Joshua Frisby
Summary
Below is a quick snapshot of our review. If you want to dive straight into the
6 things you need to know before using Bitwarden, scroll down a bit further.
500,000+ users trust Bitwarden
4.8 out of 5 star rating based on 1,600+ customer reviews
6 Things You Need to Know Before You Use Bitwarden.
Click on the icons below to discover more about Bitwarden and read our expert opinion.
1) Security
Bitwarden is one of the very few password managers that is open-source and has been designed for complete transparency to enable it to be peer-reviewed to quickly detect and fix any security flaws.
It uses a combination of end-to-end encryption to safeguard your credentials before they are stored in the cloud and your vault, salted hashing to turn your encrypted passwords into a numerical hash value making them harder to crack, and PBKDF2 SHA-256 which creates a special signature used in the decryption process.
All of these security measures lend themselves to the zero-knowledge security model where not even Bitwarden are able to see your unencrypted passwords. The only way to decrypt your passwords is to unlock your private vault using your master password – the only password you will ever need to remember again.
In simple terms, Bitwarden is secure and will protect your data from hackers.
Open Source
The source code for Bitwarden is hosted on the popular GitHub platform and anyone interested in the under-the-hood mechanics can download the code and investigate it further. Bitwarden made the source code 100% available, under an open-source GPLv3 license. This allows transparency about how the password manager works and how user data is handled. Being open-source is regarded as one of the most important features of Bitwarden because it’s peer-reviewed, meaning it is open to a large base of inspectors who can quickly detect and fix any security flaws.
More importantly, Bitwarden is also officially audited by third-party security firms to evaluate the app’s cryptographic design (the practice and study of techniques for secure communication by transforming messages in ways that are hard to decipher). As a result, the security model is kept up-to-date with industry standards.
Zero-Knowledge Model
Like most password managers, Bitwarden operates a zero-knowledge model where all your passwords are encrypted on your device. Only encrypted data is stored in your vault and on Bitwarden’s cloud-based servers. Nobody from Bitwarden (or any other third-party) ever has access to your unencrypted data. Only you can unlock and decrypt the passwords stored in your vault using your master password.
Master Password
Bitwarden requires you to use a master password to access your encrypted vault.
The master password is not only used to unlock your vault but also to encrypt/decrypt the vault’s data. However, if you forget or lose your master password there is no way to unlock or recover your vault. The only option is to delete the account which will also delete the vault. Although Bitwarden’s approach is to ensure security, we think this is an area that could be improved since other password managers offer you a backup plan to reset your master password. For example, LastPass offers SMS recovery where a verification code will be sent to your phone, and Dashlane lets you use your biometrics (fingerprint) to reset your master password.
End-to-End AES 256 Encryption
The Bitwarden security model employs end-to-end AES 256bit encryption to safeguard your credentials before they are stored in the cloud and your vault.
End-to-end encryption (E2EE) can be described as a communication system that allows only the users who are communicating with each other to view and read the messages, whereas AES 265 encryption refers to a standard of cryptography. AES 265 encryption is used by the US government, amongst others, to protect top-secret data.
During the encryption process, cryptographic keys are the only way to decrypt the information. No third parties can access the cryptographic keys. The sender encrypts the data which is then sent to the receiver in an encrypted format. Only by using the right decryption key can the receiver decrypt the data.
For example, you save a new password in your vault. Your new password is then encrypted and stored on Bitwarden’s cloud servers. Next time you log into your vault, Bitwarden’s cloud servers become the ‘sender’ and you become the ‘receiver’. When you log into your account using your master password (the decryption key) you request Bitwarden’s cloud servers to send your password to your vault for you to decrypt it.
Ultimately, none of your data is ever sent to Bitwarden’s cloud servers in an unencrypted format. Your data is always encrypted with on your local device and then sent for storage.
Salted Hashing
Hashing is the method of using a mathematical algorithm function to generate a numerical hash value of a string of text. The text (input data) can be of arbitrary length but the hash value will be of a fixed bit length. The hash protects messages against tampering when they are transmitted. Salting is the adding of random bits or cryptographic salt before hashing of passwords to protect against hacking.
The Bidwarden security model uses hashes and salts to protect the security of your master password and email address before transmission from your computer/device to the Bidwarden servers. When the Bitwarden server receives the hashed password it is salted again before being stored in the database. This process is repeated every time you log in. Bitwarden uses one-way hashes to ensure a higher level of security protection of your master password.
For example, you password could be ‘Example123’ but the hash would turn this into something like: 695ddccd984217fe8d79858dc485b67d66489145afa78e8b27c1451b27cc7a2b
PBKDF2 SHA-256
PBKDF2 is the acronym used for Password-Based Key Derivation Function 2. That is quite a mouthful but it simply refers to the way that Bitwarden creates an encryption key by using your master password.
