Bitwarden gives you a lot of options that you do not need to use. Its interface isn’t the prettiest but is functional. My 80 years old mom uses Bitwaden. It’s set up to do auto fill and 2fa. Her browser extension is set never to log out. These are not the most secure settings but on a Chromebook with encrypted storage it’s a good trade off for a person who can barely type in her master password. My mom have trouble turning on her computer so if she can use bitwaden anyone can. Answer from paulsiu on reddit.com
🌐
Reddit
reddit.com β€Ί r β€Ί Bitwarden
Bitwarden | Password Manager - Secrets Manager - Passwordless.dev - Authenticator
January 18, 2017 - r/Bitwarden: Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive information. With a trusted, open source approach to password management, secrets management, and passwordless and passkey innovations, ...
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί is bitwarden not user-friendly for people that don't use password managers much?
r/Bitwarden on Reddit: Is Bitwarden not user-friendly for people that don't use password managers much?
November 17, 2023 -

I'm reading some f the posts here and it feels like there's a steep learning curve to using this and it's not intuitive like say Roboform or Nordpass. Of those two I prefer Roboform, but even with Nordpass I literally just installed the program, logged in with my Nord login and set everything up easily. It imported everything from Roboform, and any sites it detects as new it saves those logins.

Here I'm reading about how you have to set various master passwords using different types of encryption, multiple layers of security, etc. I just need to organize passwords, not to protect millions in assets.

Top answer
1 of 13
16
Bitwarden gives you a lot of options that you do not need to use. Its interface isn’t the prettiest but is functional. My 80 years old mom uses Bitwaden. It’s set up to do auto fill and 2fa. Her browser extension is set never to log out. These are not the most secure settings but on a Chromebook with encrypted storage it’s a good trade off for a person who can barely type in her master password. My mom have trouble turning on her computer so if she can use bitwaden anyone can.
2 of 13
6
It's just that Bitwarden's interface is uglier than other password managers, but Bitwarden is completely simple and easy to use for beginners.
Videos
06:57
🌐 YouTube
Bitwarden review | Is it the Best Password Manager of 2025? - YouTube
June 12, 2025
06:31
🌐 YouTube
Bitwarden review 2025: Should you RELY on it today? - YouTube
March 3, 2025
05:57
🌐 YouTube
My Honest Bitwarden review 2025 | How good it really is? - YouTube
April 13, 2024
08:41
🌐 YouTube
Bitwarden vs NordPass vs 1Password vs LastPass | Best Password ...
September 22, 2025
01:30
🌐 YouTube
Best Password Manager 2023 is Bitwarden. I wish I had known it sooner.
August 12, 2023
06:55
🌐 YouTube
Honest Bitwarden review | Is Bitwarden really the best there is...?
October 19, 2023
18.1K
View all
View all
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί bitwarden is the best free password manager, or is the best overall?
r/Bitwarden on Reddit: Bitwarden is the best free password manager, or is the best overall?
October 10, 2024 -

It is clear that Bitwarden is the best free password manager around. But in your opinion, is it still the best among the paid ones?

Reason: I started using Bitwarden when I was younger mainly due to its negligible cost, although I always paid for the premium version to support it. Now that I'm older and have a job, I was wondering if, for a service like password managers which I consider important and which I would gladly pay for, it would be appropriate to continue with Bitwarden or there are better alternatives out there. What do you think?

Top answer
1 of 60
204
It is not the most beautiful but it is the best.
2 of 60
81
It is the best.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί is bitwardern safe?
r/Bitwarden on Reddit: Is bitwardern safe?
October 15, 2023 -

I am a new user and want to switch from default Google password manager to bitwardern so that i can use my passwords seamless. But am concerned that if it is safe to use and can my passwords be compromised like LastPass wass hacked?

Top answer
1 of 16
16
Start here: https://bitwarden.com/blog/beyond-your-browser/ is it safe There is no certainty in life, but Bitwarden is about as good as you will get. If you are thoughtful about how you use it (good master password, strong 2FA;, good opsec, and only operate on trusted devices), you will be in good shape. Can my passwords be compromised Yes and no. The LP gaff was the exposure of their backups to attackers. That can happen with Bitwarden. What is different is that LP has bad encryption. Couple that with choosing a bad master password and you could have a problem.
2 of 16
14
In my opinion, it's safer than google in the following ways. The bitwarden account is separate from your google account, so if someone compromises your google account it won't expose your password. The vault is safer on Windows. Any process with that runs as the user can read the password. Bitwarden as a security company and is probably more security conscious than Google, who wants to serve you ads. Your vault is probably readable by Google. Bitwarden vaults are not readable by bitwarden. Ways that Bitwarden is better than Last Pass. They seemed to more security conscious than LastPass. Bitwarden encrypt more of their fields. Bitwarden source code is open so that securitys firm can audit the code for security. The code cannot be stolen like they did with Lastpass. Bitwarden uses existing encryption open source algorithm instead of coming up with their own. The reason coming up with your own is bad is because the algorithm is quick complicated and you should stick with one that's being used and audited by everyone else. You can use u2F as a 2FA. Lastpass seems to be using OTP, which is not phishing-resistent.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί do you actually put in all your passwords ?
r/Bitwarden on Reddit: Do you actually put in ALL your passwords ?
June 8, 2023 -

