Bitwardenis afreemiumopen-sourcepassword management servicethat is used to store sensitive information, such as website credentials, in anencryptedvault.
![]() | |||||||||||||
![]() Bitwarden Desktop Client 2024.12.1 | |||||||||||||
Original author(s) | Kyle Spearrin | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Developer(s) | Bitwarden Inc. | ||||||||||||
Initial release | August 10, 2016 | ||||||||||||
Stable release(s)[±] | |||||||||||||
| |||||||||||||
Repository | github | ||||||||||||
Written in | TypeScript,C#,andRust | ||||||||||||
Operating system | Linux,macOS,Windows,Android,iOS,iPadOS,WatchOS | ||||||||||||
Available in | Multilingual | ||||||||||||
Type | Password manager | ||||||||||||
License | Server:AGPL-3.0-only[7] Clients:GPL-3.0-only[7] Some modules:Proprietary[7][8] | ||||||||||||
Website | bitwarden |
Functionalities
editBitwarden useszero-knowledge encryption,meaning the company can't see its users' data. This is achieved byend-to-end encryptingvault data withAES-CBC256-bit and by usingPBKDF2SHA-256/Argon2idto derive the encryption key.[9][10]
Client functionalities include2FAlogin,passwordless login,biometricunlock,passkey management,arandom password generator,apassword strengthtesting tool, login/form/appautofill,the ability to sync across unlimited platforms and devices, storage of an unlimited number of items, and storing a variety of information includingcredit cards.
Inside the vault, a user can save logins (usernameandpasswordcombination, passkeys andTOTPseeds), cards (debit and credit), identities (billing data and other information concerning an individual) and secure notes (free-form text). Furthermore, each item type can be extended by custom fields and file attachments, which are restricted by file size depending on the subscription plan.[11][12]
Bitwarden supports the import of data from more than 50 password managers, includingLastPass,1PasswordandKeeper.For the export of data, JSON, encrypted JSON and CSV are available.[13]
To login a user can, in addition to an email-address and password combination, also use biometric authentication, two-factor authentication,single sign-onand passwordless login via notification approval on a mobile/desktop device.[11][14][15]
Besides the managing of passwords, Bitwarden also provides other tools, e.g. a password strength tester, a password/username generator, integrations withemail aliasservices and a feature called "Send".[16][17][18]
"Send" allows users to share end-to-end encrypted texts (free version) and files (paid versions) with others. For each item, an expiration date, a maximum access limit and a password can optionally be specified.[19]
Availability
editThe platform hosts multiple client applications, including aweb interface,desktop applications,browser extensions,mobile apps,and acommand-line interface.[20]
Bitwarden can be operated on web interfaces, desktop applications (Windows,MacOS,andLinux), browser extensions (Chrome,Firefox,Safari,Edge,Opera,Vivaldi,Arc,BraveandTor), or mobile apps (Android,iOS,iPadOSandwatchOS).[11]
50 languages and dialects are supported, although not all of them are available on all clients.[21]
The platform offers a free US or Europeancloud-hostedsynchronisation service, as well as the ability toself-host.[22][23][24][25]
Compliance
editBitwarden's codebases of the PC clients, the mobile apps, and the server areopen-source.[26]
In August 2020, Bitwarden achievedSOC 2 Type 2and SOC 3 certification.[27][28]
Bitwarden is compliant withHIPAA[29],GDPR,CCPA,SOC 2,SOC 3,and theEU-USand Swiss–US Privacy Shield[30]frameworks.[31][32]
Previous audits
editThird-party security audits are conducted annually and avulnerability disclosure programis also established.[33][31]
In June 2018,Cliqzperformed a privacy and security review of the Bitwarden for Firefox browser extension and concluded that it would not negatively impact their users.[34]
In October 2018, Bitwarden completed a security assessment,code audit,and cryptographic analysis from third-party security auditing firmCure53.[35][36][37][38]
In July 2020, Bitwarden completed another security audit from security firm Insight Risk Consulting to evaluate the security of the Bitwarden network perimeter as well as penetration testing and vulnerability assessments against Bitwarden web services and applications.
