Free password managers usually include important limitations that pressure most customers to improve to a paid tier. Not Bitwarden. The free model of this password supervisor doesn’t limit you to a sure variety of entries, nor does it forestall you from syncing your vault throughout all of your gadgets. Even the paid model, which provides high-end safety instruments, is inexpensive in contrast with the competitors.
Bitwarden is an open-source password supervisor. This implies the supply code is topic to fixed audits from Bitwarden’s group of builders, researchers, customers, and, finally, the general public. With extra eyes on the code, bugs are simpler to identify, and that makes the app safer.
Apart from its clunky password seize and replay capabilities, Bitwarden is straightforward to make use of and consists of very important core options resembling multi-factor authentication, credential sharing, cross-platform syncing, and limitless password storage, all for a number of customers. No different free password supervisor we’ve reviewed consists of all these core options, which is why Bitwarden retains its Editors’ Alternative award without spending a dime password managers.
How A lot Does Bitwarden Price?
The Free plan consists of help for as much as two customers, multi-factor authentication through electronic mail or a cellular authenticator app, password vault knowledge breach scanning, and the choice to run a Bitwarden server utility by yourself community or server. A Premium account is $10 yearly, and it provides extra authentication choices for customers, resembling {hardware} safety keys. It additionally consists of emergency entry and file sharing. A Household account is $40 per yr, and it consists of all of the Free and Premium options whereas including help for as much as six customers. You may also create limitless Organizations to facilitate simple knowledge sharing between accounts.
How Do Bitwarden’s Costs Examine With Different Password Managers?
Different password managers supply free and paid tiers, too. Nonetheless, their free tiers are typically extra restricted, and their paid tiers are often costlier.
NordPass presents the same lineup of plans with a unique set of limitations for the free plan. Its free tier means that you can retailer an infinite variety of passwords however prevents you from signing in to the identical account on a number of gadgets concurrently. You should pay for the Premium tier ($35.88 per yr) for password well being stories, sharing capabilities, and the information breach monitor. A NordPass Household account will get you 5 Premium accounts for $71.88 yearly.
Different password managers additionally cost extra for his or her premium service than Bitwarden with its $10-per-year plan. As an example, Keeper Password is $34.99 per yr, and 1Password expenses $35.88 per yr.
What Are Bitwarden’s Authentication Choices?
All password administration apps ought to enable customers to safe their accounts with multi-factor authentication (MFA). With out some type of MFA, anyone who guesses, steals, or hacks your grasp password can entry your vault from anyplace. With MFA enabled, entry requires one other issue, one thing solely you’ll be able to present. To arrange MFA with Bitwarden, head to the Settings part within the net interface after which choose the two-step login choice on the left-hand menu.
Bitwarden’s free version helps MFA through authenticator apps. If you allow MFA in Bitwarden, it exhibits a warning on the prime of the web page about how the corporate can’t show you how to regain entry to your account when you lose your MFA system. It strongly advises you to repeat your account restoration code and retailer it in a secure place.
Organising Bitwarden’s MFA with an authenticator app is straightforward; simply snap the QR code together with your authenticator app of alternative, and also you’re able to go. There’s additionally an choice to obtain MFA codes through electronic mail, however utilizing an MFA app is a a lot smoother expertise. Bitwarden Premium and Household subscribers get further MFA choices, together with authentication through a Yubikey or any FIDO U2F-compatible safety key.
However Bitwarden can serve as an authenticator, too. A preferred MFA method depends on time-based one-time passwords (TOTPs). Like Enpass, Bitwarden’s paid plans enable the password supervisor to function an authenticator, producing the required TOTP and mechanically filling it in when wanted. To set it up, paste the MFA authentication code into the Authenticator Key (TOTP) part of a password entry.
Bitwarden on Information Privateness and Safety
Earlier than we evaluate and check a password supervisor, we ship an inventory of inquiries to the password administration firm inquiring about its privateness and safety practices. We would like customers to have loads of details about the businesses dealing with their knowledge. We have included Bitwarden’s responses to our questions beneath.
Has your organization ever had a safety breach?
No.
What unencrypted info does the password supervisor retailer in person vaults?
All info in person vaults is encrypted together with usernames, passwords, URLs, and safe notes. Extra element within the publish, How Finish-to-Finish Encryption Paves the Manner for Zero InformationHow Finish-to-Finish Encryption Paves the Manner for Zero Information.