SHA-256 is the acronym for Cryptographic Hash Algorithm. This is like a signature used for a data or text file. SHA-256 is used with PBKDF2 to create a unique ‘signature’ that is used in the decryption process. The encryption key, derived from the master password by Bitwarden using PBKDF2, is salted and hashed with SHA-32 before being stored on Bitwarden’s servers. Bitwarden uses both PBKDF2 and SHA-256 to safely encrypt and securely store your data in your encrypted vault.
2) Features
Bitwarden brings nothing new to the table, but it does provide all the basics for password management and protection from individual to enterprise use.
You can store unlimited passwords, auto-fill your credentials without ever needing to type them in again, sync your vault across all your devices and check for exposed, weak, and reused passwords.
Many of the features that are developed and built are a result of popular user requests which on the one hand is good because it means Bitwarden takes the time to listen to its users but on the hand, it slows the addition of new features. Consequently, Bitwarden is always on the tail-end of the competition.
Password Vault
As a standard functionality of all password managers, Bitwarden enables you to safely store and access your passwords and any other sensitive information in an encrypted vault.
I often like to make the comparison of password vaults to brick and mortar bank vaults where safety deposit boxes are kept. As with the bank, only the authorized user can open their safety deposit box with their unique key. While the bank acts as a host for the safety deposit box, they never know what the client stores inside the box. This concept is the same for Bitwarden, they simply secure the contents of your vault without knowing what data it contains.
The vault can either be hosted by Bitwarden in the cloud or you can self-host the vault. I recommend choosing the cloud – it is the easiest option, especially if you aren’t technical. However, there are benefits to self-hosting – I discuss these in more detail later in the review.
All in all, the secure vault is a safe place to store and manage your passwords as well as other sensitive information (mentioned below).
Unlimited Logins, Cards, Identities & Notes
Previously, Bitwarden only supported the storage of unlimited login credentials while other information had to either be stored in the “Notes” section. Or, if you were technically able, you could create custom fields for data entry. I like to keep things simple and if a password manager doesn’t make it easy to enter and store the information I need then I tend to rate the ease of use fairly low. However, the good news is that, in addition to passwords, Bitwarden now supports the storage of:
- Card information – Credit and debit cards can be stored to make online shopping effortless. Whilst shopping, Bitwarden can automatically fill card information for a secure and fast checkout process.
- Identities – Store names, phone numbers, address information, and any other form of identification. As with login credentials and card information, identity data can also be used to auto-fill online forms.
- Secure notes – Store generic text-based information. This is the same as you would store notes on your phone.
Bitwarden protects your card details, identity data, and notes with the same encryption and security protocols as your login credentials.
Password Generator
Although password generators are generally included by password managers for added value, the Bitwarden one does something a little bit special. Of course, it will generate random, complex passwords made up of special characters and numbers, but it also lets you evaluate password strength by calculating the time it would take a hacker to crack it. This is a nice addition but shouldn’t be a key reason to choose Bitwarden since there are similar tools provided online.
Auto-fill
One of the features that draws so many individuals, families, and businesses to password managers is their ability to auto-fill your credentials at a click of a button, meaning you no longer have the laborious task of manually entering usernames and passwords. In fact, auto-fill stretches beyond the realms of login credentials allowing you to fill addresses, identity information, and even credit card details to facilitate a secure and fast checkout while shopping online.
To use auto-fill on desktop you need the browser extension, and for mobile, you need the app and to enable Bitwarden as your password manager of choice – both are easy to do.
On desktop there are several ways to perform auto-fill with Bitwarden:
- When you view a website Bitwarden will open a popup window where you can view login, select one, and it will be auto-filled.
- Alternatively, you can use the right-click menu in your browser to obtain the list of logins for selection – this was the method I chose and although it is straightforward to use, it doesn’t have an as clean of an interface as that of Dashlane or LastPass.
- Another way to use the auto-fill feature to quickly complete a login form is to use hotkeys or keyboard shortcuts. When you view a website you can enter the keyboard shortcut and Bitwarden will fill the credentials that were last used for the website.
On mobile, there is one way to auto-fill your credentials. When you need to fill a form, a Bitwarden pop-up will appear below the input field, you then select the appropriate login from the list. It’s a very simple process. Bitwarden’s mobile auto-fill is on par with the rest of the password managers for ease of use.
File Storage
File storage is only available to premium individual and organization accounts. Is it a deal-breaker? Not really. I don’t store many files in my secure vault, probably because I don’t have any that are confidential. However, if you have confidential contracts or agreements that you need to keep away from prying eyes, then file storage can be beneficial. If that resonates with you, then the 1GB encrypted file storage and option to add further 1GB increments may be worthwhile.
