A rather surprising player in the password manager niche. Millions across the world use Bitwarden, and it shows why. With a free account with unlimited items, housing most of the features, you have yourself a commendable password manager.
Charging ten good ones for the entire year of premium services may appear too good to be true. A trial with premium features would have made more sense. Nevertheless, you can try the free account and then upgrade later on.
Pros
Military-grade encryption
GDPR, HIPAA, and CCPA compliance
Versatile features across platforms
Open-source source code
Affordable and budget-friendly
Encrypted temporary notes and file sharing
Reliable web browser extensions
Consistent user interface across devices
Cons
Lack of customer support for free users
User-interface feels dated compared to the competitors
No lock on the mobile app while switching between different apps
First things first, you are switching to Bitwarden from another password manager. It is crucial to have a transition plan on hand. Export the data from the old manager and then import it from the tools section.
Select the name of the last password manager service you used. We used Lastpass, hence selected that from the dropdown option. Then head to step 2 and select the export file.
Alternatively, you can directly paste the content into the dialog box below the import file option. We will talk about exporting the data later on.
Note – Data import can only be performed through the web interface.
2.2 Web Interface
Head to the web interface straight after registering for an account on the website. Every time you close the tab and revisit it, a master password prompt will appear.
After that, you will land up straight in the My Vault, where all your credentials will be stored. They can be logins, cards, Identify information, and secure notes, containing your text. Come close and let us look at them one by one. Click on the Add Item button to begin.
2.3 Login
Just like the name suggests, you can put in login credentials for different websites, portals, etc. Fill in your name on the particular website, followed by your username and password.
In the password dialogue box, you get two options. First is the password generator, which can generate a complex password by clicking on the button. The second is that when you put your own password, you can check whether it has been part of a known security breach.
Go further down, and you have an authenticator key that adds an extra layer of security for two-step login pages. Below that is the URL box where you put the website link where the credentials will be put. It can be a login page or a homepage with a login prompt. You can put an exact match URL or select the starts with option in the match detection for websites with dynamic links.
And the big dialog box at the bottom is for notes that might want to include the login credentials.
2.4 Card
Fill in all your card details, including CVV, expiration, and the number. Notes can be added here as well.
2.5 Identity
Keep all your identity details handy in one place without scribbling parts of them in different places. Name, social security number, driver’s license, passport number, email id, and address, among other things. Like others, you can include notes here too.
2.6 Secure Note
Have something important to jot down, but it can’t be disclosed? Use the secure note for that. Give your note a name, and then write down the important information.
There are two vital elements while adding these items. They are present at the bottom of each new item prompt.
2.7 New Custom Field
They are available for values of any data type. New custom fields are for storing well-structured data as a vault item. Some pages do not have the conventional credential filling space for auto-fill to work.
You can add custom HTML-based elements as the data for filling in specific blocks of the page.
2.8 Master password re-prompt
The master password and 2FA can help you stay safe from intruders. However, when you are logged in and leave the device for a minute. Others can gain access unless you have enabled the Master password re-prompt option.
What it does is that you will be asked to enter the master password again for accessing an item like credentials, cards, and other saved items. You will need to enable it individually for specific items to make it work.
2.9 Search Vault
Swerving back to the web interface, you have a search feature to find items from the entire vault. Filters can be set as well, such as favorites, trash, etc. When you access a specific folder, the search box will scan the contents inside the folder alone.
2.10 Folders
Having different passwords, credentials in one place can get crowded and difficult to manage. Create a folder for different categories of credentials by clicking on the plus sign.
You cannot copy the credentials added in the general vault. New items need to be added to an individual folder.
2.11 Vault Timeout
While working on your computer, something out of the blue comes up. You leave the PC without thinking about logging out. There is your unattended Bitwarden vault, with all your private passwords and other credentials.
Vault timeout helps you in such situations where you unintentionally leave the vault open. It will lock/log out the vault after a set time or an action. The time varies between 1 min to 4 hours.
