You sure about that
Discussion
I’ve used 1Password, Bitwarden, and Lastpass.
Lastpass is definitely the worst for me in terms of UX and the hacks. I would never use it and am in the process of moving my wife off of it. It’s still better than not using a password manager, though.
1Password has the best UX but closed source.
Bitwarden feels like a good compromise, UX is good enough, and it’s open source and can be self-hosted. The hosted version is pretty good too.
They may be closed source, but they talk in depth on how their technical implementation and architecture works in a white paper you can find on their site. They also undergo regular 3rd party audits and publish the results. They've never been hacked or had customer data compromised.
Open Source doesn't mean better security or even that bugs will always get caught before being exploited.
You’re not wrong. It boils down to personal preference on the tradeoffs, I suppose.
I may not be sure about it...
But from first hand experience: I had a relatively low-value seed phrase in LastPass and nobody drained the wallet, which I would expect to happen if it was in cleartext on the dark web
Did you actually read the article? The only unencrypted cleartext was website URLs, and while the attacker now has password vaults, they're still protected by your master password: so as I said earlier, if your password has sufficient entropy to stand up to brute force attacks (and you haven't reused it) then you're still "okay".
I agree this is quite bad, and moving elsewhere would be wise. But no reason to believe your encrypted vault has been compromised