In recent years Bitwarden has firmly established itself as a safe, secure and easy to use password manager and a great alternative to the industries big names such as 1Password and LastPass.
One of the most notable features of Bitwarden is that the software they produce is free and open source (including the server software should you want to run the synchronisation yourself). This means not only is Bitwarden software subject to the highest security standards but also a great choice for those who are looking for a low cost way to manage their own passwords or those of a small business.
In-fact, even if you don’t host the server software yourself, Bitwarden offer a very generous free account which allows an unlimited number of passwords to be saved, use of all available Bitwarden apps and automatic synchronisation via the Bitwarden secure servers. The Premium account is priced very fairly at $10 / year and in addition to the free tier also offers user 1GB of secure cloud storage and priority technical support!
Device support is also taken very seriously by Bitwarden and they offer client software for PC, MAC and Linux in addition to apps for iOS and Android along with plug-ins for all popular web browsers.
This all sounds very promising so far, time to have a look at the Bitwarden Password Manager.
- Well designed and very easy to use
- Open source software ensures maximum security
- Plugins available for all major browsers
- Applications for Windows, Mac and Linux
- iOS and Android apps available
- Cloud synchronisation (included on free account)
- Supports 2FA (multi-factor authentication)
- Automatic password generator
- Automatic website logins
- No password sharing implemented
- Generous free account
- Premium account with 1GB cloud storage for only $10/yr
To begin with I will be installing the Bitwarden Windows 10 desktop client, this is free to download form the Bitwarden website and at only 720KB can be downloaded almost instantaneously.
Once downloaded the installation takes only a couple of minutes to complete whilst some other components are being downloaded and with only a couple of clicks everything is ready to go, great work so far!
Upon opening the desktop client for the first time we will be asked to log in or create an account if we don’t yet have one. Bitwarden require only an email address and a master password which is great to see as this helps keep users data as private as possible.
Finally, once logged in with our new account we will be greeted by the main Bitwarden application home screen, from here we have full access to the free version of the service and any other devices using this account will be automatically synchronised.
In addition to the desktop client software, Bitwarden also offer smartphone apps and browser extensions for all major web browsers. I will have a look at the smartphone app a little later on but for now I will have a look at the FireFox browser extension, this can be installed directly via the Firefox add-on store:
As with most Firefox extensions the installation here is quick and easy taking only a few moments to complete, once installed we can login with the Bitwarden account we created a little earlier on.
Once installed and logged in we will have full access to our account via the browser window, this includes tools such as the automatic password generator and all passwords already synchronised via our Bitwarden account. I will have a look at using the Bitwarden browser plugin in more depth a little later on.
Finally, should you need to access your Bitwarden vault without the desktop client, browser apps or smartphone apps there is the option of using a web-based console. This web-based console can be logged into using your usual Bitwarden credentials and can also be used for importing / exporting accounts from other password managers.
Data Stored by Bitwarden
As with most password managers not only do they store simple passwords but also other useful information such as credit card numbers, PIN codes, tax numbers and any other secure personal notes you might want to keep safe.
As such Bitwarden will not only store the logins for any websites and apps you might use but also allows credit card, PIN umbers and secure personal notes to be stored alongside them and synchronised across all devices automatically.
Should you take out the Bitwarden premium subscription at $10/ year you will also be able to upload and synchronise files and photographs across all of your devices thanks to the 1GB of secure cloud storage included with this premium option. This is a very useful way to keep copies of bank cards, personal IDs and other important documents which you might need to securely access whilst on the go!
Adding a new Site
Once Bitwarden is up and running one of the easiest ways of adding a new login is via the web browser plugins. Of course, any app can be used for adding a new login but the browser extensions will automatically recognise a new website and offer to add the login to your Bitwarden account automatically whenever necessary, excellent!
Regardless of which method you choose adding new logins to Bitwarden is a fairly straightforward process, however, the browser plugins will be essential for many as they will (in almost all cases) make this process completely automatic when using a new site for the first time.
Can Bitwarden Generate Passwords
Yes, Bitwarden has a great password generator which can be used to generate strong and unique passwords automatically every time a new login is added to your account.
This is a very important feature in a password manager as it makes the process of utilising strong, unique and secure passwords for each and every website you use very easy to manage. This is helpful because in the event that a password is ever compromise and exposed to the world along with your login details (e.g. email address) then only a single website will be affected. In such cases it is fairly easy to then change the password for that single site knowing all other sites are still 100% safe thanks to them having different passwords (even if the login email is the same).
Imagine if your username and password (as per above) had been leaked and it turned out the username (email) and password were used regularly use across many different websites! In this case it would take much longer to change them all (you might even miss some) and it is much more likely that one or many accounts would be compromised, not a good situation!
