Bitwarden is a

freemium Freemium, a portmanteau of the words "free" and "premium", is a pricing strategy by which a basic product or service is provided free of charge, but money (a premium) is charged for additional features, services, or virtual (online) or physical ( ...

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

password management service that is used to store sensitive information, such as website credentials, in an

encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

vault.

Functionalities

Bitwarden uses zero-knowledge encryption, meaning the company cannot see its users' data. This is achieved by end-to-end encrypting data with

AES-CBC In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...

256-bit and by using

PBKDF2 In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and 2) are key derivation functions with a sliding computational cost, used to reduce vulnerability to brute-force attacks. PBKDF2 is part of RSA Laboratories' Public- ...

SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...

Argon2 Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg. The reference implementation o ...

id to derive the encryption key. To

log in In computer security, logging in (or logging on, signing in, or signing on) is the process by which an individual gains access to a computer system or program by identifying and authenticating themselves. Typically, user credentials ...

, a user can use an email-address and password combination,

biometric Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used t ...

authentication,

two-factor authentication Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or Application software, application only after successfully presenting two or more distin ...

(2FA), passkey, single sign-on, or

passwordless login Passwordless authentication is an authentication method in which a user can log in to a computer system without entering (and having to remember) a password or any other knowledge-based secret. In most common implementations users are asked to en ...

via notification approval on a mobile/desktop device. Additional client functionality includes: import of data from more than 50 password managers (such as

LastPass LastPass is a password manager application. The standard version of LastPass comes with a Web interface, but also includes plugins for various Web browsers and apps for many smartphones. It also includes support for bookmarklets. Founded in ...

1Password 1Password is a password manager developed by the Canadian software company AgileBits Inc. It supports multiple platforms such as iOS, Android, Windows, Linux, and macOS. It provides a place for users to store various passwords, software licenses ...

, and Keeper) passkey management; export to

JSON JSON (JavaScript Object Notation, pronounced or ) is an open standard file format and electronic data interchange, data interchange format that uses Human-readable medium and data, human-readable text to store and transmit data objects consi ...

, encrypted JSON, and CSV formats; a

random password generator A random password generator is a software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of ran ...

; a

password strength Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to gues ...

tester;

autofill Autocomplete, or word completion, is a feature in which an application software, application predicts the rest of a word a user is typing. In Android (operating system), Android and iOS smartphones, this is called predictive text. In graphical us ...

of login and other forms; integration with

email alias An email alias is a email address used for forwarding. Term The term ''alias expansion'' is sometimes used to indicate a specific mode of email forwarding, thereby implying a more generic meaning of the term ''email alias'' as an address that ...

services; ability to sync across unlimited platforms and devices; storage of an unlimited number of items; and storing a variety of information beyond

username A user is a person who uses a computer or Computer network, network Service (systems architecture), service. A user often has a user account and is identified to the system by a username (or user name). Some software products provide serv ...

-and-

password A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...

pairs, including passkeys, TOTP seeds,

debit Debits and credits in double-entry bookkeeping are entries made in account ledgers to record changes in value resulting from business transactions. A debit entry in an account represents a transfer of value ''to'' that account, and a cred ...

and credit card numbers, billing data and other identity information, and secure notes (free-form text). Each item type can be extended by custom fields and file attachments, though these are restricted by file size depending on the subscription plan. A feature called "Send" allows sharing of end-to-end encrypted

text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile phones, tablet computers, smartwatches, desktop computer, des ...

s (free version) and files (paid versions). Any sent item optionally can be set with an expiration date, a maximum access limit, and a password.

Availability

The platform hosts multiple client applications, including a

web interface In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine fro ...

desktop application Application software is any computer program that is intended for end-user use not operating, administering or programming the computer. An application (app, application program, software application) is any program that can be categorized as ...

browser extension A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and st ...

mobile app A mobile application or app is a computer program or software application designed to run on a mobile device such as a smartphone, phone, tablet computer, tablet, or smartwatch, watch. Mobile applications often stand in contrast to desktop appli ...

s, and a

command-line interface A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...

. Bitwarden can be operated on web interfaces, desktop applications (

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

MacOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

, and

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

), browser extensions ( Chrome,

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...

Safari A safari (; originally ) is an overland journey to observe wildlife, wild animals, especially in East Africa. The so-called big five game, "Big Five" game animals of Africa – lion, African leopard, leopard, rhinoceros, African elephant, elep ...

Edge Edge or EDGE may refer to: Technology Computing * Edge computing, a network load-balancing system * Edge device, an entry point to a computer network * Adobe Edge, a graphical development application * Microsoft Edge, a web browser developed by ...

Opera Opera is a form of History of theatre#European theatre, Western theatre in which music is a fundamental component and dramatic roles are taken by Singing, singers. Such a "work" (the literal translation of the Italian word "opera") is typically ...

