Bitwarden sees auto-updating of its applications as a critical security component for the 99.9 percent of its user base that appreciates them. There has also never been a case where its auto. Bitwarden is a mature product that has been around for several years. It’s has trustworthy as any other pasword manager, as a bonus it is open source so you can review the code. Bitwarden has undergone security audits. Bitwarden appears to be based in the US, which is part of the 5, 9, and 14 eyes for surveillance.
Bitwarden Pricing
Bitwarden is free and open-source software, but unlike community-developed alternatives such as KeePass, it is a commercial venture.
The core product is free and will stay free forever, but you can support the developer by paying a very reasonable $10 per year subscription fee for a premium personal account. Premium users enjoy some cool (non-core) additional features, as outlined below.
In addition to a premium personal plan, Bitwarden offers family plans and a couple of enterprise plans aimed at businesses.
In this review, we will focus on personal plans.
What features does Bitwarden offer?
The following features are available to free users:
- End-to-end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- Two-factor authentication (2FA)
Paying $10 a year adds:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
What is important to note is that there is no account recovery feature.
How easy is Bitwarden to use?
To start using Bitwarden, just download the app for your platform and sign-up in-app. A password is requested, but this is not verified. You’ll need to think of a strong master password, and can choose a hint to help you remember it.
And that’s it! Just don’t forget your master password!
The desktop clients
The Bitwarden desktop clients are basically identical in Windows, macOS, and Linux. Most versions of Linux are supported thanks to the app being packaged in the AppImage format. It is also available through the Ubuntu Software Center and, of course, you can compile the open-source code yourself.
We find the interface to be smart looking and very easy to use. Four “Types” of data entry are supported: login, card, identity, and secure note.
Each entry Type is formatted in a way suitable to entering data of that kind, and which the app can use to auto-fill passwords, web forms, and card detail forms. using browser add-ons.
An interesting new feature is a button in the password field which checks if the password you input has been exposed. This works much like our very own data breach tool and compares the username and password you enter with a database of known password breaches.
A more secure option than thinking up your own all-too-fallible passwords is to let the Bitwarden app generate secure passwords for you. These passwords can be tailored to conform with any specific requirements a website insists on.
You can also create folders and add items to them. What more do you want? If you need group password management and sharing features then these are provided by Bitwarden’s organization accounts.
Autofill functionality on the desktop is provided by browser add-ons for Firefox and Chrome.
The Mobile Apps
The mobile Android and iOS apps are very similar, and share the same attractive and intuitive design philosophy as their desktop siblings.
Both apps do everything their desktop siblings can including generate secure random passwords. They also both support fingerprint unlocking on devices which have fingerprint sensors.
The Androids app uses the Autofill Framework Service on Android 8+ devices and the Auto-fill Accessibility Service on older Android devices to auto-fill forms in any browser window or app. In addition to this, the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+ the Bitwarden app integrates with Apple’s new Authentication Services framework to provide instant autofill functionality in most browsers and apps.
Web Vault
In addition to using apps, it is possible to access your passwords via the “Web Vault” from any browser. This is handy, although the possibility of compromised servers pushing malicious JavaScript code directly to your browser window means that using browser-based e2ee cryptography will never be quite as secure as performing the cryptography in a stand-alone client.
Interestingly, the only way to import data is via the Web Vault, which accepts files exported from a huge range of password managers
Command-line interface CLI
In addition to graphical user interfaces (GUIs) for all major platforms, Bitwarden provides a powerful CLI client for Windows, macOS, and Linux.
It doesn’t really do anything the GUI clients don’t, but it is very lightweight and geeks will love it!
Browser add-ons
Browser add-ons are available Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. A Firefox link is provided for the Tor Browser, but we do not recommend this as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and provide the same core functionally.
They also make auto-filling logins, forms, and suchlike a breeze.
Bitwarden customer support
An extensive help section provides detailed documentation on most aspects of Bitwarden. If you have any additional questions you can email them in.
Bitwarden is basically a one-man show, so all responses we received were from its developer Kyle Spearrin himself. Responses typically arrived on the same day. Alternatively, the Bitwarden website hosts an active forum on which Kyle is an enthusiast participant.