Newbie here, have been in the background just seeing posts here and there. Not really replying but I think I am ready to start using bitwarden BUT I’m not sure if I trust it enough to input my information for financial stuff, 401k login, bank etc.

Is anyone using this for that? I get if you don’t want to answer (I get it OPSEC)..but also when do you know if and when to trust it?

Other programs which have had breaches just makes me so hesitant

Top answer
1 of 41
105
Yep, I put everything in it. The entire point of encryption and the zero-knowledge architecture is that a bad actor can get everything Bitwarden has and they are not going to be able to get my passwords. Just make sure you use a strong master password. Switch to Argon2ID (which is really just icing on the cake if you created a strong master password). Use 2FA (which only helps if someone is trying to log in as you) and you'll be fine.
2 of 41
36
Bitwarden is completely open source, so you can inspect what they're running on their servers (and even run it on your own like I do). One thing that makes Bitwarden stand out from others like LastPass (that was breached) is that everything in your vault is encrypted using a key that's partially dependent on your master password, which Bitwarden has no knowledge of. That encryption happens on your device before transit as well.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί bitwarden vs 1password
r/Bitwarden on Reddit: Bitwarden vs 1Password
August 16, 2023 -

From my experience, Bitwarden and 1Password are the best password managers on the market. Though (as far as I see it) a Bitwarden has points to be approved. From your experience:

  1. what are advantages of Bitwarden in comparison to 1Password (except that Bitwarden is open source, and it’s unbeatable premium price, And -

  2. what would you improve in Bitwarden?

Top answer
1 of 3
44
Bitwarden has a username generator which 1password doesn't. Bitwarden also has more alias integrations. Bitwarden can be self hosted. Why would you discount the open source nature? That's the whole point of something being secure - verify the claims. Improve: full backups
2 of 3
17
Bitwarden also has its excellent "Send" feature of ephemeral links for sharing sensitive documents, which I've used a few times already.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί looking for honest bitwarden review?
r/Bitwarden on Reddit: Looking for Honest Bitwarden Review?
October 19, 2023 -

I have a lot of passwords on Dashlane, I've used it for over ten years and cannot afford to pay for premium. What are the pro and cons for Bitwarden? How does it compare to Dashlane? Are there any UI features that you like/want to change? What are some features that are helpful, but seldom used?

Top answer
1 of 12
9
I've never used dash lane. Bitwarden saves my passwords, credit cards and notes like private keys or whatever, has a great android app that fills almost everywhere, and the browser extension works really well. It's fucking great.
2 of 12
8
https://www.reddit.com/r/Bitwarden/comments/14fuggh/my_bitwarden_review/ Recent review. Pros - open source, free, it just works, good alias integration, support has been helpful when needed. Cons - backups need some work, maintenance needs to be better (though it seems to be trending that direction). Features that are helpful? Github. Too many people come here posting about a bug and either don't see if a bug already exists in Github or they never create one which means devs may not identify issues.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί what should i know before i start using bitwarden?
r/Bitwarden on Reddit: What should I know before I start using BitWarden?
November 13, 2021 -

Yes, I read the welcome post. I'm going to start using BitWarden tomorrow. I will use the web vault and Firefox extension (recently deleted Chrome due to so many security issues). I need to memorize some sort of random unique password. I'm not sure if I need a specific number of characters or should use a few password phrases. I will have to change all my important existing passwords to something better using Bitwarden.

It took my all my life and 1/2 my expected lifetime to have decent credit and actually have any $$$ to worry about. Decided I should probably stop reusing passwords and relying on saving my passwords in Google.

If you give advice, please make it something a 5-year-old could understand.

