Many free password managers have abrasive limitations that force well-nigh people to upgrade to a paid tier. Not Bitwarden. The gratis version of this open up-source countersign manager does not restrict you to a certain number of entries or preclude you from syncing your vault across all your devices. Even the paid version, which adds several loftier-end security tools, is very affordable.
Our main complaints with Bitwarden are that the Premium tier offers very little encrypted storage space past default, and that it had trouble automatically capturing and filling credentials on certain pages in our testing. Those problems notwithstanding, Bitwarden wins an Editors’ Choice honor for the gratuitous countersign manager category. Yet, if you want to pay for a countersign director, other products offer a more seamless and sophisticated experience, albeit at an increased cost.
How Much Does Bitwarden Cost?
Bitwarden offers iii plans at the consumer level: Free, Premium, and Family. The Gratis tier allows you to sync an unlimited number of vault items beyond an unlimited number of devices. The free tier also includes a password generator, credential sharing, and the option to self-host. Not many other free password managers are equally restriction-free.
When you upgrade to Bitwarden’due south $ten-per-yr Premium tier, you get back up for enhanced multi-cistron authentication methods, password vault reporting and analysis, and the ability to automatically log in to sites that apply fourth dimension-based one-fourth dimension password (TOTP) authentication. You lot likewise get 1GB of encrypted storage for files and file-sharing capabilities, as well equally emergency access features. If you need more storage, each additional gigabyte costs $4 per year. The $40-per-year Family Organization tier gets y’all six Premium licenses, priority customer support, and the choice to apply the Organizations sharing tool.
Business customers can choose betwixt three plans: Gratuitous System, Teams System ($three per calendar month per user), and Enterprise Organization ($v per person per month).
Bitwarden offers native apps for Windows (including a Microsoft Store app), macOS, Linux, Android, and iOS. Its browser extension supports the expected Chrome, Edge, Firefox, Opera, and Safari, every bit well as the less-common Vivaldi, Brave, and Tor Browser. None of the plans limits you lot to a certain number or blazon of platforms.
How Do Bitwarden’s Prices Compare?
Several other countersign managers offer gratis and paid tiers, too. However, their free tiers tend to be more than express, and their paid tiers are usually more expensive.
LastPass, for instance, besides offers Free, Premium ($36 per year), and Families ($48 per year) tiers. LastPass Free was roughly comparable to Bitwarden’s costless edition since it did non place whatever limitations on the number of passwords yous could shop, but its electric current iteration makes users choose between using it on desktop computers or mobile phones, which severely limits its utility. A LastPass Premium plan removes that device-syncing limitation, plus adds 1-to-many sharing, 1GB of cloud storage, account and password security monitoring, advanced multi-factor authentication options, and emergency access features. The Families subscription gets yous six Premium licenses also.
NordPass offers a similar lineup of plans with a unlike set of limitations for the complimentary plan. Its free tier allows you to store an unlimited number of passwords, only prevents you from signing in to the same business relationship on more than than one device at a fourth dimension. You need to pay for the Premium tier ($59.88 per year) for password health reports, sharing capabilities, and the data breach monitor. A NordPass Family unit business relationship gets you five Premium accounts.
Dashlane offers a complimentary tier as well, but limits you lot to storing thirty total records, which is a dealbreaker. Dashlane’s cheapest paid program starts at $35.88 per twelvemonth, but this tier prevents you from syncing passwords across more than than two devices at a time. To become rid of this limitation, you lot need to spring for Dashlane’s $59.99-per-twelvemonth option.
Other premium password managers also charge more than for their premium service than Bitwarden with its $10-per-year plan. For instance, Sticky Password costs $29.99 per year, Keeper Password is $34.99 per twelvemonth, and 1Password charges $35.88 per yr.
How to Go Started With Bitwarden
Equally with most password managers, you start by setting up an business relationship. Enter your email, create a potent primary countersign, and you’re done. Bitwarden rates your main countersign as weak, good, or potent every bit you type it, and information technology doesn’t just expect for a minimum length and use of dissimilar character sets.