In August 2021, Bitwarden announced that network assessment (security assessment and penetration testing) for 2021 had been completed by the firm Insight Risk Consulting.[13][39]
In February, Bitwarden published network security assessment and security assessment reports that were conducted byCure53in May and October 2022 respectively.[40]
The first related to penetration testing and security assessment across Bitwarden IPs, servers, and web applications.[41]
The second related to penetration testing and source code audit against all Bitwarden password manager software components, including the core application, browser extension, desktop application, web application, and TypeScript library.[42]
"No critical issues were discovered during the two audits. Two security issues that Cure53 rated high were discovered during the source code audit and penetration testing. These were fixed quickly by Bitwarden and the third-partyHubSpot.All other issues were either rated low or informational only. "
Reception
editIn January 2021, in its first password-protection program comparison,U.S. News & World Reportselected Bitwarden as "Best Password Manager".[44]
In February 2021, with competitorLastPassabout to remove a feature from its free version,CNETrecommended Bitwarden as the best free app for password synchronization across multiple devices,[45]whileLifehackerrecommended it as "the best password manager for most people."[46]
Critics have praised the features offered in the software's free version, and the low price of the premium tier compared to other managers.[45][47][48][49]The product was named the best "budget pick" in aWirecutterpassword manager comparison.[50]Bitwarden's secure open-source implementation was also praised by reviewers.[47][51]
Nevertheless,Tom's guidefound some features to be less intuitive than they could be,[47]whilePC Magazinecriticized the high price of the business tier.[52]Mobilesyrupwas disappointed by the simplistic graphics of the user interface, and felt that it was missing a few features found in competitors' offerings.[48]
History
edit2016–2017
editBitwarden debuted in August 2016 with an initial release of mobile applications foriOSandAndroid,browser extensions forChromeandOpera,and a web vault.
The browser extension forFirefoxwas later launched in February 2017.[53]
In February 2017, theBrave web browserbegan including the Bitwarden extension as an optional replacement password manager.[54]
In September 2017, Bitwarden launched abug bounty programatHackerOne.[33][31]
2018
editIn January 2018, the Bitwarden browser extension was adapted to and released for Apple'sSafaribrowser through the Safari Extensions Gallery.[55]
In February 2018, Bitwarden debuted as a stand-alone desktop application formacOS,Linux,andWindows.It was built as a web app variant of the browser extension and delivered on top ofElectron.[56]The Windows app was released alongside the Bitwarden extension forMicrosoft Edgein theMicrosoft Storea month later.[57][58]
In May 2018, Bitwarden released acommand-lineapplication enabling users to write scripted applications using data from their Bitwarden vaults.[20][59][60]
In June 2018, following a review, Bitwarden was made available as an optional password manager in theCliqzbrowser.[34]
2022
editIn September 2022, the company announced $100Mseries B financing;the lead investor was PSG, with the existing investor,Battery Ventures,participating.[61][62]
The investment would be used to accelerateproduct developmentand company growth to support its users and customers worldwide.[61][62]
2023
editIn January, Bitwarden announced the acquisition of Swedish startup Passwordless.dev for an undisclosed amount.[63]
Passwordless.dev provided an open source solution allowing developers to easily implementpasswordless authenticationbased on the standardsWebAuthnandFIDO2.[63][64]
Bitwarden also launched abetasoftware service allowing third-party developers the use of biometric sign-in technologies including Touch ID, Face ID and Windows Hello in their apps.[63]
2024
editOn May 1, Bitwarden launched its ownmulti-factor authenticationapp, Bitwarden Authenticator.[65]
In October, Bitwarden introduced changes to the dependencies of its desktop application to include a restricted-useSDKthat may prevent public from building the application from scratch, invoking concerns that Bitwarden is moving away from open-source principles.
Kyle Spearrin stated in response that it is an issue they plan to resolve, and is "merely a bug".[66]
See also
editReferences
edit- ^"Bitwarden Password Manager - Apps on Google Play".play.google.com.
- ^"Bitwarden Password Manager".App Store.
- ^Releases · bitwarden/desktop · GitHub,Bitwarden
- ^Releases · bitwarden/cli · GitHub,Bitwarden
- ^Releases · bitwarden/browser · GitHub,Bitwarden
- ^Releases · bitwarden/server · GitHub,Bitwarden
- ^abc"LICENSE_FAQ.md".GitHub.22 November 2021.
- ^"Bitwarden License Agreement".GitHub.22 November 2021.