Top answer
1 of 13
101
Glad to see you onboard. The most important first step is to choose that master password. I would recommend choosing something random which looks easy to type and writing it down on a piece of paper. Don't try to memorise it straightaway, focus on entering it exactly as written on the piece of paper. Once you've entered it a number of times, try putting it out of sight. If you're still able to enter it then move it to a safe or similar. The next most important thing is to set-up two step login for your BitWarden account. If you're using BitWarden Premium then the most secure is a YubiKey. If you don't want to invest in one yet then an authenticator app is a good option. Print your BitWarden two step login recovery code and put it with your master password. Next secure your email account. Choose a strong random password, save it in BitWarden and enable two factor authentication. To minimise the risk of lockout, its a good idea to print your email login credentials and store them with your master password. Then over the coming days and weeks, go around all the websites you use and change the passwords to something unique/random, save them in BitWarden and enable two factor authentication where available. Start with the more critical ones, like banks, email, cloud storage, etc. For the others you may want to wait until you need to visit that website or receive an email from them. The important thing is that you get around them all in the next month or two.
2 of 13
38
Congratulations! This is a wise move. CHOOSE AN EMAIL ADDRESS -- Bitwarden sends you important notifications such as failed login attempts. You should pick one that gives you push notifications on your mobile device. It might be wise to use one that you haven't handed out to every website and social media in creation to reduce credential stuffing attacks. There are a number of decent ones like protonmail.com out there. MASTER PASSWORD -- Like others have said, pick a good master password. I personally prefer a passphrase (three to five random words, plus a piece of punctuation, plus a numeral). Also, use a passphrase generator. It is going to generate a much more secure password than anything you can do on your own. MEMORIZE YOUR MASTER PASSWORD -- and then write it down. Human memory requires repetition before you can memorize it, so don't try to use recollection alone at first. For the first couple of weeks, make sure to set up Bitwarden so that you have to enter the master password often. This is one password that you really want to memorize, and that's only going to happen by frequent repetition over the period of days. After you have memorized it, you might consider using a PIN or otherwise relaxing the circumstances where you need to enter the master password. SECURE YOUR DEVICE -- A password vault doesn't replace basic security precautions. For the sake of discussion let's assume we're talking about your mobile device as your primary computing platform. It must also be secure! Use good antimalware scanning. Set up good authentication to deter unwanted visitors. Set the timeout to require re-authentication to be as short as you can stand. Pay attention to the physical security of the phone. Your password vault is just one part of a healthy security protocol. APPLICATION, BROWSER EXTENSION, WEB VAULT -- I don't actually care as much for the web vault. In addition to the Firefox extension, please consider installing the app as well. The app is superior for creating and editing vault entries. The browser extension is much superior, in terms of both security and ease of use, for web browsing. The web vault is a necessary evil IMNSHO for certain unusual workflows. In any regard, don't consider the browser extension versus the desktop app as an either-or proposition; you don't lose security by installing both. CONFIGURING BITWARDEN -- In terms of configuring the browser extension and the desktop app, the same considerations that apply to your mobile device also apply. Set a short timeout before they "lock", which then requires you to re-authenticate in order to open the vault. Whatever you do, always require the master password when you start up your mobile device; otherwise you're putting a copy of the master password in your device's persistent storage. FIRST STEPS TO SECURE YOUR PRESENCE -- Start with your email address. Pick a new password, add the entry to your vault, and then update the email service to use the new password. Note the order carefully! I recently saw someone lose $25K in cryptocurrency because they updated the password without first creating/updating the entry in their vault. Be sure to test the new email address by completely logging out (or opening a private window) and confirming the new email works. ADD ALL OF YOUR SECRETS -- It's time to just get an inventory of all of your websites and their secrets. Don't worry at this point about changing any passwords; this step is about rounding up all of your secrets and putting them into the vault. In addition to web logins, don't forget logins to your computers, cell phone passwords, passport numbers, drivers license numbers, wifi passwords, social security numbers for your spouse and children, bank account numbers, credit cards (be sure to include their contact information in case the card is lost), a photograph of your COVID-19 vaccine record (front and back), vaccine records for your spouse and children, health insurance cards, or details on your motor vehicles (including the VIN, license plate and expiration). Of course don't freak out about trying to get this all done at once, but every few days (or when you use one of these items), take a