On the web interface also includes on browser refresh that asks for the master password once you close refresh or close the browser tab.
Similarly, the desktop app has events-based vault timeout options along with time-sensitive options. It will lock the vault on PC restart, system idle, system lock, and system sleep.
The mobile application as the mobile app restart option will lock/log out the app every time you restart the Bitwarden application.
2.12 Desktop App
The desktop app is available for Windows, macOS, and Linux. Windows 7 and above is supported on Microsoft. Similar to Apple, macOS 10.14 and above will work fine. The majority of the Linux distros are compatible with the app.
Once logged in, you will see the application imbibing the theme of your operating system. We had a dark theme on Windows, and hence it was applied automatically. You can always go to the settings for changing it, and we chose the Nord, which looks like a middle ground of light and dark.
Talking about its design, the user interface feels well placed. You have the items listed in the middle and the information regarding it at the right. And the left bar has all the credential types, folders at your fingertips. Unlike the web interface, the search bar has been moved to the center, in line with the credentials list.
The add items button is located at the bottom of the middle row. After clicking on it, the right side of the window will have a new item form.
2.13 Send Text/File
Sharing sensitive information over the Internet is always a risk. Be it your social security number, ATM pin, or financial documents. Given the growing privacy concern, sending them over email or a messaging app may not be the ideal way.
Bitwarden’s Send lets you securely share sensitive information temporarily with others through a link containing the file or the textual data.
Let us quickly take a look at the send feature, which lets you text and files(for premium users). Head to the sent tab and click on the add button, denoted by a plus.
On the right, the text field will open up. Fill in the name and the text content that you want to send.
Scroll further down for options, and it gets better from there. First up, we have the deletion date that will delete the send note. We have the option to set its deletion between 1 hour to 30 days. Furthermore, the time and date can be set as custom, according to the user’s choice.
For instance, suppose you want the send to expire on the 25th of September at 5:30 PM, you can do it like that with the custom option.
Below that, the Expiration date will ensure that the send is unavailable to the receipts after the set date. Senders can still access it until the deletion date. The period for expiration is the same as the one with deletion.
Maximum Access Count is the number of times the shared link can be accessed for viewing the send. We could not find a limit to set the number but settled on 1000 as a good number to go along.
You can never be sure of the security so add a password on your send. When the recipient visits the link for viewing the send, they will be prompted to enter the password, which the sender sets.
2.14 Export Data
Moving to another password manager because Bitwarden is not a good fit for you? Then export your data in JSON, CSV or JSON (encrypted) formats.
We are exporting it through the web interface. Head to the Export Vault section of the Tools tab. Select the file format in which you want to export the data, followed by the master password. Click on the export button, and it will be downloaded in a few moments, depending on the size of your vault.
On the desktop app, you can head to File > ExportVault for the same. Whereas in the mobile app, head to the Settings > Tools > Export Vault for the same.
2.15 Password Generator
Remembering all the passwords is unfathomable. And creating complex and difficult to guess passwords is just out of the equation. Having your maiden name, high school basketball team, or favorite footballer in the password does not make a great password.
Available across all the platforms apps, you can generate passwords of up to 128 characters. They can include alphabets, numbers, and special characters.
2.16 Security and Encryption
In the digital sphere, where security breaches happen left and right, it is key to be secure. For vault security, Bitwarden uses the AES-CBC, which is also used by the US military, amongst other government agencies.
Moreover, the master key is encrypted using PBKDF2-SHA-256. The master password and your email id are hashed together locally, being transmitted to the servers.
Apart from that, a handful of popular crypto libraries are invoked for working with encryption.
2.17 Domain Rules
Auto-fill only works when the domains are familiar and have been allowed to ask for filling them.
You can add a domain in the domain rules, and all the prefixes of the domain will trigger a prompt for the autofill. For instance, suppose you have added a custom domain – google.com, then accounts.google.com, messages.google.com, etc., will display a prompt irrespective of the subdomain.
