Bitwarden is a secure open-source solution to store all of your passwords that offers an extensive feature array on top of a budget-friendly price. It offers powerful encryption, password auditing, breach monitoring, and two-factor authentication. This password manager keeps all your credentials in an encrypted vault protected by a master password.
Even though Bitwarden follows zero-knowledge encryption architecture and offers some good features, it lacks in some areas. The auto-fill feature is very inconvenient and insecure to use, and the service is storing data in a country that belongs to the surveillance alliance. Plus, it has been breached before, raising security concerns.
The password manager market includes more user-friendly and privacy as well as security-oriented alternatives that you can try, such as NordPass.
However, can Bitwarden be a valid replacement for some of the best password managers out there?
Continue reading to find out everything about this service. In this Bitwarden review, we’ll provide you with first-hand experience review of Bitwarden's features, security, usability, pricing, and more.
|🥇 Overall rank:||#1 out of #16||#9 out of #16|
|🔥 Coupons:||NordPass coupon 58% OFF||Bitwarden Coupon 53% OFF|
|💵 Price:||From $1.24/month||From $0.83/month|
|✂️ Free version:||Yes||Yes|
|🔒 Encryption:||XChaCha20||AES 256-bit|
|🖥️ Platforms:||Windows, macOS, Linux, Android, iOS||Windows, macOS, Linux, Android, iOS|
|🌐 Browser extensions:||Chrome, Edge, Firefox, Opera, and Safari||Chrome, Firefox, Edge, Opera, Safari, Vivaldi, Brave, Tor|
Bitwarden pros and cons
Bitwarden is a rather simplistic but safe open-source password management tool that lets you generate, sync, manage, consolidate, and share all of your passwords.. It implements strong AES-256 encryption, 2FA, zero-knowledge architecture, and its security is regularly audited by third-party firms and researchers.
You can also expect to get different cloud-hosted or self-hosted plans, budget-friendly subscriptions, and even an option to have a free account with unlimited passwords and devices.
Is Bitwarden safe?
Bitwarden is a safe service that uses 256-bit AES encryption to secure your data. It’s a cipher used by government organizations as well as banks, ensuring the highest security standards. Bitwarden also guarantees security thanks to its two-factor authentication variety and zero-knowledge architecture.
Here’s a more in-depth look at all that Bitwarden has to offer in terms of security and privacy:
- Encryption. Bitwarden uses the advanced AES-256 encryption cipher that is known for its unbreakable security. Not to mention that it also implements a zero-knowledge architecture, meaning that you are the only person who will have access to your passwords.
- Audits. Bitwarden passed a thorough third-party security audit by Cure53 in November 2018 and listed the actions they’ll take to solve vulnerabilities. The service has also completed a security assessment and penetration test by the Insight Risk Consulting auditing firm, which identified no major security issues.
- Multi-factor authentication. This password manager comes with quite a few authentication methods. The traditional and most commonly used ones include email and an authentication app. Premium users can also use YubiKey, FIDO2, or Duo.
- Biometric authentication. You can use Face ID or Touch ID to quickly log in to your Bitwarden vault without having to enter the master password each time.
While there are plenty of security measures that Bitwarden offers, it lacks automatic backups and its auto-filling feature isn’t secure and can be exploited. Plus, as stated in their Terms of Service, Bitwarden is located in the United States, which is a part of a 14-Eyes intelligence alliance.
Has Bitwarden been hacked?
No, there have been no Bitwarden security breaches or hacks. However, it’s worth noting that a research report by FlashPoint was released in March 2023, which found that Bitwarden’s auto-filling feature displays dangerous behavior. This could result in malicious iframes stealing user credentials even if they’re embedded in legit sites.
Of course, it's also always possible to initiate a social engineering attack or install a keylogger to your PC through malware – no system is completely safe from human error. However, should a hacker attempt to find out your master password, if you have 2FA enabled, he would also need your 2FA code.
In short, if you don’t use the auto-filling feature, there are too many hoops the attacker would have to jump through to make a successful attack on your vault. As long as your master password is unique and strong enough, you can be calm about your passwords ending up in the wrong hands.
