After the LastPass Breach: 5 On-Device Password Managers Compared (2026)
If you searched for a LastPass alternative after the 2022 breach, you've probably noticed that most "alternatives" are just other cloud-hosted vaults. Same architecture, same trust model, same single point of failure. For a consumer that may be fine. For an IT consultant, MSP, attorney or solo healthcare practitioner storing client credentials, it isn't.
This article compares five on-device password managers — vaults that store your encrypted file on hardware you control, with no mandatory cloud component. The goal isn't to crown a winner for everyone. It's to help you pick the right one for your threat model.
What actually happened with LastPass — and why it matters
In August and December 2022, LastPass disclosed two related incidents. An attacker eventually obtained encrypted vault backups together with associated metadata — including the plaintext URLs of websites stored in those vaults. That metadata leak is what changed the calculus for many professionals: even if a vault stays encrypted, the list of which services a client uses is itself sensitive.
Subsequent reporting and incident-response work has correlated the stolen vaults with credential thefts targeting cryptocurrency holders in 2023 and 2024. Whether or not any specific theft can be conclusively attributed, the structural lesson is the same: a cloud-hosted vault is only as safe as the vendor's worst week, and the breach surface includes metadata you may not have realised was being stored.
What "on-device" actually means
An on-device password manager (also called local-only, offline-first, or air-gapped) keeps the encrypted vault file on hardware you physically control. No copy is uploaded to a vendor's server during normal operation. The practical consequences:
- No remote breach surface. There's no central server holding millions of vaults to target.
- No third-party subpoena risk. No vendor can be served and silently hand over your data.
- No metadata leakage. URLs, account counts and access patterns stay on your disk.
- No subscription dependency. The software keeps working if the vendor disappears tomorrow.
- No automatic multi-device sync. This is the honest trade-off — you back up and move the file yourself.
The five contenders
We're comparing the five on-device options most often shortlisted by professionals in 2026. All five keep the vault local by default; they differ in UX, threat-model strictness, attachment handling, and how they treat the network.
1. KeePassXC
The canonical free, open-source, offline password manager. Cross-platform, audited, mature.
Strictly local — no cloud component at all unless you bolt one on (e.g. syncing the
.kdbx file via Nextcloud or Syncthing). The UI is utilitarian, attachment handling
is functional but basic, and there is no integrated security-audit dashboard out of the box.
For technical users who value maximum simplicity in the threat model, it's hard to beat.
2. Bitwarden (self-hosted / Vaultwarden)
Bitwarden's cloud product is excellent but it's still a cloud product. Self-hosting (typically via the community Vaultwarden server) gives you on-prem control, but you now own a server: TLS certificates, updates, backups, attack surface. For a small firm with no IT staff, the operational burden often outweighs the benefit. For an MSP that already runs servers for clients, it's a strong option.
3. 1Password (standalone vaults)
1Password's polish is unmatched, but the product has aggressively moved toward its cloud ("1Password.com") model. Standalone local vaults are still possible on the desktop apps but are de-emphasised, and the modern subscription plans assume the cloud. If you're committed to on-device storage, 1Password is increasingly working against the grain.
4. Enpass
Enpass supports fully offline vaults and optional sync via cloud providers you choose (your OneDrive, your Google Drive, etc.) — the vendor never sees the data. Reasonable UX, but closed source, which is a deal-breaker for some buyers in this segment. The free tier is limited; a one-time "lifetime" licence is available.
5. OneCritto
A desktop security vault built explicitly on an offline-first threat
model. Open source, free, available for Windows and Linux. Vault is a single
.onecritto file: AES-256-GCM, Argon2id key derivation, HMAC-SHA256 integrity.
Designed for professionals managing client credentials: encrypted file attachments are a
first-class feature, integrated SSH connection manager, Sentinel security-audit dashboard
with HIBP breach checking via k-anonymity (only the first 5 chars of a SHA-1 hash leave the
device, and only if you opt in to the scan).
