Bitwarden Password Manager Review: Great Features for Free or Cheap

When LastPass announced it would be limiting its free users to syncing on one device type — users would now need to choose between accessing their passwords on mobile devices or on their computers, but they’d have to pay if they wanted to access them on both — many felt ambushed.

I certainly did — I’d been using LastPass for over a decade at the time, and while I wasn’t against paying for a service, especially not one I absolutely derived so much value from, the sudden switch in the middle of the pandemic made me feel like they were asking for ransom. So I immediately started looking for other password managers, more out of spite than thriftiness. Bitwarden was the one that popped up everywhere: It’s free with unlimited password storage and syncing across unlimited devices (and device types), nd, more importantly, it’s highly secure, open source, and unlikely to hold my passwords at gunpoint and demand $36/year a decade after luring me in.

Bitwarden is an open source password manager with a free plan that will “stay free forever,” and a paid plan that costs less than a third of what other password managers cost. It’s not perfect — Bitwarden has a clunkier user interface and the experience is definitely rocky compared to LastPass, but these are issues you can easily overlook when you’re as salty as I was (I’m coming around, but it’s taking a while). If you can soldier past the inconveniences, Bitwarden has almost everything you could need or want in a password manager.

Cost and What’s Covered in Bitwarden

Bitwarden also offers a paid family plan, which includes all the features of the paid premium plan for up to six users and costs $40 per year. Users in a family plan can create unlimited collections to share with family members, which is something you can’t do with just a free org plan (free orgs can only be created between two users max). Bitwarden’s family plan is objectively pretty cheap — just $6 per year per person if you have six people — but it’s not as good of a deal compared to competitors. LastPass, for example, offers a much smoother user experience than Bitwarden does, and its family plan is just $48 per year for up to six users.

Bitwarden offers four plans for personal users: A free plan for individuals, a paid premium plan for individuals, a free “sharing” plan for two people, and a premium family plan for up to six users.

Since LastPass dramatically limited its free users to one device type, Bitwarden’s free plan is now one of the only free password managers that offers syncing across unlimited devices/device types. Free users can store unlimited passwords and credentials, access Bitwarden’s password generator, enable two-factor authentication (2FA), and access Bitwarden’s Data Breach report to check if any of their logins have been compromised.

You can upgrade to Bitwarden’s paid premium plan for just $10 per year — a steal compared to competitors such as LastPass, 1Password, and Keeper, all of which cost around $36 per year. Upgrading adds support for extra security tools, including multi-factor authentication and password vault analysis and password health checks. The premium plan also features 1GB of encrypted storage space and emergency access, which lets you designate an emergency contact who can access your account if anything happens to you.

Bitwarden offers a free multi-person plan — an “organization” or “org” — that allows you to share data with one other user in a “collection.” This is slightly different from Bitwarden’s free individual plan, which lets you share items one at a time. You don’t need to worry about picking between a free individual plan and a free org plan, however — you can create an organization from within a free individual plan at any time.

Getting started with Bitwarden

Signing up for Bitwarden is very easy. All you need is your email address, name, and a strong master password. You can also add an optional master password hint (not the same as a security question).

Once you sign up, you can log in immediately. When you first log in, Bitwarden will take you to your in-browser web vault.

If this is your first time using a password manager, Bitwarden’s setup process is somewhat…sparse. Okay, there isn’t really much of a setup process. While other password managers walk you through things like downloading the browser extension, adding your first password, or importing passwords from another service, Bitwarden does none of this. It just dumps you in the password vault and expects you to figure it out.

Not that that’s a bad thing, however — Bitwarden’s interface isn’t particularly complicated, and if you have used a password manager before, you’ll probably like not having to go through an unnecessary setup process. But I would have liked to see a little direction — a link to download the browser extension, perhaps?

Like most password managers, Bitwarden has an import tool for importing passwords from a different service. You’ll find this tool in your web vault, under “Tools.” The import tool features a dropdown menu with over 50 different services, including web browsers, as well as a text box where you can simply copy and paste data. The import tool works about as well as expected — it is far from perfect, but it does a decent job of bulk-adding passwords to your vault.

Desktop/web experience in Bitwarden

Bitwarden’s web vault is easy to navigate and simple — perhaps a little too simple. The main page is your password vault: In the center you’ll see a list of your credentials, and on the left, you’ll see a menu with a search box and filters such as credential type and folder. On the right, you’ll see the option to upgrade to premium (if you haven’t done so), as well as a box where you can create a new organization.

At the top of your web vault, you’ll see different tabs: Send, for sending individual credentials to other users; Tools, where you’ll find the password generator and import/export options; Reports, where free users can check data breaches and premium users can scan credentials for exposed/reused/weak passwords, unsecure websites, and inactive 2FA; and Settings.