You can store any type of file, including certificates, photographs, documents, and much more.
Device Sync
Bitwarden has always included syncing between devices as a feature in all their applications although syncing wasn’t always immediately available across all devices. This caused frustrations for many users and as a result, Bitwarden improved the feature to now offer live sync. This simply pushes synchronization between Bitwarden apps in seconds, meaning the latest data stored in your secure vault will be immediately available across your desktop and mobile devices.
Organizing Your Vault with Collections and Folders
I’ve tested a wide range of password managers and although I like to be able to organize my credentials in an orderly fashion, I often find myself using the search function to find the information I’m looking for. So, while being able to organize your vault is a nice-to-have feature, it’s certainly not a critical one. Nevertheless, here are my thoughts on Bitwarden’s organization abilities.
There are two primary methods of organization: collections and folders. The difference is that collections can be used by companies to control user access, while folders are used by individual users to organize items in their vaults. Folders can also be broken down further using nested folders (sub-folders). Nested folders follow a naming protocol where a forward slash (/) acts as a delimiter.
For example, you may create a folder titled “Social” to store your social media credentials. In this folder, you could create a nested folder for each social media platform, e.g. “Social/Facebook”. Here, “Facebook” will be nested as a sub-folder under the parent folder “Social”. There is no limitation on how deep you can go with the nested folders but, for ease of use, I only recommend going 3 deep max.
If no “parent” folder is created, nesting won’t happen even if you used a forward slash as a delimiter. For example, a folder named “Finance/Correspondence” won’t become a sub-folder if no “Finance” folder exists.
Secure Sharing
Secure sharing is for companies only. If you are a personal user you can’t use this feature. This is one of the major downfalls of Bitwarden when compared to some of the market-leaders like Dashlane and LastPass, where secure sharing is available to all users.
Not being able to share passwords via Bitwarden may seem trivial since you can share them via text, email, and even in spreadsheets, but it is extremely important to be aware that all of these methods are unsecure. Sharing passwords without layering them in encryption opens you up to exploitation from hackers which can result in both financial and identity damage. Being able to plug all the holes in your security shield will make you far less susceptible to being targeted by hackers. Don’t just take my word for it though, secure sharing is one of the most asked for features by Bitwarden users.
For companies, it is a simple case of adding users to collections (groups of login credentials) to give them the right to either view or edit the login credentials. All data that is shared follows Bitwarden’s zero-knowledge and end-to-end encryption protocols to ensure that no unencrypted data ever leaves the user’s device when it is being shared.
Vault Health & Data Breach Reports
To maintain a stronghold on your cybersecurity, reviewing the strength of your current credentials is essential. Bitwarden’s auditing tools allow you to do just that. However, you can only take advantage of them if you are a premium account user.
The reports are broken down into the following:
- Exposed passwords – Identifies passwords that have been exposed in data breaches and need changing immediately.
- Reused passwords – Reusing passwords is a sure-fire way to compromise multiple accounts. To make it easy to remove this risk, the report highlights duplicate passwords so you can replace them.
- Weak passwords – Hackers use sophisticated scripts that can easily guess weak passwords to gain unauthorized access to your accounts. This report shows the passwords that need to be more complex. Using Bitwarden’s password generator is a simple and quick way to create new strong passwords. However, you need to do this on a password-by-password basis which can be quite frustrating, especially when you compare it to other password managers like LastPass that feature auto-change capabilities letting you change multiple passwords at once.
- Unsecured websites – This simply checks whether you have accounts with unsecure websites. Bitwarden defines unsecure as sites that use the http:// protocol instead of https://.
- Inactive 2FA – Locates items in your vault without a stored TOTP authenticator key. This allows you to enable two-factor authentication to improve the security of your accounts. In layman’s terms, every time you log in to an account with two-factor authentication set up you will need to authenticate the login on your mobile device. For example, if a hacker managed to get their hands on your username and password, they would also need your phone to authenticate themselves when logging into accounts that have 2FA set up. 2FA adds a layer of security to your online accounts.
- Data Breach Report – With hackers striking every 39 seconds, it is vitally important to know if any of your information has been compromised so you can quickly change your passwords. Without knowing, you can’t take the necessary steps to protect your data. To make it easy for you, Bitwarden scans your credentials against haveibeenpwned.com’s database to check if any of your credentials have been compromised in known data breaches. Top tip: you can also subscribe to haveibeenpwned.com to receive notifications of any data breaches as they are reported.
Two-step login (2FA) with YubiKey, U2F & Duo
Two-step login, otherwise known as two-factor authentication (2FA), is used to add an extra layer of security to the sensitive data stored in your vault.