Privacy and security
Bitwarden is a US company and is therefore subject to FISA, the Patriot Act, and very likely surveillance by the NSA. Which shouldn’t matter because…
Bitwarden uses fully audited open-source end-to-end encryption (e2ee). Which is as good a guarantee that it is secure and private as it’s possible to get. The only way to decrypt your data is by using the correct master password, which is not recoverable should you forget it. So don’t.
Because e2ee is used, it shouldn’t matter that Bitwarden uses Microsoft Azure cloud servers to host accounts, although if this really bugs you then you can self-host on a home or rented server of your choice using the open-source Docker framework.
Audit
In November 2018 a crowdfunded independent security audit by Cure53 found no major issues with the software. Some non-critical issues were discovered, the most important of which were patched immediately. We can only presume that developer Kyle has been working hard this last year to fix any additional issues raised by the audit.
Technical security
Data at rest is protected using an AES-256 cipher. PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all respected third-party cryptographic libraries.
Data in transit is protected by regular TLS - which is fine. Even if your data was somehow intercepted in transit (via a MitM attack using fake SSL certificates) it could not be accessed because it is encrypted with AES-256 before leaving your device.
In 2018 a flaw was found in the Chrome add-on’s cryptography. This was largely fixed immediately, although you should never use the ‘never forget’ option of Bitwarden if you do not want your encryption key to exist on disk.
Two-factor authentication (2FA)
Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
Check out our 'what is 2FA' page if you are new to this.
Final thoughts
Bitwarden is a free and open-source password manager that can go head-to-head with any of its closed- source subscription-based rivals. It is powerful, looks good, is intuitive to use, and syncs seamlessly across all your devices.
In our view, Bitwarden’s only real rival is the similarly open-source KeePass and its various forks. Bitwarden looks prettier than KeePass and is easier to set up and use, but thanks to the huge number of add-ons available to KeePass, it is no-where near as powerful or flexible.
KeePass is also true community-developed software rather than a one-man for-profit product (albeit one which is open-source). Bottom line: Bitwarden is the ideal password manager for the less technically minded.
- Fastest VPN we test
- Servers in 94 countries
- Unblocks Netflix, iPlayer and more
Perhaps you are a very busy person, and you need someone or something to help you keep track of your passwords. Or you are someone who has a lot of accounts that have password access.
You find it hard to keep your passwords in your password – for fear that you may lose your phones. Or you fear keeping your passwords in a notebook or a piece of paper, fearing how you may lose it and fall into the wrong set of hands.
To keep all your password together, try having Bitwarden to keep it safe and secure.
Bitwarden is purportedly may have been the best free password manager around, according to some user suggestions and feedback. It has great usability and decent features. Unfortunately, we were also told that paying users can do better elsewhere.
Company Background
Bitwarden was founded in August 2016, which originally was made for iOS and Android – mobile devices in general. It later on expanded into desktop use where you can install it as a browser extension for Chrome and Opera, and a web vault. The browser extension for Firefox was launched later in February 2017.
Criteria
Before moving on to the main review for Bitwarden, let us enlighten you on which areas we are going to review the software.
The Features
We are obviously going to have a look at the features that is available with Bitwarden. Some features are its strong points, whereas some other features, less so.
Every software have its own strong points and weak points. That includes Bitwarden also.
In this part, we will also include the user friendliness of the software or product. This part is crucial in a sense that not everyone is tech savvy. Some software was built for advanced users, whereas there are some that are made for entry-level users.
You may be someone who is looking for a password security software that is easy to use, but safe and secure. Or you may be an advance user who is looking for a password security software that is loaded with advanced safety features.
Find out here if Bitwarden is the right package for you.
Security
After covering the features and user friendliness of the password software, we will touch on the security aspects of Bitwarden. You will be very surprise that not every password security software is made to be as safe and secure as you thought to be.
Sometimes what was advertised on the official websites can be considered as inaccurate or falsely advertised. You won’t know until you have either tested it out yourself, or have read or heard from your peers how safe some password security features are.
