Menu
- Bitwarden Firefox Plugin
- Using Bitwarden With Apps
- Using Bitwarden With Chrome
- Using Bitwarden For Game Logins
- Using Bitwarden
- Using Bitwarden On Android
- Using Bitwarden Offline
Bitwarden Pricing
The Bitwarden Authenticator is an alternative solution to dedicated authentication apps like Authy, which you can use to verify your identity for websites and apps that use Two-step Login. The Bitwarden Authenticator generates 6-digit Time-based One-time Passwords (TOTPs) using SHA-1 and rotates them every 30 seconds. You use Bitwarden, so when the password is requested, you open the tool, search for the password, copy it, and paste it into a message. First, that's a lot of steps. Second, is your method of.
Bitwarden is free and open-source software, but unlike community-developed alternatives such as KeePass, it is a commercial venture.
The core product is free and will stay free forever, but you can support the developer by paying a very reasonable $10 per year subscription fee for a premium personal account. Premium users enjoy some cool (non-core) additional features, as outlined below.
In addition to a premium personal plan, Bitwarden offers family plans and a couple of enterprise plans aimed at businesses.
In this review, we will focus on personal plans.
What features does Bitwarden offer?
The following features are available to free users:
- End-to-end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- Two-factor authentication (2FA)
Paying $10 a year adds:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
Bitwarden Firefox Plugin
What is important to note is that there is no account recovery feature.
How easy is Bitwarden to use?
To start using Bitwarden, just download the app for your platform and sign-up in-app. A password is requested, but this is not verified. You’ll need to think of a strong master password, and can choose a hint to help you remember it.
And that’s it! Just don’t forget your master password!
The desktop clients
Using Bitwarden With Apps
The Bitwarden desktop clients are basically identical in Windows, macOS, and Linux. Most versions of Linux are supported thanks to the app being packaged in the AppImage format. It is also available through the Ubuntu Software Center and, of course, you can compile the open-source code yourself.
Using Bitwarden With Chrome
We find the interface to be smart looking and very easy to use. Four “Types” of data entry are supported: login, card, identity, and secure note.
Each entry Type is formatted in a way suitable to entering data of that kind, and which the app can use to auto-fill passwords, web forms, and card detail forms. using browser add-ons.
An interesting new feature is a button in the password field which checks if the password you input has been exposed. This works much like our very own data breach tool and compares the username and password you enter with a database of known password breaches.
A more secure option than thinking up your own all-too-fallible passwords is to let the Bitwarden app generate secure passwords for you. Transmit information. These passwords can be tailored to conform with any specific requirements a website insists on.
You can also create folders and add items to them. What more do you want? If you need group password management and sharing features then these are provided by Bitwarden’s organization accounts.
Autofill functionality on the desktop is provided by browser add-ons for Firefox and Chrome.
The Mobile Apps
The mobile Android and iOS apps are very similar, and share the same attractive and intuitive design philosophy as their desktop siblings.
Both apps do everything their desktop siblings can including generate secure random passwords. They also both support fingerprint unlocking on devices which have fingerprint sensors.
The Androids app uses the Autofill Framework Service on Android 8+ devices and the Auto-fill Accessibility Service on older Android devices to auto-fill forms in any browser window or app. In addition to this, the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+ the Bitwarden app integrates with Apple’s new Authentication Services framework to provide instant autofill functionality in most browsers and apps.
Web Vault
In addition to using apps, it is possible to access your passwords via the “Web Vault” from any browser. This is handy, although the possibility of compromised servers pushing malicious JavaScript code directly to your browser window means that using browser-based e2ee cryptography will never be quite as secure as performing the cryptography in a stand-alone client.
Interestingly, the only way to import data is via the Web Vault, which accepts files exported from a huge range of password managers
Command-line interface CLI
In addition to graphical user interfaces (GUIs) for all major platforms, Bitwarden provides a powerful CLI client for Windows, macOS, and Linux.
It doesn’t really do anything the GUI clients don’t, but it is very lightweight and geeks will love it!
Browser add-ons
Browser add-ons are available Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. A Firefox link is provided for the Tor Browser, but we do not recommend this as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and provide the same core functionally.
They also make auto-filling logins, forms, and suchlike a breeze.
Bitwarden customer support
An extensive help section provides detailed documentation on most aspects of Bitwarden. If you have any additional questions you can email them in.
Bitwarden is basically a one-man show, so all responses we received were from its developer Kyle Spearrin himself. Responses typically arrived on the same day. Alternatively, the Bitwarden website hosts an active forum on which Kyle is an enthusiast participant.
Privacy and security
Bitwarden is a US company and is therefore subject to FISA, the Patriot Act, and very likely surveillance by the NSA. Which shouldn’t matter because…
Bitwarden uses fully audited open-source end-to-end encryption (e2ee). Which is as good a guarantee that it is secure and private as it’s possible to get. The only way to decrypt your data is by using the correct master password, which is not recoverable should you forget it. So don’t.
Because e2ee is used, it shouldn’t matter that Bitwarden uses Microsoft Azure cloud servers to host accounts, although if this really bugs you then you can self-host on a home or rented server of your choice using the open-source Docker framework.
Audit
![Using bitwarden Using bitwarden](/uploads/1/1/8/6/118641991/785954767.jpg)
In November 2018 a crowdfunded independent security audit by Cure53 found no major issues with the software. Some non-critical issues were discovered, the most important of which were patched immediately. We can only presume that developer Kyle has been working hard this last year to fix any additional issues raised by the audit.
