Bitwarden Explained
Bitwarden is a freemium open-source password management service that is used to store sensitive information, such as website credentials, in an encrypted vault. The platform hosts multiple client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface.[3] The platform offers a free US or European cloud-hosted service as well as the ability to self-host.[4] [5] [6]
Desktop applications are available for Windows, MacOS, and Linux.[7] Browser extensions include Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Arc, Brave and Tor.[7] Mobile apps for Android, iPhone, and iPad are available.[7]
Client functionalities include 2FA login, passwordless login, biometric unlock, passkey management, a random password generator, a password strength testing tool, login/form/app autofill, the ability to sync across unlimited platforms and devices, storage of an unlimited number of items, and storing a variety of information including credit card.
Features
Bitwarden uses zero-knowledge encryption, meaning the company can't see its users' data. This is achieved by end-to-end encrypting vault data with AES-CBC 256-bit and by using PBKDF2 SHA-256/Argon2id to derive the encryption key.[8] [9] The codebases of the PC clients, the mobile apps, and the server are open-source.[10] Third-party security audits are conducted annually and a vulnerability disclosure program is also established.[11] Bitwarden is compliant with HIPAA, GDPR, CCPA, SOC 2, SOC 3, and the EU-US and Swiss–US Privacy Shield frameworks.
Bitwarden offers cloud synchronization with servers situated in the USA and EU. Additionally, users also have the possibility to self-host their own server.[12]
The clients are offered as web interface, desktop application (Windows, macOS and Linux), browser extensions (Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Arc, Brave and Tor), mobile apps (Android, iOS, iPadOS and watchOS). 50 languages and dialects are supported, although not all of them are available on all clients.[13]
Inside the vault, a user can save logins (username and password combination, passkeys and TOTP seeds), cards (debit and credit), identities (billing data and other information concerning an individual) and secure notes (free-form text). Furthermore each item type can be extended by custom fields and file attachments, which are restricted by file size depending on the subscription plan.[14]
Bitwarden supports the import of data from more than 50 password managers, including LastPass, 1Password and Keeper. For the export of data, JSON, encrypted JSON and CSV are available.[15]
To login a user can, in addition to an email-address and password combination, also use biometric authentication, two-factor authentication, single sign-on and passwordless login via notification approval on a mobile/desktop device.[16] [17]
Besides the managing of passwords, Bitwarden also provides other tools, e.g. a password strength tester, a password/username generator, integrations with email alias/forwarding services (SimpleLogin, AnonAddy, Firefox Relay, Fastmail, Forward Email and DuckDuckGo) and a feature called "Send".[18] [19] [20] "Send" allows users to share end-to-end encrypted texts (free version) and files (paid versions) with others. For each item, an expiration date, a maximum access limit and a password can optionally be specified.[21]
Reception
In January 2021, in its first password-protection program comparison, U.S. News & World Report selected Bitwarden as "Best Password Manager".[22] In February, with competitor LastPass about to remove a feature from its free version, CNET recommended Bitwarden as the best free app for password synchronization across multiple devices,[23] while Lifehacker recommended it as "the best password manager for most people."[24]
Critics have praised the features offered in the software's free version, and the low price of the premium tier compared to other managers.[25] [26] [27] The product was named the best "budget pick" in a Wirecutter password manager comparison.[28] Bitwarden's secure open-source implementation was also praised by reviewers.[29]
Tom's guide found some features to be less intuitive than they could be, while PC Magazine criticized the high price of the business tier.[30] Mobilesyrup was disappointed by the simplistic graphics of the user interface, and felt that it was missing a few features found in competitors' offerings.
