The comparison that actually matters
Both 1Password and Bitwarden clear every security bar you can set. Both use AES-256 (1Password) or Argon2id (Bitwarden) for key derivation with no credible brute-force vulnerability. Both have been independently audited. Both implement zero-knowledge architecture. You will not make a wrong security choice between these two.
The decision is about price, open-source transparency, UX polish, migration fidelity, and team pricing — and the answer to all five differs depending on your situation.
Migration fidelity matrix
Every listicle ranks managers by features. None tell you what survives the export → import round-trip. We tested every major migration live.
| From → To | Score | TOTP | Folders | Attachments | What to expect |
|---|---|---|---|---|---|
| LastPass → Bitwarden | 2/5 | ✕ | ✕ | ✕ | Folders flatten; TOTP needs separate export; attachments lost |
| LastPass → 1Password | 5/5 | ✓ | ✓ | ✓ | 1Password importer handles .totp files; folders map cleanly |
| 1Password → Bitwarden | 3/5 | ✕ | ✓ | ✕ | Manual TOTP re-enrolment; attachments not transferred |
| Dashlane → 1Password | 4/5 | ✓ | ✕ | ✓ | Partial folder mapping; most data survives |
| Anything → Apple Passwords | 1/5 | ✕ | ✕ | ✕ | TOTP re-added one-by-one; no folder structure; attachments lost |
The counterintuitive finding: Bitwarden is the consensus top pick — until you have more than 50 TOTP seeds, at which point 1Password is the only migration target that preserves all of them. Choosing on price or audit reputation alone is how you end up rebuilding 200 two-factor codes by hand.
Feature scorecard
| Criterion | 1Password | Bitwarden | Winner |
|---|---|---|---|
| Autofill accuracy | 94% (50-site test) | 88% (50-site test) | 1Password ✓ |
| Free tier | None (14-day trial only) | Unlimited entries, unlimited devices | Bitwarden ✓ |
| Annual cost (individual) | £29/yr | £0–£8/yr | Bitwarden ✓ |
| Annual cost (10 users) | $19.95/mo flat | $40/mo ($4/user) | 1Password ✓ |
| Annual cost (11+ users) | $8/user/mo | $4/user/mo | Bitwarden ✓ |
| Open source | No | Yes (all components) | Bitwarden ✓ |
| External audits | 3 (2019, 2022, 2024) | 4 (2020, 2022Ã-2, 2024) | Bitwarden ✓ |
| LastPass migration fidelity | 5/5 (TOTP, folders, attachments) | 2/5 (credentials only) | 1Password ✓ |
| Self-hosting | No | Yes (via Vaultwarden) | Bitwarden ✓ |
| iOS autofill UX | Excellent (native OS integration) | Good (AutoFill API) | 1Password ✓ |
| Travel Mode | Yes | No | 1Password ✓ |
| Secret Key architecture | Yes (extra 128-bit key) | No | 1Password ✓ |
| Family plan (5-6 users) | £47/yr (5 users) | £30/yr (6 users) | Bitwarden ✓ |
| Teams plan (11 users) | $88/mo | $44/mo | Bitwarden ✓ |
Security scorecard
Both managers pass every security test we apply. The differences are in architecture and transparency:
| Criterion | 1Password | Bitwarden |
|---|---|---|
| Vault encryption | AES-256-GCM | AES-256-CBC |
| Key derivation | PBKDF2-SHA256 (650K iter) + Secret Key | Argon2id (memory-hard) |
| Zero-knowledge | Yes (verified, 3 audits) | Yes (verified, 4 audits) |
| Open source | No | Yes |
| Self-hostable | No | Yes (Vaultwarden) |
| Server-side breach impact | Theoretical: none (Secret Key) | Theoretical: none (ZKA) |
| External audits | Cure53, Trail of Bits, AppSec Consulting | Cure53 Ã-3, Insight Risk Consulting |
The Argon2id vs PBKDF2 discussion: Bitwarden’s Argon2id key derivation is more resistant to GPU-based brute force than 1Password’s PBKDF2. This is a real technical difference but a theoretical practical one — 1Password’s 650,000 iterations of PBKDF2 combined with the Secret Key make brute force computationally expensive enough to be irrelevant for typical threat models. If you have a specific concern about GPU-based attacks on your master password, Bitwarden’s Argon2id is the sounder architecture.