What’s the firm’s coverage relating to grasp passwords?
Customers ought to select a robust and distinctive grasp password, make sure it’s memorable, and hold it in a secure place. Bitwarden workers and methods haven’t any information of, or solution to retrieve, your grasp password.
What’s the firm’s coverage relating to person knowledge assortment and knowledge gross sales?
Bitwarden doesn’t accumulate person knowledge on the market or promote person knowledge. Bitwarden outlines this method within the publish, Defining and sustaining worth for Bitwarden customersDefining and sustaining worth for Bitwarden customers.
How does your organization defend person knowledge?
Bitwarden makes use of end-to-end zero-knowledge encryption. Extra info on how Bitwarden protects person knowledge on this safety whitepapersafety whitepaper.
How does your organization reply to requests for person info from governments and legislation enforcement?
Bitwarden doesn’t have entry to customers’ vaults.
Bitwarden’s solutions to our questions are simple to know. We additionally respect the inclusion of hyperlinks to their weblog publish outlining their knowledge assortment insurance policies and the safety whitepaper.
After reviewing Bitwarden’s privateness coverage, we discovered no inconsistencies with the above solutions offered by the corporate. We are going to word that the privateness coverage states that Bitwarden will adjust to legislation enforcement requests for private info as a result of that’s info offered by customers once they join the service. The information categorized as “private info” differs from person vault knowledge, which the corporate doesn’t entry.
PCMag encourages customers to learn over the privateness insurance policies for all of their apps to be taught extra about how firms accumulate, promote, or retailer your knowledge. Solely you’ll be able to resolve how comfy you’re with knowledge assortment and the way firms use your knowledge.
Palms On With Bitwarden
Bitwarden presents native apps for Home windows (together with a Microsoft Retailer app), macOS, Linux, Android, and iOS. Its browser extension helps the anticipated Chrome, Edge, Firefox, Opera, and Safari, in addition to much less frequent browsers, resembling Vivaldi, Courageous, and Tor. Not one of the plans limits you to a sure quantity or sort of platforms.
As with most password managers, you begin by establishing an account. Enter your electronic mail, create a robust grasp password, and also you’re executed. Bitwarden charges your grasp password as weak, good, or sturdy as you sort it, and it would not simply search for a minimal size and use of various character units.
Should you’re switching from one other password supervisor, Bitwarden will help, however you could head to the online vault to take action. Right here, you’ll be able to import passwords exported from Dashlane, Keeper, RoboForm, or greater than 50 different password managers, which is excess of the competitors. You may also import passwords saved in your browsers.
Bitwarden presents three choices for exporting your vault: JSON, JSON (encrypted), and CSV. The encrypted choice makes use of the identical encryption as your vault, which suggests you could use the identical key to decrypt it whenever you import it once more.
Out of your net vault, you’ll be able to create Collections, which let you separate your credentials and different vault objects. For instance, if you wish to hold your work and private credentials separate, you’d create a Assortment simply in your work-related logins and different knowledge and provides it a Work label. Click on right here to discover ways to create a Assortment. You may also share credentials and objects with different Bitwarden customers in your group through Collections, much like Keeper’s shared folders characteristic.
Bitwarden’s Password Well being Reviews
After you add all of your passwords to Bitwarden’s vault, the app helps you exchange any weak or duplicate ones with sturdy and distinctive passwords—except you could have a free account. Free customers should scout out the dangerous ones themselves, as Bitwarden reserves most of its password safety evaluation instruments for paying clients. These instruments are solely accessible through Bitwarden’s net interface.
Bitwarden can generate six stories: Uncovered Passwords, Reused Passwords, Weak Passwords, Unsecured Web sites, Inactive 2FA, and Information Breach. Uncovered passwords are these which have been uncovered in recognized knowledge breaches. Reused and weak passwords are self-explanatory. Bitwarden treats any linked URLs in your vault that do not use TLS/SSL encryption as unsecured. The Inactive 2FA report identifies websites in your vault that help multi-factor authentication however for which you haven’t linked a TOTP code in Bitwarden. That final report might throw some false positives, nevertheless, when you select to make use of a unique authenticator app.
The Information Breach report checks if any of your electronic mail addresses, passwords, and bank cards seem in any knowledge breaches through the Have I Been Pwned website. Free customers can verify if their electronic mail addresses or usernames have been uncovered, however not passwords and bank cards.