If you’re switching from another countersign manager, Bitwarden tin help, simply you must caput to the web vault to do then. Here, you tin import passwords exported from Dashlane, Keeper, RoboForm, or more than than 50 other password managers. Yous can besides import passwords stored in your browsers.
Bitwarden offers iii options for exporting your vault: JSON, JSON (encrypted), and CSV. The encrypted option is new and uses the aforementioned encryption as your vault, which means you need to use the same key to decrypt it when you import it again.
Hallmark Options With Bitwarden
Multi-factor authentication (MFA) significantly enhances the security of your stored passwords. Without some course of MFA, anybody who guesses, steals, or hacks your master password tin admission your vault from anywhere. With MFA enabled, access requires another cistron, something merely y’all can provide. To set MFA with Bitwarden, head to the Settings section in the spider web interface and so select the Two-step login option on the left-mitt menu.
Bitwarden’s free edition supports MFA via authenticator apps, which nosotros adopt over less secure SMS-based methods. Almost multi-cistron systems crave you lot to prepare some kind of backup, such every bit a mobile number that can receive an unlock code via text, in case you ever lose your authentication device. When y’all get to enable MFA in Bitwarden, it shows a warning at the pinnacle of the page well-nigh how the company cannot help you regain access to your account if you lot lose your MFA device. Information technology strongly advises y’all to copy down your account recovery code and store it in a rubber place.
Setting up MFA with an authenticator app is simple; just snap the QR lawmaking with your authenticator app of choice and yous’re ready to go. In that location’s also an option to receive MFA codes via email, only using an MFA app is a much smoother experience. Bitwarden premium subscribers get more than MFA options, including authentication via a Yubikey, or any FIDO U2F-compatible security key.
I popular technique for using multi-gene authentication with your other online accounts relies on TOTPs. Like Enpass, Bitwarden Premium tin can serve as an authenticator itself, both generating the necessary TOTP and automatically filling it in when needed. To set this up, you paste the MFA authentication code into the Authenticator Key (TOTP) section of a password entry.
Bitwarden’due south Desktop, Spider web, and Browser Extension Feel
You can utilise Bitwarden’s web interface, desktop apps, or browser extension to create and edit entries in your vault, but some functionality is limited to the web interface. For example, you must apply the web app to set up up multi-factor authentication, run Bitwarden’s security reports, and import passwords. You lot tin share items from any platform, simply the desktop app limits you to Bitwarden’due south new Send characteristic, rather than giving you total sharing capabilities.
If you want to host your passwords locally, Bitwarden allows you to do so on Windows, macOS, and Linux devices. Bitwarden’due south applications and code library were audited by Cure53 in 2018, while its network infrastructure was audited by Insight Chance Consulting in 2021. We capeesh Bitwarden’s commitment to audits and hope it continues to perform them at regular intervals.
Bitwarden’s web and desktop apps have a similar layout. In the middle, you get a list of all the entries in the vault, while a left-hand menu allows you to filter past item type (login, card, identity, secure note) as well as view your favorites and deleted items. On the correct-hand side of the screen is a box for sharing with your organizations.
The browser extension’south pattern is more streamlined, merely you can nonetheless filter by item type. Nosotros like that you can change the interface theme of the desktop app and browser extension. Nosotros didn’t feel any performance issues or crashes when during testing on any of these three apps.
You lot can too organize your saved logins and items into folders. LastPass and LogMeOnce Password Management Suite Premium are amidst the products that let you practise this at capture time. If you want to organize your Bitwarden logins, it’south a picayune more work. You lot must create the folders you want start and and then edit each item to put it in the desired folder. The desktop app does non support elevate-and-drop capabilities. 1Password goes ane footstep further with countersign organization because you can maintain several vaults per account and organize items in a nested structure.
As with almost other password managers, Bitwarden allows you lot to add identities, credit cards, and notes to your vault. All these items are pretty straightforward to ready and they support custom fields (text, hidden, or Boolean). Bitwarden can apply identity and credit carte du jour items to fill spider web forms, a process nosotros discuss afterwards.