moment to add some entries to your vault. UPDATING YOUR PASSWORDS -- If you're like most of us you used one password or a few variations for all of your websites. Starting with the most important ones, you should update the passwords. For each one, log in to the website, start the password update form, and enter the current password.next, create a new password and save it in your vault. Like before, saving it is an important step. Don't worry, Bitwarden remembers old passwords, so you don't usually need to take extraordinary steps to save previous passwords. Then, holding that new password in your system copy buffer, paste it into the "new password" fields in your form, then submit the form. [See? This is much easier with the desktop app as opposed to always using the browser extension, which will keep vanishing while you're doing this.] Most importantly, promptly open a new private window and confirm the new password works on your website. WORD OF WARNING: although I love long passphrases, I have found that long passwords frequently uncover programming errors on various websites. They occasionally cut off long passwords and do it silently. Even worse, they may cut them off at different places. For instance, you might be able to log in via the website, but their mobile app will fail. Again, like collecting the list of secrets, don't freak out if you can't fix all of them at once. Take your time, and do a few at once, until you've finally worked through all of them. 2FA AND OTHER ADVANCED TOPICS -- Two factor authentication is a good thing! In rough order of security, you'll typically find a hardware token (like a Yubikey), Time-based One Time Password (TOTP), email, or SMS/voice call. Whenever you have 2FA on a website, you should mention this in the notes field for your entry as long as what kind it is and details (such as which email address or phone number). SETTING UP TOTP -- if you add TOTP to any website, I strongly recommend using Authy (if you are at the Bitwarden free tier) or Bitwarden Authenticator (if you are paying the $10/year premium subscription). If you are using Authy, you should secure your mobile phone number via a password with the mobile carrier and write it down. You should put it in your vault as well, but you will need this password to reclaim control of your phone. Similarly, you want to enable Authy's cloud backup storage, but you should set its encryption password and also write that down as well as put it in your vault. Most sites also give you "recovery codes" when you set up 2FA. Be sure to store these recovery codes in the notes field of your vault entry as well. 2FA ON BITWARDEN -- 2FA on your vault enhances security, but it also increases your chances of getting locked out. You should make a point of setting this up, but be sure to save the recovery codes they give you as well, esp. on a piece of paper. Like the recovery codes for other sites, you should save these in Bitwarden. Unlike the recovery codes for other sites, storing them in Bitwarden will not help you regain access to your vault. SET UP BACKUPS -- If you've been following all of this, you'll see I've been telling you to write a bunch of junk down outside of your vault. This includes your master password, recovery codes for your 2FA, and--if you're using Authy--the mobile phone password and Authy encryption password. You see, one of the threat surfaces you need to guard against is completely losing access to your vault, which means that precautions necessarily preclude using the vault (or any online storage service, for that matter) to regain access. In addition to these key secrets, I also recommend "exporting" the vault onto a thumb drive (please use the "unencrypted JSON" format). STORING BACKUPS -- Put the piece of paper and the thumb drive in a secure location like a safe deposit box or a fireproof waterproof lockbox at a friend's house. (If your house burns down, you don't want to lose all of your tech AND the necessary backups to regain access.) You might also consider a second copy (paper plus thumb drive) at your house as well. Also, as a software developer, I really don't trust technology, so I duplicate those thumb drives with a second copy, from a different manufacturer. BITWARDEN PREMIUM -- I really like Bitwarden Premium for just a few of its features, and I hope you will eventually pull the pin and upgrade as well. At $10/year it's a real bargain. The first thing I really like is that you can secure the vault with a hardware token. I really love my Yubikey 5 NFC; it offers unsurpassed 2FA protection, and I discovered I can use it with Google, Microsoft, and a number of other major players. Second, Bitwarden Authenticator gives me a better system of record for all of my TOTP secrets. Authy is a good TOTP service, but for me it is inferior to using Bitwarden itself for these secrets. Not only does it have better browser integration, I have some minor nits and concerns with Authy. (Also note that some people feel the need to use secret splitting and eschew putting everything in their vault, so Bitwarden Authenticator may not be right for you.) Finally, Premium allows me to save small files in my vault, which is useful for me. I know this is a lot of steps, and I don't want to overwhelm you, but I think it helps for you to have a roadmap of what the endgame is going to look like. You don't need to do everything at once, but this should give you a vision on how to proceed forward. Good luck, and stay safe!
Find elsewhere
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί is switching to bitwarden worth it?
r/Bitwarden on Reddit: Is switching to Bitwarden worth it?
October 25, 2023 -

