Yes, it does encrypt passwords end-to-end, meaning you are still safe even when the server is completely compromised by an attacker. It's written in the Bitwarden FAQ. Complete the following steps to setup the Bitwarden Authenticator from the iOS or Android app: Edit the Vault item for which you want to generate TOTPs. Tap the camera icon in the Authenticator Key (TOTP) field. Scan the QR code and tap Save to begin generating TOTPs.
When you go to enable 2FA in Bitwarden, it offers an unlock code and strongly advises you to store it in a safe place. Snap the QR code with your authenticator app and you're ready to go. Try the Bitwarden Strong Password Generator. Generate secure, random passwords to stay safe online. 13 hours ago Bitwarden's free version has the basics of a good password manager, and its premium features are inexpensive. However, Bitwarden isn't the most intuitive platform to use.
Perhaps you are a very busy person, and you need someone or something to help you keep track of your passwords. Or you are someone who has a lot of accounts that have password access.
You find it hard to keep your passwords in your password – for fear that you may lose your phones. Or you fear keeping your passwords in a notebook or a piece of paper, fearing how you may lose it and fall into the wrong set of hands.
To keep all your password together, try having Bitwarden to keep it safe and secure.
Bitwarden is purportedly may have been the best free password manager around, according to some user suggestions and feedback. It has great usability and decent features. Unfortunately, we were also told that paying users can do better elsewhere.
Company Background
Bitwarden was founded in August 2016, which originally was made for iOS and Android – mobile devices in general. It later on expanded into desktop use where you can install it as a browser extension for Chrome and Opera, and a web vault. The browser extension for Firefox was launched later in February 2017.
Criteria
Before moving on to the main review for Bitwarden, let us enlighten you on which areas we are going to review the software.
The Features
We are obviously going to have a look at the features that is available with Bitwarden. Some features are its strong points, whereas some other features, less so.
Every software have its own strong points and weak points. That includes Bitwarden also.
In this part, we will also include the user friendliness of the software or product. This part is crucial in a sense that not everyone is tech savvy. Some software was built for advanced users, whereas there are some that are made for entry-level users.
You may be someone who is looking for a password security software that is easy to use, but safe and secure. Or you may be an advance user who is looking for a password security software that is loaded with advanced safety features.
Find out here if Bitwarden is the right package for you.
Security
After covering the features and user friendliness of the password software, we will touch on the security aspects of Bitwarden. You will be very surprise that not every password security software is made to be as safe and secure as you thought to be.
Sometimes what was advertised on the official websites can be considered as inaccurate or falsely advertised. You won’t know until you have either tested it out yourself, or have read or heard from your peers how safe some password security features are.
Ease of Use and Support
It may be a simple password management software but not everyone knows how to use it. As mentioned previously, not everyone is tech savvy. Hence, we have included a quick and summarised section on how to use Bitwarden.
At the same time, we will look at how easy it is to reach Bitwarden’s support team if you need any assistance. A password security software’s support is important in a sense that it’s important to not have your passwords (and other private information) leaked and compromised.
You will have to see how easy it is to reach the support team, usually via the software’s official website. Look into the reply and problem resolve turnaround time. See if it is accurate and properly resolved.
Plans and Pricing
Plans and pricing is just what it is – the plans and pricings available from Bitwarden. You’ll see if its packages are within your budget. It can mean that or if you have the kind of money to spend on what Bitwarden has to offer.
We’d advise that if you have more money to spend, and are willing to do so, then you can do so at your own discretion. At the same time, remember that you get what you pay for when choosing certain packages or software.
It’s all your choice and in your discretion.
Bitwarden: Our Review
In quick summary, Bitwarden offers the following features. Free users are able to access the following features:
- End to end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- 2 factor authentication (2FA)
Paying packages get you slightly more features than non-paying packages. Which are:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
However, it depends on which (paid) packages you choose. Nevertheless, each paid package has a slightly different feature to each other. It still covers more or less the same thing for a slightly different price point.
The Features
Bitwarden has quite a bit of features to offer for something that offers mostly free services.
Open Source Software
Bitwarden is an entirely open source software. Its source code is hosted on GitHub and everyone is free to review, audit, and contribute to the Bitwarden codebase.
Bitwarden believed that by being open source is an important feature. Source code transparency is an absolute requirement for software solutions like Bitwarden.
Docker Feature – Host It Yourself
If you are someone who do not like using the Bitwarden cloud, it’s all right as yohu do not have to. You can easily host its entire infrastructure stack on the platform of your choice.
Join Their Active Community Online
Bitwarden has an active community online, which you are more than welcomed to join. Join its Gitter chat channel to talk directly to its developers. Or you can swing by its community forums to ask questions and discuss product features.
Free Features
Yes, Bitwarden is largely a free software t use. Their CSR is that they believe security is important for everyone. The core features of Bitwarden are entirely free. No payment needed. Forever.
