Original author(s) | Kyle Spearrin | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Developer(s) | Bitwarden Inc. | ||||||||||||
Initial release | August 10, 2016 | ||||||||||||
Stable release(s) [±] | |||||||||||||
| |||||||||||||
Repository | github | ||||||||||||
Written in | TypeScript and C# | ||||||||||||
Operating system | Linux, macOS, Windows, Android, iOS, iPadOS, WatchOS, F-Droid | ||||||||||||
Available in | Multilingual | ||||||||||||
Type | Password manager | ||||||||||||
License | Server: AGPL-3.0-only[7] Clients: GPL-3.0-only[7] Some modules: Proprietary[7][8] | ||||||||||||
Website | bitwarden |
Bitwarden is a freemium open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface.[9] Bitwarden offers a free US or European cloud-hosted service as well as the ability to self-host.[10][11][12]
Desktop applications are available for Windows, MacOS, and Linux.[13] Browser extensions include Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Arc, Brave and Tor.[13] Mobile apps for Android, iPhone, and iPad are available.[13]
Client functionalities include 2FA login, passwordless login, biometric unlock, passkey management, random password generator, password strength testing tool, login/form/app autofill, syncing across unlimited platforms and devices, storing unlimited number of items, sharing credentials, and storing a variety of information including credit cards.
Features
- Overall security
- Open-source codebase[13][14]
- Zero-knowledge encryption, i.e., the company can't see the vault contents[13][15]
- End-to-end encryption of the stored vault data[16][17]
- Uses AES-CBC 256-bit to encrypt vault data, and PBKDF2 SHA-256 / Argon2id to derive user's encryption key from the entered password.[17]
- Third-party independent application/code-library/network-infrastructure audits and bug bounty program[13][18][19][15]
- Vault storage
- Cloud synchronization (Microsoft Azure)—with free version being able to sync across unlimited platforms and devices[13][20]
- Can choose either US cloud or European cloud, and migrate between them[11][12]
- Can self-host the Bitwarden server on-premises,[13] or with services such as DigitalOcean[21][22]
- Availability
- Variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface.[9]
- Desktop applications are available for Windows, MacOS, and Linux[13]
- Browser extensions are available for Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave and Tor.[13]
- Mobile apps are available for Android, iPhone, and iPad[13]
- 50+ languages and dialects supported, although not all available for all client apps[23][24]
- Free, premium, 6-user account family plans,[13][25] and business plans are available[18]
- Items
- Items types such as logins, secure notes, credit cards, and identities—which free version can store in an unlimited number.[13][26]
- Passkey registration/login from browser extension[27]
- Items can be organized into folders[18]
- Customizable fields for login/auto-fill[13][18][28]
- 1GB encrypted file attachments and sharing for paid versions[13][18][29][25]
- TOTP / Authenticator function
- TOTP key storage for free version, plus code generator and automatic fill-in for paid customers[18][30]
- Imports/Exports
- Imports from over 50 password managers including Dashlane, Keeper and RoboForm[18]
- Exports into JSON, encrypted JSON, or CSV[18]
- Access
- Biometric unlock[13] via Touch ID, Face ID, Windows Hello, or Android Login with Biometrics[31][32]
- Vault login by Two-factor authentication via FIDO2 WebAuthn, authenticator apps, and email in free version,[31][33][34] with the addition of Duo[35] and YubiKey OTP[36] for paid customers, with recovery code to bypass the step if a 2FA device is unavailable.[18]
- Login with single sign-on[37][38]
- Passwordless login via notification approval on a mobile/desktop[39][40]
- Sharing
- Secure sharing of any texts (free version) including credentials, and files (paid versions) with others via "Send", i.e. sending a URL, via any means, that retrieves the sent information that can have expiration/deletion time, maximum access limit, and password[18][41]
- Use an organization (such as family) and permission-based collections to securely share vault entries: 2 users + 2 collections for free and premium versions, and 6 users + unlimited collections for family plan.[18][25][42]
- Designation of Bitwarden users as emergency contacts (for paid versions) that can request for account access in an emergency[18][43]
- Tools
- Password strength testing tool[16][44]
- Through Have I Been Pwned?, data breach (available in the free version[13]) and Exposed passwords reports[45]
- Exposed, Reused, Weak passwords reports for paid customers[13]
- Others
- Password history, to see the previous passwords for a login[46]
- Autofill credentials/customizable fields into websites and other applications[47]
- Configurable username generator[48][49]
- Configurable password generator[18][50]
- Switch between Bitwarden accounts on a website[13][51]
- Integration with email alias/forwarding services including SimpleLogin, AnonAddy, Firefox Relay,[52][53] Fastmail,[54][55] and DuckDuckGo[56][53]
- Bitwarden is compliant with HIPAA, GDPR, CCPA, SOC 2, SOC 3, and the EU-US and Swiss–US Privacy Shield frameworks.