I have been using KeePassXC for a couple of months now, but its too hard to sync the passwords between my phone and my PC. So i have been thinking of switching to Bitwarden.

Is Bitwarden worth switching to? If yes, then how do i migrate my passwords from KeePassXC?

Top answer
1 of 18
35
Why not give it a try? It's free, so not much to lose other than some time
2 of 18
13
KeePass is a good password manager, but as you have discovered, it can be a bitβ€”fiddly. Bitwarden could be a good alternative for you. The strength of your master password is critical (use a Bitwarden generated passphrase with four of more words). Also use good 2FA: either a FIDO hardware token or TOTP (the β€œauthenticator app”). As usual, an emergency sheet and/or full backup are essential. If you lose either your master password or your 2FA, Bad Guys might not read your vault contents, but losing those same secrets could be just as bad. As far as migration, I think Bitwarden supports your password manager out of the box. You use the website. (Don’t worry; your master password never leaves your browser.) After creating your new vault, you point the migration web app at your KeePass export. More here: https://bitwarden.com/help/import-faqs/#q-what-file-formats-does-bitwarden-support-for-import
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί i think the future is with bitwarden
r/Bitwarden on Reddit: I think the future is with Bitwarden
March 4, 2024 -

In the long run, do you think Bitwarden will take most of the password manager market share? (if not already) Right now there are two obvious choices: 1Password and Bitwarden. 1Password is mostly recommended for its simplicity and UI, but Bitwarden has now announced that they are slowly refreshing their UI, which has been the topic of many posts on reddit and their forum. Bitwarden also offers passphrase support on the free plan, while you have to pay to use it with 1Password. Even the premium plan on Bitwarden is 3 times cheaper than 1Password. While 1Password is a good product, there are a lot of complaints about various bugs in their application (all platforms). On the contrary, for Bitwarden it is mostly requested features that users ask for (of course there are also some bugs). Recently they added the popup overlay that has appeased long time angry users, they are switching to native app for Android...

Do you have an opinion, especially in the area of subscription fatigue and looking for efficiency? The purpose of this question is to help a company (not related to IT) make a good choice. I I think the future is with Bitwarden but maybe something big could be coming with 1Password...

Top answer
1 of 5
62
I have voted for Bitwarden with my cash for 2 years now. I have looked at 1Password but the cost turned me off.
2 of 5
49
Bitwarden has some very serious issues in the enterprise that I hope they will fix. Some key concerns are Performace is much too slow with larger vaults with 2000+ items. (painfully slow!) Back end policies and controls are very limited and much of these are left to the users. The client settings also do not roam from system to system. Adminstrators should be able to managed most of this from the backend and while I hate Lastpass, this is an area the do very well. Reporting is absolutly terrible. In an enterprise, especially an audited one (example SOC2) generating reports over a year for user adds and disables or permissions changes is very difficult. You can try download to excel but they limit the size of the downloads so you need to do week by week seperatly and piece together. (or do by API which is what we do). I belive in Bitwarden and did a very large migration from Lastpass in 2023 to it and while I know it's not ideal I am hopeful it will get better over time.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί is bitwarden the best standalone password manager?.
r/Bitwarden on Reddit: Is Bitwarden the best standalone password manager?.
July 19, 2025 -

I'm planning to move my passwords from Google Password Manager. I realize now that I should have moved sooner, as it's risky to have my passwords stored in Chrome. So far, I have narrowed my choices down to three preferred password managers: Bitwarden, Proton Pass, and 1Password. Which do you think is the best? Can you recommend any others? What has your experience been with them, and have you ever been hacked while using one?

Top answer
1 of 51
138
I believe Bitwarden is the best available password manager. They've been exclusively protecting passwords since 2016 and have never been breached. They've also got the best free tier of any of the top managers. Their personal premium plan is also very reasonable at only $10/year. I trust my 1000+ logins, and personal information to Bitwarden, and recommend them without reservation.
2 of 51
26
I can comment only on Bitwarden. It's free/inexpensive, safe, and functional. It can be buggy, so it may be better for the technically inclined to use clients that can be rolled back to previous versions. There is a lot of user support, which can be both a blessing and a curse. I would recommend it with some caveats.
🌐
Reddit
reddit.com β€Ί r/hacking β€Ί what are your guys thoughts on password managers like bitwarden and programs like that.
r/hacking on Reddit: What are your guys thoughts on Password managers like Bitwarden and programs like that.
April 26, 2023 -

I always thought to stay away from them as my thought process was once you have one password, You have them all. And also nobody is generally targeting me however Targeting a company like lastpass is a lot more likely, and If my information is saved there then its comprimised. I know the correct thing to do is to write down my passwords in a book and keep it on me but what do you guys think of password managers like that.

