I recently (finally) moved to a commercial Password Manager after I got tired of having to copy-paste everything from KeePass in my apps on Windows and letting the only company on Earth that has to remind themselves in their slogan NOT to be Evil handle all of my web/Android passwords.
KeePass was feeling pretty clumsy and outdated, and Google just more and more evil. And actual, REAL Password Managers have more features than these free options, too. Plus some additional security, like architecture that doesn’t let Google read every single one of your passwords.
But let’s not get ahead of ourselves! This article is NOT a step-by-step tutorial. Instead, it is meant to inform you on whether you should or should not do the same thing.
Why use a separate password manager?
The natural first step for any migration is the motivation. Why bother?
Well – I was using Google Chrome’s Password Manager for Android- and web-related passwords, and KeePass for everything else. This made my experience a bit disconnected, since while using my primary Google Chrome profile or my Android phone I’d usually have everything auto-filled by Google, that option wasn’t there for my Windows apps, my work profiles in Google Chrome or Brave. Or Edge, which I’ve really really really tried to start using, but have failed so far.
I’m not sure if anyone should ever trust Google with their passwords in the first place. They are able to read and analyze your passwords and do whatever they want with them. Of course, you could always argue that Google will know everything about you anyway, so you might just as well give them your passwords too, but I’ve never appreciated that approach much.
And since one of my New Year’s resolutions was to give iPhone and MacOS a go, using a real multiplatform solution that works just as well on Windows, Android, iPhones and even MacOS would be really convenient.
Let’s get to it, then!
Migration
My migration process is going consist of 2 steps: migrate from Google Chrome’s Password Manager and KeePass 2.x.
Remember – this is not a tutorial. I’m just sharing my experience.
If YOU plan to follow my steps and do a similar migration, read my Learnings (at the bottom of the post) first!
Migrating from Google Chrome Password Manager
This is the easy part. I’m only covering it first, since it’s so easy – in reality, save this step as the last one!
How to migrate from Google Chrome Password Manager to Bitwarden
Navigate to chrome://password-manager/passwords > Settings > Export, and you’ll have a CSV file.
Then in Bitwarden (Desktop app), hit File > Import Data > select your vault, folder and file > Import data, and you’ll see something like this:
So long story short, migrating from Chrome’s Password Manager was simple. But most of my passwords are actually stored in KeePass – and that turned out to be much more complicated.
Migrating from KeePass 2.x
This part turned out to be much trickier.
This will probably go wrong multiple times, so prepare to purge your vault or the whole organization any time it goes wrong.
In my case, I created a new organization that I imported to.
Solving issues when importing to a collection in Bitwarden from KeePass
Anyway – first we need to export from KeePass. With KeePass, you can export to multiple different formats, one of which is XML. Your xml file will look something like this:
When you try to import it, you’ll get a view somewhat like this:
And when you click “Import data”, you’ll get an error:
And in text mode:
Import error
Resolve the errors below and try again.
Name Description
File contains unassigned items.
… this error is actually a little bit misleading – it just means you need to assign the import to a collection.
I know, I know, it’s an optional field that says “Select this IF you want to import to a collection”, but it is mandatory and you do need to select a collection.
You do also need to be an owner or an admin of a vault or collection.
After you make sure you have the permissions and select a collection, simply retry.
Hopefully, you’ll get something like this:
Nice! But… It’s a bit odd I just happened to have exactly 800 passwords.
You can actually calculate your unique credentials/logins in KeePass by Clicking Find > All – it’ll output the number in the bottom status bar of the app.
Okay, so I had 659 passwords, of which 800 were imported.
Nice! I got some extra ones in the process. The more the merrier, right?
But I wanted to make sure I that was the whole truth.. And it turns out it isn’t.
If you have different versions of the credentials, the calculation in KeePass won’t show them. But you can see them by searching for <Entry> in the exported XML file:
Oh. Ohhh boy. I think I have a problem now.
So Bitwarden imports 800 of my 1449 “entries”, some of which are old versions… And I have no way of knowing which entries were properly imported, and which weren’t.
Except by going through the entries, which I’m not going to do 😅 So I need to figure something else out!
Working around the undocumented 800-item limit in Bitwarden import from KeePass
In KeePass, you can delete old versions of your secrets. By navigating to Tools > Database Maintenance, you can select to remove old versions of entries.
I removed everything older than a few months, and got rid of almost every old version:
And there we go! Now all that’s left is one more round of purging the vault and reimporting everything, and I was finally good!
Except there are a couple of caveats… Read more in “Learnings” below.
Bitwarden first update
My first version update with Bitwarden was a real doozy. Some weeks after the migration, the app wanted to update itself.
Alright, all good. I gave it permission to go ahead.
And it just uninstalled itself. Just like that, Bitwarden was gone.