Bitwarden security features
Bitwarden employs a robust security architecture to safeguard your sensitive data. Its multi-layered approach includes encryption used by banks and governmental institutions around the world, two-factor authentication, and regular security audits to ensure your passwords remain impenetrable. These audits demonstrate Bitwarden's dedication to maintaining the highest security standards.
Also, Bitwarden implements a zero-knowledge architecture. This means that Bitwarden's servers don’t store your master password or any unencrypted data in your vault.
Let's overview all the features that Bitwarden offers:
|Password generator||It generates secure passwords based on your preferences. You can choose the length and characters that go into your passwords|
|Auto-fill||This feature automatically fills in the login credentials you’ve saved into the specific websites|
|Password sharing||This feature can help securely share your login credentials|
|2FA||This code acts as an additional verification step, ensuring that only you can access your vault|
|Biometric authentication||You can enable biometric authentication, such as Face ID or Touch ID, to log in quicker|
|Passkeys||Passwordless authentication technology that offers several advantages over traditional password|
|Emergency access||It is used to access your account in case of unfortunate events or if you lose your master password|
|Bitwarden Send||Bitwarden Send allows you to share encrypted messages or files with other users|
|Fingerprint phrases||It is used to securely verify new users that you share passwords with using a 5-word phrase|
|Vault health and security breach reports||Reports show the latest data regarding password health, insecure websites, and data breaches|
We liked the fact that all the essentials that should be included in a password manager are there. Either way, we went through all the most important features in-depth to find out their purpose, functionality, and more. Continue reading to find all the highlighted features:
Bitwarden password generator allows you to generate not only passwords but usernames as well. We found it convenient that you can hop straight into the password generator in the middle of adding new login details to Bitwarden.
However, there was also no option to use the password generator straight on a website’s registration fields – you have to open the browser extension for that.
The upside is that with this password manager, you’re given a lot of options to optimize your credentials. You can check whether it should or shouldn’t include upper case/lower case letters, numbers, or special characters.
Additionally, you can choose the length, minimum numbers, and minimum special characters of your password or username. All of this helps create an unhackable password without having to remember it.
You can use Bitwarden to auto-fill your vault logins on the web browser. It will help to share your password across devices and will save you a lot of typing if you want to use unique and complex passwords.
If you're using browser extensions, the Bitwarden icon in the toolbar will display the count of login entries that match the site. It isn't limited to passwords. It can also include your ID, addresses, and other information that you could want to be filled in automatically.
However, it’s important to let you know that Bitwarden’s auto-filling feature is insecure according to research conducted by a data and intelligence company called FlashPoint. It was concluded that Bitwarden’s auto-fill may get your credentials stolen by malicious iframes even in trustworthy sites.
Bitwarden is aware of that, but instead of fixing the issue, they have the auto-fill feature disabled by default. They even display a warning message about its security in browser extensions.
Security aside, we also found that auto-filling with Bitwarden is a bit inconvenient. It doesn’t suggest filling your login credentials straight into the login page. Instead, you have to open Bitwarden’s extension and choose credentials for the specific website. Other password managers, like NordPass or 1Password, offer auto-filling straight on the site – all you need to do is click one icon.
Bitwarden allows password sharing on their Premium and Family plans. If you’re often sharing login credentials with someone, using a password manager to do it securely is the way to go. However, it’s quite difficult to understand how to create new collections or organizations. Such password managers like NordPass offer much more simple and convenient ways to share credentials.
There’s also another option to share credentials called Send. It’s super easy to use, you can read more about it below.
Two-factor authentication (2FA) is a widely used feature of Bitwarden. It protects your credentials with a double layer of security by requesting authentication from a secondary device (beside your master password) when you log in. You can choose the type of secondary authentication – it can be an authenticator app, hardware security key, or simply your email.
Face ID and touch ID
Face ID and Touch ID are iOS biometric features (fingerprint unlock and face unlock for Android respectively). They are also supported on Windows via Facial Recognition (if the hardware meets the requirements) and for MacOS via Touch ID.
It’s worth noting that iPhone X and later models don’t have a home button anymore, so Touch ID isn’t going to be available on Bitwarden.