- ^"Encryption | Bitwarden Help & Support".Bitwarden.Archivedfrom the original on 22 February 2023.Retrieved22 February2023.
- ^"How End-to-End Encryption Paves the Way for Zero Knowledge".Bitwarden.Retrieved7 June2024.
- ^abc"Bitwarden Review: The Best Free Password Manager for 2022".CNet.1 May 2022.Archivedfrom the original on 7 September 2022.
- ^"Store Secure Notes, Credit Cards, & Identities In Your Bitwarden Vault | Bitwarden".Bitwarden Blog.Retrieved26 September2021.
- ^ab"Bitwarden Review".PCMag. 15 March 2022.Archivedfrom the original on 18 August 2022.
- ^"Bitwarden launches SSO authentication to integrate password security with identity providers".Bitwarden Blog.30 September 2020.Archivedfrom the original on 27 April 2022.
- ^"Access Your Bitwarden Vault Without a Password".The Bitwarden Blog.23 February 2023.Archivedfrom the original on 31 July 2023.
- ^"Password Strength Testing Tool".Bitwarden.
- ^"Username & Password Generator | Bitwarden Help & Support".Bitwarden.
- ^"Add Privacy and Security Using Email Aliases With Bitwarden".The Bitwarden Blog. 18 October 2022.Archivedfrom the original on 26 November 2022.
- ^"About Send".Bitwarden.Archivedfrom the original on 27 April 2022.Retrieved10 September2022.
- ^abWallen, Jack (31 May 2018)."How to install and use the Bitwarden command line password manager".TechRepublic.
- ^"Localization".Bitwarden.Archivedfrom the original on 10 September 2022.Retrieved10 September2022.
- ^"Bitwarden password manager review".TechRadar.2 November 2022.Archivedfrom the original on 8 September 2022.
- ^ "How to migrate your Bitwarden vaults from US to EU storage".ghacks.net. 27 July 2023.Archivedfrom the original on 27 July 2023.
- ^ "Server Geographies".Bitwarden.Archivedfrom the original on 26 July 2023.Retrieved28 July2023.
- ^"Self-hosting Bitwarden on DigitalOcean".The Bitwarden Blog. 19 April 2022.Archivedfrom the original on 17 June 2022.
- ^"Bitwarden on GitHub".GitHub.Retrieved28 June2018.
- ^AuditOne LLP. (21 August 2020)."System and Organization Controls 3 (SOC 3) Report on the Bitwarden Inc. Password Management System Relevant to Security and Confidentiality For the Period January 1, 2020 - June 30, 2020"(PDF)(Audit Report). AuditOne LLP.Archived(PDF)from the original on 19 September 2020.Retrieved2 March2021– via BitWarden LLC.
- ^"Bitwarden achieves SOC 2 certification".Bitwarden Blog.25 August 2020.Retrieved25 August2020.
- ^"Why use a HIPAA-compliant password manager".Bitwarden Blog.7 December 2020.Archivedfrom the original on 19 October 2021.Retrieved30 December2020.
- ^"Privacy Shield: Bitwarden Inc".Privacy Shield Network.International Trade Administration. 5 December 2020.Archivedfrom the original on 11 September 2022.Retrieved2 March2021.
- ^abc"Compliance, Audits, and Certifications".Bitwarden.Archivedfrom the original on 22 June 2022.Retrieved9 September2022.
- ^"Privacy Policy".Bitwarden.Retrieved3 March2021.
- ^ab"Bitwarden".hackerone.com.Retrieved14 September2022.
- ^abGreif, Björn (6 June 2018)."Password manager Bitwarden now available in Cliqz Browser".Cliqz blog.Retrieved29 July2018.
- ^"Bitwarden Completes Third-party Security Audit".Bitwarden Blog. 12 November 2018. Archived fromthe originalon 12 November 2018.Retrieved26 November2018.
- ^"Results of Bitwarden security audit published".Ghacks Technology News.gHacks Tech News. 13 November 2018.Retrieved26 November2018.
- ^"Bitwarden Passes Third Party Security Audit".the Mac Observer. 12 November 2018.Retrieved26 November2018.
- ^Cure53;Heiderich, Mario; Inführ, Alex; Kobeissi, Nadim; Hippert, Norman; Kinugawa, Masato (8 November 2018)."Pentest-Report Bitwarden Password Manager 11.2018"(PDF).Cure53.Archived(PDF)from the original on 26 May 2019.Retrieved2 March2021.
