Bitwarden: The Secure, Open Source Password Manager You're Looking For

I was recently looking to migrate my passwords to an open source, cross platform password manager that sync passwords but also allows accessing passwords offline, and I discovered Bitwarden, which is advertised as an "open source password management solution for individuals, teams, and business organizations".

After using it for about a week, I can tell you that Bitwarden is probably the best open source alternative to LastPass. It comes with browser support, cloud password (as well as notes and credit card information) synchronization, 2FA, can be self hosted, it's cross-platform, and easy to use.

Bitwarden password manager linux desktop
Bitwarden desktop app

Bitwarden features:
  • store not only passwords but also secure notes, credit cards and identities
  • supports two-step authentication (2FA)
  • built-in password generator
  • store unlimited items
  • sync across all devices with no limits
  • passwords import and export functionality (supports importing from a large list of password managers, including 1Password, Chrome, Enpass, Firefox, Opera, Vivaldi, Gnome / Seahorse, KeepassX and 2, Lastpass, and others)
  • form fill on browsers, including on mobile
  • optional: self-host your own server
  • open source

Bitwarden firefox linux
Bitwarden Firefox extension

Bitwarden offers mobile apps, browser extensions, and a web vault, along with a desktop application which works offline, so you can access your passwords even if you're not connected to the Internet, a feature which is a big plus for me.

Here is a list of all the Bitwarden applications / ways of accessing your Bitwarden stored passwords (and notes or credit card info):
  • Desktop applications for Windows, macOS and Linux (does not require an Internet connection to access passwords)
  • Web browser extension for Google Chrome, Mozilla Firefox, Vivaldi, Tor Browser, Opera, Safari, Microsoft Edge, and Brave
  • Mobile applications for Android and iOS
  • Web vault, accessible with any web browser

A command line Bitwarden vault is also planned for the future. Update: Bitwarden Password Manager Adds Command Line Vault

As for encryption, all the data stored is fully encrypted before it leaves your device. Bitwarden seals everything with end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256 . For more information about Bitwarden security, check out this page.

Bitwarden has yet to undergo an audit because a "Proper audit is fairly expensive to have performed. We're still in heavy development mode in various areas of the codebase and having an audit on something that is still in flux would be a waste of time and money". A formal audit may come later this year though. Update: Bitwarden has been audited - you can check out the complete Bitwarden Security Assessment Report by downloading the PDF at the end of this article.

For synchronization, Bitwarden can either use the Bitwarden cloud, hosted by Bitwarden, or you can host the server yourself. Bitwarden cloud is free for personal use, while there are also paid account for teams and enterprise. 

Using the Bitwarden cloud solution is the most convenient approach, but even though the server itself (like all the Bitwarden components) is free and open source software, and the passwords are encrypted, you may still not want to hand over your (encrypted) passwords to some company. For such cases, you can go the "host your own Bitwarden" way and host the server yourself. To make this easy, Bitwarden provides instructions on how to set everything up using Docker, on Linux, MacOS and Windows

While it's not the purpose of this article, I should mention that Bitwarden offers some extra features for business, like sharing logins, user groups, secure file storage and so on.

Download Bitwarden

See how to host your own Bitwarden server and check out its source on GitHub.

You may also want to create a Bitwarden account or check its documentation.