Technical security
Data at rest is protected using an AES-256 cipher. PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all respected third-party cryptographic libraries.
Data in transit is protected by regular TLS - which is fine. Even if your data was somehow intercepted in transit (via a MitM attack using fake SSL certificates) it could not be accessed because it is encrypted with AES-256 before leaving your device.
In 2018 a flaw was found in the Chrome add-on’s cryptography. This was largely fixed immediately, although you should never use the ‘never forget’ option of Bitwarden if you do not want your encryption key to exist on disk.
Two-factor authentication (2FA)
Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
Check out our 'what is 2FA' page if you are new to this.
Final thoughts
Bitwarden is a free and open-source password manager that can go head-to-head with any of its closed- source subscription-based rivals. It is powerful, looks good, is intuitive to use, and syncs seamlessly across all your devices.
In our view, Bitwarden’s only real rival is the similarly open-source KeePass and its various forks. Bitwarden looks prettier than KeePass and is easier to set up and use, but thanks to the huge number of add-ons available to KeePass, it is no-where near as powerful or flexible.
KeePass is also true community-developed software rather than a one-man for-profit product (albeit one which is open-source). Bottom line: Bitwarden is the ideal password manager for the less technically minded.
Get 3 months free
- Fastest VPN we test
- Servers in 94 countries
- Unblocks Netflix, iPlayer and more
23hours
25seconds
Get ExpressVPN 30-Day Money-Back Guarantee© Provided by TechRepublic Image: Jack Wallen![Using bitwarden Using bitwarden](/uploads/1/1/8/6/118641991/576516432.jpg)
More about cybersecurity
The new Send tab of the Bitwarden password manager.
The developers of the Bitwarden password manager are always looking to improve their software. When their PR guys reached out to me last week to let me know of a new feature, you can bet I was all ears. Said feature isn't a deal maker or breaker, but for some, it could fill a void found in many desktop and mobile password manager apps. That void is sharing passwords, text and files securely.
Consider this: you have a password that you frequently have to share out with others. You use Bitwarden, so when the password is requested, you open the tool, search for the password, copy it, and paste it into a message. First, that's a lot of steps. Second, is your method of sending secure? After all, you are sending a password to a (possibly) critical service.
What do you do?
If you're using the latest version of Bitwarden (either on the desktop or your mobile device), you could simply create a new Send so it's always at the ready. With the new Bitwarden software, you can create either text or file-based Sends.
Let me show you how this works.
SEE: Identity theft protection policy (TechRepublic Premium)
What you'll need
To make this work you'll need the latest version of Bitwarden (1.25.0). To send Files, you'll need a Premium license, which is $10/yearly. I'm going to demonstrate on the desktop client, but the process is the same on the mobile version. To make this feature even better, all of your Sends will sync between clients--as long as they are associated with the same Bitwarden account.
How to create a Send
Open Bitwarden. In the new interface, you'll see a Send tab at the bottom of the left pane (Figure A).
Figure A
© Provided by TechRepublic The new Send tab of the Bitwarden password manager.Click on the Send button and click +. At the top of the new window, select either File or Text (Figure B). Just remember, to send a file, you must have a Premium account.
Figure B
© Provided by TechRepublic The new Send add window is simple to fill out.Let's say you want to create a Send for a password that you frequently have to share out with other staff members. Give the new Send a name, select Text, and then copy the password in the text field. Once you've done that, scroll down to the Options section and set a Deletion Date for the Send link (Figure C). This is important, as you don't want that link permanently valid.
Figure C
© Provided by TechRepublic Setting the Send options in Bitwarden.You can also set an expiration date and a max access count (how many times a user can access the send before it becomes inaccessible).
Scroll down again and create an optional password and add any notes you might want/need for the Send (Figure D).
Figure D
© Provided by TechRepublic Setting a password for the new Send in Bitwarden might ease your concern about a third-party viewing the text.If you do set a password for the Send, you'll need to share the password with the recipient, but gaining that extra layer of security might be worth the added steps.
Click the checkbox for Copy The Link To Share This Send To My Clipboard Upon Save and click the Save button at the bottom of the window. You can now paste the Send link into an email or a message and send it to the recipient.
That's all there is to using the new Bitwarden Send feature.
Nits to pick
Of all the password managers out there, Bitwarden is my favorite. Besides being open source, Bitwarden also has the perfect ratio of features and simplicity. That ease of use is one of the reasons why I found a few nits to pick with the new Send option.
Because Bitwarden is such an easy tool to use, it surprises me that they don't have a more fully-realized sharing option built into the tool. Instead, you must opt to use an external tool to share the Send link. This leads me to my other nit: why not make it possible to quickly share an entry in the Vault?
Using Bitwarden For Game Logins
Add a share option that would allow you to create a link to share a login entry from within your Bitwarden Vault. All you'd have to do is locate the entry to be shared and click the Share button. Fill out an email address and an encrypted link is automatically sent to the recipient.
Using Bitwarden
That, of course, might be asking for too much. Given how well Bitwarden development has gone, I'd say it's a feature that should be under consideration.
Either way, if you're not already using a password manager, you owe it to yourself (and your company) to start using one. Why not go with the best in breed and use Bitwarden?
Using Bitwarden On Android
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Also see
Using Bitwarden Offline
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)