Open-source, secure, free password manager: Bitwarden Review
With the recent news of LastPass's data breach and hack, many people who have not been using a password manager are now frightful. Many consumers are hearing news story after story about this information being taken by hackers, yet know little about what actually happened. This can make them hesitant to make the choice to move to a password manger to help secure their online accounts and make life easier.
Without trying to rank password managers or shoot down LastPass because of their data breach, here is a review of my favorite password manager that I use (for free!): Bitwarden.
Password managers need to do many things to be useful.
- They need to securely store passwords, usernames, encrypted notes, and any other pieces of data that you would like (credit cards, identities, encrypted file storage).
- They need to be easily accessible and not slow the user down. If the password manager is too slow, users may opt to continue using their same password for every site because of its simplicity.
- Ability to send your encrypted data to another user to securely access it if need be.
- Ability to easily rotate encryption keys and change master password if the need arises
- Be cheap! I don't want to be paying $20 a month when I can just use the same password that I have been using for years.
Many, if not all password managers, have these basic functions, however I think that Bitwarden is the best choice for a few reasons.
Bitwarden's core services are free and will always remain free. This allows any user to store an unlimited number of passwords and usernames, zero-knowledge encryption standards, and many other features.
Compared to other free password managers that limit you to a certain number of stored passwords, number of devices signed in, or even type of device signed in, this free plan checks all the boxes for my personal use.
Bitwarden is able to offer all these free services because of their large presence in the enterprise password manger market. Bitwarden has built their system on top of Azure (in case you were wondering) for their enterprise customers and is able to offer a stripped down version that doesn't offer nice-to-haves like TOTP or SSO integration in the free plan, but is still just as secure, convenient, and trusted as their enterprise offering.
For example, I have the Bitwarden chrome extension, the iOS app, Windows desktop app, and app for Fedora Linux and all work flawlessly with my over 350 items stored in my vault. Across these devices, the vault syncs perfectly and if I add a new password through the chrome extension, I can pop open the app on my phone seconds later and it is updated.
This quick syncing combined with the chrome extension's autofill based on URL, it takes 3 clicks (1 to open Bitwarden, 1 to click on the username/password combo, 1 to click sign-in) to sign-in to any website that I have saved credentials for.
If these free features are not enough for you, they offer a $10/yr plan with TOTP, emergency access, and other features for power users or advanced consumers. However, for me, the free plan is a perfect fit.
If you're reading this not knowing how a password manager works, you might find yourself worried about the security of the data. Bitwarden is built on open-source framework where the code is available for all to read and contribute to on GitHub. Despite your first impression, open-source software tends to be more secure than closed-source software (where the public cannot read or contribute) because more eyes on the code generally means that more vulnerabilities are caught. Bitwarden also uses zero-knowledge encryption which means that all data sent to Bitwarden servers is encrypted on your device, then over HTTPS to Azure, then is stored in its encrypted form on encrypted disks. You can rest assured that your data is safely stored by Bitwarden. Because of this, neither Microsoft nor Bitwarden can decrypt your data because of the hashing algorithm used. It would take more than a lifetime to reverse engineer your passwords.
Large companies providing their primary services to promote public cybersecurity practices like Bitwarden does is allowing the masses to gain stronger passwords, habits, and digital lives. If you don't have a password manager, I hope you strongly consider Bitwarden to help you organize, simplify, and secure your life.