Reception
In January 2021, in its first password-protection program comparison, U.S. News & World Report selected Bitwarden as "Best Password Manager".[57] In February, with competitor LastPass about to drop a feature in its free version, CNET recommended Bitwarden as the best free app for password synchronization across multiple devices,[58] while Lifehacker recommended it as "the best password manager for most people."[59]
Critics have praised the features offered in the software's free version, and the low price of the premium tier compared to other managers.[58][60][61][62] The product was named the best "budget pick" in a Wirecutter password manager comparison.[45] Bitwarden's secure open-source implementation was also praised by reviewers.[60][63]
However, the software was criticized for its lack of additional features,[60][64] and some reviewers noted its basic and less intuitive interface compared to other password managers.[61]
History
- 2016-2017
Bitwarden debuted in August 2016 with an initial release of mobile applications for iOS and Android, browser extensions for Chrome and Opera, and a web vault. The browser extension for Firefox was later launched in February 2017.[65] In February 2017, the Brave web browser began including the Bitwarden extension as an optional replacement password manager.[66]
In September 2017, Bitwarden launched a bug bounty program at HackerOne.[19][15]
- 2018
In January 2018, the Bitwarden browser extension was adapted to and released for Apple's Safari browser through the Safari Extensions Gallery.[67]
In February 2018, Bitwarden debuted as a stand-alone desktop application for macOS, Linux, and Windows. It was built as a web app variant of the browser extension and delivered on top of Electron.[68] The Windows app was released alongside the Bitwarden extension for Microsoft Edge in the Microsoft Store a month later.[69][70]
In March 2018, Bitwarden's web vault was criticized for embedding unconstrained third-party JavaScript from BootstrapCDN, Braintree, Google, and Stripe. These embedded scripts could pose as an attack vector to gain unauthorized access to Bitwarden users' passwords.[71] These third-party scripts were removed as part of the Bitwarden 2.0 Web Vault update, released in July 2018.[72]
In May 2018, Bitwarden released a command-line application enabling users to write scripted applications using data from their Bitwarden vaults.[9][73][74]
In June 2018, Cliqz performed a privacy and security review of the Bitwarden for Firefox browser extension and concluded that it would not negatively impact their users. Following the review, Bitwarden was made available as an optional password manager in the Cliqz web browser.[75]
In October 2018, Bitwarden completed a security assessment, code audit, and cryptographic analysis from third-party security auditing firm Cure53.[76][77][78][79]
- 2020
In July 2020, Bitwarden completed another security audit from security firm Insight Risk Consulting to evaluate the security of the Bitwarden network perimeter as well as penetration testing and vulnerability assessments against Bitwarden web services and applications.
In August 2020, Bitwarden achieved SOC 2 Type 2 and SOC 3 certification.[80][81]
In December 2020, Bitwarden announced that it was HIPAA compliant[82] in addition to already being GDPR, CCPA, and Privacy Shield[83] compliant.[84]
- 2021
In August 2021, Bitwarden announced that network assessment (security assessment and penetration testing) for 2021 had been completed by the firm Insight Risk Consulting.[18][85]
- 2022
In September 2022, the company announced $100M series B financing; the lead investor was PSG, with the existing investor, Battery Ventures, participating.[86][87] The investment would be used to accelerate product development and company growth to support its users and customers worldwide.[86][87]
- 2023
In January, Bitwarden announced the acquisition of Swedish startup Passwordless.dev for an undisclosed amount.[88] Passwordless.dev provided an open source solution allowing developers to easily implement passwordless authentication based on the standards WebAuthn and FIDO2.[88][89] Bitwarden also launched a beta software service allowing third-party developers the use of biometric sign-in technologies including Touch ID, Face ID and Windows Hello in their apps.[88]
In February, Bitwarden published network security assessment and security assessment reports that were conducted by Cure53 in May and October 2022 respectively.[90] The first related to penetration testing and security assessment across Bitwarden IPs, servers, and web applications.[91] The second related to penetration testing and source code audit against all Bitwarden password manager software components, including the core application, browser extension, desktop application, web application, and TypeScript library.[92] Ghacks reported that "No critical issues were discovered during the two audits. Two security issues that Cure53 rated high were discovered during the source code audit and penetration testing. These were fixed quickly by Bitwarden and the third-party HubSpot. All other issues were either rated low or informational only."[93]
See also
References
- ↑ "Bitwarden Password Manager - Apps on Google Play". play.google.com.