These features can only unlock your vault when you are already logged into the Bitwarden system. As the names suggest, it unlocks your vault either by using your fingerprint or face recognition.
Bitwarden also will soon have Passkeys option – so you can use trusted devices to log in without a password. Technically, this option allows you to use a second device to authenticate your Bitwarden vault login instead of using Bitwarden password. Several technology safeguards this process locked down: zero-knowledge encryption, client fingerprint phrase, two-step login.
Bitwarden’s Emergency access feature is beneficial in case of critical circumstances. This includes getting into an accident, passing away, and so on. But this is also a great way to recover your account in case you lose your master password.
This feature uses encryption/decryption and public key exchange to provide your emergency contact with permission to access your vault. Depending on the access level you’ve given, your emergency contact can either view/read your login credentials or create a new master password for your vault.
Emergency contacts must be Bitwarden users, and good news, they don’t need to have a premium plan.
The Bitwarden’s Send feature lets you share encrypted data with another person. The data sent is end-to-end encrypted and Bitwarden cannot see the contents of it. You can share a file or a text via Send Link.
Plus, the recipients don’t have to be Bitwarden users. They can even use other password managers. That being said, you get only 1GB of encrypted data for sharing files. Other password managers, like NordPass, offer 3GB of encrypted storage while Keeper gives you a total of 5GB.
There are several useful security parameters that Bitwarden Send comes with:
- Deletion date – shows when your Send data is permanently deleted
- Expiration date – shows when the Send Link is no longer active
- Maximum access count – users won’t have access anymore once the count is reached
- Optional password for the Send link
- Disable option – remove the ability to access the Send link
Bitwarden uses accounts that are identified with a uniquely generated five word string. This assists in securely identifying other users for sharing vault entries.
When adding a new user, you can always verify them via their fingerprint phrase rather than some additional arbitrary information. It dramatically reduces the risk that your connections will be tampered and helps to reveal impersonators.
Vault health and security breach reports
Premium Bitwarden users' vaults have a variety of built-in password monitoring tools. The tools range from generated reports to up-to-date information about the latest data breaches. The reports are always generated locally, so this is not a privacy threat.
Here are the types of reports that you can expect:
- Password reusing report. This report will help you to identify cases of the same password reuse to avoid security breaches.
- Password strength report. Simple or even the most used passwords are a hacker attack waiting to happen. This report lets you know which passwords you should update, which you can do using Bitwarden’s password generator.
- Unsecure websites report. There are still sites that are using HTTP instead of HTTPS, which is unencrypted and, therefore, insecure. Bitwarden's report will indicate whether you're using a safer protocol.
- Breached database report. If any of your data gets into the hands of dark web hackers who sell compromised accounts, this report will instantly inform you so you could change your password and enable two-factor authentication.
Bitwarden apps and extensions
One of the most crucial things when choosing a password manager is its compatibility with devices and browsers. After all, password managers are usually used on multiple gadgets.
In terms of setup, Bitwarden is really simple and quick to get going. All you have to do is create an account, and you’re good to go. That is unless you choose to get the browser extension as well.
In terms of compatibility, Bitwarden gets a huge plus. It's excellent that its developers thought of this in advance and didn't lock any platform out.
Here's a full list of the platforms that support Bitwarden:
|Interface or app||Platform|
|Web interface||Any browser|
|Browser extension||Chrome, Firefox, Edge, Brave, Opera, and more|
|Desktop app||Windows, macOS, Linux|
|Mobile app||iOS and Android|
|Command-line interface||Windows, macOS, Linux|
Each option is similar, however, they all have their differences. For instance, the web app is the most extensive in terms of features. Meanwhile, you can’t import passwords or enable 2FA on desktop apps, which isn’t very convenient. Plus, you can only autofill credentials through browser extensions.
So, Bitwarden isn’t the most convenient or user-friendly password manager, but it does offer very organized interfaces.
Continue reading as we dive into what each supported platform of Bitwarden looks like and what they offer.
Bitwarden mobile apps
Bitwarden has apps on both iOS and Android. We found that they’re very easy to use. Everything is neatly sectioned at the bottom of the screen. The main window is your vault, then there’s also the Bitwarden Send feature, a password generator, and the Settings section.