Many different password managers, together with Keeper, 1Password, and NordPass, supply comparable instruments for his or her paying clients. Dashlane’s free model offers an actionable password power report; paid customers get energetic darkish net monitoring.
Bitwarden Password Seize and Replay
We examined Bitwarden’s desktop utility in Home windows 10. To log in to a web site with the credentials you imported to your vault, right-click within the username and password fields and select to both autofill the window together with your saved credential or copy and paste it manually. It’s a two-click course of, versus Keeper’s auto-fill choice, which solely requires a single click on.
When creating a brand new login credential for a web site, you could set up the Bitwarden browser extension, click on on the extension whereas on the web site’s login display, and fill in your required username and generate a password within the extension window. When you’ve saved the brand new credential in your vault, click on on the brand new entry, and the extension fills within the empty fields together with your knowledge. It’s a multi-step course of that rivals resembling Dashlane streamline by permitting customers to seize new logins and generate passwords through popup home windows.
You possibly can view your whole password historical past with the desktop utility by visiting the View menu on the prime of the window and clicking Password Historical past.
Bitwarden’s Password Generator
By default, Bitwarden’s password generator creates passwords containing upper- and lowercase letters and digits however not particular characters. We strongly advise checking the field so as to add particular characters to the combo since it is a requirement for a lot of websites.
The generator can crank out passwords from 5 to 128 characters lengthy, nevertheless it defaults to 14. We advise rising the size to twenty characters or extra.
Storage and Kind Filling in Bitwarden
Bitwarden shops three kinds of private knowledge objects: Playing cards, Identities, and Safe Notes. For every bank card, you report particulars like the cardboard quantity, cardholder identify, expiration dates, and CCV. It would not allow you to snap an image of the cardboard with a smartphone digicam to autofill these particulars the best way Dashlane and some others do.
Every id saves a easy assortment of non-public knowledge, together with identify particulars, snail-mail handle, electronic mail, and cellphone quantity. It is not almost the large cornucopia of knowledge saved by RoboForm All over the place, however you’ll be able to create further customized fields if you wish to save extra private info in your vault.
You may also save textual content within the Safe Observe part of the vault. You give every word a reputation after which paste or sort your notes within the textual content area.
If you need Bitwarden to fill out a kind, click on the extension button after which the specified id or bank card. We tried just a few websites and located that Bitwarden largely did the job, regardless of lacking just a few fields.
Sharing and Emergency Entry in Bitwarden
If it’s important to share credentials, you need the method to be easy and safe. Bitwarden presents two strategies: Bitwarden Ship and sharing inside your Organizations.
With Bitwarden Ship, you’ll be able to move alongside an encrypted hyperlink to anybody (even individuals who don’t use Bitwarden) utilizing no matter communication methodology you favor. Sends can embrace information (as much as 500MB or as much as 100MB if importing from cellular) or textual content notes. Free customers can solely share notes as a result of these accounts don’t embrace encrypted file storage. In the course of the setup for a Ship, you’ll be able to specify an expiration date, a deletion date, and a most entry restrict, plus arrange a password.
Ship’s simplicity can be its disadvantage. It permits customers to repeat and paste passwords into textual content information as a substitute of sharing encrypted login credentials. Different password managers, resembling Dashlane, solely enable customers to ship encrypted logins, so the recipients by no means see the passwords.
With the second methodology, you do not share with different customers straight. As an alternative, you create an Group in your account, invite different customers to that Group, and share a Assortment with them. Beforehand, this selection was restricted to paid accounts, however an replace opens it to all accounts.
Free and Premium customers can create two Collections. Should you subscribe to the Household plan, you’ll be able to create an infinite variety of Collections. The purpose of the Assortment system is to allow you to share totally different passwords with totally different group members. This sharing setup is greatest for enterprise clients.
Because the creator of an Group, you’re the omnipotent proprietor. There are three different ranges of entry (Admin, Supervisor, and Person), however the distinctions matter extra to enterprise installations. As well as, you’ll be able to restrict every person to particular Collections or make the share read-only. Should you’re sharing with a associate, it is sensible to offer them full entry. If the share is extra one-sided, maybe with a toddler, person entry in read-only mode might be greatest.