Signing in to Websites and Apps
Signing into websites is one of the most common tasks a password manager will be used for. Because of this any password manager which incorporates a web browser plugin which will automatically fill out login forms is at a big advantage versus those which don’t (yes, some still don’t have browser plugins!).
Thankfully, Bitwarden has very good selection of web browser plugins covering widely used browsers such as Chrome, Safari and Firefox as well as lesser used ones including Brave, Opera and Vivaldi.
When signing into a website the Bitwarden browser plugin will do one of two things depending upon whether you already have an account saved for the website in use. If a login is already stored, Bitwarden will recognise this and can (via the plugin menu) be used to fill in the login automatically. If the account is not stored in Bitwarden then this will be recognised and a new login can (optionally) be stored it in the password vault automatically.
Bitwarden also provide apps for iOS and Android which can be used to login to websites and apps on a smartphone device, I will be looking at the Android app in this review which can be installed via the Google Play store.
Once installed, as with the Windows desktop client and the browser extensions the Bitwarden username and password must be entered in order to sign-in and synchronise the app with the main Bitwarden account.
The Bitwarden smartphone app can also be used to automatically fill in app based logins, in Android this can be achieved by configuring the auto-fill service as is shown below):
How Secure is Bitwarden
Bitwarden make use of very secure AES 256bit encryption to ensure all user data is encrypted both whilst it is being stored on user devices and whilst being synchronised via the Bitwarden synchronisation service. Bitwarden also make use of extended, salted hashing on passwords adding even more security to accounts and ensuring the master passwords of account holders are even more protected.
Multi-factor authentication is also available on both free and premium accounts which adds a further layer of security to an already safe service in addition to “new device” warning emails which will alert users every time a new device is used to access the account.
Another very important part of Bitwarden’s approach to security comes from making all of their software open source. Such a move is still not common amongst many password managers yet helps prove Bitwarden’s commitment to security and transparency by allowing the open source community to review and verify the code is working as it should. Open sourcing their software is also a great way to ensure any bugs and security issues have been dealt in a correct and effective way as all work will be publicly available.
Can Bitwarden Import Passwords?
Yes, Bitwarden provides a specialist import tool making the importing of passwords form other password managers quick and easy. The tool (as can be seen below) is pre-configured to work with all of the main password managers in use today and can be found via the Bitwarden web vault.
This same tool can be used for easily exporting of Bitwarden passwords should you wish to move else ware in the future.
Whilst import and export functionally is fully covered it is slightly disappointing to see this is (currently) only available via the web console and not in the desktop client applications. Not a big deal but it would be nice to have this functionality available locally on a device.
Bitwarden Free vs Premium
Bitwarden offer, by default, a completely free service allowing use of all applications, multi-factor authentication and an unlimited number of logins to be added and synchronised via the service.
Bitwarden also offer an upgraded premium account which also includes 1GB of secure cloud storage, premium support, additional multi-factor authentication options and data breach reports to alert you if your passwords have been involved in a breach.
The premium account also offers several security related reports which make it easy to see which (if any) of you passwords might have been involved in data breaches, might have been re-used across multiple accounts or might be considered weak and unsecure passwords based on their complexity and length.
Bitwarden uses AES-256 bit end-to-end encryption to ensure all user data is encrypted locally on the device before any synchronization takes place. In addition to strong encryption Bitwarden also offer the ability to use multi-factor authentication on both free and premium accounts.
Another important aspect to the security of Bitwarden software is that it is fully open source and available for anyone to review. This means the workings of the software are transparent and that security researchers can easily verify that the software is as secure as the company producing it (Bitwarden) says it is.
Bitwarden have a very useful knowledge base and Q&A section on their website which should have the answers to common questions which might arise whilst using the service. Should you require any more support Bitwarden provide 24/7 online messaging support in addition to priority support for premium members.
Bitwarden have both a free account and a premium account priced at $10 / year for individuals. Business and team account are also available.
For more information on pricing be sure to check out the Bitwarden pricing page.
Bitwarden Review Summary
Bitwarden is a solid password manager which features everything you could ever need from such a tool. This is especially impressive given that the free account is one of the best I have ever come across and if you don’t need the 1GB of cloud storage will most likely be ideal for many individual users.
The premium account is also excellent value at only $10 / year providing everything in the free account along with 1GB of cloud storage, use of advanced 2FA options (YubiKey, U2F and Duo), premium security reports and TOTP authenticator features.
The range of applications provided by Bitwarden is also noteworthy with iOS and Android smartphone apps, plugins for all major browsers and Windows, Linux and Mac operating systems supported via open source software.
Overall this is a very impressive password manager and comes very close to LastPass in being one of the best free options I have so far tested. An excellent job Bitwarden!