Side-by-side comparison
| KeePassXC | Bitwarden self-hosted | 1Password (local) | Enpass | OneCritto | |
|---|---|---|---|---|---|
| Vault location | Local file | Self-run server | Local file (de-emphasised) | Local file, optional user cloud | Local file |
| Open source | Yes | Yes (Vaultwarden) / partial | No | No | Yes |
| Operational burden | None | High (you run a server) | None | None | None |
| Encrypted file attachments | Basic | Limited size, paid tier | Yes | Yes | First-class, streaming AES-GCM |
| SSH key / connection manager | No (external) | No | SSH agent integration | No | Yes, built-in |
| Built-in HIBP breach scan | Yes | Paid | Yes | Paid tier | Yes, k-anonymity, opt-in |
| Security audit dashboard | Basic | Limited | Watchtower | Audit (paid) | Sentinel score + rotation plan |
| Price | Free | Free + your server costs | Subscription | Freemium / one-time | Free |
| Best for | Maximum-purity offline users | MSPs already running infra | Existing 1Password households | Users wanting opt-in sync | Consultants & small firms wanting polished offline UX |
How to pick the right one
Start from your threat model, not from features:
- You manage client credentials and can't afford a third-party breach. Eliminate any option whose default is cloud sync. That leaves KeePassXC, Bitwarden self-hosted, or OneCritto.
- You don't want to run a server. Drop Bitwarden self-hosted. KeePassXC or OneCritto.
- You need to store contracts, certificates, private keys alongside passwords. Attachment UX matters. OneCritto and Enpass handle this best; KeePassXC works but is rougher.
- You want a security audit dashboard you can show a DPO or auditor. OneCritto's Sentinel and 1Password's Watchtower are the strongest here.
- Open source is a hard requirement. KeePassXC or OneCritto.
Migrating off LastPass without losing data
Whichever target you pick, the migration path is essentially the same:
- Export your LastPass vault to CSV (LastPass → Account Settings → Advanced → Export).
- Import the CSV into your new vault. OneCritto supports direct CSV import with smart field mapping for LastPass, Bitwarden, 1Password, KeePass, Dashlane, NordPass, Chrome, Firefox, Safari and Proton Pass.
- Securely delete the CSV. It's a plaintext copy of every credential you own. Overwrite the file (or use a secure-wipe tool) and empty the bin.
- Rotate any password you suspect has been exposed. The leaked LastPass backups are still in circulation; for high-value accounts, assume the worst.
- Enable HIBP breach scanning in your new vault and re-check periodically.
The honest trade-off
On-device vaults aren't strictly "better" than cloud vaults — they're different. You give up frictionless multi-device sync and one-click browser autofill. In exchange you get a threat model with no third party, no remote breach surface, and no metadata sitting on someone else's servers. For a consumer juggling 80 personal accounts across three devices, that may not be a good deal. For a professional whose clients' credentials they alone are responsible for, it usually is.
FAQ
Is LastPass actually unsafe in 2026?
LastPass has rotated keys, improved defaults and worked on its infrastructure since 2022. The structural concern is not that LastPass specifically is uniquely broken — it's that any cloud-hosted vault concentrates a high-value target. If your role makes you responsible for client credentials, removing the third party from the trust chain is the strongest mitigation available.
Why not just self-host Bitwarden?
You can, and for an MSP it can be the right answer. But self-hosting moves the problem rather than removing it: you now own a server, TLS lifecycle, backups, patching and attack surface. For a solo professional, an on-device vault eliminates the whole category.
What about mobile?
None of the strictly offline-first options have a full mobile story, and OneCritto is no exception — by design. The argument is that a personal phone is not an appropriate endpoint for client credentials in regulated or high-trust contexts. If you need credentials on a phone for personal use, a separate, scoped vault (or a different product) is a healthier architecture.
How does OneCritto compare on encryption?
AES-256-GCM with a fresh random 12-byte IV per operation. Master keys derived via Argon2id (64 MB memory, 3 iterations, 1 thread). Vault integrity verified with HMAC-SHA256. File attachments encrypted via Bouncy Castle GCM streaming, so large files aren't loaded fully into RAM. These are the same primitives most modern vaults use; the difference is the architecture around them.
Related articles
- Password Manager for MSPs and IT Consultants: Why Cloud Vaults Are a Liability
- Offline vs Cloud Password Manager: Why Local Vaults Are Safer
- Local Password Vault for IT Consultants and MSPs
- How to Store Passwords Without the Cloud
- Password Manager Without Subscription
OneCritto — built for professionals who can't outsource trust
A desktop security vault with a strict offline-first threat model. No cloud, no telemetry, no subscription. Free and open source for Windows and Linux.
Download free — Windows & Linux