Ease of Use and Support
It may be a simple password management software but not everyone knows how to use it. As mentioned previously, not everyone is tech savvy. Hence, we have included a quick and summarised section on how to use Bitwarden.
At the same time, we will look at how easy it is to reach Bitwarden’s support team if you need any assistance. A password security software’s support is important in a sense that it’s important to not have your passwords (and other private information) leaked and compromised.
You will have to see how easy it is to reach the support team, usually via the software’s official website. Look into the reply and problem resolve turnaround time. See if it is accurate and properly resolved.
Plans and Pricing
Plans and pricing is just what it is – the plans and pricings available from Bitwarden. You’ll see if its packages are within your budget. It can mean that or if you have the kind of money to spend on what Bitwarden has to offer.
We’d advise that if you have more money to spend, and are willing to do so, then you can do so at your own discretion. At the same time, remember that you get what you pay for when choosing certain packages or software.
It’s all your choice and in your discretion.
Bitwarden: Our Review
In quick summary, Bitwarden offers the following features. Free users are able to access the following features:
- End to end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- 2 factor authentication (2FA)
Paying packages get you slightly more features than non-paying packages. Which are:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
However, it depends on which (paid) packages you choose. Nevertheless, each paid package has a slightly different feature to each other. It still covers more or less the same thing for a slightly different price point.
The Features
Bitwarden has quite a bit of features to offer for something that offers mostly free services.
Open Source Software
Bitwarden is an entirely open source software. Its source code is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.
Bitwarden believed that by being open source is an important feature. Source code transparency is an absolute requirement for software solutions like Bitwarden.
Docker Feature – Host It Yourself
If you are someone who do not like using the Bitwarden cloud, it’s all right as yohu do not have to. You can easily host its entire infrastructure stack on the platform of your choice.
Join Their Active Community Online
Bitwarden has an active community online, which you are more than welcomed to join. Join its Gitter chat channel to talk directly to its developers. Or you can swing by its community forums to ask questions and discuss product features.
Free Features
Yes, Bitwarden is largely a free software t use. Their CSR is that they believe security is important for everyone. The core features of Bitwarden are entirely free. No payment needed. Forever.
The free features include:
- Access and install Bitwarden apps
- Sync all your devices, no limits
- Store unlimited items in your vault
- Logins, secure notes, cards, and identities
- Two step authentications (2FA)
- Secure password generator
- Self-host on your own server (optional)
The premium features include:
- Everything from the free account
- 1GB encrypted file storage
- Two step login with YubiKey, U2F, and Duo
- Password hygiene and vault health reports
- TOTP authenticator key storage and code gen
- Priority customer support
Organization Accounts
If you are looking for account features for organizations, Bitwarden has that covered too. Its organization accounts have powerful sharing features for families, teams, and business organizations.
Personal Use
The personal account is free. You can share it with a spouse or friend, and is upgradeable at any time. It includes the basic features and the following:
- Sharing for 2 users
- Limit 2 collections
- Unlimited shared items
Family Accounts
The family account covers up to 5 users and is an account sharing for family and friends. It starts from US$1 a month. It includes the following:
- Share with 5 users
- Unlimited collections
- Unlimited shared items
- Vault health reports
- 1GB encrypted file storage
- Self-hosting (optional)
Business Use Accounts
Business use accounts covers up to 5 users in one account. It costs US$5. For every additional users will be charged US$2 per user. IT covers the following in this package:
- Unlimited users
- Unlimited collections
- Unlimited shared items
- Vault health reports
- 1GB encrypted file storage
- Priority tech support
Enterprise Package
This package is for bigger businesses and enterprises. This package charges US$3 per user. It includes all teams’ features and the following:
- User groups
- Directory sync
- On-premises hosting
- Event/audit logs
- API access
- MFA with Duo Security
- Users get premium
The prices are charged annually, although monthly options are also available.
Securely share and manage logins, secret keys, and more with other users across your organisations. At the same time, implement fine-grained access control policies and organise your vault with collections.
Store sensitive files such as private keys, certificates, documents, photos, and more. Keep your vault health reports in stellar mode by practising hygiene. All you need to do is to audit your vault with insightful reports.