When you access an application or website, you are required to verify your identity. You do this with something you “know” – your master password, and something you “have” – your mobile device.
For example, when logging in to Bitwarden you are asked to enter your master password. You then need to verify that it is you logging into your account by authenticating the login on your mobile. If a hacker guessed your master password, they would still need access to your mobile device to authenticate the login and gain access. Authentication is completed via the Google Authenticator app which you can download from the App Store or Google Play. The authenticator app sends you a unique 6-digit code to enter as verification.
You can also use email for two-step login. When logging in, a verification code is emailed to you. You need to enter the code when prompted by Bitwarden where it will be validated before granting access.
Although both methods of two-step login are arguably as easy as each other to set up, I strongly recommend using an authentication app over email. Email accounts are notorious for being targeted by hackers.
Alternatively, if you opt for a premium plan you can use Bitwarden to generate the authentication key (6-digit code) for you, meaning you don’t need to rely on an external authenticator app like Google Authenticator. Bitwarden changes the authentication keys every 30 seconds so that they can only be used to grant access within the specified time slot.
If you are extremely conscious about your security, you can take two-step login even further by using Fast Identity Online (FIDO) and Universal Second Factor (U2F). This may sound complicated but all it means is that to authenticate access, you can opt to use a physical security key to unlock your vault. You simply insert a FIDO U2F security key into your computer or hold it next to your phone. Then, press the U2F key button to gain access to your secure password vault. FIDO U2F security keys cost between $30-$50 dollars and they are well worth the investment to tighten the security protocol needed to decrypt your passwords. I understand that not everyone who has read the above may understand how these keys work so I’ve included a helpful video below to give more context.
Vault Timeout Options
Vault timeout options simply allow you to protect your vault when you are away from a device that is currently logged in. You have two options:
- Vault lock – Requires you to re-enter your master password to regain access to your vault.
- Vault logout – Requires you to re-authenticate yourself through two-step authentication to regain access to your vault.
The choice is up to you but I recommend opting for vault logout – it provides the highest level of security.
You can also choose when your vault will timeout, stretching from every 1 minute to 4 hours, as well as other options that aren’t time-based such as on browser restart, and even the choice to set it to ‘never’.
Restore Deleted Items From the Trash
Until recently, one of Bitwarden’s pitfalls was that anything you deleted from your vault, even if it was by accident, was gone forever. Thankfully, after the frustration of many users, Bitwarden now places deleted items in a trash folder for 30 days before they are permanently wiped from your vault.
You can restore any items that you want to keep.
A nice feature but late to the game.
Self-Host
Out of all the password managers I have reviewed, Bitwarden is the only one that lets you self-host.
Straight off the bat, I am going to recommend against self-hosting if you are an individual wanting a password manager for personal use.
Self-hosting your password manager isn’t worth it. First, you need to be technically capable. Second, you need to find a way to backup your data which will add to costs. Third, you should let the password manager do all the hard work for you so you can reap the benefits without lifting a finger. Feel free to skip this part of the review if that resonates with you. However, if you are looking for a password management solution for your organization, then you may want to read on.
The self-host feature was added to enable organizations who want to control their data or whose policies dictate that data must be stored on-premise, to host Bitwarden on their servers. This removes dependence on Bitwarden’s cloud-based servers. According to Bitwarden, it can be deployed on machines that run Windows, macOS, and Linux operating systems, and takes less than three minutes. However, be aware that organizations need to have an enterprise license to self-host.
Access Control & User Groups
While we are on the topic of organizational password management, it is also worth noting the capabilities of Bitwarden in a business environment.
The first and most notable capability is access control. This allows for the implementation of fine-grained control to determine who has access to what, as well as the level of access e.g. read-only, edit, etc. It can be used to define user types and demarcate collections (groups of login credentials).
Second, is user groups. Admins can use groups for the management of users across teams and departments. Each group can be broken down further into different user types including User, Manager, Admin, and Owner. Each level has varying access and permissions.
Both access control and user groups work in conjunction to create a framework where all users or user groups are given the appropriate access and permissions to business-critical credentials in their vaults.
Enterprise Policies, Directory Sync, and Event Logs
For enterprises who have large numbers of employees, Bitwarden offers some additional features to help keep sensitive password information secure:
- Enterprise Policies – Owners or administrators can set and enforce parameters for each user’s master password and the use of two-step login.
- Directory Sync – Keep Bitwarden and your user directory synced. Users from your configured user directory will be automatically provisioned or de-provisioned. Bitwarden supports syncing with the following directories: G Suite (Google), OneLogin, Okta, Azure Active Directory, and any LDAP-based directory.
- Event Logs – An audit trail of all the actions and changes which the users of the organization performed. This feature aids in the management of the Bitwarden application.
