In December 2022, LastPass confirmed that an attacker had exfiltrated encrypted customer vaults. The metadata was unencrypted: email addresses, billing addresses, phone numbers, IP addresses. The vault contents were encrypted—but the encryption was only as strong as the master password and the PBKDF2 iteration count. LastPass's default for most accounts was 100,100 iterations; some older accounts had as few as 1. OWASP recommends 600,000 for PBKDF2-SHA256. Attackers with access to a vault file and a GPU cluster can crack weak master passwords at scale.
That breach ended the "just trust the cloud provider" argument for password managers. It didn't end the argument for cloud password managers—but it forced a more honest conversation about what "encrypted" actually means and who controls the infrastructure your organization's credentials live on.
Three options sit at the center of that conversation in 2026: 1Password, Bitwarden, and Vaultwarden. They overlap on features and diverge completely on architecture, trust model, and who they're actually designed for.
TL;DR
- ▸Vaultwarden: Unofficial Bitwarden server in Rust. Self-hosted, free, uses official Bitwarden clients. Best for organizations with infra capability and compliance requirements that demand data residency.
- ▸Bitwarden: Open-source client and server. Cloud tier is audited and certified. Self-hosted official server is heavy. Best all-around choice for most teams.
- ▸1Password: Best UX in the category. Secret Key architecture adds genuine protection. Cloud-only. Best for teams that want strong security without running infrastructure.
Pricing
| Vaultwarden | Bitwarden | 1Password | |
|---|---|---|---|
| Individual free | VPS cost (~$5/mo) | Yes | 14-day trial only |
| Individual premium | — | $20/year | $3/user/mo |
| Teams (per user/mo) | VPS cost only | $3 | $4 |
| Enterprise (per user/mo) | VPS cost only | $5 | $7.99 |
| Self-hosted | Yes (free) | Yes (resource-heavy) | No |
| Open source server | Yes (unofficial) | Yes (official) | No |
The break-even math for self-hosting: At 10 users, Bitwarden Teams costs $30/month. A Vaultwarden VPS with a domain costs $10–15/month. You save $15–20/month. At 50 users, the gap is $140–175/month—$1,700–2,100/year. That math changes the conversation when you're a 100-person company paying $5/user/month.
Feature Comparison
| Feature | Vaultwarden | Bitwarden Cloud | 1Password |
|---|---|---|---|
| End-to-end encrypted | Yes | Yes | Yes |
| Open source (client) | Yes | Yes | No |
| Open source (server) | Yes (unofficial) | Yes (official) | No |
| TOTP stored in vault | Yes (free) | Premium only | Yes |
| Org sharing | Yes (free) | Yes (paid) | Yes (paid) |
| Emergency access | Yes (free) | Premium | Yes |
| SSO / SAML | Limited | Enterprise | Enterprise |
| Secret Key architecture | No | No | Yes |
| Travel Mode | No | No | Yes |
| Breach alerts (Watchtower) | Partial | Premium | Built-in |
| Audit log | Basic | Enterprise | Business |
| SOC 2 Type 2 certified | No | Yes | Yes |
| Self-hosted | Yes | Yes (heavy) | No |
Vaultwarden: Running It Is Not the Hard Part
Vaultwarden is an unofficial reimplementation of the Bitwarden server API, written in Rust by Daniel García. It is not affiliated with Bitwarden, Inc. It implements the same API endpoints that the official Bitwarden clients call, which means every official Bitwarden client. Chrome extension, Firefox extension, iOS app, Android app, desktop app, works against a Vaultwarden instance without modification.
Setup is genuinely accessible. A $5/month VPS (512MB RAM is sufficient. Vaultwarden idles at roughly 10MB), a domain name, and an SSL certificate get you running in under an hour. Caddy is the easiest reverse proxy to configure for this; it handles Let's Encrypt automatically. SQLite is the default database and handles organizations of 100+ users without performance concerns.
```yaml
services:
vaultwarden:
image: vaultwarden/server:latest
volumes:
- ./vw-data:/data
environment:
DOMAIN: https://vault.yourcompany.com
SIGNUPS_ALLOWED: "false"
ADMIN_TOKEN: your-argon2-hashed-token
restart: unless-stopped
```
Set SIGNUPS_ALLOWED: "false" from the start. The admin panel at /admin should be either disabled entirely or restricted to your internal IP range via your reverse proxy after initial setup. Leaving it open is a common mistake.
Features that Bitwarden charges for. TOTP generation, organizations, emergency access, password health reports, are available in Vaultwarden's free tier. The cost differential is real for larger teams.
The honest security trade-off: Bitwarden, Inc. holds a SOC 2 Type 2 certification and has been audited by Cure53. Vaultwarden has no independent security audit. The server code is open source and has been reviewed by the community, but "reviewed by the community" is not the same as a formal penetration test. The client-side encryption is identical, all cryptographic operations happen in the client before data reaches the server. But the server-side attack surface (API vulnerabilities, admin panel exposure, infrastructure configuration) is your problem to manage, not a vendor's.
Backup is where self-hosted setups actually fail. The Vaultwarden data directory (vw-data/) contains everything: the SQLite database, attachments, configuration, and 2FA recovery codes. If this is gone without a backup, all credentials are gone, permanently. A recovery process is not a recovery plan. Set up automated daily backups to off-site storage (S3, Backblaze B2, or similar) and, this is the part that gets skipped, actually run a restore from backup before you put production credentials in this system. The backup you have never tested is not a backup you can rely on.
Who should run Vaultwarden: Organizations with existing infrastructure capability, someone who owns the ops function, data residency requirements (EU organizations needing vault data to stay in the EU, regulated industries with specific data control requirements). Air-gapped environments where a cloud password manager is architecturally excluded.