Bitwarden has a desktop app, but it’s clunkier than the web vault and it doesn’t allow you to drag-and-drop individual credentials into different folders — which is really the one thing I was looking for when I downloaded the desktop app.

Bitwarden’s folder feature is not very user-friendly to begin with: While other password managers, such as LastPass, let you create folders when you input a new credential, Bitwarden makes you first create a folder before you’re allowed to allocate credentials to said folder. This wouldn’t be such a big issue if you could easily add credentials to folders after the fact, but it’s not that easy — not only does the desktop app not support drag-and-drop, it doesn’t even give you a way to quickly add one credential to a folder. To move something to a folder on the desktop app, you need to open up the item’s edit screen and choose the folder from a drop-down menu.

The web vault does allow you to select multiple credentials at once and bulk-move them to a new folder, but this is still pretty tedious, especially if you’re trying to organize a large batch of imported passwords.

That said, most of your interaction with Bitwarden on your PC won’t be through the desktop app or web vault, but will be through a browser extension. Bitwarden has browser extensions for Chrome, Firefox, Opera, Edge, and Safari, as well as Vivaldi, Brave, and Tor (thanks, open-source software!). Bitwarden’s browser extension isn’t quite as feature-rich as other password managers’ browser extensions, but it gets the job done. The browser extension has tabs for the current tab, your password vault, sending credentials, password generation, and settings.

When it comes to capturing passwords and auto-filling forms, Bitwarden is not quite as smooth or as seamless as its competitors. In my tests, it did a good job of capturing passwords from single sign-in pages, slipping in a slim banner at the top of the page when it detected an unsaved password. But it had a lot of trouble with more complicated hybrid and two-page sign-ins. It also had difficulty auto-filling logins, which is a feature that can be toggled off for extra security.

Bitdwarden’s automatic password capture doesn’t let you tweak the credentials much before saving — the banner that pops up asks if it should remember the password for you and lets you choose (an existing) folder from a drop-down menu. Other password managers let you make changes to the credential being saved — you can usually change the username, password, and even give the credential a user-friendly name so you can easily find it again. This flexibility is important, because — as we know — password-capturing is definitely not super accurate, and many auto-captures mistake last names or phone numbers for usernames.

Mobile experience with Bitwarden

I tested Bitwarden’s mobile app on an iPhone 13 Pro; it also has an Android app. The mobile app is similar to the browser extension, and has tabs for your password vault, sending credentials, password generation, and settings. Both the Android and iOS app support biometric authentication.

Bitwarden worked pretty smoothly on mobile: it was able to auto-capture my passwords and autofill forms without any hiccups. The app does require an extra step or two in some places — if you want to grab a password from your vault, you need to tap the item in the vault and then choose “copy password;” LastPass’s app, by comparison, has a password-copy button that you can tap quickly from the vault’s homescreen.

Syncing is also a little shaky; I frequently found myself manually syncing on the mobile app before I could access passwords I’d saved on my desktop days earlier. Of course, other password managers won’t let free users sync at all between multiple devices, and manual syncing is definitely better than nothing.

Security in Bitwarden

Bitwarden uses the same security protocols you’ll find in other password managers: AES-256 end-to-end encryption with zero-knowledge technology. Your data is encrypted locally and can only be decrypted with your master password, which Bitwarden cannot access or recover for you. If a password manager like Bitwarden ever does get hacked, the hackers will only be able to access encrypted data that will be useless without your master password.

To ensure your master password stays safe, Bitwarden offers 2FA for all users, free and paid. Free users can get 2FA with email authentication or by using an authenticator app such as Authy or Google Authenticator, while paid users have access to Bitwarden’s own authenticator app. Paid users can also set up advanced multi-factor authentication using a hardware key such as YubiKey or FIDO.

Bitwarden maintains its excellent security reputation by undergoing regular third-party security audits. It’s also open source, which means the code is available for anyone to look at. Having the code publicly available actually makes Bitwarden more secure, because thousands of public eyes can catch bugs and vulnerabilities much more quickly than a select few.

For the extremely security-savvy (or extremely paranoid), Bitwarden can also be self-hosted — instead of relying on Bitwarden’s servers, you can opt to store your Bitwarden-encrypted data on your own server. (A caveat: Storing data on a private server almost certainly won’t be more secure than letting Bitwarden take care of it, so this option is only recommended if you’re very confident in your security knowledge and expertise.)

Bottom Line

Bitwarden is a highly-secure open source password manager that gives you everything you need in a password manager for free. It’s not quite as polished and streamlined as some of its competitors, but if you’re looking for a password manager that will save your passwords and let you access them from anywhere, Bitwarden is, frankly, all you really need. And if you’re looking for more functionality, such as multi-factor authentication and a personal security audit, Bitwarden can give you that for just a fraction of what its competitors charge. Bitwarden’s interface could use some polishing, but most of its quirks are inconveniences you can absolutely live with for the price.