Utilise its user groups for easier user management and greater control across departments and teams. Make use of its directory sync by syncing groups and users from Active Directory (and other LDAP), Azure, G Suite, and Okta.
Keep an event log. Review an audit trail of actions and changes performed by your organisation’s users. At the same time, its RESTful and flexible API access allows you to integrate your organisation with other tools and systems. Its on-premise hosting is easily deployed and host Bitwarden with no dependency on external cloud services.
Its multi-factor authentication enforces multi-factor login policies for your users by integrating with Duo Security. Last but not least, having a problem? Having questions and doubts? Get the help you need when you need it – fast – with Bitwarden’s priority support!
Security
As Bitwarden is a US company, it is therefore subjected to FISA, the Patriot Act, and is quite likely be under surveillance by the NSA.
It should not be a big issue as Bitwarden uses fully audited open source end to end encryption (e2ee). In other words, it is as good a guarantee that is secure and private as it is possible to get.
To decrypt your data is to use the correct master password. That’s the only way to decrypt your data. You should know that the master password is not recoverable if you forget it. So it’s best if you do not forget it.
As e2ee is used, it does not matter that Bitwarden uses Microsoft Azure cloud servers to host accounts. However, if you are bothered by this, you can self-host on a home or rented server of your choice using the open source Docker framework.
Audited for Safety
Back in November 2018, a crowdfunded independent security audit by Cure53 found no big problems with Bitwarden. There were some non-critical issues discovered, but the most important parts were patched and fixed immediately.
It is only presumable that its developer has been working t=hard to fix any additional issues raised by the auditors.
Technical Security
Bitwarden is purportedly protected by some of the best security systems in the world. It is protected using AES-256 cipher. It also uses PBKDF2 to derive the encryption key from your master password, which in turn is then salted and hashed using HMACSHA256.
To put it simply – the above paragraph basically described how Bitwarden uses well-respected and advanced 3rd party cryptographic libraries.
Your data in transit is protected by regular TLS. Let’s say your data was, in some ways, intercepted in transit, it cannot be accessed. That is because it is encrypted with AES-256 before leaving your device.
However, in 2018 a problem was found in the Chrome add-on’s cryptography. It was fixed immediately, although it is advisable that you should never use the “never forget” option available with Bitwarden.
To be fair, it is cautionary that you should never choose the “never forget” option from any websites or software. If you really do not want any of your encryption key to exist on disk, that is.
Two Factor Authentication (2FA)
Free users are able to secure their Bitwarden Vaults using a time-based one-time password (TOTP) or an email verification for 2 factor authentication.
Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
Ease of Use and Support
Bitwarden is relatively easy to use, according to most users.
- Step 1 – To start using Bitwarden, download the app for your platform. The sign up for an account in its application.
- Step 2 – A password is then requested, but it is not verified. You will need to have a very strong master password. You can even choose a hint to help you remember it. Just do not remember you master password.
Desktop Client
Bitwarden’s desktop clients are identical across all operating systems – Windows, macOS, and Linux. Apparently most versions of Linux are supported as the app is packaged in the Applmage format. It is also available in the Ubuntu Software Center, where you can compile the open source code yourself.
Users who have, previously and currently use this software before, said they find the interface to be smart looking and easy to use. They mentioned how there are 4 types of data entry that are supported: login, card, identity, and secure note.
Each entry type is formatted in ways suitable to entering data of each kind. Something which the app can use to autofill passwords, web forms, and card detail forms. All using browser add-ons.
You can even check if the password you input has been exposed. It works like your own data breach tool and compares the username and password you enter with a database of known password breaches.
If you feel you are not creative enough, or simply cannot be bothered entirely to come up with a really strong password – leave it to Bitwarden. Let the Bitwarden app generate a really secure password for you.
These passwords can be tailored to conform with any specific requirements a website insisted on.
Create folders and add items to them. You can actually do this on the desktop version of Bitwarden. Need group password management and sharing features, then these are provided by Bitwarden’s organisation accounts.