Who should not run Vaultwarden: Teams with no ops person. Orgs where the person who set it up might leave. Companies where a 2 AM outage means locked-out employees can't access credentials for production systems. Anyone whose auditors need a SOC 2 Type 2 report from their password manager vendor.
Bitwarden: The Audited Middle Ground
Bitwarden is the most defensible choice for most organizations because it covers the full spectrum: open-source client code you can audit, cloud hosting with SOC 2 certification, and a self-hosted option if you have the infrastructure resources.
The client code is MIT-licensed and publicly audited. Cure53 and Insight Risk Consulting have both published findings. The client performs all encryption locally using AES-256, keys derived from your master password never leave your device in plaintext. Bitwarden's servers store only encrypted blob data.
The free tier is genuinely useful: unlimited items, unlimited devices, one collection for sharing with one other user. The $20/year Premium tier adds TOTP generation, 1GB encrypted file storage, emergency access, and Bitwarden Send. For most individual users, $20/year is not a meaningful line item.
Teams pricing at $3/user/month is competitive. The organization features, shared collections, user management, access policies, cover what most SMB teams need. Enterprise at $5/user/month adds SSO (SAML 2.0, OIDC), SCIM provisioning, advanced event logs, and directory sync.
Bitwarden's official self-hosted server is a different story from Vaultwarden. The official deployment uses Docker Compose with multiple containers: API server, Identity server, Admin portal, NGINX, MSSQL. The minimum viable setup needs at least 2GB RAM, more realistically 4GB. This is not a $5/month VPS deployment, you're looking at a $20–40/month VM to run it comfortably. Most organizations choosing to self-host use Vaultwarden rather than the official server for this reason.
The comparison with LastPass: LastPass's breach revealed how much metadata travels unencrypted. Bitwarden stores significantly less metadata unencrypted, website URLs are stored encrypted (unlike LastPass, which stored them in plaintext). This is a meaningful architectural difference that the Bitwarden team documented explicitly after the LastPass breach.
1Password: The Secret Key Argument
1Password is cloud-only. If that's a disqualifier for your environment, stop here. If not, the architecture is worth understanding because the Secret Key design solves a specific problem that Bitwarden's model does not.
Standard password manager security relies on one secret: your master password. If an attacker breaches the cloud provider's servers and exfiltrates encrypted vaults, the vault security reduces to the strength of your master password and the key derivation parameters. This is what happened with LastPass.
1Password's Secret Key architecture introduces a second secret that never touches their servers. When you set up 1Password, your device generates a 34-character Secret Key. Your vault encryption uses both your master password and the Secret Key. 1Password's servers receive only the vault encrypted with this two-factor key material, even if 1Password's servers are completely compromised, an attacker cannot decrypt vaults without the Secret Key, which they never had.
The Secret Key is stored in the Emergency Kit, a PDF 1Password generates that you print and store offline. Your Secret Key is also stored in your 1Password app; when you set up a new device, you need both your master password and either the Emergency Kit or an already-authenticated device to verify. This is additional friction, but it's friction that provides real security.
Travel Mode is the other genuinely unique feature. Before crossing a border (or whenever you want to present a clean device), you can remove vaults from your devices. When safely through, they restore. This addresses a real scenario: border security in some jurisdictions can compel device searches. The vaults don't exist on the device to be searched.
Watchtower integrates with Have I Been Pwned and monitors for site breaches affecting your stored credentials, alerts on reused passwords, flags weak passwords, and notes sites that support 2FA where you haven't enabled it. It's the most polished security monitoring feature in this comparison.
1Password's weaknesses: No self-hosting. No open-source server. The client is proprietary, you're trusting 1Password's implementation, not auditing it yourself. At $4/user/month for Teams and $7.99/user/month for Business, it's the most expensive option at scale. A 100-person company on 1Password Business spends $9,588/year. The same organization on Bitwarden Enterprise spends $6,000/year. On Vaultwarden, it's $200–400/year in infrastructure.
The Security Reality
All three tools encrypt vault data client-side before it leaves your device. The master password never transmits to any server. In this sense, the "zero-knowledge" claim holds for all three.
The differences are in the attack surfaces you're accepting:
Cloud provider trust: With Bitwarden cloud and 1Password, you're trusting the vendor's infrastructure, their employee access controls, and their incident response. Both have SOC 2 Type 2 certifications and published audits. LastPass had Soc 2 certification too, the breach was real.
Self-hosted trust: With Vaultwarden, you're trusting your own infrastructure, your own patch cadence, your own admin panel configuration, your own network security. The client-side encryption is identical, but the server-side attack surface shifts from a vendor's security team to yours.
Secret Key trust: 1Password's Secret Key meaningfully raises the bar for server-side breach impact. It doesn't eliminate the risk, but it changes the equation from "vault security = master password strength" to "vault security = master password + 34-character random key that was never on the server."
The Verdict
Run Vaultwarden if: You have ops capability, a tested backup process, data residency requirements, and a cost case (generally 20+ users). Understand that you become the security team for this service.
Choose Bitwarden if: You want open-source clients, a cloud option with real security certifications, pricing that doesn't require ops overhead. The best default choice for teams from 2 to 500.
Choose 1Password if: UX is a priority (lower adoption friction means users actually use the password manager), the Secret Key architecture addresses a specific concern about server-side breach exposure, or you need Travel Mode. Acceptable at any team size where the per-seat cost isn't prohibitive.
Do not: Use LastPass. Continue using any password manager where users are storing credentials in their browser. Accept "we have a shared spreadsheet of passwords" as an answer from any team in your organization.