Bitwarden Password Manager Review

Open source, security, and privacy go hand in hand. So, why then are the vast majority of password managers closed source? Bitwarden is probably the most visible open source password manager around, but is it worth using? Let's find out.

The Verdict

Bitwarden is a fantastic choice for advocates of open source, or those in need of a self-hosted password manager. That said, hobbled desktop/mobile apps make for a fragmented experience for premium users.

Author: @smartprivacyio | Updated: May 23, 2019

Affiliate Disclosure

Bitwarden is an open source password manager that was first launched in 2016. Over the years the developer (8bit Solutions founder Kyle Spearrin), has been incredibly active -- releasing numerous versions, increasing platform support, and enhancing the feature set. He's also quite active on the /r/bitwarden subreddit.

Bitwarden supports all of the usual suspects: macOS, Windows, Linux, Android, iOS, and most major browsers, but interestingly enough it also supports the command line for various scripting use cases.

In terms of timeline, the first code was pushed in 2015. The product had an unsuccessful Kickstarter in late 2016. In 2017, the privacy-focused Brave web browser began including Bitwarden as an optional replacement to the built-in password manager.

A third party most recently audited the product in October of 2018. It's great to see a full assessment by a third party, and I hope other password managers follow this trend by releasing their own.

Initial Setup and General Use

Bitwarden is easy to set up. If you've installed a password manager before you'll be right at home. There are no out of place steps or strange permissions requested. I was able to successfully spend a few days testing the product on macOS, iOS, and of course, the web.

While Bitwarden has broad platform support, the apps are generally relatively thin and minimalistic. I was pushed to the web-based version to complete tasks and view the premium features on multiple occasions.

It was simple to use the web interface to import my passwords from my existing 1Password vault. From there, I installed the Chrome plugin and the macOS desktop app.

Saving and filling passwords is nearly identical to any other service. After you submit a form with a new password, Bitwarden will ask you if you want to save it. Similarly, if you visit a page with a login screen, the Bitwarden browser extension shows the number of logins you have stored for that site. A click or a keyboard shortcut fills your credentials in and submits the form.

Open Source

Bitwarden is one of the only open source password managers I'd recommend looking at. Open source means that anyone can go and browse through the code that runs the website, applications, sync server, etc.

This open-source status cultivates a community of contributors who help fix bugs, build new features, and ensure privacy and security. That's in contrast to most of the other larger password managers who open source only specific parts of the tech stack, or not at all.

Self Hosted Version

A major killer feature of Bitwarden is the ability to self-host an instance. You can deploy through docker -- and it's super easy to do with a host like Digital Ocean. However, note that this is going to add $10-$20 per month for hosting to the price of any feature upgrades you'll have. Still, it's nice to have the ability to host your sync service on premises.

Premium Features

Bitwarden has a premium membership that unlocks several features. It's nearly dirt cheap: $10 per year.

First, you get access to a handful of "password hygiene" reports.

  • Exposed Passwords Report - This report shows you any passwords that were included in various data breaches, similar to haveibeenpwned.com.
  • Reused Passwords Report - Calls out any websites that share the same password. Useful, but almost every service does this.
  • Weak Passwords Report - Looks at your password complexity and suggests changing passwords if they're not strong enough. Same as above -- other services do this more straightforwardly.
  • Unsecured Websites Report - Identifies any logins you have saved that are used on insecure websites (those with HTTP instead of HTTPS).
  • Inactive 2FA Report - Shows a list of logins for sites that also support 2-factor authentication, or TOTP (time-based one-time passwords).
  • Data Breach Report - This report is free, but it's included under the Premium features, which could be confusing. While it's very similar to the exposed passwords report, this report only checks for your email address and personal info disclosure.

The major problem I have here is that to use any of these premium reports, you'll need to visit the website. I'd love to see the premium benefits become available on the desktop apps.

Also, you get increased storage (1gb of encrypted files), two-step logins (YubiKey, FIDO U2F, Duo support), and TOTP (time-based one-time password) abilities. The site also says you get priority customer support, but I didn't have an opportunity to test this out.

Honestly, most users should probably upgrade to the premium plan. One time passwords (TOTP) are a big deal, and I like having the ability to use them directly within my password manager.

Pricing

Bitwarden has a free version that will be sufficient for the vast majority of users; however, I strongly recommend upgrading to at least the premium plan, if only for the ability to use one-time passwords /2-factor authentication.

If you want to share your logins, you'll need some type of organizational account. Family accounts are $1 per month (for the first 5 users), and Business accounts are $5 per month (for the first 5 users). There's also an enterprise plan for $3 per user, per month.

Note that if you want the premium features, in addition to the family or business account, you'll need to buy both.

Conclusion

Bitwarden is a very compelling password manager. It's open source, has the ability to be self-hosted, and if you're using it by yourself, extremely affordable.

Where it falls down is its complex pricing model (stacked on premium + team memberships), and lack of features included into mobile/desktop apps.

That said, I have no hesitation in recommending it to people who value open source or self-hosting. There are better, cheaper options though for most others.

Features

  • Autofill
  • Secure Notes
  • Password Sharing
  • Digital Legacy
  • TOTP

Storage

  • Cloud Sync
  • Local Storage

Operating System Support

  • Windows
  • macOS
  • iOS
  • Android
  • Linux

Browser Support

  • Safari
  • Firefox
  • Chrome
  • Edge

Pricing

  • Subscription
  • Family Plan

Authentication Methods

  • 2 factor authentication
  • USB Key Support
  • Yubikey Support
  • Biometrics
  • Fingerprint Support
  • TouchID
  • Face ID