Open source, security, and privacy go hand in hand. So, why then are the vast majority of password managers closed source? Bitwarden is probably the most visible open source password manager around, but is it worth using? Let's find out.
Bitwarden is a fantastic choice for advocates of open source, or those in need of a self-hosted password manager. That said, hobbled desktop/mobile apps make for a fragmented experience for premium users.
Bitwarden is an open source password manager that was first launched in 2016. Over the years the developer (8bit Solutions founder Kyle Spearrin), has been incredibly active -- releasing numerous versions, increasing platform support, and enhancing the feature set. He's also quite active on the /r/bitwarden subreddit.
Bitwarden supports all of the usual suspects: macOS, Windows, Linux, Android, iOS, and most major browsers, but interestingly enough it also supports the command line for various scripting use cases.
In terms of timeline, the first code was pushed in 2015. The product had an unsuccessful Kickstarter in late 2016. In 2017, the privacy-focused Brave web browser began including Bitwarden as an optional replacement to the built-in password manager.
A third party most recently audited the product in October of 2018. It's great to see a full assessment by a third party, and I hope other password managers follow this trend by releasing their own.
Bitwarden is easy to set up. If you've installed a password manager before you'll be right at home. There are no out of place steps or strange permissions requested. I was able to successfully spend a few days testing the product on macOS, iOS, and of course, the web.
While Bitwarden has broad platform support, the apps are generally relatively thin and minimalistic. I was pushed to the web-based version to complete tasks and view the premium features on multiple occasions.
It was simple to use the web interface to import my passwords from my existing 1Password vault. From there, I installed the Chrome plugin and the macOS desktop app.
Saving and filling passwords is nearly identical to any other service. After you submit a form with a new password, Bitwarden will ask you if you want to save it. Similarly, if you visit a page with a login screen, the Bitwarden browser extension shows the number of logins you have stored for that site. A click or a keyboard shortcut fills your credentials in and submits the form.
Bitwarden is one of the only open source password managers I'd recommend looking at. Open source means that anyone can go and browse through the code that runs the website, applications, sync server, etc.
This open-source status cultivates a community of contributors who help fix bugs, build new features, and ensure privacy and security. That's in contrast to most of the other larger password managers who open source only specific parts of the tech stack, or not at all.
A major killer feature of Bitwarden is the ability to self-host an instance. You can deploy through docker -- and it's super easy to do with a host like Digital Ocean. However, note that this is going to add $10-$20 per month for hosting to the price of any feature upgrades you'll have. Still, it's nice to have the ability to host your sync service on premises.
Bitwarden has a premium membership that unlocks several features. It's nearly dirt cheap: $10 per year.
First, you get access to a handful of "password hygiene" reports.
The major problem I have here is that to use any of these premium reports, you'll need to visit the website. I'd love to see the premium benefits become available on the desktop apps.
Also, you get increased storage (1gb of encrypted files), two-step logins (YubiKey, FIDO U2F, Duo support), and TOTP (time-based one-time password) abilities. The site also says you get priority customer support, but I didn't have an opportunity to test this out.
Honestly, most users should probably upgrade to the premium plan. One time passwords (TOTP) are a big deal, and I like having the ability to use them directly within my password manager.
Bitwarden has a free version that will be sufficient for the vast majority of users; however, I strongly recommend upgrading to at least the premium plan, if only for the ability to use one-time passwords /2-factor authentication.
If you want to share your logins, you'll need some type of organizational account. Family accounts are $1 per month (for the first 5 users), and Business accounts are $5 per month (for the first 5 users). There's also an enterprise plan for $3 per user, per month.
Note that if you want the premium features, in addition to the family or business account, you'll need to buy both.
Bitwarden is a very compelling password manager. It's open source, has the ability to be self-hosted, and if you're using it by yourself, extremely affordable.
Where it falls down is its complex pricing model (stacked on premium + team memberships), and lack of features included into mobile/desktop apps.
That said, I have no hesitation in recommending it to people who value open source or self-hosting. There are better, cheaper options though for most others.