Bitwarden Review: The Open-source, secure, and free password manager
With the recent news of LastPass's data breach and hack, many people who have not been using a password manager are now frightened. Many consumers are hearing news story after story about this information being taken by hackers, yet need to learn more about what actually happened. This can make them hesitant to choose to move to a password manager to help secure their online accounts and make life easier.
Without trying to rank password managers or shoot down LastPass because of their data breach, here is a review of my favorite password manager that I use (for free!): Bitwarden.
Password managers need to do many things to be useful.
- They need to securely store passwords, usernames, encrypted notes, and any other pieces of data that you would like (credit cards, identities, encrypted file storage).
- They need to be easily accessible and not slow the user down. If the password manager is too slow, users may opt to continue using the same password for every site because of its simplicity.
- Ability to send your encrypted data to another user to securely access it.
- Ability to easily rotate encryption keys and change master password if the need arises
- Be cheap! I don't want to be paying $20 a month when I can use the same password I have used for years.
Many, if not all, password managers have these basic functions. However, Bitwarden is the best choice for a few reasons.
Bitwarden's core services are free and will always remain free. This allows any user to store unlimited passwords and usernames, utilizing zero-knowledge encryption standards and many other features.
Compared to other free password managers that limit you to a certain number of stored passwords, number of devices signed in, or even type of device signed in, this free plan checks all the boxes for my personal use.
Bitwarden is able to offer all these free services because of its significant presence in the enterprise password manager market. Bitwarden has built their system on top of Azure (in case you were wondering) for their enterprise customers and can offer a stripped-down version that doesn't provide nice-to-haves like TOTP or SSO integration in the free plan but is still just as secure and convenient and trusted as their enterprise offering. Chrome extension, the iOS app, the Windows desktop app, and the app for Fedora Linux,
For example, I have the Bitwarden chrome extension, the iOS app, Windows desktop app, and app for Fedora Linux and all work flawlessly with my over 350 items stored in my vault. Across these devices, the vault syncs perfectly, and if I add a new password through the Chrome extension, I can open the app on my phone seconds later, and it is updated.
This quick syncing combined with the Chrome extension's autofill based on URL, it takes 3 clicks (1 to open Bitwarden, 1 to click on the username/password combo, 1 to click sign-in) to sign in to any website that I have saved credentials for.
If you need more than these free features, they offer a $10/yr plan with TOTP, emergency access, and other features for power users or advanced consumers. However, for me, the free plan is a perfect fit.
If you're reading this and don't know how a password manager works, you might worry about the data's security. Bitwarden is built on an open-source framework where the code is available for all to read and contribute to on GitHub. Despite your first impression, open-source software tends to be more secure than closed-source software (where the public cannot read or contribute) because more eyes on the code generally means more vulnerabilities are caught. Bitwarden also uses zero-knowledge encryption, meaning that all data sent to Bitwarden servers is encrypted on your device, over HTTPS to Azure, and stored in an encrypted form on encrypted disks. You can rest assured that Bitwarden safely stores your data. Because of this, neither Microsoft nor Bitwarden can decrypt your data because of the hashing algorithm used. It would take more than a lifetime to reverse-engineer your passwords.
Large companies provide their primary services to promote public cybersecurity practices like Bitwarden, allowing the masses to gain stronger passwords, habits, and digital lives. If you don't have a password manager, consider Bitwarden to help you organize, simplify, and secure your life.