The mobile apps allow you to store logins, credit card information, secure notes, and identity data. Meanwhile, the features include biometric authentication options, the Bitwarden Send feature, auto-fill, fingerprint phrase, a password generator, and two-factor authentication.
The only features we found missing were vault health and security reports as well as import options. We found it inconvenient that there’s a password importing button available, but it transfers you to guides on how to import passwords on the web app.
Bitwarden web app
The web application is accessible through the Bitwarden website. It provides the most comprehensible management option for Bitwarden vault administration. You can manage your personal vault, organization vaults where you're added, and other account information settings. It's also possible to manage bulk operations via checkboxes.
From there, you're able to create Folders for your personal vault and Collections within organization vaults. Whatever you need to create, the management process is really quick, taking barely a few clicks, and we experienced no issues with it.
However, it does take some time to find what you’re looking for. For instance, it took a while to find the password importing section. But from there, I had no issues with password importing. All I had to do was select the format of the import file, choose the file, and click “Import data.”
The web app includes all features of Bitwarden, making it the most comprehensive platform of this provider.
One thing that wasn’t pleasant was the auto-filling feature. I had to open the browser extension to fill in the password, which was quite annoying to say the least. So Bitwarden could use some improvements on this part.
Bitwarden desktop apps
The desktop application can be useful when web browsing isn't an option or it's just more convenient through the app. It's also perfect for storing particularly sensitive information like bank account numbers and credit cards.
The desktop apps are very similar to the web app in terms of interface, yet they’re very limited. Setting up multi-factor authentication or importing passwords is only available on the web app. The same goes for Bitwarden’s security reports.
All you get is the Bitwarden Send feature on top of a password generator, highly limiting functionality. Such password managers as NordPass have more comprehensive desktop apps, providing loads if not all of their features, including password health reports, a data breach scanner, and emergency access.
Among each other, the desktop apps look identical on all three operating systems – Windows, macOS, and Linux. Each of them has the same features and design, so if you're using the Windows version and decide to move to macOS, you'll scarcely notice a difference.
A browser extension for password managers is convenient considering most of our accounts are online. Bitwarden's add-ons for browsers have a lot more differences from one another. There’s extensions for some of the least supported browsers. So your experience will significantly depend on your browser.
For example, the Firefox add-on has a persistent sidebar but Chrome does not. This might translate into different user interface decisions down the line. If you're switching browsers, don’t expect that the add-ons you were using before will look or feel the same way.
More importantly, this could translate to safety issues associated with your browser rather than the safety of the add-on. For example, after the most recent Microsoft Edge update, its Bitwarden extension works with hiccups.
No matter which one you pick, all of the add-ons will allow you to do essentially the same things that are possible on apps – generate passwords and autofill credentials. At the same time, customization options will largely depend on the browser you pick.
For the true DIY-spirited, Bitwarden offers a full-featured command-line interface (CLI) that you can access your vault through. Every feature that you can use on the web, apps, and extensions, you can also use through CLI. It's not chained to any particular platform – you can use it on Windows, macOS, and Linux distributions.
While it may not be handy for the more common users, administrators will love the possible integration between Bitwarden and other identity management systems. This means that if your IT personnel is tech-savvy enough, you could probably integrate Bitwarden's password manager vault within your organization's internal infrastructure. Plus, it allows you to tweak the UI, adding custom interfaces. If there's one thing that you'll remember, know that with CLI, the sky's the limit.
Bitwarden has flexible pricing options, including a free-forever plan, a premium and family subscriptions. So you can enjoy the basics for free or opt for more advanced features as well as more licenses.
Here’s how the plans stack up against each other:
|Free account||Premium account||Families|
|Number of licenses||1||1||6|
|Two-factor-authentication||Email, authentication app||Email, authentication app, YubiKey, FIDO2, Duo||Email, authentication app, YubiKey, FIDO2, Duo|
|Bitwarden Authenticator (TOTP)||❌||✅||✅|
|Encrypted file attachments||❌||1GB for personal items||1GB for each – professional and personal items|
|Organizations (shared vaults)||2 users, 2 collections||2 users, 2 collections||6 users, unlimited collections|
Let’s review each plan in more detail, as every subscription might suit different needs and has different resources:
Bitwarden free plan
Bitwarden’s free plan is quite limited – you’ll get a password generator, auto-filling, and all other essential features. We found it enough if you’re not planning to share passwords and simply need a basic password management solution.