History
- 2016–2017Bitwarden debuted in August 2016 with an initial release of mobile applications for iOS and Android, browser extensions for Chrome and Opera, and a web vault. The browser extension for Firefox was later launched in February 2017.[31] In February 2017, the Brave web browser began including the Bitwarden extension as an optional replacement password manager.[32]
In September 2017, Bitwarden launched a bug bounty program at HackerOne.[33]
- 2018In January 2018, the Bitwarden browser extension was adapted to and released for Apple's Safari browser through the Safari Extensions Gallery.[34]
In February 2018, Bitwarden debuted as a stand-alone desktop application for macOS, Linux, and Windows. It was built as a web app variant of the browser extension and delivered on top of Electron.[35] The Windows app was released alongside the Bitwarden extension for Microsoft Edge in the Microsoft Store a month later.[36] [37]
In March 2018, Bitwarden's web vault was criticized for embedding unconstrained third-party JavaScript from BootstrapCDN, Braintree, Google, and Stripe. These embedded scripts could pose as an attack vector to gain unauthorized access to Bitwarden users' passwords.[38] These third-party scripts were removed as part of the Bitwarden 2.0 Web Vault update, released in July 2018.[39]
In May 2018, Bitwarden released a command-line application enabling users to write scripted applications using data from their Bitwarden vaults.[40] [41]
In June 2018, Cliqz performed a privacy and security review of the Bitwarden for Firefox browser extension and concluded that it would not negatively impact their users. Following the review, Bitwarden was made available as an optional password manager in the Cliqz web browser.[42]
In October 2018, Bitwarden completed a security assessment, code audit, and cryptographic analysis from third-party security auditing firm Cure53.[43] [44] [45] [46]
- 2020In July 2020, Bitwarden completed another security audit from security firm Insight Risk Consulting to evaluate the security of the Bitwarden network perimeter as well as penetration testing and vulnerability assessments against Bitwarden web services and applications.
In August 2020, Bitwarden achieved SOC 2 Type 2 and SOC 3 certification.[47] [48]
In December 2020, Bitwarden announced that it was HIPAA compliant[49] in addition to already being GDPR, CCPA, and Privacy Shield[50] compliant.[51]
- 2021In August 2021, Bitwarden announced that network assessment (security assessment and penetration testing) for 2021 had been completed by the firm Insight Risk Consulting.[52]
- 2022In September 2022, the company announced $100M series B financing; the lead investor was PSG, with the existing investor, Battery Ventures, participating.[53] [54] The investment would be used to accelerate product development and company growth to support its users and customers worldwide.
- 2023In January, Bitwarden announced the acquisition of Swedish startup Passwordless.dev for an undisclosed amount.[55] Passwordless.dev provided an open source solution allowing developers to easily implement passwordless authentication based on the standards WebAuthn and FIDO2.[56] Bitwarden also launched a beta software service allowing third-party developers the use of biometric sign-in technologies including Touch ID, Face ID and Windows Hello in their apps.
In February, Bitwarden published network security assessment and security assessment reports that were conducted by Cure53 in May and October 2022 respectively.[57] The first related to penetration testing and security assessment across Bitwarden IPs, servers, and web applications.[58] The second related to penetration testing and source code audit against all Bitwarden password manager software components, including the core application, browser extension, desktop application, web application, and TypeScript library.[59] Ghacks reported that "No critical issues were discovered during the two audits. Two security issues that Cure53 rated high were discovered during the source code audit and penetration testing. These were fixed quickly by Bitwarden and the third-party HubSpot. All other issues were either rated low or informational only."[60]
- 2024On May 1, Bitwarden launched its own multi-factor authentication app, Bitwarden Authenticator.[61]
See also
External links
Notes and References
- Web site: LICENSE_FAQ.md. GitHub. 22 November 2021.
- Web site: Bitwarden License Agreement. GitHub. 22 November 2021.
- Web site: Wallen . Jack . May 31, 2018 . How to install and use the Bitwarden command line password manager . TechRepublic .
- Web site: 2022-11-02 . Bitwarden password manager review . . https://web.archive.org/web/20220908174109/https://www.techradar.com/reviews/bitwarden . 2022-09-08 . live .
- Web site: 2023-07-27 . How to migrate your Bitwarden vaults from US to EU storage . live . https://web.archive.org/web/20230727195326/https://www.ghacks.net/2023/07/27/how-to-migrate-your-bitwarden-vaults-from-us-to-eu-storage/ . 2023-07-27 . ghacks.net.
- Web site: Server Geographies . live . https://web.archive.org/web/20230726121107/https://bitwarden.com/help/server-geographies/ . 2023-07-26 . 2023-07-28 . Bitwarden.
- Web site: 2022-05-01 . Bitwarden Review: The Best Free Password Manager for 2022 . live . https://web.archive.org/web/20220907050911/https://www.cnet.com/tech/services-and-software/bitwarden-review-the-best-free-password-manager-for-2022/ . 2022-09-07 . CNet.