3) Ease of Use
The interface of the web vault is clean, simple, and easy to navigate. Within the first 5 minutes of using Bitwarden, I was able to understand where to add my credentials, use the password generator, and view my vault health reports. I can say, with confidence, that the stripped-back interface can be understood by anyone – even if you aren’t technically minded.
However, it has a convoluted desktop auto-fill process that requires you to right-click on the form that you need to fill, select Bitwarden, and then chose the login details. Other password managers offer simpler processes that make filling your credentials effortless.
Operating System and Browser Applications
Bitwarden is available for use with either Windows, macOS, or Linux operating systems, as well as on iOS and Android. It’s also available as a browser extension that supports the majority of popular browsers including Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave, and Tor Browser.
How to Setup and Use on Desktop
Provided you are not self-hosting, setting Bitwarden up is a fairly straightforward process. The simplest way to get started is to create an account by entering your email address and a master password (like you would set up any other account online). Once that is done, all that is left is to click on submit and you immediately create a new web vault where you can begin to add your login, card, and identity credentials, as well as secure notes.
You can download the desktop application if you would like to run Bitwarden on your local device or if you want to take the easy route, which I recommend, just stick to using the web vault. Top tip: If you don’t have a personal computer/laptop and use a work one while at home, the web vault can be accessed without needing to download or install any software which could be blocked by administrator policies. You can log into your web vault from anywhere.
The interface of the web vault is clean, simple, and easy to navigate. Within the first 5 minutes of using Bitwarden, I was able to understand where to add my credentials, use the password generator, and view my vault health reports. I can say, with confidence, that the stripped-back interface can be understood by anyone – even if you aren’t technically minded.
In particular, it is very easy to find your stored credentials using the folders, as well as the built-in search function. Auto-filling credentials when logging into accounts is also straightforward. While testing Bitwarden I found that right-clicking on the form that you need to be filled, selecting Bitwarden and then your chosen login was the most effective method for a seamless logging in experience. You need to make sure you have downloaded the appropriate browser extension for this to work though.
How to Setup and Use on Mobile
As previously mentioned, the Bitwarden mobile app is available for use on both iOS and Android operating systems and can be downloaded from either the App Store or Google Play store.
Downloading Bitwarden is the same as any other app that you’ve installed on your phone.
If you’ve already created an account on desktop, it’s a simple case of logging in to your account. Once you log in, all your data is instantaneously synced meaning you have immediate access to all your stored information.
Alternatively, you can create an account as mentioned in the section above. The mobile app is as easy to use as the desktop version but you do need to make sure that you enable auto-fill on your mobile since it isn’t readily available as it is on desktop.
You can even access your vault using Face ID. This took me about 10 seconds to set up and every time I logged into my vault, all it took was a click on the Bitwarden app and a scan of my face. You don’t need to enter your master password.
One thing that you can’t do on the mobile app is import passwords. This isn’t a major issue as preparing the file needed to import the passwords is easier to do on desktop than mobile.
4) Support
Bitwarden may be the cheapest password manager but the cost is reflected in the level of help and support. Bitwarden doesn’t offer live chat, telephone support, webinars, video tutorials, diagnostic reporting, or live training. Help is on hand via email, Twitter, and their forum.
Although the response time for email support is fairly quick, the lack of live chat casts a slight shadow over Bitwarden. When testing other password managers that have live chat it’s far easier to convey your question and explain any issues you are facing when in constant dialogue. I often find this can be broken up via email, meaning it takes longer to get a solution or answers to questions/issues.
The self-help guides in the Help Center do a great job of talking you through each step required to achieve the desired outcome but the content for different user-cases can be hit or miss, e.g. I could find a guide on how to enable autofill on android, but not on iOS.
Getting in touch:
Whether you have a free or paid-for plan you can contact Bitwarden via email. Premium users will have priority support and you can generally expect a response in less than 24 hours.
Although the response time is fairly quick and in-line with some of the market-leading password managers, the lack of live chat casts a slight shadow over Bitwarden for me. When testing other password managers that have live chat it’s far easier to convey your question and explain any issues you are facing when in constant dialogue. I often find this can be broken up via email, meaning it takes longer to get a solution or answers to questions/issues.
Bitwarden has an active Twitter account and responds to troubleshooting tweets quickly. My suggestion is to use Twitter for short, quick-fire, queries, and questions and to stay up-to-date with new feature releases. Before you tweet it is worthwhile checking the help center first as the team behind the Twitter account will often point you to a relevant guide anyway. If you need troubleshooting help that requires a lot of explanation then stick to email support.
Help Resources:
Help Center
As with most password managers, Bitwarden has created a repository of helpful user-guides.