Vivaldi Antonio Lucio Vivaldi (4 March 1678 – 28 July 1741) was an Italian composer, virtuoso violinist, impresario of Baroque music and Roman Catholic priest. Regarded as one of the greatest Baroque composers, Vivaldi's influence during his lif ...

, Arc, Brave and

Tor Tor, TOR or ToR may refer to: Places * Toronto, Canada ** Toronto Raptors * Tor, Pallars, a village in Spain * Tor, former name of Sloviansk, Ukraine, a city * Mount Tor, Tasmania, Australia, an extinct volcano * Tor Bay, Devon, England * Tor ...

), or mobile apps ( Android,

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

iPadOS iPadOS is a mobile operating system developed by Apple for its iPad line of tablet computers. It was given a name distinct from iOS, the operating system used by Apple's iPhones to reflect the diverging features of the two product lines, suc ...

and

watchOS watchOS is the operating system of the Apple Watch, developed by Apple Inc., Apple. It is based on iOS, the operating system used by the iPhone, and has many similar features. It was released on April 24, 2015, along with the Apple Watch, the o ...

). 50 languages and dialects are supported, although not all of them are available on all clients. The platform also offers a free US or European

cloud-hosted Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to ISO. Essential characteristics ...

synchronisation service, as well as the ability to self-host.

Compliance

Bitwarden's codebases of the computer clients, the mobile apps, and the server are

. In August 2020, Bitwarden achieved SOC 2 Type 2 and SOC 3 certification. Bitwarden is compliant with

HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy– Kassebaum Act) is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, ...

GDPR The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...

, CCPA, SOC 2, SOC 3, and the EU-US and Swiss–US Privacy Shield frameworks.

Security audits

Third-party security audits are conducted annually and a vulnerability disclosure program is also established. In June 2018, Cliqz performed a privacy and security review of the Bitwarden for Firefox browser extension and concluded that it would not negatively impact their users. In October of that year, Bitwarden completed a security assessment,

code audit A software code audit is a comprehensive analysis of source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to co ...

, and cryptographic analysis from third-party security auditing firm

Cure53 Cure53 is a German cybersecurity firm. The company was founded by Mario Heiderich, a security researcher. History After a report from Cure53 on the South Korean security app Smart Sheriff, that described the app's security holes as "catastrop ...

. In July 2020, Bitwarden completed another security audit from security firm Insight Risk Consulting to evaluate the security of the Bitwarden network perimeter as well as penetration testing and vulnerability assessments against Bitwarden web services and applications. In August 2021, Bitwarden announced that network assessment (security assessment and penetration testing) for 2021 had been completed again by Insight Risk Consulting. In February 2023, Bitwarden released network security assessment and security assessment reports that were conducted by Cure53 again in May and October 2022 respectively. The first related to penetration testing and security assessment across Bitwarden IPs, servers, and web applications. The second related to penetration testing and source code audit against all Bitwarden password manager software components, including the core application, browser extension, desktop application, web application, and TypeScript library.

Ghacks ''Ghacks Technology News'' is a technology blog created by Martin Brinkmann in October 2005. Its primary focus is on web browser and Windows tips, software, guides and reviews. Coverage The editor-in-chief and founder is Martin Brinkmann. All ...

reported that:

Reception

In January 2021, in its first password-protection program comparison, '' U.S. News & World Report'' selected Bitwarden as "Best Password Manager". A month later, with Bitwarden competitor

about to remove a feature from its free version, '' CNet'' recommended Bitwarden as the best free app for password synchronization across multiple devices, while ''

Lifehacker ''Lifehacker'' is a weblog about life hacks and software that launched on 31 January 2005. The site was originally launched by Gawker Media and is owned by Ziff Davis. The blog posts cover a wide range of topics including Microsoft Windows, M ...

'' recommended it as "the best password manager for most people". Reviewers have praised the features offered in the software's free version, and (mostly) the low price of the premium tier compared to other managers. The product was named the best "budget pick" in a '' Wirecutter'' password manager comparison. Bitwarden's secure open-source implementation was also praised by reviewers. Nevertheless, '' Tom's Guide'' found some features to be less intuitive than they could be, while ''

PC Magazine ''PC Magazine'' (shortened as ''PCMag'') is an American computer magazine published by Ziff Davis. A print edition was published from 1982 to January 2009. Publication of online editions started in late 1994 and continues . Overview ''PC Mag ...

'' criticized the price of the business tier as too high. ''MobileSyrup'' was disappointed by the simplistic graphics of the user interface, and felt that it was missing a few features found in competitors' offerings.