2.18 Browser Extension
All the popular browsers have a Bitwarden extension available. No need to install the desktop app or even access the web interface. Login directly into the extension and start using the password manager.
Offering virtually all the features and tools of the web interface, you can rely on it for all your credential needs from Bitwarden. A pin-lock can be set up so that the user doesn’t have to enter the master password every time. Furthermore, biometric is also available, but that will require the native desktop application.
It even has a popup when you log in to a site, asking to save the password to the vault.
2.19 Mobile App
Smartphones are the essential items that everyone carries around. Having a mobile app of the Bitwarden will act as a portable password manager to carry around. Shuffling between different project sites? No worries, you have the passwords with you at all times.
Just like the extension, it offers all the features of Bitwarden. You can lock with a pin or a fingerprint, according to your convenience.
Enable the autofill service from settings for all the credential prompts on the phone. The service is disabled by default, owing to the privacy permissions of the smartphone.
2.20 Autofill
Imagine visiting a website that requires you to log in. The credentials to log in are not at your fingertips. Bitwarden takes care of that by auto-filling the log credentials form for you.
Web browsers have been doing that for a long time, but there is ambiguity on their security. A password manager laced with high-end encryption works over any browser’s security.
The browser extension on the desktop and mobile app have the autofill feature. On the latter, you will need to enable it from the settings as talked about earlier.
2.21 Pricing
A free account is good for starters, but to use the premium features, one must pay the price charged by the service, often in annual terms.
Plans
Free
Premium
Family Organization
Users
1
1
6
Encrypted File Attachments
No
Yes (1 GB personal)
Yes (1 GB personal, 1 GB organization)
Two-step login
2FA
2FA, Yubikey, U2F, Duo
2FA, Yubikey, U2F, Duo
Bitwarden Authenticator (TOTP)
No
Yes
Yes
Price
FREE
$10/year
$40/year
Talking price-wise, it knocks LastPass and RememBear out of the park. A 10 dollar annual plan for personal use is both economical and offers all the premium features.
3. What we did not like about Bitwarden
3.1 Customer Support
We dropped an email to support about four days ago from their official form. The issue was regarding a synchronization problem on the desktop app. After filling the form, we did not get an acknowledgment mail in our inbox.
After waiting for almost a workweek, we decided to contact them on Twitter because that’s where most brands are active. To our dismay, no reply has been given from their end.
3.2 Two-Step Login
Your master password is supposed to be the talisman stone that can provide exclusive access to the vault. There may come scenarios where the master password is unintentionally leaked. The only thing lying between the intruder and your vault is a two-step login available on Bitwarden.
As a free user, you only have the option of Authy on Android and iOS and Microsoft Authenticator on Windows devices. This is a bummer because services such as LastPass and Remembear offer better 2FA for free users. An inclusion of Google Authenticator would have sealed the deal here.
Two-step login works by verifying your phone number linked to the account or an email(with Bitwarden). Then the possessor is asked to provide the 6-digit pin that appears on the authenticator/email while logging in.
For setting it up via the web interface, head to the settings > Two-steps login. Click on the manage button next to the Authenticator app and move forward to the prompt after filling in the master password.
Pairing the authenticator is easy. Install the Authy app and then scan the QR code given on the screen.
For other platforms: Desktop app – Account > Two-step login Mobile App – Settings > Tools > Two-step login
Marcus is a cybersecurity analyst with a focus on VPN and proxy services. As the founder and driving force behind a prominent VPN and proxy website, Private Proxy Guide, Marcus has emerged as a trusted authority in the digital realm. With a passion for staying ahead of evolving cyber threats, he has played a pivotal role in educating and empowering individuals and businesses to safeguard their online presence.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Hi Marcus, 2FA with Google Authenticator is certainly possible. https://bitwarden.com/help/article/setup-two-step-login-authenticator/
What’s your opinion on the strength of the PIN lock?
cheers,
Ingo