It is clear that Bitwarden is the best free password manager around. But in your opinion, is it still the best among the paid ones?

Reason: I started using Bitwarden when I was younger mainly due to its negligible cost, although I always paid for the premium version to support it. Now that I'm older and have a job, I was wondering if, for a service like password managers which I consider important and which I would gladly pay for, it would be appropriate to continue with Bitwarden or there are better alternatives out there. What do you think?

I'm reading some f the posts here and it feels like there's a steep learning curve to using this and it's not intuitive like say Roboform or Nordpass. Of those two I prefer Roboform, but even with Nordpass I literally just installed the program, logged in with my Nord login and set everything up easily. It imported everything from Roboform, and any sites it detects as new it saves those logins.

Here I'm reading about how you have to set various master passwords using different types of encryption, multiple layers of security, etc. I just need to organize passwords, not to protect millions in assets.

I am a new user and want to switch from default Google password manager to bitwardern so that i can use my passwords seamless. But am concerned that if it is safe to use and can my passwords be compromised like LastPass wass hacked?

Newbie here, have been in the background just seeing posts here and there. Not really replying but I think I am ready to start using bitwarden BUT I’m not sure if I trust it enough to input my information for financial stuff, 401k login, bank etc.

Is anyone using this for that? I get if you don’t want to answer (I get it OPSEC)..but also when do you know if and when to trust it?

Other programs which have had breaches just makes me so hesitant

From my experience, Bitwarden and 1Password are the best password managers on the market. Though (as far as I see it) a Bitwarden has points to be approved. From your experience:

1. what are advantages of Bitwarden in comparison to 1Password (except that Bitwarden is open source, and it’s unbeatable premium price, And -

2. what would you improve in Bitwarden?

I have a lot of passwords on Dashlane, I've used it for over ten years and cannot afford to pay for premium. What are the pro and cons for Bitwarden? How does it compare to Dashlane? Are there any UI features that you like/want to change? What are some features that are helpful, but seldom used?

Yes, I read the welcome post. I'm going to start using BitWarden tomorrow. I will use the web vault and Firefox extension (recently deleted Chrome due to so many security issues). I need to memorize some sort of random unique password. I'm not sure if I need a specific number of characters or should use a few password phrases. I will have to change all my important existing passwords to something better using Bitwarden.

It took my all my life and 1/2 my expected lifetime to have decent credit and actually have any $$$ to worry about. Decided I should probably stop reusing passwords and relying on saving my passwords in Google.

If you give advice, please make it something a 5-year-old could understand.

I have been using KeePassXC for a couple of months now, but its too hard to sync the passwords between my phone and my PC. So i have been thinking of switching to Bitwarden.

Is Bitwarden worth switching to? If yes, then how do i migrate my passwords from KeePassXC?

In the long run, do you think Bitwarden will take most of the password manager market share? (if not already) Right now there are two obvious choices: 1Password and Bitwarden. 1Password is mostly recommended for its simplicity and UI, but Bitwarden has now announced that they are slowly refreshing their UI, which has been the topic of many posts on reddit and their forum. Bitwarden also offers passphrase support on the free plan, while you have to pay to use it with 1Password. Even the premium plan on Bitwarden is 3 times cheaper than 1Password. While 1Password is a good product, there are a lot of complaints about various bugs in their application (all platforms). On the contrary, for Bitwarden it is mostly requested features that users ask for (of course there are also some bugs). Recently they added the popup overlay that has appeased long time angry users, they are switching to native app for Android...

Do you have an opinion, especially in the area of subscription fatigue and looking for efficiency? The purpose of this question is to help a company (not related to IT) make a good choice. I I think the future is with Bitwarden but maybe something big could be coming with 1Password...

I'm planning to move my passwords from Google Password Manager. I realize now that I should have moved sooner, as it's risky to have my passwords stored in Chrome. So far, I have narrowed my choices down to three preferred password managers: Bitwarden, Proton Pass, and 1Password. Which do you think is the best? Can you recommend any others? What has your experience been with them, and have you ever been hacked while using one?

I always thought to stay away from them as my thought process was once you have one password, You have them all. And also nobody is generally targeting me however Targeting a company like lastpass is a lot more likely, and If my information is saved there then its comprimised. I know the correct thing to do is to write down my passwords in a book and keep it on me but what do you guys think of password managers like that.

From Bitwarden blog:

“... It's really important to remember that anything you can access in your browser, someone else can too*. That's the guiding principle to keep in mind when looking at the security of password managers built into your browser. If someone can access your browser or the account that you use in your browser for saving and generating passwords, they can open up everything..''*

https://bitwarden.com/blog/beyond-your-browser/

Hello I’ve been using the browser password manager for quite a long time, I had 1 time unfortunately where I installed something malicious and all my chrome passwords were taken(not a RAT), if i switch to Bitwarden could it happen again since it’s an extension?