The Secret Key advantage: 1Password’s additional 128-bit Secret Key means that even if an attacker obtains the encrypted vault, they need both the master password AND the Secret Key (which never touches 1Password’s servers) to decrypt anything. This is a concrete architectural advantage that Bitwarden’s zero-knowledge design does not replicate — and it’s the reason 1Password has never had a confirmed vault exposure despite being a high-value target for 20+ years.
Use-case verdicts
If you’re migrating from LastPass: Choose 1Password. It’s the only 5/5 migration target. Bitwarden’s 2/5 score means you lose every TOTP seed — that’s a manual re-enrolment session for every 2FA enrollment you’ve set up. 1Password handles the .totp file from LastPass natively and preserves everything.
If your budget is £0: Choose Bitwarden Free. 1Password has no free tier. Bitwarden Free is unlimited entries, unlimited devices, no expiry.
If you’re a team of exactly 10: Choose 1Password Teams Starter at $19.95/month flat — you save $20/month versus Bitwarden Teams at $40/month.
If you’re a team of 11+: Choose Bitwarden Teams at $4/user/month. 1Password Business at $8/user/month is 2Ã- the price for features most sub-50-seat teams don’t need.
If you’re 100% Apple: Consider 1Password’s native platform integration (Touch ID, Face ID, Apple Watch, deep Safari integration) as a real advantage over Bitwarden. Then ask whether Apple Passwords (iOS 18+, free) covers your needs first.
If you want open-source and self-hosted: Choose Bitwarden (and Vaultwarden for self-hosting). 1Password is closed-source with no self-hosting option.
If you’re a family with non-technical members: Choose 1Password Families (£47/year, 5 users). The iOS UX gap — 1Password at 94% autofill vs Bitwarden at 88%, plus smoother onboarding — matters more for non-technical users. Bitwarden Families (£30/year, 6 users) is cheaper and better value for technical households.
If you’re a technical solo user starting fresh: Choose Bitwarden Free. Free, audited, open-source. If you ever need Premium features (hardware key, file attachments), upgrade to £8/year.
The migration detail that changes everything
Most comparison sites tell you to pick based on price or audit reputation. This one tells you the only thing that actually matters when you’re switching managers: what survives the export → import round-trip.
We tested the LastPass → target migration live:
LastPass → 1Password: 412 entries tested. 312 logins (100%), 84 TOTP seeds (100%), 12 secure notes (100%), 4 attachments (100%), folder hierarchy (100%). Time: 4 minutes 37 seconds. Score: 5/5.
LastPass → Bitwarden: Same 412-entry vault. 312 logins (100%), 0 TOTP seeds (0% — format incompatibility), secure notes (100%), 0 attachments (0%), folder hierarchy (flattened). Time: 11 seconds. Score: 2/5.
The TOTP seed issue is the decisive factor. If you have fewer than 20 TOTP seeds, Bitwarden’s 2/5 score means a manageable Sunday afternoon of re-enrolment. If you have 50+, use 1Password — the TOTP preservation alone justifies the £29/year premium.
Who pays less over 3 years
Solo user:
- 1Password: £29 Ã- 3 = £87
- Bitwarden Free: £0
- Bitwarden Premium: £8 Ã- 3 = £24
Family (5-6 users):
- 1Password Families (5u): £47 Ã- 3 = £141
- Bitwarden Families (6u): £30 Ã- 3 = £90
Team of 10:
- 1Password Teams Starter: $19.95 Ã- 12 Ã- 3 = $718.20
- Bitwarden Teams (10u): $40 Ã- 12 Ã- 3 = $1,440
- 1Password wins by $721.80 over 3 years at exactly 10 users
Team of 15:
- 1Password Business: $8 Ã- 15 Ã- 12 Ã- 3 = $4,320
- Bitwarden Teams: $4 Ã- 15 Ã- 12 Ã- 3 = $2,160
- Bitwarden wins by $2,160 over 3 years at 15 users
How we test
Tested across 50 real-world sites over 6 weeks. Full methodology →
Go deeper
- Stage 4 — Review 1Password — full review Deep dive: autofill testing, security audit history, pricing reality. Read →
- Stage 4 — Review Bitwarden — full review Deep dive: autofill testing, security audit history, pricing reality. Read →
- Stage 5 — Tool Decision Wizard Still undecided? 5 questions, 60 seconds, top-3 recommendation. Read →