Bitwarden Premium plan
The Premium plan is more useful for users who share passwords and want to securely send files or messages. Having in mind that the Premium subscription comes at only $0.83/month, it’s much more worth it than the free plan.
Bitwarden Family plan
If you want a password manager for your whole family, then you can opt for the Families option. While it’s only $3.33/month, we found it inconvenient that the more expensive plan still offers only 1GB of storage for personal and professional files.
Comparing Bitwarden to other password managers, you’ll find that NordPass offers 3GB on the Family plan and even for a smaller price of $2.68/month. You also get automated backups and a convenient as well as secure auto-filling feature, which Bitwarden lacks.
Overall, Bitwarden has plans to cater to the needs of different users and at very cheap prices. But they’re not as feature rich as they could be, lacking security and other convenient measures.
|24/7 live chat||❌|
Bitwarden has quite a few customer support options available. For a DIY approach, you can make use of the extensive knowledge base. And if you’re in need of human-based support, you can opt for its community forum, social media sites, or the main customer service option – email.
When reaching out to Bitwarden through email, we found the agents to be professional. However, don’t expect a fast reply time – it may take around one hour or more.
That’s why it’s a downside that Bitwarden doesn’t have a 24/7 live chat option. This way, you’d be able to receive help in a matter of minutes. We’ve tested multiple password managers that offer a 24/7 live chat, including NordPass and RoboForm, and provide responses in a minute or two.
There’s also no phone support and you’re likely to be referred to the help page if you contact them through social media. So your best shot is email or the community forum.
Overall, while Bitwarden has plenty of options to help you out, it would still be nice to see a much quicker and more convenient option adoption like live chat in the future.
How you find Bitwarden's customer support largely depends on your account type. If you're a free user, you might expect some frustration, but if you have a Premium plan, you can expect priority queues. Even then, Bitwarden doesn't shine.
If you’re not much of a reader and prefer visual learning, click on the video below to watch our Bitwarden review on YouTube.
Best password manager alternatives to Bitwarden
If you don’t fancy Bitwarden and its apps or features, there are some other more secure alternatives on the market. We picked them based on security features, privacy measures, convenience, pricing, and more.
|Cloud storage:||3 GB (with NordLocker app)|
|Browser plugins:||Chrome, Firefox, Safari, Opera, Brave, Vivaldi, and Edge|
|Coupons:||🔥Holiday deal! Get NordPass, now 58% OFF and 4 months FREE!🔥|
NordPass is a very streamlined password manager. But the pretty UI isn't the only thing that might be appealing to you. It uses a more modern XChaCha20 encryption, which is even harder to crack than Bitwarden’s adopted AES-256 cipher. Plus, their apps are very feature-loaded and you won’t compromise on features depending on the platform you use. Unlike Bitwarden, NordPass has plenty of features in both desktop, mobile, and other platforms.
Still, you'll be able to automatically save and autofill passwords. Not only that, your vault is accessible from any device that you're using. So, even if you have an iPhone but using a PC, you will have your credentials at hand at all times.
Read more: NordPass review
|Cloud storage:||1 GB|
|Free version:||No, 14-day free trial|
|Browser plugins:||Chrome, Firefox, Edge, Brave, Safari|
|Coupons:||🔥 Holiday deal! Get 50% OFF 1Password! 🔥|
1Password is one of the top password managers on the market due to its strong focus on your data protection. Although the applications are less compelling than the ones of NordPass, they’re still better fledged than Bitwarden’s in terms of features. That said, your items are distributed across different vaults, allowing you to separate work-related passwords from private life passwords.
One of the most impressive details about 1Password that Bitwarden doesn’t have is its Travel Mode feature which allows you to protect selected data while traveling to different regions. Aside from that, the password manager uses market-leading AES-256 encryption, has multi-factor authentication methods, and helps you track the security level of your passwords with the Watchtower feature. Finally, you can connect to your vault on unlimited devices simultaneously.