The free features include:
- Access and install Bitwarden apps
- Sync all your devices, no limits
- Store unlimited items in your vault
- Logins, secure notes, cards, and identities
- Two step authentications (2FA)
- Secure password generator
- Self-host on your own server (optional)
The premium features include:
- Everything from the free account
- 1GB encrypted file storage
- Two step login with YubiKey, U2F, and Duo
- Password hygiene and vault health reports
- TOTP authenticator key storage and code gen
- Priority customer support
Organization Accounts
If you are looking for account features for organizations, Bitwarden has that covered too. Its organization accounts have powerful sharing features for families, teams, and business organizations.
Personal Use
The personal account is free. You can share it with a spouse or friend, and is upgradeable at any time. It includes the basic features and the following:
- Sharing for 2 users
- Limit 2 collections
- Unlimited shared items
Family Accounts
The family account covers up to 5 users and is an account sharing for family and friends. It starts from US$1 a month. It includes the following:
- Share with 5 users
- Unlimited collections
- Unlimited shared items
- Vault health reports
- 1GB encrypted file storage
- Self-hosting (optional)
Business Use Accounts
Business use accounts covers up to 5 users in one account. It costs US$5. For every additional users will be charged US$2 per user. IT covers the following in this package:
- Unlimited users
- Unlimited collections
- Unlimited shared items
- Vault health reports
- 1GB encrypted file storage
- Priority tech support
Enterprise Package
This package is for bigger businesses and enterprises. This package charges US$3 per user. It includes all teams’ features and the following:
- User groups
- Directory sync
- On-premises hosting
- Event/audit logs
- API access
- MFA with Duo Security
- Users get premium
The prices are charged annually, although monthly options are also available.
Securely share and manage logins, secret keys, and more with other users across your organisations. At the same time, implement fine-grained access control policies and organise your vault with collections.
Store sensitive files such as private keys, certificates, documents, photos, and more. Keep your vault health reports in stellar mode by practising hygiene. All you need to do is to audit your vault with insightful reports.
Utilise its user groups for easier user management and greater control across departments and teams. Make use of its directory sync by syncing groups and users from Active Directory (and other LDAP), Azure, G Suite, and Okta.
Keep an event log. Review an audit trail of actions and changes performed by your organisation’s users. At the same time, its RESTful and flexible API access allows you to integrate your organisation with other tools and systems. Its on-premise hosting is easily deployed and host Bitwarden with no dependency on external cloud services.
Its multi-factor authentication enforces multi-factor login policies for your users by integrating with Duo Security. Last but not least, having a problem? Having questions and doubts? Get the help you need when you need it – fast – with Bitwarden’s priority support!
Security
As Bitwarden is a US company, it is therefore subjected to FISA, the Patriot Act, and is quite likely be under surveillance by the NSA.
It should not be a big issue as Bitwarden uses fully audited open source end to end encryption (e2ee). In other words, it is as good a guarantee that is secure and private as it is possible to get.
To decrypt your data is to use the correct master password. That’s the only way to decrypt your data. You should know that the master password is not recoverable if you forget it. So it’s best if you do not forget it.
As e2ee is used, it does not matter that Bitwarden uses Microsoft Azure cloud servers to host accounts. However, if you are bothered by this, you can self-host on a home or rented server of your choice using the open source Docker framework.
Audited for Safety
Back in November 2018, a crowdfunded independent security audit by Cure53 found no big problems with Bitwarden. There were some non-critical issues discovered, but the most important parts were patched and fixed immediately.
It is only presumable that its developer has been working t=hard to fix any additional issues raised by the auditors.
Technical Security
Bitwarden is purportedly protected by some of the best security systems in the world. It is protected using AES-256 cipher. It also uses PBKDF2 to derive the encryption key from your master password, which in turn is then salted and hashed using HMACSHA256.
To put it simply – the above paragraph basically described how Bitwarden uses well-respected and advanced 3rd party cryptographic libraries.
Your data in transit is protected by regular TLS. Let’s say your data was, in some ways, intercepted in transit, it cannot be accessed. That is because it is encrypted with AES-256 before leaving your device.
However, in 2018 a problem was found in the Chrome add-on’s cryptography. It was fixed immediately, although it is advisable that you should never use the “never forget” option available with Bitwarden.
To be fair, it is cautionary that you should never choose the “never forget” option from any websites or software. If you really do not want any of your encryption key to exist on disk, that is.
Two Factor Authentication (2FA)
Free users are able to secure their Bitwarden Vaults using a time-based one-time password (TOTP) or an email verification for 2 factor authentication.
Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
Ease of Use and Support
Bitwarden is relatively easy to use, according to most users.
- Step 1 – To start using Bitwarden, download the app for your platform. The sign up for an account in its application.
- Step 2 – A password is then requested, but it is not verified. You will need to have a very strong master password. You can even choose a hint to help you remember it. Just do not remember you master password.
Desktop Client
Bitwarden’s desktop clients are identical across all operating systems – Windows, macOS, and Linux. Apparently most versions of Linux are supported as the app is packaged in the Applmage format. It is also available in the Ubuntu Software Center, where you can compile the open source code yourself.