- Web site: Encryption Bitwarden Help & Support . live . https://web.archive.org/web/20230222185152/https://bitwarden.com/help/what-encryption-is-used/ . 2023-02-22 . 2023-02-22 . Bitwarden.
- Web site: How End-to-End Encryption Paves the Way for Zero Knowledge . 2024-06-07 . Bitwarden . en-us.
- Web site: Bitwarden on GitHub . 28 June 2018 . GitHub.
- Web site: Compliance, Audits, and Certifications . live . https://web.archive.org/web/20220622103220/https://bitwarden.com/help/is-bitwarden-audited/ . 2022-06-22 . 2022-09-09 . Bitwarden.
- Web site: 2022-04-19 . Self-hosting Bitwarden on DigitalOcean . live . https://web.archive.org/web/20220617050116/https://bitwarden.com/blog/digitalocean-marketplace/ . 2022-06-17 . The Bitwarden Blog.
- Web site: Localization . live . https://web.archive.org/web/20220910134930/https://bitwarden.com/help/localization/ . 2022-09-10 . 2022-09-10 . Bitwarden.
- Web site: Store Secure Notes, Credit Cards, & Identities In Your Bitwarden Vault Bitwarden . 2021-09-26 . Bitwarden Blog . en.
- Web site: 2022-03-15 . Bitwarden Review . live . https://web.archive.org/web/20220818122238/https://www.pcmag.com/reviews/bitwarden . 2022-08-18 . PCMag.
- Web site: 2020-09-30 . Bitwarden launches SSO authentication to integrate password security with identity providers . live . https://web.archive.org/web/20220427191331/https://bitwarden.com/blog/bitwarden-launches-sso-authentication/ . 2022-04-27 . Bitwarden Blog.
- Web site: 2023-02-23 . Access Your Bitwarden Vault Without a Password . live . https://web.archive.org/web/20230731113501/https://bitwarden.com/blog/access-your-bitwarden-vault-without-a-password/ . 2023-07-31 . The Bitwarden Blog.
- Web site: Password Strength Testing Tool . Bitwarden.
- Web site: Username & Password Generator Bitwarden Help & Support . Bitwarden.
- Web site: 2022-10-18 . Add Privacy and Security Using Email Aliases With Bitwarden . live . https://web.archive.org/web/20221126204057/https://bitwarden.com/blog/add-privacy-and-security-using-email-aliases-with-bitwarden/ . 2022-11-26 . The Bitwarden Blog.
- Web site: About Send . live . https://web.archive.org/web/20220427054548/https://bitwarden.com/help/about-send/ . 2022-04-27 . 2022-09-10 . Bitwarden.
- Web site: Kinney. Jeff. 2021-01-12. Best Password Managers of 2021. live. U.S. News & World Report. https://web.archive.org/web/20210115103910/https://www.usnews.com/360-reviews/password-managers . 15 January 2021 .
- Web site: Broida. Rick. This is the best free password manager alternative to LastPass. 17 February 2021. CNET. en.
- Web site: Murphy. David. Bitwarden Is Now the Best Free Alternative to LastPass. . 2021-02-19. 2021-02-18. dmy-all.
- Web site: Long. Emily. 2021-04-22. Bitwarden password manager review. live. 2021-05-06. Tom's Guide. en. https://web.archive.org/web/20210424181342/https://www.tomsguide.com/reviews/bitwarden . 24 April 2021 .
- News: 2020-08-02. Bitwarden offers excellent password management tools with great value. 2021-05-06. MobileSyrup. en. Lamont . Jonathan .
- Web site: Pathak. Khamosh. Bitwarden Is the Best Free Alternative to LastPass. 2021-05-06. How-To Geek. 27 February 2021 . en-US.
- News: 2021-02-05. The Best Password Managers. en-US. The New York Times. 2021-05-06. 0362-4331.
- Web site: Pathak. Khamosh. Bitwarden Is the Best Free Alternative to LastPass. 2021-05-06. How-To Geek. 27 February 2021 . en-US.
- Web site: Rubenking. Neil J.. June 19, 2019. Bitwarden Review. live. 2021-05-06. PCMAG. en. https://web.archive.org/web/20200207204408/https://www.pcmag.com/reviews/bitwarden . 7 February 2020 .
- Web site: Bitwarden: Add-ons for Firefox . Mozilla . 26 November 2018.
- Web site: Brave Features . Brave Software . 27 July 2018.