History

2016–2017

Bitwarden debuted in August 2016 with an initial release of mobile applications for

and Android, browser extensions for Chrome and

, and a Web-based "vault" (encrypted database). The browser extension for

was later launched in February 2017. The same month, the Brave web browser began including the Bitwarden extension as an optional replacement password manager. In September 2017, Bitwarden launched a

bug bounty program A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security vulnerabilities. If no fin ...

at HackerOne.

2018

In January 2018, the Bitwarden browser extension was adapted to and released for Apple's

browser through the Safari Extensions Gallery. In February, Bitwarden debuted as a stand-alone desktop application for

macOS macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

, and

. It was built as a

web app A web application (or web app) is application software that is created with World Wide Web, web technologies and runs via a web browser. Web applications emerged during the late 1990s and allowed for the server to Dynamic web page, dynamically ...

variant of the browser extension, built with the Electron framework. The Windows app was released alongside the Bitwarden extension for

Microsoft Edge Microsoft Edge is a Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft and based on the Chromium (web browser), Chromium open-source project, superseding Edge Legacy. In Windows 11, Edge ...

in the

Microsoft Store The Microsoft Store (formerly known as the Windows Store) is a digital distribution platform operated by Microsoft. It was created as an app store for Windows 8 as the primary means of distributing Universal Windows Platform apps. With ...

a month later. In May, Bitwarden released a

command-line A command-line interface (CLI) is a means of interacting with software via commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user-friendly alternativ ...

application enabling users to write scripted applications using data from their Bitwarden vaults. In June 2018, following a review, Bitwarden was made available as an optional password manager in the Cliqz browser (discontinued in 2020).

2022

In September 2022, the company announced $100M

series B financing Series may refer to: People with the name * Caroline Series (born 1951), English mathematician, daughter of George Series * George Series (1920–1995), English physicist Arts, entertainment, and media Music * Series, the ordered sets used i ...

; the lead investor was PSG, with the existing investor

Battery Ventures Battery Ventures is a global, technology-focused investment firm. Founded in 1983, the firm makes venture-capital and private-equity investments in markets across the globe from offices in Boston, Silicon Valley, San Francisco, Israel and Lond ...

participating. The investment would be used to accelerate

product development New product development (NPD) or product development in business and engineering covers the complete process of launching a new product to the market. Product development also includes the renewal of an existing product and introducing a product ...

and company growth to support its users and customers worldwide.

2023

In January, Bitwarden announced the acquisition of Swedish startup Passwordless.dev for an undisclosed amount. Passwordless.dev provided an open-source solution allowing developers to easily implement passwordless authentication based on the standards

WebAuthn Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). Its primary purpose is to build a system of authentication for web-based applications that solves or mitigates the issues of traditional passwo ...

and FIDO2. Bitwarden also launched a

beta Beta (, ; uppercase , lowercase , or cursive ; or ) is the second letter of the Greek alphabet. In the system of Greek numerals, it has a value of 2. In Ancient Greek, beta represented the voiced bilabial plosive . In Modern Greek, it represe ...

software service allowing third-party developers the use of biometric sign-in technologies – including Apple's

Touch ID Touch ID is an electronic fingerprint recognition feature designed and released by Apple Inc. History In 2012, Apple acquired AuthenTec, a company focused on fingerprint-reading and identification management software, for $356 million. The acq ...

and

Face ID Face ID is a Biometrics, biometric authentication facial recognition system, facial-recognition system designed and developed by Apple Inc. for the iPhone and iPad Pro. The system can be used for unlocking a device, making Apple Pay, payments, ac ...

, and Microsoft's

Windows Hello Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was released to manufacturing on July 15, 2015, and later to retail on July 29, 2015. Windows 10 was made available for download vi ...

– in their apps.

2024

On 1 May, Bitwarden launched its own

multi-factor authentication Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more distinct types of evidence ...

app, Bitwarden Authenticator. In October of that year, Bitwarden introduced changes to the dependencies of its desktop application to include a restricted-use SDK that may prevent some members of the public from

compiling In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs tha ...

the application from

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

, provoking concerns that Bitwarden is moving away from open-source principles. Bitwarden CTO Kyle Spearrin stated in response that it is an issue they plan to resolve, and is "merely a bug".

References

External links

*
Bitwarden Password Manager Add-ons for Firefox

Bitwarden - Chrome Web Store

Bitwarden - Microsoft Edge Addons

Bitwarden extension - Opera add-ons

Installing Bitwarden on Raspberry Pi using Docker
{{Password managers Free password managers Cryptographic software Nonfree Firefox WebExtensions Internet Explorer add-ons Google Chrome extensions Microsoft Edge extensions Windows software MacOS software Linux software IOS software Android (operating system) software 2016 software Software using the GNU Affero General Public License Software using the GNU General Public License Free software programmed in TypeScript Free software programmed in C Sharp