It's not a narrative, but simply an obvious conclusion that it's impossible to examine closed source software for either inadvertent or deliberate backdoors.Gadget wrote: ↑Sat Jan 23, 2021 10:20 amWhile I like open source software and promote Bitwarden myself as the best free password manager, I don't like the narrative that open source software is more secure.MrJones wrote: ↑Sat Jan 23, 2021 1:43 am The cool thing about BitWarden is, it's open source. That really matters with anything related to security.
https://bitwarden.com/open-source/
I believe the free version lets you share passwords with one another user. My experience with it overall has been excellent on Android, Mac, Windows.
The one big plus for open source software is that you know that the company making it is transparent and didn't put any backdoors in their software on purpose. So if you don't fully trust the company making the software, this is a big plus.
For things like a widely used password manager, it is also so much easier for hackers to target vulnerabilities because the source is available. This leads to a quicker hacking and hardening cycle, and in many cases, a benign hacker gets to it earlier.
I'd argue that nobody should trust the company making the software that saves their passwords. Companies change hands, companies' motivations change, engineers in companies change. Instead, trust the code, which is the ultimate truth of a security product.
LastPass was sold to Logmein in 2015, and then changed hands again, this time to private equity in 2020. It's even harder to tell what the new owners' motivations are, given they are private. I wouldn't trust Bitwarden's owners either, and that's the cool thing - I don't have to.