After reviewing a handful of the guides I have to say that they do a great job of holding you by the hand through each step required to achieve the desired outcome. However, the content hosted can sometimes be a bit hit or miss. For instance, I could find a guide on how to enable autofill on android, but not on iOS. There seem to be some gaps in the support offered and it can be slightly frustrating at times. In comparison with other password managers, Bitwarden’s help center isn’t as comprehensive, putting it down a peg.
Forum
Don’t rely on it.
Although the community forum is active and some threads are filled with responses and troubleshooting guidance, don’t rely on it for answers to your questions. Looking back through the past few months of forum entries, a lot remains unanswered.
I recommend either searching the forum to see if there is already an active thread for your question and if not, check the help center or send an email directly to the customer support team.
5) Pricing
Bitwarden is the cheapest password manager and has a plan for individual, family, and business use. But don’t get too excited – it has some major drawbacks.
First, it is slow to add new features. Password managers that regularly update their features and stay at the forefront of security are far more secure than those that lag behind.
Investing in a password manager that costs more to stay at the forefront of online security is a small price to pay, especially considering that the majority of hackers are driven by financial gain and your login credentials to online accounts are a sure-fire way for them to extort and exploit your data.
Second, the price is reflected in the limited level of help and support. This is important for all users, but having a solid foundation of support is crucial for businesses use.
Free Plan
The Free plan offers all the core features of Bitwarden and is 100% free – there’s no “free trial” here. It is a lifelong free plan but it does have some restrictions which you need to be aware of.
The benefits:
- Unlimited storage – Whether you need to store passwords, card credentials, digital identity information, or even secure notes, you won’t be limited by the Free plan.
- Device synchronization – Immediately access all of the items stored in your vault on any device.
- Access to the secure password generator – Create unique passwords and evaluate their strength before using them to set up new accounts or change existing ones.
- Data breach report – Review which parts of your data have been compromised (email addresses, passwords, credit cards, etc.) and take appropriate action. This is vitally important to remain safe online.
The drawbacks:
- Vault health reports are not included – You will not be able to assess whether any of your credentials are weak, reused, or exposed, as well as not knowing if the sites you have accounts with are secure or not.
- Bitwarden is slow to add new features – Although new features are built as requests from users, Bitwarden often lags behind the competition. Password managers that update their features and stay at the forefront of security are far more secure than those that lag behind.
Although the Free plan may suffice with unlimited storage across unlimited devices, the drawbacks need to be carefully considered. I am a strong believer in making sure that if you are going to commit to using a password manager to protect your passwords, then opting for an all-encompassing solution that leaves no stone unturned is your best bet. This is why I recommend Dashlane Premium as the best password manager plan.
Premium Plan
The Bitwarden Premium plan offers all the core features of the Free plan plus:
- Vault health reports – Letting you check for weak, reused, or exposed credentials, as well as highlighting if the sites you have accounts with are secure. It also locates items in your vault without a stored TOTP authenticator key. This allows you to enable two-factor authentication on each account to improve the security of them.
- Two-step login with security keys – Use FIDO U2F security keys to add an additional layer of security when granting access to your vault.
- 1GB encrypted file storage – Store sensitive documents away from prying eyes.
- Time-Based One-Time Password (TOTP) – Single-use passcodes that are used for authenticating access within a given time period. Even if your password for an account is compromised, a hacker won’t be able to gain access without the TOTP, which, of course, expires quickly.
- Priority customer support
The Premium plan costs $10.00 per user per year. This is the cheapest password manager plan in the market. However, value for money is where I focus my attention. So, the question is: Is Bitwarden Premium good value for money? The short answer is yes – sort of. The long answer is not as straightforward.
For the range of features offered, Bitwarden provides good value for money but as previously mentioned, I am a strong believer in making sure that if you are going to commit to using a password manager, then opting for an all-encompassing solution that leaves no stone unturned is your best bet. Investing more to stay at the forefront of online security is a small price to pay, especially considering that the majority of hackers are driven by financial gain and your login credentials to online accounts are a sure-fire way for them to extort and exploit your data. As a result, I recommend opting for Dashlane Premium. It not only protects your credentials but wraps you in a cocoon of security that protects all of your online activity. It’s also the only U.S. patented password manager. Compared to Bitwarden, Dashlane Premium costs $4.99 per user per month. You can read more about why I think it is the best value for money password manager in my full review.
Family Plan
The Family plan caters for 5 users and introduces sharing and collections into the mix.
Each family member will be able to create collections (groups of login credentials) that can be shared with one another. In fact, there is no limit on how many items each family member can share. This is particularly useful if, as a parent, you want to create a collection of online banking and utility account passwords that you can share with your partner and a separate collection containing login details to Netflix, Deliveroo, and any other shared services with your kids.
As standard, you can store unlimited items in your vault across an unlimited number of devices, make use of all vault health reports for increased online safety, and store up to 1GB of files per user.