Autofill functionality on the desktop is provided by browser add-ons. That is only applicable for Firefox and Chrome browsers.
Browser Add-Ons
You can find that browser add-ons are available on Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. We were told that a Firefox link is provided for the Tor Browser, but us not recommended. This is not recommended as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and are said to provide the same core functionality.
Mobile Apps
Android and iOS Bitwarden app works very similar, according to users. It shares the same attractive and intuitive design philosophy as the desktop versions.
Basically, the Bitwarden phone apps can do everything the desktop versions can do, including generate secure random passwords. Both can also support fingerprint unlocking on devices which have fingerprint snesors.
However, there is a small difference between the Android app and the iOS app.
The Android app uses the Autofill Framework Service on all Android 8+ devices to autofill any forms in any browser window or app. The Autofill Accessibility Service on older Android devices instead. On top of that, users also mention that the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+. On the other hand, Bitwarden app integrates with Apple’s new Authetication Services framework to provide instant autofill functionality in most browser and apps.
Customer Support
If you ever need help from Bitwarden, an extensive help section provides a very detailed and well documented section on most aspects of Bitwarden. If you feel the need to reach out to them, you can always email them.
Bitwarden is said to be a 1-man show, basically. All responses received from Bitwarden is said to be sent from the developer called Kyle Spearrin himself. Users said responses usually are received on the same day you sent an email query.
Your other way of getting app support is to join its Bitwarden forum. In the Bitwarden-hosted active forum, you can also find Kyle there as an enthusiastic participant.
Plans and Pricing
We have previously touched on Bitwarden pricings before. Here’s a quick run-down of their plans and pricing:
i. Personal Packages
- Covers 2 users
- Free
ii. Family Account
- Covers 5 users
- US$1 a month
iii. Business Account
- Covers 5 users – US$1 a month
- Charges US$2 for every additional users
iv. Enterprise Account
- Covers unlimited users
- Charges US$3 per user
Prices can be charged annually. Alternatively, monthly pricings are also available.
Our Verdict
Bitwarden is generally an all right password security software for the average household or business. If you have intermediate data and information to keep, then this software will be a good choice for you.
However, if you have many advanced data and information to keep, then you will need to get yourself a password security software that fits that mould.
We have come to a conclusion that Bitwarden’s basic and free package works very well for the general population. As the basic package covers a lot of pretty good features, it is a pretty good software for the average person with intermediate needs.
If you are looking for premium password security and safety with Bitwarden and don’t mind paying the money, then you will be better off looking for better ones elsewhere. Somehow Bitwarden is not able to provide advanced security if you have rather advanced needs.
Bitwarden Safety
Frequently Asked Questions (FAQ)
Is Bitwarden Safe
Here are some frequently asked questions (FAQ).
Q: Is Bitwarden safe?
Bitwarden is said to be a top notch and equally secure software. However, it has a potential risk because of its web vault website. That means if you need to change your password or other settings (that are not in the app), you will need to login to the web vault where you do not have control of your client side code.
Q: How good is Bitwarden?
Is Bitwarden Safe As Lastpass
For the majority of users, Bitwarden is one of the very best password managers you can ever get. It is a great program, as it is very inexpensive. As it is open sourced and audited, it is one of the most secure softwares – far more secure than close sourced password managers.
Q: How is Bitwarden free?
Bitwarden is a free and open source software. Unlike community-developed alternatives such as KeePass, Bitwarden has a commercial venture. The core product itself is free, and will stay free forever. You can always support the developer by paying a really reasonable US$10/year subscription fee for a premium personal account.
Bitwarden Safe Reddit
Q: Can Bitwarden be hacked?
If Bitwarden were to get hacked at any day and any time and your data is exposed, your information will still be protected. That is because Bitwarden uses strong encryption and a 1 way salted hashing. As long as you have a very strong master password, your data will stay safe no matter who gets hold of it.
Bitwarden Totp
As a Master Degree graduate in the Internet Technology field, Stefan is highly dedicated towards improving the overall web security so internet users can browse freely without having to be afraid of technical loopholes. With over 15 years in the internet security industry, you should definitely take his advice seriously.