Friday, October 4, 2024
REVIEWS SECURITY

Bitwarden Review

Bitwarden Review

Most free password managers are only free up to a point. Typically, they restrict the number of passwords that can be saved or devices that can be synced for free users. Bitwarden bucks that trend, letting you save unlimited vault items and sync your vault across all your devices without spending a penny. There’s also a paid version that includes extra, but not trivial security features, which costs only $10 a year. There are some tradeoffs for that affordability—Bitdwarden isn’t as polished or turnkey as some of its more well-known competitors, and we ran into some issues using its browser extension. But, overall, it’s a good option for users on a budget, and the best option among free password managers.

Setting up Bitwarden

To start using Bitwarden, you first have to register an account. You’ll be asked to enter your email and create a master password. This password has to be strong enough to safeguard all your other passwords but simple enough to remember so you don’t get locked out of your vault. Bitwarden helps with the first part by rating your master password as weak, good, or strong as you create it. It not only looks for password length and a good mix of letters, numbers, and characters, it will also ding you for passwords using easily crackable phrases like “ABC123” even if they meet all the length and character-mix requirements.

Bitwarden allows you to import passwords from more than 50 other password managers and web browsers including LastPass, Keeper, 1Password, Dashlane, Firefox, and Chrome. All the available import options are presented in a drop-down menu in the Tools section of your vault, and each helpfully lists the type of file (json, csv, xml, etc.) you need to export from that tool to import into Bitwarden.

Bitwarden can store login credentials, credit card numbers, personal identification, and secure notes.

You can create and edit password entries using Bitwarden’s web interface, desktop apps, or browser extension. The web and desktop layouts are nearly identical, with your vault entries listed in the center and a menu running down the left sidebar. From the menu, you can sort entries by type—password, card, identity, or secure note—or by favorites. At the bottom of the menu is an option to organize your entries into folders. Unfortunately, the folder needs to be created ahead of time and each entry added manually—drag-and-drop is not supported.

The browser extension simplifies the layout while providing most of the same tools and features. It allows you to filter, sort, and share entries; generate passwords; import items from other tools; and more.

Most of the paid password managers I’ve used walk you through the process of installing the browser extension, creating your first vault entry, adding your personal information for auto form filling, and other tasks to get the tool ready to use. Bitwarden doesn’t offer any prompts, which meant I had to invest considerable time first exploring the interface and intuiting how to do those things I just mentioned, and then more time actually doing them. Ultimately, it doesn’t affect the utility of the tool, but it’s a little disorienting if you’re used to the friendly onboarding of managers like Keeper and LastPass.

Bitwarden’s Send feature allows vault owners to securely share text and files with other people even they’re not Bitwarden users.

Capturing and replaying passwords

One of the perks of password managers is their ability to automatically capture your credentials the first time you log in to a site and replay them each time you return. Bitwarden was inconsistent about this. When it worked, a message box slid out asking if I wanted to save the website credentials I just entered, and I just had to click a button to confirm. But often it didn’t offer to save my credentials at all, even though these were common commercial sites that other password managers I’ve used have no problems with.

When Bitwarden does capture your login credentials, it can automatically fill them in the next time you return to the site. The mechanics are much like any other password manager. When Bitwarden recognizes the site, it surfaces the associated credentials in the browser extension and login fields, and you just click to enter them. Alternately, you can launch a website from the browser extension by searching for the appropriate entry in your vault and clicking it.

Security features

Saving your login credentials and other important information in one place is just part of a password manager’s job. It also needs to secure them. Bitwarden does this in a few ways.

Bitwarden’s password generator can create passwords up to 128 characters long out of letters, numbers, and special characters.

The first is through two-factor authentication (2FA). By requiring a second form of identification for logins, you dramatically reduce the likelihood someone can access your vault even if they get ahold of your master password. Users of Bitwarden’s free version can use 2FA codes from authenticator apps such as Google Authenticator and Authy or receive them via email. The premium version of Bitwarden supports additional 2FA methods including YubiKey, FIDO2 WebAuthn-enabled security keys, and the Duo security platform.

Bitwarden also allows you to share passwords and other information securely with a feature called Send. It forwards an encrypted link to the recipient, who can access its content whether or not they’re a Bitwarden user. Free users can only share text notes but premium users can share any type of file. When you prepare to send a note or file, you can set expiration and deletion dates, limit how many people can access it, and require a password. Premium Bitwarden users can also invite emergency contacts to access their vault under specific conditions.

Finally, Bitwarden helps assure the strength of the passwords themselves through analysis and reporting. These tools look for weak and reused passwords as well as those exposed in a breach. They also uncover any URLs in your vault that don’t use TLS/SSL encryption, any passwords that support 2FA but aren’t currently using it, and any personal data that’s turned up in a data breach. To see what Bitwarden has turned up in your vault, you just go to the Tools menu and select one of the six reports: Exposed Passwords, Reused Passwords, Weak Passwords, Unsecured Websites, Inactive 2FA, and Data Breach. All of these, except for the last, are reserved for paid users and all can only be accessed from the web interface.

Verdict

Mentioned in this article


LastPass

Bitwarden isn’t the most user-friendly password manager. It requires considerable time and manual effort upfront to set it up, particularly since it has trouble capturing and filling credentials consistently. But its generous free plan will make it an appealing option for a lot of users. Its premium plan is also budget-friendly, but if you’re willing to open your wallet you’ll get more advanced features and a better experience spending a little more on a paid password manager like LastPass, Dashlane, or Keeper.

Similar Posts