Users who have, previously and currently use this software before, said they find the interface to be smart looking and easy to use. They mentioned how there are 4 types of data entry that are supported: login, card, identity, and secure note.
Each entry type is formatted in ways suitable to entering data of each kind. Something which the app can use to autofill passwords, web forms, and card detail forms. All using browser add-ons.
You can even check if the password you input has been exposed. It works like your own data breach tool and compares the username and password you enter with a database of known password breaches.
If you feel you are not creative enough, or simply cannot be bothered entirely to come up with a really strong password – leave it to Bitwarden. Let the Bitwarden app generate a really secure password for you.
These passwords can be tailored to conform with any specific requirements a website insisted on.
Create folders and add items to them. You can actually do this on the desktop version of Bitwarden. Need group password management and sharing features, then these are provided by Bitwarden’s organisation accounts.
Autofill functionality on the desktop is provided by browser add-ons. That is only applicable for Firefox and Chrome browsers.
Browser Add-Ons
You can find that browser add-ons are available on Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. We were told that a Firefox link is provided for the Tor Browser, but us not recommended. This is not recommended as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and are said to provide the same core functionality.
Mobile Apps
Android and iOS Bitwarden app works very similar, according to users. It shares the same attractive and intuitive design philosophy as the desktop versions.
Basically, the Bitwarden phone apps can do everything the desktop versions can do, including generate secure random passwords. Both can also support fingerprint unlocking on devices which have fingerprint snesors.
However, there is a small difference between the Android app and the iOS app.
The Android app uses the Autofill Framework Service on all Android 8+ devices to autofill any forms in any browser window or app. The Autofill Accessibility Service on older Android devices instead. On top of that, users also mention that the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+. On the other hand, Bitwarden app integrates with Apple’s new Authetication Services framework to provide instant autofill functionality in most browser and apps.
Customer Support
If you ever need help from Bitwarden, an extensive help section provides a very detailed and well documented section on most aspects of Bitwarden. If you feel the need to reach out to them, you can always email them.
Is Bitwarden Safe
Bitwarden is said to be a 1-man show, basically. All responses received from Bitwarden is said to be sent from the developer called Kyle Spearrin himself. Users said responses usually are received on the same day you sent an email query.
Your other way of getting app support is to join its Bitwarden forum. In the Bitwarden-hosted active forum, you can also find Kyle there as an enthusiastic participant.
Plans and Pricing
We have previously touched on Bitwarden pricings before. Here’s a quick run-down of their plans and pricing:
i. Personal Packages
- Covers 2 users
- Free
ii. Family Account
- Covers 5 users
- US$1 a month
Bitwarden Safe To Use Windows 10
iii. Business Account
- Covers 5 users – US$1 a month
- Charges US$2 for every additional users
iv. Enterprise Account
- Covers unlimited users
- Charges US$3 per user
Prices can be charged annually. Alternatively, monthly pricings are also available.
Our Verdict
Bitwarden is generally an all right password security software for the average household or business. If you have intermediate data and information to keep, then this software will be a good choice for you.
However, if you have many advanced data and information to keep, then you will need to get yourself a password security software that fits that mould.
We have come to a conclusion that Bitwarden’s basic and free package works very well for the general population. As the basic package covers a lot of pretty good features, it is a pretty good software for the average person with intermediate needs.
If you are looking for premium password security and safety with Bitwarden and don’t mind paying the money, then you will be better off looking for better ones elsewhere. Somehow Bitwarden is not able to provide advanced security if you have rather advanced needs.
Frequently Asked Questions (FAQ)
Here are some frequently asked questions (FAQ).
Q: Is Bitwarden safe?
Bitwarden is said to be a top notch and equally secure software. However, it has a potential risk because of its web vault website. That means if you need to change your password or other settings (that are not in the app), you will need to login to the web vault where you do not have control of your client side code.
Q: How good is Bitwarden?
For the majority of users, Bitwarden is one of the very best password managers you can ever get. It is a great program, as it is very inexpensive. As it is open sourced and audited, it is one of the most secure softwares – far more secure than close sourced password managers.
Q: How is Bitwarden free?
Bitwarden is a free and open source software. Unlike community-developed alternatives such as KeePass, Bitwarden has a commercial venture. The core product itself is free, and will stay free forever. You can always support the developer by paying a really reasonable US$10/year subscription fee for a premium personal account.
Q: Can Bitwarden be hacked?
If Bitwarden were to get hacked at any day and any time and your data is exposed, your information will still be protected. That is because Bitwarden uses strong encryption and a 1 way salted hashing. As long as you have a very strong master password, your data will stay safe no matter who gets hold of it.
As a Master Degree graduate in the Internet Technology field, Stefan is highly dedicated towards improving the overall web security so internet users can browse freely without having to be afraid of technical loopholes. With over 15 years in the internet security industry, you should definitely take his advice seriously.