I have compiled a password management strategy scenario which gives adequate amount of protection without much inconvenience. I think this strategy should be enough for a vast majority of people. It involves remembering only 1 password and no investments in physical security keys. There are fail safes in place for different situations that can go wrong, including forgetting the master password.

I hope it will help people to understand the overall picture of password security and give them enough context to modify it as per their unique requirements.

Overview Of Setup

1. For login to a website user provides master password to Bitwarden and gets website password and TOTP code (Assumes Bitwarden premium account for added convenience)

2. Register Bitwarden and Authy in more than 1 devices, use biometric unlock for bitwarden in any one of the device and store master password too in bitwarden.

3. Unauthorized installation of Bitwarden is protected by another 2FA app Authy. (Authy is used only for bitwarden's 2FA, each website's 2FA are stored in bitwarden for convenience)

4. A plain text JSON backup is created from Bitwarden which is encrypted using the master password and stored locally in multiple daily use and easily accessible (even offline) devices, like your mobile local storage, pen drive etc.

What can go wrong? - The Fail Safes

1. Website Password is Stolen: The 2FA from Bitwarden protects against unauthorized access. Use unique password for each account and always use 2FA.

2. You Forget Master Password: Access bitwarden from a device with biometric unlock enabled. Check the saved master password.

3. Master Password is Stolen: Without 2FA from authy, attacker will not be able to access your passwords. Keep changing the master password every 6 months.

4. Bitwarden Backup Is Stolen: Without master password the backup file is useless. Keep changing the passwords of sensitive websites every 8 - 10 months.

5. Authy is compromised: Without master password stealing authy will not help. Keep monitoring for the devices that have authy registered.

6. Bitwarden Disappears From Earth: Use Bitwarden backup after decrypting using master password to get access to websites (passwords and TOTP auth tokens/ backup codes)

Biggest Risk

If you have a strong master password which is not reused anywhere, you will be secured against most attacks. However a combination of two or more failures can compromise your safety. But chances of any two above mentioned failures happening simultaneously is pretty slim. Therefore, for most people the above strategy should be all they need.

The biggest risk in my opinion is stealing of the backup file and at the same time your master password. This can be mitigated if you put your backup file in easily accessible but at least moderately secure place like secure folder of samsung's mobile devices etc.

Another risk is that you loose all your devices at the same time, so you are no longer able to install BitWarden again due to 2FA. Authy does have a recovery mechanism in place for this case but it can take several days for it. Hence, if possible keep the encrypted backup at more than 1 physical location.

Other Best Practices

1. Change your master password every 6 months and update the encrypted veracrypt backup whenever you change the master password.

2. Change each website password every 8 - 10 months. Update your backup whenever you do so.

3. Never use master password for any other website and ensure it can not be easily guessed.

4. Monitor strictly that your Authy and Bitwarden is not registered in any unknown/old devices.

5. If possible, store Bitwarden encrypted backup in easily offline accessible (atleast 2) but secure devices which only You have access to.

EDIT - Some Updates After Taking Suggestions From Comments Below

• Changing master password every 6 months seems not necessary. Better way is to make a very secure password and change it only if you feel it is compromised.

• Changing website passwords every 8 - 10 months is a hassle. However, most high risk sites like banks themselves set an expiration time for passwords so it is taken care of implicitly. For other critical sites like your email providers and social media accounts generating a random password and updating it might not be a big deal.

• Saving your master password in the vault is another point of discussion, I don't find any obvious side effects other than the fact that you left your vault open and gave the device to some one else. But in that case it does not matter you have your master password in the vault or not, all your logins are compromised.

• The system is still complicated for non technical users - This is true, I think a better audience for this post is someone who already have technical expertise to setup password manager and 2FAs but want to establish a fixed workflow or improve upon an already established flow.

I don't understand how this works, I'll describe the scenario which bothers me:

You own a compromised device with a password manager installed on it, you create a password manager vault with a master password which the hacker can see via keylogger or maybe even screen recording.

Now you have all your passwords in one place and it's exported into the hackers device.

How does this work then?

I think it would make more sense to me if it required biometrics only to unlock, isn't this creating one password to enable a hacker stealing all your information?

I currently use 1Password which is excellent, it does the job perfectly on my iPhone and my Windows PC. I would like to opt for Bitwarden since it is free, is it a good alternative? I use double authentication on 1Password, is it also effective on bitwarden?

Hi, I made this updated password manager list & comparison table to help people decide which password manager to use. Please feel free to share any suggestions for improvement.

Best Password Managers

Proton Pass

Proton Pass is made by the team behind ProtonMail and ProtonVPN. It is open source, audited, and built around privacy with end-to-end encryption. It has a clean interface and a good free tier, but no option for local storage.

Bitwarden

Bitwarden is open source, audited, and uses end-to-end encryption. It works across all major platforms and offers a solid free plan. The interface is functional but can feel clunky compared to others.

1Password

1Password is closed source but audited and highly polished. It has no free tier, but it is easy to use and integrates well with different devices and browsers. Strong security and a smooth interface are its main selling points.

Comparison Table

Last updated: 4/17/2025.