All Bitwarden’due south apps have an all-encompassing set of features related to vault admission. For case, you can configure how long it takes to time out and what happens at that point. The desktop apps and browser extensions even support biometric authentication unlocks.
Password Capture and Replay
On the desktop, we tested Bitwarden in Edge on a Windows ten machine. To showtime, we only logged in to 10 or so websites. In almost every instance, Bitwarden slid in a imprint at the tiptop of the folio offer to save the credentials. Bitwarden had trouble with a 2-page and hybrid login page we tried, however. It didn’t offer to save our credentials for those sites.
Norton, Enpass Password Manager, and many others let you give each entry a friendly, memorable proper name at the fourth dimension of capture. With Bitwarden, capture is simpler considering you merely click a push, but calculation a friendly name required editing the name afterwards the fact. You might, for example, take two entries with the default name “login.yahoo.com” and rename them to Personal Email and Work E-mail.
Some password managers immediately fill up in your credentials when you revisit a site. Others put an icon in the username field and make full in credentials only after you click, which avoids some possible security risks. Bitwarden automatically fills in credentials, simply you tin can disable this option if you prefer. In testing, this feature worked for standard sites we tried, but a few hybrid sign-on pages tripped information technology upwards.
If Bitwarden has multiple credentials saved for the site you’re on, it overlays the number of entries on its toolbar button. Click the button, click the desired entry, and information technology fills the data. Alternatively, you tin right-click on a login field to fill in any saved credentials from a context menu.
You tin can also view your entire password collection by clicking the toolbar button and opening your vault. From here, you tin easily search for items and launch the associated webpage by clicking on it.
What Security Tools Does Bitwarden Offer?
Afterward you add all your passwords to Bitwarden’s vault, you should supplant any weak or duplicate ones with strong and unique passwords. Gratuitous users have to sentry out the bad ones themselves, as Bitwarden reserves almost of its password security analysis tools for paying customers. These tools are available via Bitwarden’s web interface, but nowhere else.
Bitwarden can generate six reports: Exposed Passwords, Reused Passwords, Weak Passwords, Unsecured Websites, Inactive 2FA, and Information Breach. Exposed passwords are those that have been uncovered in known data breaches, while reused and weak passwords are self-explanatory. Bitwarden treats whatsoever linked URLs in your vault that don’t apply TLS/SSL encryption as unsecured. The Inactive 2FA report identifies sites in your vault that support multi-factor authentication, but for which yous oasis’t linked a TOTP code in Bitwarden. That concluding report could throw upwardly some false positives, all the same, if you choose to apply a different authenticator app.
The Data Breach study checks if whatsoever of your e-mail addresses, passwords, and credit cards appear in any information breaches via the Accept I Been Pwned site. Free users tin cheque if whatever of their email addresses or usernames have been exposed in a breach.
Many other countersign managers, including LastPass, Keeper, 1Password, and NordPass include similar tools. Dashlane’southward free version provides an actionable password strength written report; paid users get active Dark Web monitoring.
When you do discover a password that yous’ve used multiple times or a weak i like “123456,” you don’t have to retrieve up the replacement yourself. Like near every competing product, Bitwarden includes a random password generator.
By default, the password generator creates passwords containing upper- and lowercase letters and digits, but non special characters. We strongly advise checking the box to add special characters to the mix, since it’south a requirement for many sites anyway.
The generator tin crank out passwords from v to 128 characters long, but it defaults to 14 characters. We advise increasing the length to 20 characters or more. On Android, Bitwarden defaults to 15 characters and uses all graphic symbol sets by default. Bitwarden should standardize these options and increase the default password length.
Bitwarden can besides generate multi-give-and-take passphrases of the Correct-Horse-Battery-Staple type. At that place’south no point in using this characteristic for a password managed past Bitwarden, but yous might consider using it to create a memorable primary password similar “unstylish-slam-plywood-anvil.” Once again, Bitwarden’s default word length is a bit low at three words. We recommend increasing that setting.