The Family plan costs just $1 per month but as mentioned above, I recommend opting for a password manager that constantly stays up-to-date with the ever-developing world of cybersecurity – especially for families that want to keep their children safe online. As a result, I recommend opting for LastPass Families. LastPass Families costs $4.00 per month for 6 users.
Free Business Plan
Bitwarden is the only password manager to offer a free plan for business use.
The plan is limited to just 2 users, the creation of 2 collections, and unlimited sharing. Is it a good option for organizations? No.
The Free plan is far too basic to support the security needs of organizations. It also doesn’t feature the vault health reports which provides crucial insights to maintain the security of confidential credentials.
Teams Plan
Teams is a big step up from the Free business plan.
It’s ideal for small to medium-sized businesses and offers fine-grained access meaning you decide who has access to what, as well as the level of access e.g. read-only, edit, etc.
One of the key factors to successful business password management is to choose a solution that can scale with your business as it grows. Although the Teams plan offers unlimited users and sharing capabilities, having a solid foundation of help and support is crucial. As a result, I strongly recommend considering Dashlane Business for small companies and 1Password Business for medium-sized companies. Both have much stronger customer support options. For example, Bitwarden caters for email, forum, Twitter, and user guide support, where Dashlane also has live chat, a chatbot, Q&A webinars, video tutorials, and various other support channels.
The basic Teams subscription is $5.00 per for 5 users per month. Additional users can be added for $2.00 per month.
Enterprise Plan
Bitwarden’s Enterprise plan is up there with the big boys. It features everything that an enterprise with a large number of employees needs to effectively manage passwords.
In addition to all the features of the Teams plan, Enterprise users will also benefit from:
- User groups for fine-grained management and greater control across teams and departments.
- Directory sync to keep Bitwarden and your user directory synced. Users will be automatically provisioned or de-provisioned. Bitwarden supports syncing with the following directories: G Suite (Google), OneLogin, Okta, Azure Active Directory, and any LDAP-based directory.
- Enterprise policies to enforce security regulations across the organization e.g. set a minimum length and complexity for all passwords that users add.
- Optional on-premises hosting available for complete control.
- Event and audit logs of all actions and changes made by users.
- RESTful API access to allow integration with other tools and systems.
- MFA with Duo Security to enforce multi-factor login policies.
However, one insight that I can share with you having reviewed multiple password managers is that a one-size-fits-all approach is not always the best approach. Take for example Keeper Security, they have an Enterprise plan similar to that of Bitwarden but they also give you the option to add-on powerful features for enhanced protection. These features stretch from increasing the amount of file storage to dedicated onboarding and training and even adding a secure messaging platform that brings the highest level of privacy and security to internal communications. Since every enterprise is different, being able to shape your password management solution to align with your specific needs may be the best approach to take.
The Enterprise plan costs $3 per user per month.
The subscription is billed annually but Bitwarden has month-to-month options available on request.
6) Alternatives
Bitwarden vs LastPass vs 1Password – Which is better?
Here are the top four differences:
- LastPass, 1Password, and Bitwarden all check for weak, exposed and reused passwords, but 1Password and Bitwarden also check your credentials against compromised data in known data breaches. This is vitally important to remain safe online.
- LastPass and 1Password have the same help and support channels as Bitwarden but offer more self-help guides that cater to a range of user-cases. LastPass also has a chatbot for quick-fire questions and answers.
- No matter what plan you are signed up to, you can share passwords securely using LastPass. 1Password and Bitwarden require you to be signed up to a Family or Business plan to share.
- LastPass and Bitwarden provide a 30-day period in which you can restore deleted items. 1Password has a 365-day item history.
While LastPass and 1Password are a peg above Bitwarden, if you are open to other options I highly recommend Dashlane. It is the most sophisticated password manager that fills the gaps of other password managers to cover you from all aspects of password cybercrime whilst delivering excellent help and support, ease of use, and value for money.
LastPass
There are four major differences between LastPass and Bitwarden:
- Both provide vault health reports that check for weak, exposed and reused passwords, but Bitwarden also checks your credentials against compromised data in known data breaches. This is vitally important to remain safe online.
- LastPass offers the same channels of help and support as Bitwarden plus their chatbot for quick-fire questions and answers. The level of support offered in the LastPass Help Center is superior to that of Bitwarden. Many more user-cases are addressed. For example, Bitwarden has very few support articles for iOS users, whereas LastPass accounts for all the different types of users.
- All LastPass users, no matter what plan you are on, can use the password manager to share encrypted passwords. With Bitwarden, you can only share passwords if you are signed up to a Family or Business plan.
