Expert's Rating
Pros
- Free plan offers unlimited vault entries and device syncing
- Paid plan is 70% cheaper (or more!) than rival services
- Supports two-factor authentication
- Send feature allows you to securely share notes and files with others
Cons
- Has occasional trouble capturing and filling credentials on websites
- Requires more manual setup than many paid password managers
Our Verdict
Bitwarden’s generous free plan and extremely affordable paid plan make it a good option for users on a budget. However, if you prefer a polished experience and even more features, you’ll need to look at other paid password managers.
Best Prices Today: Bitwarden
Bitwarden is the rare free password manager that doesn’t impose heavy restrictions on users. Most free password managers limit the number of passwords that can be saved or devices that can be synced for free users. Bitwarden bucks that trend, letting you save unlimited vault items and sync your vault across all your devices without spending a penny. There’s also a paid version that includes valuable security features and costs only $10 a year. There are some tradeoffs for that affordability—Bitwarden isn’t as polished or turnkey as some of its more well-known competitors, and we ran into some issues using its browser extension. But, overall, it’s a solid option for users on a budget, and the best option among free password managers.
Note: Learn more about all the password managers we’ve tested, including the most popular paid options, in our best password managers roundup. This particular service was first reviewed in July 2021, and was most recently re-reviewed in August 2022.
Setting up Bitwarden
To start using Bitwarden, you first have to register an account. You’ll be asked to enter your email and create a master password. This password has to be strong enough to safeguard all your other passwords but simple enough to remember so you don’t get locked out of your vault. Bitwarden helps with the first part by rating your master password as weak, good, or strong as you create it. It not only looks for password length and a good mix of letters, numbers, and characters, it will also ding you for passwords using easily crackable phrases like “ABC123” even if they meet all the length and character-mix requirements.
No matter what you choose for your master password, be sure you can remember it. Unlike many other password managers, Bitwarden does not offer password recovery or resets. The closest safeguard is having an emergency contact (which you have to set up in advance) access your vault for you, which is an option only available to paid users.
After your account is set up, Bitwarden allows you to import passwords from more than 50 other password managers and web browsers including LastPass, Keeper, 1Password, Dashlane, Firefox, and Chrome. All the available import options are presented in a drop-down menu in the Tools section of your vault, and each helpfully lists the type of file (json, csv, xml, etc.) you need to export from that tool to import into Bitwarden.
You can create and edit password entries using Bitwarden’s web interface, desktop and mobile apps, or browser extension. The web and desktop layouts are nearly identical, with your vault entries listed in the center and a menu running down the left sidebar. From the menu, you can sort entries by type—password, card, identity, or secure note—or by favorites. You can also search for entries. However, missing across all platforms is the ability to sort by recently created or recently modified, which can be helpful for quickly re-accessing a just-used password or if you typo’d when creating an entry.
At the bottom of the menu is an option to organize your entries into folders. Unfortunately, the folder needs to be created ahead of time and each entry added manually for optimal organization. Otherwise, you’ll have to open and edit each entry to change the folder it lives in.
The browser extension simplifies the layout while providing most of the same tools and features. It allows you to filter, sort, and share entries; generate passwords; import items from other tools; and more.
Learning the ins and outs of all these interfaces is all on you. Bitwarden doesn’t offer an initial walkthrough when you first use the service. Most paid password managers walk you through the process of installing the browser extension, creating your first vault entry, adding your personal information for auto form-filling, and other tasks to get the tool ready to use. Ultimately, this self-driven learning process doesn’t affect the utility of the tool, but it’s a little disorienting if you’re new to password managers or accustomed to the friendly onboarding of managers like Keeper and LastPass.
Bitwarden’s Send feature allows vault owners to securely share text and files with other people even if they’re not Bitwarden users.
PCWorld
Capturing and replaying passwords
One of the perks of password managers is their ability to automatically capture your credentials the first time you log in to a site and replay them each time you return. Bitwarden isn’t 100 percent consistent about this, but generally reliable and much improved compared to when we last tested the service.
A message box will slide down from the top of the browser window and ask if you want to save the website credentials just entered. You just have to click a button to confirm. Afterward, it can automatically fill them in the next time you return to the site. The mechanics are much like any other password manager. When Bitwarden recognizes the site, it surfaces the associated credentials in the browser extension and login fields, and you just click to enter them. Alternately, you can launch a website from the browser extension by searching for the appropriate entry in your vault and clicking it.
Security features
Saving your login credentials and other important information in one place is just part of a password manager’s job. It also needs to secure them. Bitwarden does this in a few ways.
Bitwarden’s password generator can create passwords up to 128 characters long out of letters, numbers, and special characters.
PCWorld
The first is through two-factor authentication (2FA). By requiring a second form of identification when logging into Bitwarden, you dramatically reduce the likelihood someone can access your vault even if they get ahold of your master password. Users of Bitwarden’s free version can use 2FA codes from authenticator apps such as Google Authenticator and Authy or receive them via email. The premium version of Bitwarden supports additional 2FA methods including YubiKey, FIDO2 WebAuthn-enabled security keys, and the Duo security platform.
You also have the ability to create more secure logins when signing up for accounts. In addition to random password generation, Bitwarden now can generate random usernames and has full integration with masked email services. This feature makes using a random username or random email address for logging in very simple. Premium users also can choose to set up 2FA for other websites (e.g., Amazon, Microsoft, etc.) as part of a vault entry—a convenience that provides a halfway compromise between fortified login info and best security practices.
Earlier in 2022, Bitwarden released a feature update to its generator tool, adding random username creation and integration with masked email services.
PCWorld
Sharing passwords and other information securely can be done through a Bitwarden feature called Send. It forwards an encrypted link to the recipient, who can access its content whether or not they’re a Bitwarden user. Free users can only share text notes but premium users can share any type of file. (Premium users also get up to 1GB of encrypted storage space for files.) When you prepare to send a note or file, you can set expiration and deletion dates, limit how many people can access it, and require a password. Premium Bitwarden users can also invite emergency contacts to access their vault under specific conditions.
Finally, Bitwarden helps assure the strength of the passwords themselves through analysis and reporting. These tools look for weak and reused passwords as well as those exposed in a breach. They also uncover any URLs in your vault that don’t use TLS/SSL encryption, any passwords that support 2FA but aren’t currently using it, and any personal data that’s turned up in a data breach. To see what Bitwarden has turned up in your vault, you just go to the Tools menu and select one of the six reports: Exposed Passwords, Reused Passwords, Weak Passwords, Unsecured Websites, Inactive 2FA, and Data Breach. All of these, except for the last, are reserved for paid users and all can only be accessed from the web interface.
Verdict
Bitwarden’s interface may feel no-frills compared to its paid rivals, but this service offers all the key features you need from a password manager. Its free plan is generous, and upgrading for paid features is ultra affordable. You can get a friendlier user interface and a few more features in a competitor like LastPass, Dashlane, or Keeper, but you’ll also spend more, too.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, this review is subject to change in order to accurately reflect the current state of the service. Any changes to text or our final review verdict will be noted at the top of this article.