- ↑ "Bitwarden Password Manager". App Store.
- ↑ Releases · bitwarden/desktop · GitHub, Bitwarden
- ↑ Releases · bitwarden/cli · GitHub, Bitwarden
- ↑ Releases · bitwarden/browser · GitHub, Bitwarden
- ↑ Releases · bitwarden/server · GitHub, Bitwarden
- 1 2 3 "LICENSE_FAQ.md". GitHub. 22 November 2021.
- ↑ "Bitwarden License Agreement". GitHub. 22 November 2021.
- 1 2 3 Wallen, Jack (31 May 2018). "How to install and use the Bitwarden command line password manager". TechRepublic.
- ↑ "Bitwarden password manager review". TechRadar. 2 November 2022. Archived from the original on 8 September 2022.
- 1 2 "How to migrate your Bitwarden vaults from US to EU storage". ghacks.net. 27 July 2023. Archived from the original on 27 July 2023.
- 1 2 "Server Geographies". Bitwarden. Archived from the original on 26 July 2023. Retrieved 28 July 2023.
- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 "Bitwarden Review: The Best Free Password Manager for 2022". CNet. 1 May 2022. Archived from the original on 7 September 2022.
- ↑ "Bitwarden on GitHub". GitHub. Retrieved 28 June 2018.
- 1 2 3 "Compliance, Audits, and Certifications". Bitwarden. Archived from the original on 22 June 2022. Retrieved 9 September 2022.
- 1 2 "Bitwarden review: how good & safe is it?". Cybernews. 3 August 2022. Archived from the original on 7 April 2022.
- 1 2 "Encryption | Bitwarden Help & Support". Bitwarden. Archived from the original on 22 February 2023. Retrieved 22 February 2023.
- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 "Bitwarden Review". PCMag. 15 March 2022. Archived from the original on 18 August 2022.
- 1 2 "Bitwarden". hackerone.com. Retrieved 14 September 2022.
- ↑ "Sync your Vault | Bitwarden Help & Support". bitwarden.com. Retrieved 26 September 2021.
- ↑ "All Categories > Security > Bitwarden". marketplace.digitalocean.com. Retrieved 11 September 2022.
- ↑ "Self-hosting Bitwarden on DigitalOcean". The Bitwarden Blog. 19 April 2022. Archived from the original on 17 June 2022.
- ↑ "Bitwarden Expands Enterprise Offering With SCIM Support for Directory Integration". businesswire. 17 August 2022. Archived from the original on 29 August 2022.
- ↑ "Localization". Bitwarden. Archived from the original on 10 September 2022. Retrieved 10 September 2022.
- 1 2 3 "Personal: Choose the plan that fits your needs". Bitwarden. Archived from the original on 6 September 2022. Retrieved 9 September 2022.
- ↑ "Store Secure Notes, Credit Cards, & Identities In Your Bitwarden Vault | Bitwarden". Bitwarden Blog. Retrieved 26 September 2021.
- ↑ Kingsley-Hughes, Adrian (8 November 2023). "Bitwarden rolls out passkeys management to all users, including free accounts". ZDNET. Archived from the original on 9 November 2023.
- ↑ "Easier than Ever: Create Custom Fields in a few Clicks". Bitwarden. 6 October 2021. Archived from the original on 20 October 2021.
- ↑ "Using file attachments". Bitwarden Help Center. Retrieved 28 June 2018.
- ↑ "Bitwarden Authenticator (TOTP) | Bitwarden Help & Support". bitwarden.com. Retrieved 26 September 2021.
- 1 2 "Bitwarden and the Passwordless Revolution". Bitwarden. 17 July 2022. Archived from the original on 6 September 2022.
- ↑ "Unlock with Biometrics | Bitwarden Help & Support". bitwarden.com. Retrieved 26 September 2021.
- ↑ "Two-step Login via FIDO2 WebAuthn". Bitwarden. Archived from the original on 21 September 2023.
- ↑ "FIDO2 WebAuthn 2FA now in all Bitwarden plans including free!". The Bitwarden Blog. 27 September 2023. Archived from the original on 29 September 2023.
- ↑ "Ready Partners". Duo Security. Retrieved 26 November 2018.
- ↑ "Bitwarden Premium". Yubico. Retrieved 26 November 2018.