Top answer
1 of 28
83
I prefer password managers because I only need to remember my master password to access everything. Sure someone can snipe it or break into them from time to time, but its still a hell of a lot safer than reusing the password or writing them down... write down my passwords in a book and keep it on me Gonna fire some of your thought process back at you. What happens if you get robbed and someone has your usernames and passwords? If you want something a bit safer, use something like Keepass where its all local, then just keep the database on a flashdrive or something
2 of 28
63
Stay away from Last Pass. Bitwarden is cool. Edit. So just to elaborate, do a quick Google News search about LastPass, and that will solve your question about why having a password manager can be bad. Then look up other services like Bitwarden, and for the pro reason: keep in mind that the best password is no password at all, instead of rotating insecure passwords every month, have a service that recalls super secure passwords that also verifies if they have been breached.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί best password manager in 2024?
Best Password Manager in 2024? : r/Bitwarden
June 17, 2023 - Used LastPass for ages until their add-on stopped working in Firefox after an update to something. BitWarden was updated and worked flawlessly - easy decision. ... Norton is trash. Might as well have a virus. Best option is to get anti virus without the password manager and VPN because they are just bundled add-ons.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί experts recommend standalone password managers over browser-based options
r/Bitwarden on Reddit: Experts recommend standalone password managers over browser-based options
August 19, 2025 -

From Bitwarden blog:

β€œ... It's really important to remember that anything you can access in your browser, someone else can too*. That's the guiding principle to keep in mind when looking at the security of password managers built into your browser. If someone can access your browser or the account that you use in your browser for saving and generating passwords, they can open up everything..''*

https://bitwarden.com/blog/beyond-your-browser/

Top answer
1 of 5
63
Browser-based options are a honeypot for infostealer malware.
2 of 5
28
and the next paragraph says: "Here's a hypothetical to give you an idea of what can go wrong with a browser password manager. If you're using something like Chrome, everything is tied to your Google account; your history, passwords, cookies, account settings, and so much more. That's great for convenience because you can install Chrome on a new device, log into your account, and have all your data at the ready in no more than a minute. If someone else can access your login details, however, they can go through the exact same process.”"
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί chrome pass manager or bitwarden
r/Bitwarden on Reddit: Chrome pass manager or Bitwarden
July 24, 2025 -

Hello I’ve been using the browser password manager for quite a long time, I had 1 time unfortunately where I installed something malicious and all my chrome passwords were taken(not a RAT), if i switch to Bitwarden could it happen again since it’s an extension?

Top answer
1 of 5
13
Not even a question. Standalone password managers are far superior to browser-based password managers. Bitwarden specifically is miles beyond the password saving functionality found in Chrome. Bitwarden offers a browser extension, but the Bitwarden service itself is not an extension. It's an encrypted client-server service that maintains an encrypted vault that's sync'd with Bitwarden's cloud, or your own self-hosted environment.
2 of 5
6
If your device get infected by a malware, the same thing can happen with Bitwarden or any other password manager. 2FA can help somewhat, but these malware usually record everything you type or copy and paste on that device, including passwords, they can peek into processes, etc. Device security is essential.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί password management strategy for dummies
r/Bitwarden on Reddit: Password Management Strategy For Dummies
January 23, 2022 -

I have compiled a password management strategy scenario which gives adequate amount of protection without much inconvenience. I think this strategy should be enough for a vast majority of people. It involves remembering only 1 password and no investments in physical security keys. There are fail safes in place for different situations that can go wrong, including forgetting the master password.

I hope it will help people to understand the overall picture of password security and give them enough context to modify it as per their unique requirements.

Overview Of Setup

Setup Of The Strategy

  1. For login to a website user provides master password to Bitwarden and gets website password and TOTP code (Assumes Bitwarden premium account for added convenience)

  2. Register Bitwarden and Authy in more than 1 devices, use biometric unlock for bitwarden in any one of the device and store master password too in bitwarden.

  3. Unauthorized installation of Bitwarden is protected by another 2FA app Authy. (Authy is used only for bitwarden's 2FA, each website's 2FA are stored in bitwarden for convenience)

  4. A plain text JSON backup is created from Bitwarden which is encrypted using the master password and stored locally in multiple daily use and easily accessible (even offline) devices, like your mobile local storage, pen drive etc.

What can go wrong? - The Fail Safes

  1. Website Password is Stolen: The 2FA from Bitwarden protects against unauthorized access. Use unique password for each account and always use 2FA.

  2. You Forget Master Password: Access bitwarden from a device with biometric unlock enabled. Check the saved master password.

  3. Master Password is Stolen: Without 2FA from authy, attacker will not be able to access your passwords. Keep changing the master password every 6 months.

  4. Bitwarden Backup Is Stolen: Without master password the backup file is useless. Keep changing the passwords of sensitive websites every 8 - 10 months.

  5. Authy is compromised: Without master password stealing authy will not help. Keep monitoring for the devices that have authy registered.