- Web site: Bitwarden . hackerone.com . 2022-09-14 .
- Web site: Safari Extensions Gallery . Apple, Inc . 26 November 2018 . 27 November 2018 . https://web.archive.org/web/20181127110616/https://safari-extensions.apple.com/details/?id=com.bitwarden.safari-LTZ2PFU5D6 . dead .
- News: Bitwarden Desktop App released . Martin . Brinkmann . Ghacks Technology News . gHacks Tech News . 1 March 2018. 29 July 2018.
- Web site: Password manager Bitwarden launches in the Microsoft Store . Brad . Stephenson . OnMsft . 26 April 2018. 29 July 2018.
- Web site: Bitwarden password manager extension comes to Microsoft Edge . Dan . Thorp-Lancaster . Windows Central . 11 September 2017. 29 July 2018.
- Web site: Why I migrated from LastPass to Bitwarden . Aleksandersen . Daniel . Ctrl blog . 13 March 2018. 26 August 2019.
- Web site: Update after 3 months with Bitwarden . Aleksandersen . Daniel . Ctrl blog . 13 March 2018. 26 August 2019.
- Web site: 2013-05-23 . Bitwarden/cli v1.0.0 . . https://web.archive.org/web/20220311020918/https://github.com/bitwarden/cli/releases/tag/v1.0.0 . 2022-03-11 . live .
- Web site: The Bitwarden Command-line Tool . Bitwarden Blog . 12 November 2018 . 26 November 2018 . 24 May 2018 . https://web.archive.org/web/20180524091726/https://blog.bitwarden.com/bitwarden-command-line-tool-now-available-e6184407b719 . dead .
- Web site: Password manager Bitwarden now available in Cliqz Browser . Björn . Greif . Cliqz blog . 6 June 2018. 29 July 2018.
- Web site: Bitwarden Completes Third-party Security Audit . Bitwarden Blog . 12 November 2018 . 26 November 2018 . 12 November 2018 . https://web.archive.org/web/20181112153110/https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33 . dead .
- News: Results of Bitwarden security audit published . Ghacks Technology News . gHacks Tech News . 13 November 2018. 26 November 2018.
- Web site: Bitwarden Passes Third Party Security Audit . the Mac Observer . 12 November 2018. 26 November 2018.
- Web site: Cure53. Cure53. Heiderich. Mario. Inführ. Alex. Kobeissi. Nadim. Hippert. Norman. Kinugawa. Masato. 8 November 2018. Pentest-Report Bitwarden Password Manager 11.2018. live. 2 March 2021. Cure53. https://web.archive.org/web/20190526020419/https://cure53.de/pentest-report_bitwarden.pdf . 26 May 2019 .
- Web site: AuditOne LLP.. 21 August 2020. System and Organization Controls 3 (SOC 3) Report on the Bitwarden Inc. Password Management System Relevant to Security and Confidentiality For the Period January 1, 2020 - June 30, 2020. live. 2 March 2021. AuditOne LLP.. Audit Report. BitWarden LLC.. https://web.archive.org/web/20200919003947/https://cdn.bitwarden.com/misc/Bitwarden%202020%20SOC%203%20Report.pdf . 19 September 2020 .
- Web site: Bitwarden achieves SOC 2 certification. 25 August 2020. 25 August 2020. Bitwarden Blog. en.
- Web site: Why use a HIPAA-compliant password manager . 7 December 2020. 30 December 2020. Bitwarden Blog. en. https://web.archive.org/web/20211019002901/https://bitwarden.com/blog/why-use-a-hipaa-compliant-password-manager/ . 2021-10-19 . live.
- Web site: 5 December 2020. Privacy Shield: Bitwarden Inc.. 2 March 2021. Privacy Shield Network. International Trade Administration. https://web.archive.org/web/20220911054039/https://www.privacyshield.gov/participant?id=a2zt0000000CoURAA0&status=Active . 2022-09-11 . live.
- Web site: Privacy Policy. 2021-03-03. Bitwarden. en.
- Web site: 2021-08-02 . Bitwarden 2020 and 2021 Security Audits are Complete . The Bitwarden Blog . https://web.archive.org/web/20220818191236/https://bitwarden.com/blog/bitwarden-network-security-assessment-2020/ . 2022-08-18 . live .
