Bitwarden Review

Managing passwords can be very challenging, but with the help of a good tool to handle this information and to keep it protected, you will be able to enjoy security and convenience at the same time. Bitwarden is a high quality solution that supports multiple platforms and it is in the same level of popular names like LastPass. The advantage of Bitwarden is that it is free and in addition, it is an open source solution. It protects the data with end-to-end encryption, which ensures that your logins can’t be accessed by hackers or online monitoring agencies. We’ll explore more about Bitwarden in this review.

Price and plans

While it is an open source tool, it is possible to choose between a free or a premium personal account. Free users can enjoy all the main features supported by Bitwarden, but if you want to get additional options, you can upgrade to the premium plan for just $10 per year. The paid plan comes with 1 GB of encrypted file storage and you can increase this for $4 per GB, per year. Apart from offering personal accounts, Bitwarden also offers business accounts that support the option to share logins and keys, as well as other convenient features. It is possible to get a simple two-user family organization for free and the business accounts are available for up to $3 per user, per month, if you pay on an annual basis. There is a free trial for all premium accounts for organizations. When it comes to payment methods, Bitwarden accepts PayPal or credit cards. Unfortunately, Bitcoin or other anonymous methods are not available.

Features

Let’s start with the features that you get from the Free Personal account. These accounts come with end-to-end encryption, browser add-ons for all major browsers, apps for all major platforms. You can get web browser access from any location. There are command-line tools to write and run scripts on the Bitwarden vault. There is a self-hosting option available and you also get two-factor authentication. All these are amazing features, but you can get even more things for a low price when you upgrade to the premium plan. Paid users can get in addition, command-line tools and the chance to manage the Bitwarden vault with advanced tools. It is possible to duplicate the majority of the commands in the GUI, but if you have technical knowledge, you will like the fact that a CLI is also supported. Two factor authentication is available for free users, but paid users have more methods including YubiKey, FIDO U2F compatible USB or NFC devices. Authentication via Duo is also supported. In case you don’t want your data to be stored on third-party servers, you have the option to host Bitwarden’s infrastructure stack on the platform you prefer: macOS, Windows or Linux, through the Docker virtualization platform.

Privacy and Security

Bitwarden uses Microsoft Azure cloud servers to store the data. While the fact that Microsoft is involved can raise concerns about the real level of privacy that Bitwarden can offer, the fact remains that all the data is encrypted and hashed before it leaves your PC. It is only possible to decrypt it using the master passphrase that is only known by you. Bitwarden relies on end-to-end encryption and while this is reassuring, it also means that it is not possible to recover your data in case you lose your master passphrase. Although other password management services offer the chance to recover your password, which is convenient, this also means that they can hand over your information to the government.

One thing to keep in mind is that you need to use a strong master passphrase, but make sure that you can remember it. You can secure your account with 2FA and if preferred, you can also host Bitwarden on a personal server. When you use Bitwarden, your data is secured with an AES-356 cipher. To derive the encryption key from the master password, Bitwarden uses PBKDF2. HMAC SHA256 is also part of the encryption system. Overall, the level of security provided is strong and the information is transmitted using TLS. Bear in mind that while the browser add-ons are practical, they come with some security flaws. In addition, you need to take into consideration that while Bitwarden is open source, its code has not been audited yet.

When it comes to privacy, it should be noted that Bitwarden only asks you to provide a valid email address so that you can access your account and identify it. You don’t have to, but if you want, you can provide additional details. The vaults are protected with end-to-end encryption, meaning that they can’t be accessed or monitored by Bitwarden. The data provided is not shared with third parties for commercial purposes, but non-personally identifying data could be shared in some cases for other reasons. Keep in mind that they also use cookies and other tracking tools. It should also be mentioned that Bitwarden is based in Florida, which means that it is subject to monitoring from one of the biggest privacy enemies out there: the NSA. The good news is that as previously mentioned, the end-to-end to encryption should keep you protected.

The desktop clients, mobile apps and browser add-ons can be downloaded for free from the website. The software has a similar design across all platforms and the installation process is very simple. The mobile apps and the desktop software offer the same options and work in a similar way. Android users can autofill the app and the web logins and in iOS, the app extension lets you log into any website using Safari or Chrome. There is also a web interface, which is very convenient. Secure passwords can be generated and you can customize the process for websites that have specific requirements for passwords. You can also create folders and add items, but the functionality doesn’t go beyond that, unless you get an organization account.

The organization accounts offer additional features and it is even possible to get an organization account for free, without advanced features. If you need an organization account that supports a greater deal of options, you should upgrade. You can share and manage logins, as well as secret keys and even more. It is also possible to implement detailed access control policies and set up vaults with collections. The upgrade also enables you to enforce multi-factor login policies for users via Duo security. The secure file storage can be expanded and the on-premise hosting doesn’t depend on external cloud services.

Conclusion

Bitwarden is an open source, secure solution to save and manage your passwords on a centralized server. It offers great compatibility across several platforms, which makes it a fantastic alternative for other commercial options like LastPass. Bitwarden stands out thanks to the fact that it can be used for free and since it is open source it can be independently audited (although this hasn’t been done yet). The fact that it uses end-to-end encryption also makes it a more reliable solution as it will keep your data protected. Bitwarden won’t be able to hand over your data to government organizations so if you are concerned about your privacy, it is a good option to consider. The extended functionality of the premium versions make it also ideal for those who have advanced technical requirements.