  6. Bitwarden Disappears From Earth: Use Bitwarden backup after decrypting using master password to get access to websites (passwords and TOTP auth tokens/ backup codes)

Biggest Risk

If you have a strong master password which is not reused anywhere, you will be secured against most attacks. However a combination of two or more failures can compromise your safety. But chances of any two above mentioned failures happening simultaneously is pretty slim. Therefore, for most people the above strategy should be all they need.

The biggest risk in my opinion is stealing of the backup file and at the same time your master password. This can be mitigated if you put your backup file in easily accessible but at least moderately secure place like secure folder of samsung's mobile devices etc.

Another risk is that you loose all your devices at the same time, so you are no longer able to install BitWarden again due to 2FA. Authy does have a recovery mechanism in place for this case but it can take several days for it. Hence, if possible keep the encrypted backup at more than 1 physical location.

Other Best Practices

  1. Change your master password every 6 months and update the encrypted veracrypt backup whenever you change the master password.

  2. Change each website password every 8 - 10 months. Update your backup whenever you do so.

  3. Never use master password for any other website and ensure it can not be easily guessed.

  4. Monitor strictly that your Authy and Bitwarden is not registered in any unknown/old devices.

  5. If possible, store Bitwarden encrypted backup in easily offline accessible (atleast 2) but secure devices which only You have access to.

EDIT - Some Updates After Taking Suggestions From Comments Below

  • Changing master password every 6 months seems not necessary. Better way is to make a very secure password and change it only if you feel it is compromised.

  • Changing website passwords every 8 - 10 months is a hassle. However, most high risk sites like banks themselves set an expiration time for passwords so it is taken care of implicitly. For other critical sites like your email providers and social media accounts generating a random password and updating it might not be a big deal.

  • Saving your master password in the vault is another point of discussion, I don't find any obvious side effects other than the fact that you left your vault open and gave the device to some one else. But in that case it does not matter you have your master password in the vault or not, all your logins are compromised.

  • The system is still complicated for non technical users - This is true, I think a better audience for this post is someone who already have technical expertise to setup password manager and 2FAs but want to establish a fixed workflow or improve upon an already established flow.

Top answer
1 of 5
48
Why do you want to change Master Passwords every 6 months. As I recall even NIST finally recanted on that one.
2 of 5
22
It is no longer recommended that you change your password frequently. In fact, doing so is a BAD IDEA (like many other recommendations in the past from "experts"). Yes, for sure change master password if you have reason to think your master password has been compromised (you know, you had shared with your girlfriend and she's just told you she's leaving you for a fitness instructor). Otherwise, changing passwords leads to confusion, and confusion is a serious security problem. I've used same passwords with Bitwarden and 1Password each (different password for each service) for many many years. It's going to take a very bad stroke for me to forget them β€” or more precisely for my fingers to forget them. I no longer even think about them. In every other respect this is a very good workflow and similar to the one I have used myself for a long time. But your excellent diagram and explanations point up the biggest problem faced by "normal" users: This is still too complicated! My daughter is a surgeon. She's a reasonably smart young woman. But no way she's ever going to do all that. I've set her up with 1Password (obviates need for Authy) and I keep track of things for her now. I'm hoping that goof-proof biometric authentication takes over the world before I am unable to help her any longer.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί password manager concept is very confusing to me
r/Bitwarden on Reddit: Password manager concept is very confusing to me
June 24, 2023 -

I don't understand how this works, I'll describe the scenario which bothers me:

You own a compromised device with a password manager installed on it, you create a password manager vault with a master password which the hacker can see via keylogger or maybe even screen recording.

Now you have all your passwords in one place and it's exported into the hackers device.

How does this work then?

I think it would make more sense to me if it required biometrics only to unlock, isn't this creating one password to enable a hacker stealing all your information?

Top answer
1 of 5
37
Password managers don't protect against malware or compromised devices. What's the difference between a password manager on a compromised device and just logging in normally to your email, either keystrokes can be stolen. You're responsible for securing your devices and only using password managers on clean devices within your control.
2 of 5
26
You own a compromised device Stop right there. A password manager does not defend against a compromised device. Regardless of whether you use a password manager or just type in passwords on your device, if it is compromised, so are your websites. Practicing good opsec (device under your absolute and exclusive control, malware detection, care in opening web links and so forth) is a necessary precursor before doing ANY secure computing, including typing in a password or operating x password manager. So what, then, is the point of a password manager? Answer: it defends against threats OTHER than malware. Easy passwords and reused passwords are the major threats in 2023. You simply cannot memorize 200+ random passwords like $&OuX0QET&7yr%. and that is what you need to prevent hackers from taking over your accounts. Password managers don't protect you from malware. They help protect you from bad guys guessing your passwords.
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί is bitwarden a good choice?
r/Bitwarden on Reddit: Is Bitwarden a good choice?
July 5, 2024 -

I currently use 1Password which is excellent, it does the job perfectly on my iPhone and my Windows PC. I would like to opt for Bitwarden since it is free, is it a good alternative? I use double authentication on 1Password, is it also effective on bitwarden?