- ↑ "Bitwarden Launches Free Families Program for Enterprise Users". businesswire. 14 December 2021. Archived from the original on 1 July 2022.
- ↑ "Bitwarden launches SSO authentication to integrate password security with identity providers". Bitwarden Blog. 30 September 2020. Archived from the original on 27 April 2022.
- ↑ "Bitwarden Review". Trusted Reviews. 5 September 2023. Archived from the original on 10 September 2023.
- ↑ "Access Your Bitwarden Vault Without a Password". The Bitwarden Blog. 23 February 2023. Archived from the original on 31 July 2023.
- ↑ "About Send". Bitwarden. Archived from the original on 27 April 2022. Retrieved 10 September 2022.
- ↑ "Sharing". Bitwarden. Archived from the original on 10 June 2022. Retrieved 9 September 2022.
- ↑ "Emergency Access". Bitwarden. Archived from the original on 6 June 2022. Retrieved 9 September 2022.
- ↑ "Password Strength Testing Tool". Bitwarden.
- 1 2 "The Best Password Managers". The New York Times. 5 February 2021. ISSN 0362-4331. Retrieved 6 May 2021.
- ↑ "General FAQs | Bitwarden Help & Support". bitwarden.com. Retrieved 26 September 2021.
- ↑ "Auto-fill logins using the browser extension". Bitwarden Help Center. Retrieved 28 June 2018.
- ↑ "Bitwarden Rolls Out New Username Generator to All Users". businesswire. 27 April 2022. Archived from the original on 11 June 2022.
- ↑ "Username & Password Generator | Bitwarden Help & Support". Bitwarden.
- ↑ "Strong Password Generator". Bitwarden.
- ↑ "Account Switching: Phased Rollout for Bitwarden Clients". Bitwarden. 29 March 2022. Archived from the original on 31 March 2022.
- ↑ "Bitwarden's username generator now supports SimpleLogin, AnonAddy, and Firefox Relay email alias services". Ghacks Technology News. ghacks.net. 2 June 2022. Archived from the original on 7 June 2022.
- 1 2 "Add Privacy and Security Using Email Aliases With Bitwarden". The Bitwarden Blog. 18 October 2022. Archived from the original on 26 November 2022.
- ↑ "Masked Email Now in More Places With Bitwarden Integration". Fastmail. 13 September 2022. Archived from the original on 14 September 2022.
- ↑ "Use Bitwarden to Generate Email Aliases with Fastmail". The Bitwarden Blog. 13 September 2022. Archived from the original on 13 September 2022.
- ↑ "The wait is over: DuckDuckGo for Mac beta now open to the public!". Spread Privacy. 22 October 2022. Archived from the original on 23 November 2022.
- ↑ Kinney, Jeff (12 January 2021). "Best Password Managers of 2021". U.S. News & World Report. Archived from the original on 15 January 2021.
- 1 2 Broida, Rick. "This is the best free password manager alternative to LastPass". CNET. Retrieved 17 February 2021.
- ↑ Murphy, David (18 February 2021). "Bitwarden Is Now the Best Free Alternative to LastPass". Lifehacker. Retrieved 19 February 2021.
- 1 2 3 Long, Emily (22 April 2021). "Bitwarden password manager review". Tom's Guide. Archived from the original on 24 April 2021. Retrieved 6 May 2021.
- 1 2 Lamont, Jonathan (2 August 2020). "Bitwarden offers excellent password management tools with great value". MobileSyrup. Retrieved 6 May 2021.
- ↑ Pathak, Khamosh (27 February 2021). "Bitwarden Is the Best Free Alternative to LastPass". How-To Geek. Retrieved 6 May 2021.
- ↑ Pathak, Khamosh (27 February 2021). "Bitwarden Is the Best Free Alternative to LastPass". How-To Geek. Retrieved 6 May 2021.
- ↑ Rubenking, Neil J. (19 June 2019). "Bitwarden Review". PCMAG. Archived from the original on 7 February 2020. Retrieved 6 May 2021.
- ↑ "Bitwarden: Add-ons for Firefox". Mozilla. Retrieved 26 November 2018.
- ↑ "Brave Features". Brave Software. Retrieved 27 July 2018.
- ↑ "Safari Extensions Gallery". Apple, Inc. Archived from the original on 27 November 2018. Retrieved 26 November 2018.
- ↑ Brinkmann, Martin (1 March 2018). "Bitwarden Desktop App released". Ghacks Technology News. gHacks Tech News. Retrieved 29 July 2018.
- ↑ Stephenson, Brad (26 April 2018). "Password manager Bitwarden launches in the Microsoft Store". OnMsft. Retrieved 29 July 2018.
