Password managers are becoming increasingly popular. Fueled by the frequency with which user passwords can be compromised via phishing and brute force techniques, password managers are now seen as a more secure alternative. There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option.
In this article, we explain how open source password managers work, discuss their benefits and drawbacks and offer popular solutions from which to choose.
Most password managers are proprietary, meaning their code is designed and owned by a specific corporation and is not subject to change by users. Open source password managers, however, use code that is publicly accessible and can be modified by users.
Some open source password managers are available for free and allow a community of users to contribute to, revise and update the software over time. Other providers of open source password solutions are a hybrid between open source and proprietary — their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy. Some of these open source password management distributions are free to use but may have fees for maintenance and support.
Open source password managers and the various hybrid alternatives are especially popular in organizations that:
Open source password managers work in much the same way as their proprietary competitors. Some are locally installed and passwords are retained on the local device. Others are web-based and the passwords are stored in the cloud. Like proprietary password managers, open source solutions store passwords using encryption, require user authentication for access and integrate with web browsers and other applications.
Compared to closed, proprietary password managers, open source password managers offer more control over the application’s functioning. For example, an open source password manager’s source code can be modified to include a feature that comes standard in a proprietary solution. If a proprietary password manager doesn’t include a certain feature, there’s often no option to add it.
Open source password managers foster collaboration and community involvement, leading to developers contributing to the code to improve functionality. However, the reliance on community development can lead to stagnation or discontinuation. When it comes to using open source password managers, there are benefits and drawbacks. Users must balance the benefits with the drawbacks to determine if an open source password manager is the right choice.
Here are some of the benefits of open source password managers:
There are, of course, a few drawbacks in opting for an open source solution over a proprietary password manager.
There are a large number of open source password managers. The most established ones include Bitwarden, Buttercup, KeePass, Passblot and Proton Pass.
Open source password managers are attractively priced or sometimes completely free. That is a big reason why many opt for them. Organizations with internal resources trained on open source and familiar with its deployment should do fine with such tools. For those that lack expertise in open source and security, the best solution would either be a well-supported open source password manager (like Bitwarden or Proton Pass) or to seek a proprietary password manager designed for enterprises.
Similarly, those who seek heavy customization of password management or have very specific security needs may find open source tools provide more freedom. But with freedom comes responsibility. Those deploying an open source password manager should be willing to solve many of their issues internally or rely on the user community to crowdsource solutions.