Top answer
1 of 32
44
Yes, Bitwarden is a good alternative. I assume by double authentication you mean some form of multi-form authentication to login. Bitwarden supports this as well.
2 of 32
39
1Password vs Bitwarden : I would ditch 1Password entirely. Bitwarden developers are transparent and proactive. I would also encourage you to subscribe to their premium service at 10$ a year. It’s cheap and you support the devs at the same time. Edit 1 : The UI of Bitwarden seems outdated by today’s standard but it just works and intuitive. You just have the settings you need to manage your stuff. Nothing fancy that could compromise security. The devs are also revamping their Ui entirely as well. While it would not add new features , it would be more pleasant to the eyes like the 1Password UI. I understand UI is important for good experience but Bitwarden is far from being unusable. It’s barebone UI makes it less vulnerable to bugs
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί best password manager list & comparison table
r/Bitwarden on Reddit: Best Password Manager List & Comparison Table
April 24, 2025 -

Hi, I made this updated password manager list & comparison table to help people decide which password manager to use. Please feel free to share any suggestions for improvement.

Best Password Managers

Proton Pass

Proton Pass is made by the team behind ProtonMail and ProtonVPN. It is open source, audited, and built around privacy with end-to-end encryption. It has a clean interface and a good free tier, but no option for local storage.

Bitwarden

Bitwarden is open source, audited, and uses end-to-end encryption. It works across all major platforms and offers a solid free plan. The interface is functional but can feel clunky compared to others.

1Password

1Password is closed source but audited and highly polished. It has no free tier, but it is easy to use and integrates well with different devices and browsers. Strong security and a smooth interface are its main selling points.

Comparison Table

Password ManagerAuditsOpen SourceFree Tier2FAE2EECloud BasedLocal StorageEmail AliasClean UINo Security IncidentsAndroidiOSWindowsmacOSLinuxChromeFirefox
Proton Passβœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
Bitwardenβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
1Passwordβœ…βŒβŒβœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
NordPassβœ…βŒβœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
DashlaneβŒβœ…βœ…βœ…βœ…βœ…βŒβŒβœ…βœ…βœ…βœ…βŒβŒβŒβœ…βœ…
RoboFormβœ…βŒβœ…βœ…βœ…βœ…βŒβŒβœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…
Keeperβœ…βŒβŒβœ…βœ…βœ…βŒβŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
Enpassβœ…βŒβœ…βœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
Sticky PasswordβŒβŒβœ…βœ…βœ…βœ…βœ…βŒβŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βœ…
LastPassβœ…βŒβœ…βœ…βœ…βœ…βŒβŒβœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…
KeePassXCβœ…βœ…βœ…βœ…βœ…βŒβœ…βŒβŒβœ…βŒβŒβœ…βœ…βœ…βŒβŒ
KeePassDXβŒβœ…βœ…βœ…βœ…βŒβœ…βŒβŒβœ…βœ…βŒβŒβŒβŒβŒβŒ
StrongboxβŒβŒβœ…βœ…βœ…βŒβœ…βŒβœ…βœ…βŒβœ…βŒβœ…βŒβŒβŒ
Google Password ManagerβŒβŒβœ…βœ…βœ…βœ…βŒβŒβœ…βœ…βœ…βŒβŒβŒβŒβœ…βŒ
iCloud KeychainβŒβŒβœ…βœ…βœ…βœ…βŒβœ…βœ…βœ…βœ…βœ…βœ…βœ…βŒβœ…βŒ
Microsoft AutofillβŒβŒβœ…βœ…βŒβœ…βŒβŒβœ…βœ…βœ…βŒβŒβŒβŒβœ…βŒ

Last updated: 4/17/2025.

Top answer
1 of 5
25
Remove the 'Clean UI' column entirely. It's too subjective.
2 of 5
9
why is lastpast even there after the breach a while back. I dont trust it at all now
🌐
Reddit
reddit.com β€Ί r/bitwarden β€Ί why do you trust bitwarden?
r/Bitwarden on Reddit: Why do you trust Bitwarden?
November 4, 2022 - Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive information. With a trusted, open source approach to password management, secrets management, and passwordless and passkey innovations, Bitwarden ...