- LastPass offers a simpler desktop auto-fill experience where you only have to click on the LastPass icon within the form field and select the login you want to fill. Bitwarden has a more complicated auto-fill process that requires you to right-click on the form that you need to fill, select Bitwarden, and then choose the login.
Whilst both offer good password protection, if you are stuck between which one to choose, I would opt for LastPass. However, if you are open to other options other than LastPass and Bitwarden, I highly recommend opting for Dashlane Premium for individual use. It is the most sophisticated password manager plan that you can rely on to cover you from all aspects of password cybercrime whilst delivering excellent help and support, ease of use, and value for money.
1Password
Bitwarden and 1Password are very similar, however, 1Password has the edge. 1Password has a slightly easier to use interface, better help and support, and more features. Both are equal in the level of security offered.
Here are a few of the key differences:
- 1Password and Bitwarden both offer email, forum, and Twitter support but 1Password has a wider and more comprehensive range of online resources to help you self-serve and troubleshoot which is extremely helpful.
- 1Password has a unique travel mode feature which Bitwarden does not. You can remove vaults with sensitive information when you travel to other countries. Upon returning to your home country the feature can be switched off and your vaults will be restored.
- Where Bitwarden provides a 30-day holding period of deleted items, 1Password has a 365-day item history that not only lets you restore deleted items but also revert to previous versions.
1Password and Bitwarden both rely on third party data from haveibeenpwned.com to check your credentials against data breach reports. Although both provide a good level of insight, you are better off using a password manager that has their own tool to scan the web, like Dashlane’s proprietary Dark Web Scan.
FAQs
Security
Yes.
Over 500,000+ people trust Bitwarden to protect their passwords. Bitwarden never stores any of your unencrypted data, meaning that if its servers were to ever be hacked, the cybercriminal would see streams of random code as opposed to your true credentials. Bitwarden’s open-source software also makes it open to scrutiny and this level of transparency leads to a stronger security architecture.
Yes.
Bitwarden offers end-to-end encryption and one-way salted hashing to ensure that your passwords and data are always encrypted. The local encryption and use of an encrypted master password make it very secure.
Possibly, but even if Bitwarden is hacked your data won’t be exposed. Hackers will only be able to see encrypted data which is useless without the security key to decrypt it. Bitwarden employs a zero-knowledge model and without your master password, the data is useless to any hacker.
Hackers will only be able to see encrypted data which is useless without the security key to decrypt it. As long as your master password is strong and kept safe, your data will be too.
Pricing Plans
| Plan | Monthly Cost | Yearly Cost |
|---|---|---|
| Free (Personal) | $0.00 | $0.00 |
| Premium (1 User) | $0.83 | $10.00 |
| Families (5 Users) | $1.00 | $12.00 |
| Free (Business – 2 Users) | $0.00 | $0.00 |
| Teams (5 Users) | $5.00 | $60.00 |
| Enterprise (1 User) | $3.00 | $36.00 |
General
Bitwarden is good, but not the best password manager. It is easy to use, takes a few minutes to set up, has a very secure security model, and is the cheapest password manager, but it does have some downsides. It is slow to add new features causing it to lag behind the competition, and the level support offered is inferior to that of other market-leading password managers such as LastPass, 1Password, and Dashlane.
Because Bitwarden is slow to add new features and doesn’t offer the same level of support as other password managers, it is not the best. I recommend Dashlane Premium as the best password manager plan for anyone wanting an all-encompassing online security solution.
Bitwarden protects your passwords from hackers by wrapping them in encryption. It facilitates security and convenience when logging into online accounts. You can rely on Bitwarden to automatically fill your login credentials meaning you no longer need to remember long complex passwords. Bitwarden has apps for Windows, macOS, Linux, Android, and iOS. Its browser extension supports Chrome, Edge, Firefox, Opera, and Safari, Vivaldi, Brave, and Tor Browsers.
Yes.
Bitwarden can autofill your credentials meaning you no longer need to remember long complex passwords for each of your accounts. Let Bitwarden do all the hard work for you.
Bitwarden is a 100% open-source password manager. Its codebase is stored on GitHub where anyone can access, audit, and contribute to it. Open-source software can be considered to be more secure than proprietary software since it is open to scrutiny
Bitwarden stores all data in the Microsoft Azure Cloud. It also offers you the option to self-host the entire Bitwarden stack on your own servers.
Bitwarden’s source code is hosted on GitHub and is open for anyone to review, audit, and contribute to.
All passwords are stored securely and encrypted in Bitwarden’s cloud servers. The passwords are sent to your secure vault and decrypt once you enter your master password.
Passwords pass through end-to-end encryption and one-way salted hashes before being stored in an encrypted format.
Bitwarden supports several 2FA keys and YubiKey is one of them.
You can access your last synced vault offline.