Personal Information Storage and Grade-Filling
Bitwarden stores ii kinds of personal data items: Cards and Identities. For each credit card, you lot record details similar the number, cardholder name, and CCV. It doesn’t let you lot snap the card with a smartphone camera the way Dashlane and a few others exercise.
Each identity saves a simple collection of personal data, including proper name details, snail-mail address, email, and phone number. Information technology’southward non nearly the huge cornucopia of data stored by RoboForm Everywhere, and y’all can’t have multiple instances of a field.
Still, y’all can add custom fields to an identity entry: Text, Boolean (a checkbox), and Hidden (the entry is obscured by asterisks by default). Other password managers are more comprehensive in this regard, but every field that Bitwarden fills is one you don’t take to blazon.
If you want Bitwarden to fill up the form you lot’re staring at, click the extension push so the desired identity or credit carte du jour. We tried a few sites and found that Bitwarden generally did the task, despite missing a few fields.
Sharing and Emergency Admission
Nosotros always advise against sharing your passwords with just anyone, but sometimes you really must. When you exercise accept to share, you want the procedure to be both uncomplicated and secure. Bitwarden offers 2 methods for sharing logins: via a feature called Send and, for families or teams, Organizations.
Bitwarden’s Ship characteristic simplifies sharing considerably. With this method, you can send an encrypted link to anyone (even people who don’t apply Bitwarden) using whatsoever communication method y’all prefer. Sends can either include files (upward to 500MB, or upwardly to 100MB if uploading from mobile) or text notes. Free users can merely share notes considering those accounts do non include whatever encrypted file storage. During the setup for a Send, you can specify an expiration date, a deletion date, and a maximum access limit, plus fix upwards a password.
Ship’s simplicity is as well its drawback. Ship allows users to re-create and paste passwords into text files instead of sharing encrypted login credentials. Other countersign managers such as Dashlane or LastPass allow users to only send encrypted logins, so the recipients never see the passwords. Assuasive other people to meet your passwords is a significant security risk.
For the second method, yous don’t share with other users straight. Instead, you create an organization, invite other users, and so share with the organization. Gratis and Premium personal users tin’t use this tool. It’s simply for subscribers of the Family unit System tier or any of the business concern plans. Subscribers to Bitwarden’s Free Organization and Family Organization tier can share items with a full of two and half-dozen people, respectively, while the Team and Enterprise plans don’t accept any such limitations.
Within an organization, shared items fall into collections, and every item must be part of at to the lowest degree one collection. Collections are similar to shared folders in products such as LastPass and Keeper Password Manager & Digital Vault.
Free Organization users can create two collections. If you subscribe to the Family System program or above, you tin create an unlimited number of collections. The signal with this arrangement is to let you lot share different passwords with dissimilar members of a group. This sharing setup lends itself more to enterprise customers.
Equally the creator of the organization, you are the all-powerful Possessor. There are three other levels of access, Admin, Managing director, and User, but the distinctions really matter more to business installations. In addition, you tin can limit each user to specific collections, or make the share read-only. If you’re sharing with a partner, it makes sense to requite total Owner access. If the share is more 1-sided, perhaps with a child, User access in read-only mode is probably best.
A few competing products, among them LastPass, LogMeOnce, and Dashlane, let yous set a different kind of sharing. With these products, you designate an heir to receive some or all of your passwords in the event of your untimely demise. Bitwarden offers this feature, too. In essence, the possessor of a Bitwarden vault tin can invite an emergency contact to their vault who will just be able to access the contents of it after the original possessor approves the request manually or a time limit ready by the owner expires. Notably, only Premium users and college can send out emergency access requests, only free users can be designated as those recipients. Emergency access contacts, upon gaining access to the vault, will either become read-only access or full control of the vault.
Bitwarden On Mobile
For mobile device testing, we used Bitwarden’s app on an Android xi device, although Bitwarden offers an iOS app too. Both apps expect consistent and have the same features, amidst them biometric authentication and the ability to autofill credentials. Much like the desktop and spider web apps, the mobile versions support themes.