Like our different Editors’ Alternative picks within the password administration class, Bitwarden presents a approach for paid account holders handy over entry to their vaults in an emergency. The proprietor can approve entry manually or set a date for when the vault can be accessible by the emergency contact. Notably, solely Premium customers and better can ship out emergency entry requests, however free customers may be designated as these recipients. Emergency entry contacts, upon having access to the vault, will both get read-only entry or full management of the vault.
What Is the Bitwarden Cell App Expertise?
For cellular system testing, we used Bitwarden’s app on a tool operating Android 13. Bitwarden additionally presents an iOS app.
The apps look constant throughout the platforms and have the identical options, amongst them biometric authentication and the power to autofill credentials. The cellular apps work as anticipated and embrace the capabilities discovered within the browser extension and desktop model of the app.
The Android app doesn’t enable display captures by default, which is a incredible characteristic we’d prefer to see different password administration firms undertake sooner or later. In testing, Bitwarden efficiently crammed credentials inside apps and in a browser. We didn’t expertise any app crashes.
Is Bitwarden Good for Companies?
Bitwarden’s password supervisor for companies and groups is not as flashy because the competitors, however it’s an choice for organizations in search of safe credential storage that will not break the financial institution at $3 per 30 days per person for a Groups subscription and $5 month-to-month for every person.
Reporting options are a prime attraction for a lot of companies in search of enterprise-level password safety. These options give directors an thought of the general password well being of their groups. For instance, if a crew member is not practising diligent password hygiene, a supervisor might ask about creating sturdy, distinctive credentials at work. Dashlane presents in depth reporting graphs and charts for admin accounts. Bitwarden’s stories do not contain any graphical representations of poor password well being. As an alternative, they’re easy lists of Uncovered Passwords, Reused Passwords, Weak Passwords, Unsecured Web sites, and Inactive 2FA.
Single sign-on (SSO) is accessible and eliminates the necessity for a number of usernames and passwords, nevertheless it has dangers. If an attacker will get maintain of SSO credentials, they will entry all of the person’s purposes. Groups and enterprise Bitwarden accounts embrace a multi-factor login for the group’s customers to assist forestall these sorts of hacks. You possibly can confirm person identification utilizing the Duo Cell app, SMS, a cellphone name, or a U2F safety key. When an worker leaves the group, Admin customers can take away crew members from the enterprise vault.
Bitwarden makes it simple for customers to entry enterprise passwords by importing their passwords right into a enterprise vault that is separate from their worker vault. As well as, customers can create Collections of passwords to share with person teams or the complete group. Enterprise accounts embrace limitless sharing capabilities with the Collections characteristic.
In a transfer mirroring Dashlane Enterprise, Bitwarden’s enterprise plans now embrace a free Household account for every worker. We like this transfer as a result of encouraging workers to make use of password managers for his or her private logins might assist to determine vigilant password safety habits.
Further Bitwarden Options
Passwordless Vault Entry
Bitwarden permits customers to unlock their vaults with a type of biometric authentication, resembling a fingerprint or a face scan, as a substitute of a grasp password. On cellular apps, you’ll be able to select this selection by navigating to the Settings menu and selecting Unlock with Biometrics.
Simple Account Switching on Desktop
You possibly can change between a number of accounts, resembling private and work, with Bitwarden, all whereas staying logged into these accounts. Customers can have as much as 5 accounts, with just one account remaining energetic at a time. This characteristic is at the moment solely accessible for the desktop app.
Encrypted Vault Backups
Bitwarden additionally offers customers choices when accessing, exporting, and importing encrypted backups of the passwords and different delicate info saved of their Bitwarden vault. Customers can designate a password for backup encryption. If the Bitwarden account is deleted or inaccessible, you’ll be able to decrypt your vault export utilizing the password.
The Finest Free Password Supervisor
Different password managers present a slick password seize and replay expertise however supply few enticing free options. Our favourite paid password managers are Dashlane and Keeper as a result of they provide glorious, easy password administration experiences with prime safety instruments.
Bitwarden is our Editors’ Alternative winner without spending a dime password managers as a result of it’s simple to make use of and presents all of the core options each password supervisor wants. It really works throughout platforms, permits limitless password storage, and helps multi-factor authentication. As a result of its code is open-source, the Bitwarden app is frequently audited by third-party safety researchers, which ought to convey you peace of thoughts when trusting the corporate together with your credentials. We would belief it with ours.