It wasn’t nice enough to remove the Start Menu icon, though.
I thought it just change the name of the executable, hence breaking the shortcut, so I figured I’d navigate to Bitwarden’s install path: %localappdata%/Programs/Bitwarden
Lo and behold, Bitwarden HAD indeed uninstalled itself.
I guess it’s impressive in its own right. I wouldn’t even install the Desktop application (the web UI works well enough for me) but it’s needed to support Windows Hello in the browser plugins.
So since this was actually an app I did NOT want to uninstall, I had to reinstall it. And the very second I opened the app, it wanted to update – read: uninstall – itself again.
But this story has a happy ending – the second update was apparently successful, and I now have the app installed again. For now.
And this IS a cloud app, so it does fetch all of the data from Bitwarden’s servers. You didn’t lose anything.
Alright. But what were my learnings from this process?
What will you gain?
Below are my findings on what you actually gain by moving from using Google Chrome’s Password Manager (or in my case, multiple different apps for passwords) to Bitwarden:
- A simple Cross-Platform app to manage your passwords, identities, (most) OTPs, etc.
- The fairly easy OPT filling is actually really nice – it doesn’t have autofill, but right-clicking and selecting “copy OTP”, and then pasting is still pretty easy.
- It IS a premium feature, though.
- “Send” functionality to share secrets or files conveniently and securely.
What are you losing?
What are you giving up by moving to Bitwarden from Google (and KeePass)?
- Convenience
- Surprisingly, using a dedicated Password Manager is a LOT less convenient than using the built-in functionality in Chrome/Android
- On Desktop, Bitwarden doesn’t recognize app logins.
- In Desktop Chrome, Bitwarden doesn’t recognize username and password fields nearly as well as Google, and autofill only works with about 2 out of 3 login forms.
- On Android (especially apps, but to an extent also in web browsers), it works worse, as the option to use Bitwarden to fill your username/password rarely comes up, so you’ll have to open a separate app to copy the username and password from.
- Automatic saving of passwords on Android
- Bitwarden doesn’t offer to save logins on Android, even if autofill is enabled, so you’ll need to save them manually by yourself after signing up.
- This is a pretty major missing feature in my opinion, and I couldn’t even imagine before taking the leap that any of the major Password Managers would come without a feature like this. But Bitwarden doesn’t automatically save or propose to save anything.
- Autofill itself works over half of the time, so I doubt it’s just my particular Android handset where this doesn’t work. ChatGPT claims that Bitwarden does support this, but their website doesn’t, so maybe this one is on me.
- “Great value”
- Both KeePass and Google Chrome Password Manager are “value” solutions. Free solutions that pretty much do everything you need.
- Bitwarden has a free version, but it doesn’t support Organizations, OTP codes or Attachments, and has limited space available.
- Speed (on Windows)
- Bitwarden’s Android app, while not well integrated with Android, is pretty quick and intuitive to use. The Windows app, however, feels like an Electron app or some other sort of wrapper around a web interface – and it is very sluggish to use.
- It uses reasonable amount of resources (I mean, half a gigabyte of RAM is not NOTHING – it’s about 20 times more than KeePass) but I don’t have a problem with that. I just dislike how slow it feels, all the time.
Learnings
First of all, what I learned about the migration process:
- Import from KeePass as the first (you might need to purge your vault multiple times, and purging will remove all existing data)
- If you have to retry an import because anything goes wrong, you’ll need to purge your data, as otherwise you’ll get multiple duplicates of your entries!
- Import to a vault (and if you already have something valuable in your vault, move it to an organization) so you can purge the original one when the import fails or creates duplicates
- You can’t migrate OTP codes from Microsoft Authenticator (wouldn’t that have been nice…) even though you can migrate passwords.
- You can’t migrate attachments from KeePass! According to Bitwarden support, this is not supported and will not be.
- Bitwarden Community says it is: https://community.bitwarden.com/t/exporting-data-from-keepass-into-bitwarden/44061 but it isn’t!
- You need to migrate them manually – just find nodes like <Binary /> in your KeePass export and locate the files in KeePass
- Saving attachments in Bitwarden sometimes randomly fails (at least on Desktop app).
- Double-check after storing a login or secure note that it actually DOES have the attachment you just thought you uploaded!
- I only moved something like 5 attachments from KeePass to Bitwarden, and one of them failed (even though it claimed it had saved successfully)
Discussion
Would I do it if I knew how slow the migration was and how cumbersome using a separate app is, compared to just letting uncle Google take care of everything?
No. No I wouldn’t have.
Do with that information what you will :)
References
- Experiences from migrating to Bitwarden - January 7, 2025
- 2024 Year Review – and 20 years in business! - December 31, 2024
- Merging on GitHub Actions fails with “could not read Username for ‘https://github.com’: No such device or address”? - December 24, 2024