Password managers are becoming more popular. Driven by the frequency with which user passwords can be compromised through phishing and brute force techniques, password managers are now considered a more secure alternative. There are many proprietary password managers on the market for those who want an out-of-the-box solution, and then there are open source password managers for those who want a more customizable option.
In this article, we explain how open source password managers work, discuss their benefits and drawbacks, and offer popular solutions to choose from.
1
Dashlane
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Micro (0-49 employees), small (50-249 employees), medium (250-999 employees), large (1000-4999 employees), enterprise (5000+ employees)
Micro, Small, Medium, Large, Enterprise
Characteristics
Automated provisioning
2
ManageEngine ADSelfService Plus
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Any size of company
Any size of company
Characteristics
Multi-factor authentication, password management, reporting and analytics, and more
What is an open source password manager?
Most password managers are proprietary, meaning their code is designed and owned by a specific corporation and is not subject to change by users. However, open source password managers use code that is publicly accessible and can be modified by users.
Some open source password managers are available for free and allow a community of users to contribute, review, and update the software over time. Other open source password solution providers are a hybrid between open source and proprietary: their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy. Some of these open source password management distributions are free to use, but may have maintenance and support fees.
Open source password managers and various hybrid alternatives are especially popular in organizations that:
- We already have in-house experience in open source tools.
- I have already implemented open source solutions widely in the company.
- I want to keep costs down.
How do open source password managers work?
Open source password managers work much like their proprietary competitors. Some are installed locally and passwords are kept on the local device. Others are web-based and passwords are stored in the cloud. Like proprietary password managers, open source solutions store passwords using encryption, require user authentication for access, and integrate with web browsers and other applications.
Compared to closed and proprietary password managers, open source password managers offer more control over the operation of the application. For example, the source code of an open source password manager can be modified to include a feature that comes standard in a proprietary solution. If a proprietary password manager doesn't include a certain feature, there is often no option to add it.
Advantages and disadvantages of open source password manager
Open source password managers encourage collaboration and community participation, leading developers to contribute code to improve functionality. However, relying on community development can lead to stagnation or disruption. When it comes to using open source password managers, there are pros and cons. Users must balance the benefits with the drawbacks to determine if an open source password manager is the right choice.
Benefits of open source password managers
Here are some of the benefits of open source password managers:
- Open source password managers are either completely free or much less expensive than proprietary competitors.
- Developers can customize the password manager to fit their specific needs and workflows.
- With the eyes of an entire open source community on the source code, there is a greater chance that vulnerabilities will be detected and can be fixed before serious damage is done.
Drawbacks of open source password managers
Of course, there are some drawbacks to opting for an open source solution instead of a proprietary password manager.
- Companies deploying open source tools need access to skilled developers who know open source code well and have security and integration experience.
- Open source tools typically lack the support offered by other password management vendors.
- Usage licenses for open source tools can sometimes be restrictive and may lack the security guarantees and accreditations that some industries require.
Popular open source password managers
There are a large number of open source password managers. The most established ones include Bitwarden, Buttercup, KeePass, Passblot and Proton Pass.
bitwarden
- Bitwarden is probably the most well-known open source password manager.
- It can be integrated into almost any web browser.
- It can run in the cloud or locally.
- Bitwarden has pricing plans for large and small organizations.
- Pricing ranges from $4 to $6 per month per user.
KeePass
- KeePass is best for Windows-based systems.
- Offers multiple strong encryption options.
- It is primarily designed for desktop use, but add-ons can be used to access it via web browser.
- KeePass is free, but users will need to participate in its user community for help.
Barrette
- Passbolt can be self-hosted or run in the cloud.
- The community edition is free.
- The enterprise edition costs $49 per month for 10 users and includes support, SSO, account recovery, and other features not found in the community version.
- Higher education, local government and IT organizations are among Passbolt's key use cases.
proton passage
- Proton Pass joins the Proton product portfolio that includes ProtonMail and Proton VPN.
- The user base tends to be primarily those who use other Proton products and want to add a password manager.
- It costs about $2 per month per user.
Gold button
- Buttercup is a largely on-premises tool, but can be extended to the cloud.
- It focuses on individual users of macOS, Linux, and Windows, but is also used by small and medium-sized organizations.
- It's free.
Should your organization use an open source password manager?
Open source password managers have attractive prices or are sometimes completely free. That is one of the main reasons why many opt for them. Organizations with internal resources trained in open source and familiar with its implementation should do well with such tools. For those who lack experience in open source and security, the best solution would be a well-supported open source password manager (such as Bitwarden or Proton Pass) or look for a proprietary password manager designed for enterprises.
Similarly, those looking for extensive customization of password management or have very specific security needs may find that open source tools provide more freedom. But freedom comes with responsibility. Those implementing an open source password manager should be willing to solve many of their problems internally or rely on the user community to collectively find solutions.