{{cite web}}
:CS1 maint: numeric names: authors list (link) - ^"Bitwarden 2020 and 2021 Security Audits are Complete".The Bitwarden Blog. 2 August 2021.Archivedfrom the original on 18 August 2022.
- ^Spearrin, Kyle (28 February 2023)."Bitwarden Upholds High Security Standards with Annual Third-Party Audits".The Bitwarden Blog.Archivedfrom the original on 1 March 2023.
- ^"Bitwarden Network Security Assessment Report"(PDF).Bitwarden.Archived(PDF)from the original on 2 March 2023.
- ^"Bitwarden Security Assessment Report"(PDF).Bitwarden.Archived(PDF)from the original on 2 March 2023.
- ^"Bitwarden passes annual security audit with flying colors".ghacks.net.1 March 2023.Archivedfrom the original on 2 March 2023.
- ^Kinney, Jeff (12 January 2021)."Best Password Managers of 2021".U.S. News & World Report.Archivedfrom the original on 15 January 2021.
- ^abBroida, Rick."This is the best free password manager alternative to LastPass".CNET.Retrieved17 February2021.
- ^Murphy, David (18 February 2021)."Bitwarden Is Now the Best Free Alternative to LastPass".Lifehacker.Retrieved19 February2021.
- ^abcLong, Emily (22 April 2021)."Bitwarden password manager review".Tom's Guide.Archivedfrom the original on 24 April 2021.Retrieved6 May2021.
- ^abLamont, Jonathan (2 August 2020)."Bitwarden offers excellent password management tools with great value".MobileSyrup.Retrieved6 May2021.
- ^Pathak, Khamosh (27 February 2021)."Bitwarden Is the Best Free Alternative to LastPass".How-To Geek.Retrieved6 May2021.
- ^"The Best Password Managers".The New York Times.5 February 2021.ISSN0362-4331.Retrieved6 May2021.
- ^Pathak, Khamosh (27 February 2021)."Bitwarden Is the Best Free Alternative to LastPass".How-To Geek.Retrieved6 May2021.
- ^Rubenking, Neil J. (19 June 2019)."Bitwarden Review".PCMAG.Archivedfrom the original on 7 February 2020.Retrieved6 May2021.
- ^"Bitwarden: Add-ons for Firefox".Mozilla.Retrieved26 November2018.
- ^"Brave Features".Brave Software.Retrieved27 July2018.
- ^"Safari Extensions Gallery".Apple, Inc. Archived fromthe originalon 27 November 2018.Retrieved26 November2018.
- ^Brinkmann, Martin (1 March 2018)."Bitwarden Desktop App released".Ghacks Technology News.gHacks Tech News.Retrieved29 July2018.
- ^Stephenson, Brad (26 April 2018)."Password manager Bitwarden launches in the Microsoft Store".OnMsft.Retrieved29 July2018.
- ^Thorp-Lancaster, Dan (11 September 2017)."Bitwarden password manager extension comes to Microsoft Edge".Windows Central.Retrieved29 July2018.
- ^"Bitwarden/cli v1.0.0".GitHub.23 May 2013.Archivedfrom the original on 11 March 2022.
- ^"The Bitwarden Command-line Tool".Bitwarden Blog. 12 November 2018. Archived fromthe originalon 24 May 2018.Retrieved26 November2018.
- ^ab"Bitwarden Announces $100 Million Growth Investment Led by PSG to Further its Mission to Empower Businesses and Individuals to Stay Safe Online".Business Wire.6 September 2022.Archivedfrom the original on 8 September 2022.
- ^abCrandell, Michael (6 September 2022)."Bitwarden announces $100 million financing".Archivedfrom the original on 7 September 2022.
- ^abc "Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords".Techcrunch. 18 January 2023.Archivedfrom the original on 18 January 2023.
- ^"Bitwarden extends passwordless leadership with acquisition".Bitwarden. 18 January 2023.Archivedfrom the original on 19 January 2023.
- ^"Bitwarden launches its own free and open-source Authenticator app".Android Authority.2 May 2024.Retrieved19 May2024.
- ^Liam, Proven (24 October 2024)."Bitwarden's FOSS halo slips as new SDK requirement locks down freedoms".The Register.