already given LastPass’ usability a time to shine, so we’re going to go with functionality for this round.
5. Mobile Apps
As mentioned, KeePass is a local-only password manager, meaning there’s no browser interface. That also means there aren’t any official mobile apps. By default, it supports Windows Vista through 10, though no other platforms. Thankfully, there are a slew of unofficial ports for Android, iPhone, macOS, Windows Phone, BlackBerry and more.
LastPass doesn’t have the breadth of platform support, but it makes up for it with streamlined iOS and Android experiences. In fact, LastPass earned a spot in our best password manager for iOS guide. It’s an official port, too, meaning that if you encounter any issues, you can contact LastPass about fixing them.
That’s the biggest reason to use LastPass on the go. KeePass has more platform support, but you’ll need to try out multiple ports before finding the one that’s right for you. Many of these ports have a subscription fee, too. For instance, KeePassium, a port for iOS, costs around $15 per year if you want unlimited databases and settings.
The à la carte nature of open-source software is strong with KeePass, and although there are plenty of products and services available from the source code, you’ll have to seek them out on your own. With LastPass, your passwords are automatically on your mobile device; all you need to do is download the app.
6. Business Plans
Officially, KeePass doesn’t offer a business plan, though multiple users can access the same database, which could be useful in a business setting. LastPass, on the other hand, offers multiple plans for groups of users, covering everything from teams of fewer than 50 users to large enterprises.
Let’s start with KeePass. You can authorize multiple users to access the same database stored on some sort of network-attached device. However, KeePass doesn’t handle users individually. Each person who accesses the database must use the same master password or key file to unlock the vault contents.
Furthermore, there’s no user control, either individually or by group. That’s out of the box, though. Because KeePass is open source, you could modify it to function more like LastPass. That, of course, is assuming you have the technical know-how and the time to do so.
LastPass offers a range of plans dedicated to multiple users, though they’re paid, unlike KeePass. At the low-end is the Teams plan, which covers between five and 50 users and comes with basic multi-user password management tools. Those include centralized user management and access control.
Up the range is the Enterprise plan, which covers any business with more than five users. However, we recommend the Identity plan. It’s the same as Enterprise but comes with LastPass’ contextual multi-factor authentication (read our OneLogin review to learn more about that). Furthermore, it integrates with Active Directory, like Zoho Vault does (read our Zoho Vault review).
Given that KeePass is open source, you could get it running for your business, with features on par or greater than LastPass. However, at that point you’re building new tools on top of a solid foundation. If you want to skip the fuss, LastPass offers full-featured plans from the get-go, and it also comes with highly secure multi-factor authentication (MFA).
7. Support
Like the “ease of use” section, this round is pretty cut and dry. Although KeePass has a surprising number of support resources for being open source, they’re still housed on a dated website. Furthermore, because it’s free, there’s no direct support. If you need to find an answer, you’re either left digging through the help center or asking on the forums.
As we pointed out in our review, it’s hard for us to fault KeePass, considering that it’s free. Given that, the support resources are very impressive, with the password manager going into detail about its current and legacy versions. The forums are highly active, too, with multiple posts per day and quick replies to inquiries.
However, there’s no denying that LastPass offers more support resources, even if they’re not on the level of Dashlane or 1Password (read our Dashlane review and 1Password review). There are just as many topics in the knowledgebase, though LastPass’ is far easier to navigate than KeePass’.
Furthermore, LastPass has contact options. Sure, the contact form is buried under multiple knowledgebase articles, but the option is still there if you need it. LastPass has forums, too, and they’re even more active than KeePass’, with some threads receiving thousands of views and dozens of replies.
Neither LastPass nor KeePass offers excellent support, with LastPass forcing you to go through the knowledgebase and KeePass lacking any direct support. However, when put in the context of a battle of KeePass vs LastPass, it’s clear that LastPass is the winner. It has easier-to-understand self-help support and multiple contact options.
8. Final Thoughts
Out of seven rounds, LastPass has six wins and KeePass has only one. Although LastPass is the clear winner based on points, that’s not the full story. We continually had to judge the normal use case for someone looking for a password manager. In that context, usability is a key factor, and LastPass beats out KeePass handily on that front.
Winner: LastPass
However, that isn’t to say that LastPass is the better tool for everyone. Those who consider themselves techies will likely enjoy the à la carte nature of KeePass, not to mention the fact that it’s open source. Furthermore, KeePass has security settings that LastPass doesn’t offer, making it an easy sell for those who are concerned about their cyber footprint.
What do you think, though? Do you like LastPass more, or are KeePass’ options more appealing? Let us know in the comments below and, as always, thanks for reading.