Read more: 1Password review
How to set up Bitwarden
Setting up Bitwarden won’t be difficult even for complete beginners who have never had experience with a password manager before. Here’s a step-by-step guide on how to set up the Bitwarden web vault:
- Go to the official website of Bitwarden, pick a plan, and sign up
- If you’ve been using another password manager, import your passwords by clicking on Tools and then pressing Import data. Fill in the details and click Importdata again to complete the import
- Enable two-factor authentication by going to Account settings, selecting Security, and pressing the Two-step Login tab
- To add a new login item, click on New, select Item and then Login. Insert the login details and press Save
- That’s it – you’re ready to use Bitwarden
Is Bitwarden worth it?
Bitwarden is one of the most trustworthy open-source password managers that’s great for personal use and great for organizations. It offers a comprehensive free version and affordable premium plans and has everything it takes to secure and share your credentials.
Yet, Bitwarden’s auto-filling feature is not the best solution a password manager can offer. There’s no one-click filling option, as you have to access everything through the browser extension. Additionally, the desktop apps aren’t as convenient as they don’t offer as many features as the web application.
Our Bitwarden review shows that there are many things that this password manager does right, yet there’s also quite a lot of room for improvement.
How we tested Bitwarden
Our team of cybersecurity experts and researchers conducted a comprehensive analysis of Bitwarden to evaluate its features and security standards. The testing process involved testing Bitwarden's password management capabilities across various platforms and devices. We examined the application's performance in real-world scenarios, including its encryption protocols, security measures like two-factor authentication, and overall resilience to potential threat actors.
Other password manager reviews from Cybernews:
Is Bitwarden secure?
Yes, Bitwarden is one of the most secure password managers around. Its source code is freely available online to anyone, and such public scrutiny helps Bitwarden to quickly fix any security issues. Moreover, Bitwarden implements AES-256 encryption and is frequently audited by third-party digital security auditors as well as independent researchers.
Is Bitwarden better than LastPass?
Comparing LastPass and Bitwarden is hard because the former is entirely cloud-based. In any case, LastPass is a good password manager – it has a great set of features, even if you use a free version. After all, there's a reason why this product is found in most lists of the best premium and free password managers. What you would need to keep in mind is that LastPass has recently been hacked.
What platforms does Bitwarden support?
Bitwarden is available on Windows, macOS, and Linux. It also offers mobile apps for Android and iOS users. When it comes to browser extensions, you can install Bitwarden add-ons for Chrome, Firefox, Edge, Opera, Vivaldi, Brave, and Tor Browser.
What information does Bitwarden encrypt?
All information stored in your vault, including credit cards, secure notes, IDs, folders, and attached files, is protected by end-to-end encryption. The only information about you that's not encrypted is your billing email, name, and organization.
Can Bitwarden see my passwords?
Just like any zero-knowledge password manager, Bitwarden can't see your passwords or anything else that's in your vault. It receives already hashed account names and passwords without the means to reverse-engineer them. What's more, all of your data is encrypted using military-grade cipher and brute-forcing it would take a lifetime of a Greenland shark, or even more. Finally, Bitwarden is used to third-party audits that check for security vulnerabilities and embraces an open-source technology model that leaves no secrets behind the doors.
Does Bitwarden have a VPN?
No, Bitwarden currently doesn’t have a built-in VPN.
What is Bitwarden used for?
Bitwarden is mainly used to sync and consolidate all the passwords using one vault. This password management tool allows you to generate and manage powerful passwords to boost online security. Besides, it offers other useful tools like password sharing, breach monitoring, and more.
Is Bitwarden free?
Yes, Bitwarden has a full-featured free version for use. It offers unlimited password storage on unlimited devices, as well as unlimited password sharing and other useful features. Bitwarden’s premium subscriptions include more advanced functionalities, like 2FA, Bitwarden Authenticator, health reports, and more.
What is the downside of Bitwarden?
The downside of Bitwarden is that its auto-filling feature raises security concerns and isn’t trustworthy. Not to mention that data is stored in a country that’s a member of the surveillance alliance. Plus, the features you get will vastly depend on the platform you use and you only get 1GB of encrypted storage with the Premium plan.