- News: Bitwarden Announces $100 Million Growth Investment Led by PSG to Further its Mission to Empower Businesses and Individuals to Stay Safe Online . 2022-09-06 . . https://web.archive.org/web/20220908124221/https://www.businesswire.com/news/home/20220906005153/en/Bitwarden-Announces-100-Million-Growth-Investment-Led-by-PSG-to-Further-its-Mission-to-Empower-Businesses-and-Individuals-to-Stay-Safe-Online . 2022-09-08 . live.
- Web site: Crandell . Michael . 2022-09-06 . Bitwarden announces $100 million financing . https://web.archive.org/web/20220907203408/https://bitwarden.com/blog/accelerating-value-for-bitwarden-users-bitwarden-raises-usd100-million/ . 2022-09-07 . live .
- Web site: 2023-01-18 . Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords . Techcrunch . https://web.archive.org/web/20230118220010/https://techcrunch.com/2023/01/18/bitwarden-acquires-passwordless-dev-to-help-companies-authenticate-users-without-passwords/ . 2023-01-18 . live .
- Web site: 2023-01-18 . Bitwarden extends passwordless leadership with acquisition . Bitwarden . https://web.archive.org/web/20230119213527/https://bitwarden.com/blog/bitwarden-extends-passwordless-leadership-with-acquisition/ . 2023-01-19 . live.
- Web site: Spearrin . Kyle . 2023-02-28 . Bitwarden Upholds High Security Standards with Annual Third-Party Audits . The Bitwarden Blog . https://web.archive.org/web/20230301024000/https://bitwarden.com/blog/third-party-security-audit/ . 2023-03-01 . live .
- Web site: Bitwarden Network Security Assessment Report . . Bitwarden . https://web.archive.org/web/20230302033154/https://bitwarden.com/_gatsby/file/405465c5c37e30375973c5e7f736d4b0/2022%20Bitwarden%20Network%20Security%20Assessment%20Report.pdf?eu=8a8658b4e69efb815b3ba28b6c71643bb36c52fafc0064816960b7fb4ffd978f71fb110771c72cb524610ed6d2b447ee35c02c611ae7818892ea10f1ee33fc5a54855eec62b62600557f92acb2f254446e92120af084c00aaa3e7adde3e0e4764f501f7dfd73b9d5e6f17120f0c0252df5e7e56d3086e866b3560805885b24b827a5ce8b7701e98cee4ca9bcefff0190dbe032051f9f85705c153f4522a75ce4cfd047346c783e533cd1fc0b966293be3e1534250a0c50f76e6f8406f9683790e1aff454d02c7db0fa9d2e7286c1acef9f43e86d27a59b72f7ed452f4a4af351f6d318a281214457c56395e40ff15646761dd742cd4b428c7800ce439aa113c5 . 2023-03-02 . live .
- Web site: Bitwarden Security Assessment Report . . Bitwarden . https://web.archive.org/web/20230302033218/https://bitwarden.com/_gatsby/file/587f36548f06fac33536c4808b79802f/2022%20Bitwarden%20Security%20Assessment%20Report.pdf?eu=db8f01b2e1cafb820f3ba0d16b266761e26a53adfd506082686ce0fc4ea19a8777f44b0420c072e42e605fde85b244b96e932b601aed81dbc9bb4cf5e967f80e57870ebd66e77054042892ade1f7554d69951359a5d6c15aa43c7285b0e0bf701a561b2cab29ecd4edab3c65b0d77a60eab1af7f63c7a120a4561e17c1076ead27f8c59a7000bd8ae64eaca5bbed4ad3c2b269184799ad66642d4d4950b06abcbab6510c6458415d5f84a625b612f2ce4349297f161703e8673f8656ae3836c6b7fba50bde2e7db4a8c1377481caac87e44ea42825e0cc24b6803b780c62de4ae9fb2ab586315861e27fa9d00eeb474c5a31c15fdc6763846d01c868e6b407cc6ab870666267 . 2023-03-02 . live .
- News: Bitwarden passes annual security audit with flying colors . 2023-03-01 . ghacks.net . https://web.archive.org/web/20230302033442/https://www.ghacks.net/2023/03/01/bitwarden-passes-third-annual-security-audit-with-flying-colors/ . 2023-03-02 . live .
- Web site: 2024-05-02 . Bitwarden launches its own free and open-source Authenticator app . 2024-05-19 . Android Authority . en.