- ↑ Thorp-Lancaster, Dan (11 September 2017). "Bitwarden password manager extension comes to Microsoft Edge". Windows Central. Retrieved 29 July 2018.
- ↑ Daniel, Aleksandersen (13 March 2018). "Why I migrated from LastPass to Bitwarden". Ctrl blog. Retrieved 26 August 2019.
- ↑ Daniel, Aleksandersen (13 March 2018). "Update after 3 months with Bitwarden". Ctrl blog. Retrieved 26 August 2019.
- ↑ "Bitwarden/cli v1.0.0". GitHub. 23 May 2013. Archived from the original on 11 March 2022.
- ↑ "The Bitwarden Command-line Tool". Bitwarden Blog. 12 November 2018. Archived from the original on 24 May 2018. Retrieved 26 November 2018.
- ↑ Greif, Björn (6 June 2018). "Password manager Bitwarden now available in Cliqz Browser". Cliqz blog. Retrieved 29 July 2018.
- ↑ "Bitwarden Completes Third-party Security Audit". Bitwarden Blog. 12 November 2018. Archived from the original on 12 November 2018. Retrieved 26 November 2018.
- ↑ "Results of Bitwarden security audit published". Ghacks Technology News. gHacks Tech News. 13 November 2018. Retrieved 26 November 2018.
- ↑ "Bitwarden Passes Third Party Security Audit". the Mac Observer. 12 November 2018. Retrieved 26 November 2018.
- ↑ Cure53; Heiderich, Mario; Inführ, Alex; Kobeissi, Nadim; Hippert, Norman; Kinugawa, Masato (8 November 2018). "Pentest-Report Bitwarden Password Manager 11.2018" (PDF). Cure53. Archived (PDF) from the original on 26 May 2019. Retrieved 2 March 2021.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - ↑ AuditOne LLP. (21 August 2020). "System and Organization Controls 3 (SOC 3) Report on the Bitwarden Inc. Password Management System Relevant to Security and Confidentiality For the Period January 1, 2020 - June 30, 2020" (PDF) (Audit Report). AuditOne LLP. Archived (PDF) from the original on 19 September 2020. Retrieved 2 March 2021 – via BitWarden LLC.
- ↑ "Bitwarden achieves SOC 2 certification". Bitwarden Blog. 25 August 2020. Retrieved 25 August 2020.
- ↑ "Why use a HIPAA-compliant password manager". Bitwarden Blog. 7 December 2020. Archived from the original on 19 October 2021. Retrieved 30 December 2020.
- ↑ "Privacy Shield: Bitwarden Inc". Privacy Shield Network. International Trade Administration. 5 December 2020. Archived from the original on 11 September 2022. Retrieved 2 March 2021.
- ↑ "Privacy Policy". Bitwarden. Retrieved 3 March 2021.
- ↑ "Bitwarden 2020 and 2021 Security Audits are Complete". The Bitwarden Blog. 2 August 2021. Archived from the original on 18 August 2022.
- 1 2 "Bitwarden Announces $100 Million Growth Investment Led by PSG to Further its Mission to Empower Businesses and Individuals to Stay Safe Online". Business Wire. 6 September 2022. Archived from the original on 8 September 2022.
- 1 2 Crandell, Michael (6 September 2022). "Bitwarden announces $100 million financing". Archived from the original on 7 September 2022.
- 1 2 3 "Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords". Techcrunch. 18 January 2023. Archived from the original on 18 January 2023.
- ↑ "Bitwarden extends passwordless leadership with acquisition". Bitwarden. 18 January 2023. Archived from the original on 19 January 2023.
- ↑ Spearrin, Kyle (28 February 2023). "Bitwarden Upholds High Security Standards with Annual Third-Party Audits". The Bitwarden Blog. Archived from the original on 1 March 2023.
- ↑ "Bitwarden Network Security Assessment Report" (PDF). Bitwarden. Archived (PDF) from the original on 2 March 2023.
- ↑ "Bitwarden Security Assessment Report" (PDF). Bitwarden. Archived (PDF) from the original on 2 March 2023.
- ↑ "Bitwarden passes annual security audit with flying colors". ghacks.net. 1 March 2023. Archived from the original on 2 March 2023.
External links
- Official website
- Bitwarden Password Manager Add-ons for Firefox
- Bitwarden - Chrome Web Store
- Bitwarden - Microsoft Edge Addons
- Bitwarden extension - Opera add-ons
- Installing Bitwarden on Raspberry Pi using Docker