Alternatives to LastPass

Password managers from Switzerland, Luxembourg and the open-source community with zero-knowledge encryption, self-hosting and a European legal framework. Compare encryption models, pricing and team features for teams migrating from LastPass.

3 European providers GDPR compliant

Context

LastPass compared to European password managers

LastPass is a product of LogMeIn, Inc. (now GoTo Technologies), a US company. In August 2022, LastPass confirmed a security incident in which attackers gained access to the development environment. In December 2022, LastPass disclosed that encrypted customer vaults as well as metadata such as website URLs, usernames and billing data had been exfiltrated. Although vault contents were encrypted, the disclosure of metadata such as URL lists was assessed as a significant risk.

LastPass is a proprietary, closed-source system. The client source code is not publicly visible, and independent security audits are limited to those commissioned by the company. European alternatives such as Proton Pass and Passbolt are fully open source and have been audited by independent security researchers. Vaultwarden is an open-source reimplementation of the Bitwarden server, licensed under AGPL-3.0.

LastPass, as a US company, is subject to the CLOUD Act and the Stored Communications Act. US authorities can compel the disclosure of stored data. Proton Pass is operated in Switzerland and is subject to Swiss data protection law. Passbolt is headquartered in Luxembourg and is subject to the GDPR. Vaultwarden enables full self-hosting on your own server, where no data is transmitted to external services.

LastPass has changed its pricing model several times since 2021: the free tier is limited to one device or device type, and the premium tier costs $3 per month. Proton Pass has a free base tier with no device restriction. Passbolt Community Edition is free and self-hosted. Vaultwarden is open source and can be self-operated at no cost.

Quick Compare

Provider	Country	Open Source	Price (From)
Proton Pass	Switzerland	Yes	Free · Pass Plus from €1.99/mo · Proton Unlimited from €9.99/mo
Passbolt	Luxembourg	Yes	Community Edition free (self-hosted) · Business from $49/month for 10 users
Vaultwarden	Spain (Community, main developer)	Yes	Free (open source, self-hosted) · Own server/NAS costs depending on infrastructure

European alternatives

3 alternatives in detail

Proton Pass

Switzerland

End-to-end encrypted password manager from Switzerland

End-to-end encryption including metadata (URLs, usernames)
Integrated 2FA authenticator
Open source and independently audited

Open Source

Free · Pass Plus from €1.99/mo · Proton Unlimited from €9.99/mo

Visit Website → View details →

Affiliate link

Passbolt

Luxembourg

OpenPGP-based team password manager from Luxembourg

OpenPGP encryption (RFC 4880)
Designed specifically for team collaboration
Self-hosted or cloud option

Open Source

Community Edition free (self-hosted) · Business from $49/month for 10 users

Visit Website → View details →

Vaultwarden

Spain (Community, main developer)

Self-hosted Bitwarden-compatible password manager written in Rust

Compatible with all official Bitwarden apps (iOS, Android, browser, desktop)
AGPL-3.0 licensed, fully open source
Supports 2FA: TOTP, FIDO2/WebAuthn, YubiKey, Duo

Open Source

Free (open source, self-hosted) · Own server/NAS costs depending on infrastructure

Visit Website → View details →

Frequently asked questions

How secure are European password managers after the LastPass incident?

Proton Pass and Passbolt are fully open source and have been independently audited. Vaultwarden is an open-source reimplementation of the Bitwarden server. All three solutions use zero-knowledge architectures, where the provider does not know passwords in plaintext. Self-hosting via Vaultwarden eliminates external attack vectors entirely.

Can I export my LastPass data to European password managers?

LastPass allows export as a CSV file. Proton Pass, Passbolt and Vaultwarden/Bitwarden support import from LastPass CSV exports. The switch can typically be completed in an afternoon.

Are the alternatives suitable for businesses?

Passbolt is specifically designed for team use: role-based access rights, API integration for CI/CD pipelines and support for OpenPGP encryption. Proton Pass Business offers team features under Swiss data protection law. Vaultwarden enables full control through self-hosting and supports organisation features such as collections and groups.

What does zero-knowledge mean for password managers?

With a zero-knowledge architecture, the master password is never transmitted to the provider. Encryption and decryption take place exclusively on the device. Proton Pass, Passbolt and Vaultwarden implement this principle, so the provider (or an attacker who compromises the server) cannot read passwords in plaintext.

Is Vaultwarden officially from Bitwarden?

No. Vaultwarden is an unofficial, community-developed project that reimplements the Bitwarden server in Rust. It is fully compatible with all official Bitwarden clients. For organisations that require official commercial support, Passbolt or Proton Pass Business is the more appropriate choice.

Compare more