The Android app includes a bottom navigation bar with four items: My Vault, Send, Generator, and Settings. The My Vault section lists your particular types, folders, and unorganized items; tap on any to view details or edit the entry. The Send tab lets you ready up and manage shared items. The Generator department gives you access to Bitwarden’s password generator tool. In the Settings tab, you control autofill preferences, enable additional requirements to unlock the vault, export your vault, besides as access other standard options.
In testing, Bitwarden successfully filled credentials within apps and in a browser. Nosotros didn’t feel any app crashes either.
Bitwarden for Business
Bitwarden’s password manager for businesses and teams isn’t as flashy as the competition, merely it’s an choice for organizations looking for secure credential storage that won’t pause the bank.
Reporting features are a top attraction for many businesses seeking enterprise-level countersign protection. These features give administrators an idea of the overall password health of their teams. For example, if a team fellow member isn’t practicing diligent password hygiene, a manager could ask them well-nigh creating strong, unique credentials at piece of work. Dashlane and Zoho Vault both offer extensive reporting graphs and charts for admin accounts. Bitwarden’s Reports don’t involve whatever graphical representations of poor password wellness. Instead, they are simple lists of Exposed Passwords, Reused Passwords, Weak Passwords, Unsecured Websites, and the Inactive 2FA list, which shows websites in the vault with inactive multi-gene authentication.
Single sign-on (SSO) is available for Bitwarden. SSO eliminates the demand for multiple usernames and passwords, but it has its risks. If an attacker gets hold of SSO credentials, they have access to all the user’due south applications. Luckily, teams and business Bitwarden accounts include a multi-gene login for the system’due south users. You can use Duo Security to verify user identification using the Duo Mobile app, SMS, a phone call, or a U2F security cardinal. When an employee leaves the organization, Admin users can remove squad members from the business vault.
Bitwarden makes information technology like shooting fish in a barrel for users to access business passwords by importing their passwords into a business concern vault that’s separate from their employee vault. In addition, users can create Collections of passwords to share with user groups or with the entire organization. Concern accounts include unlimited sharing capabilities with the Collections feature.
In a move mirroring LastPass Business and Dashlane Business, Bitwarden’south enterprise plans at present include a free Families account for each employee. Encouraging employees to use countersign managers for their personal logins may help to establish vigilant password protection habits.
Account Switching With Bitwarden
Bitwarden recently added a feature that allows users to switch between multiple accounts, such as personal and piece of work while staying logged into the accounts. Users can switch between up to five accounts, with only one account remaining active at a time. This feature is currently but available for the desktop app.
A header in the desktop window shows which account is active. When you click the account proper name, a dropdown menu appears with the option to add a new account and a list of other accounts you own.
Each business relationship operates independently and has its own timeout and unlock setting. This means a work account, for example, could use a PIN to unlock, and later, you tin can switch to your personal account which unlocks using biometrics. The characteristic eliminates the demand to enter a unlike master password every time you lot want to switch between accounts.
Keep in mind, if you’re using a shared computer, y’all should log out of the Bitwarden password director every time you are finished with the machine to forestall anyone else from accessing your accounts. Add another layer of security by adjusting your timeout settings to either log out or lock the account later on a short fourth dimension.
A Serious Contender
If you’re searching for a free countersign managing director, our top pick is the open-source Bitwarden. It does not limit the number of passwords you can store or forestall you from syncing your vault across devices, which many other free password managers do. The Premium tier is also inexpensive and includes splendid features such as an actionable password health report, emergency admission options, the ability to generate TOTP codes, and support for enhanced multi-gene authentication methods. Bitwarden had some trouble automatically capturing and filling credentials on some sites in our testing, but it is an Editors’ Choice winner for free users because of its notable lack of restrictions. If you want to pay for your password manager, other options are a bit slicker and offering more features.
Our favorite paid password managers are Dashlane, LastPass, and Keeper, all of which offer an excellent, shine countersign management experience with top security tools.