is bitwarden safe reddit 2025 - Brave Search

Is bitwardern safe?

reddit.com › r › Bitwarden › comments › 178mezj › is_bitwardern_safe

Start here: https://bitwarden.com/blog/beyond-your-browser/ is it safe There is no certainty in life, but Bitwarden is about as good as you will get. If you are thoughtful about how you use it (good master password, strong 2FA;, good opsec, and only operate on trusted devices), you will be in good shape. Can my passwords be compromised Yes and no. The LP gaff was the exposure of their backups to attackers. That can happen with Bitwarden. What is different is that LP has bad encryption. Couple that with choosing a bad master password and you could have a problem. Answer from djasonpenney on reddit.com

reddit.com › r/bitwarden › is bitwardern safe?

r/Bitwarden on Reddit: Is bitwardern safe?

October 15, 2023 -

I am a new user and want to switch from default Google password manager to bitwardern so that i can use my passwords seamless. But am concerned that if it is safe to use and can my passwords be compromised like LastPass wass hacked?

Start here: https://bitwarden.com/blog/beyond-your-browser/ is it safe There is no certainty in life, but Bitwarden is about as good as you will get. If you are thoughtful about how you use it (good master password, strong 2FA;, good opsec, and only operate on trusted devices), you will be in good shape. Can my passwords be compromised Yes and no. The LP gaff was the exposure of their backups to attackers. That can happen with Bitwarden. What is different is that LP has bad encryption. Couple that with choosing a bad master password and you could have a problem.

In my opinion, it's safer than google in the following ways. The bitwarden account is separate from your google account, so if someone compromises your google account it won't expose your password. The vault is safer on Windows. Any process with that runs as the user can read the password. Bitwarden as a security company and is probably more security conscious than Google, who wants to serve you ads. Your vault is probably readable by Google. Bitwarden vaults are not readable by bitwarden. Ways that Bitwarden is better than Last Pass. They seemed to more security conscious than LastPass. Bitwarden encrypt more of their fields. Bitwarden source code is open so that securitys firm can audit the code for security. The code cannot be stolen like they did with Lastpass. Bitwarden uses existing encryption open source algorithm instead of coming up with their own. The reason coming up with your own is bad is because the algorithm is quick complicated and you should stick with one that's being used and audited by everyone else. You can use u2F as a 2FA. Lastpass seems to be using OTP, which is not phishing-resistent.

reddit.com › r/bitwarden › is bitwarden safe?

r/Bitwarden on Reddit: Is bitwarden safe?

3 weeks ago -

Hi guys, I am a recent graduate in computer engineering.

I know Bitwarden is open source, but that doesn’t necessarily mean it is completely safe, because there are several factors to consider:

1-Various attacks and malware techniques could allow an attacker to steal your passwords from the Bitwarden manager

2-The Bitwarden source code could potentially include vulnerabilities or malicious code.

3-Even if the source code is clean, the app you download could be compromised.

So, how can I safely use and trust Bitwarden?

1 - your passwords are encrypted with your master password, even when stored on device, as long as you dont enable automatic unlock 2 - bitwarden gets annual security audits, meaning the code is checked: https://bitwarden.com/help/is-bitwarden-audited/ 3 - if you're really worried about this, build from source

The one you download is not compromised as soon as it is the same as the one publish from repo (hash/signature of published binary). From security whitepaper point of view it is safe and state-of-art. Obviously if your phone is compromised, everything you run on is also. From source code point of view, supply chain attack is complicated as soon as it is open repo and constantly verified by bitwarden. Still it could happen yes, but I think that the probability would be low. Also define your threat model.

reddit.com › r/bitwarden › how safe is bitwarden?

r/Bitwarden on Reddit: How safe is Bitwarden?

January 14, 2024 -

In a future unfortunate event when (or if) the Bitwarden servers suffer a malicious attack at the hands of expert hackers, with resulting breach of user data, what would be the options for the regular users?

I mean this could be serious and so I want to understand the security architecture of BW. How do they plan to avoid such mishaps and what would be their mitigation strategy (in case such event does happen), and how us, the users, would cope with it?

I know it’s not just about BW but for all other web-based services. However BW is the place where the most sensitive data are stored. So the concern.

I may be paranoid but I guess there has to be a back door to escape. What am I missing?

Thanks in advance.

EDIT: Thank you everyone for addressing my concerns. Have a great day.

Read all about it here . The bottom line is that if you make your master password a randomly generated 4-word passphrase , keep your KDF configuration up-to-date with currently recommended default settings (periodically log in to the Web Vault to check for notices about changes to the KDF requirements), and never disclose or re-use your Bitwarden master password, then you don't have to worry about what happens if Bitwarden's cloud servers are ever compromised. This is because all vault data stored on Bitwarden's cloud servers is encrypted, and the encryption is uncrackable if you follow the guidelines I have given above.

To be honest your main concern should be if your Master Password and E-Mail leaks and somehow they manage to bypass the 2FA which is pretty hard if you're careful and don't use your Master Password in anywhere but Bitwarden. The Database and Vault is encrypted with your Master Password so even if they breach and steal vaults from the Bitwarden's servers. The data would be unreadable for the attackers and if they want to brute force it it would take several million years to breach it. In short, use a strong Master Password ideally minimum 5-6 word passphrase with numbers and unique characters with Argon2id (default settings are fine but I use 500mb 8 Parallelism and 6 iterations) it would be uncrackable. Also use at least TOTP 2FA or better just use a YubiKey for 2FA. Hope this answers your question. Have a safe day.

reddit.com › r/privacyguides › bitwarden... is it really %100 safe?

r/PrivacyGuides on Reddit: Bitwarden... Is it really 0 safe?

December 8, 2022 -

Compared to like Keepass, which is offline.

Idk but I feel like the risks are higher with Bitwarden since it's online and there is a risk of my data being compromised by whoever has access to where it's stored. Whereas KeePass is essentially a cold storage and the only way to get access to my data starts at getting the .kdbx file from where I store it, locally.

What am I missing?

EDIT: Asking for when on an Android OS.

No such thing as "%100 safe". But Bitwarden is among the safest options (in my opinion at least). Whereas KeePass is essentially a cold storage and the only way to get access to my data starts at getting the .kdbx file from where I store it, locally. Yes, you can also keep your passwords in encrypted text on a laminated page stored in a bank deposit. That will be a lot safer than storing a KeePass DB file in your computer, as it can be compromised in case a virus is installed on your computer (it can send the database file, and keylog the password to decrypt it). My point is - convenience also matters. There's a point of security where you're already pretty secure, and adding more layers of security give you very little benefit security-wise, but make it a pain in the ass to use. In 2022, where most people usually have more than a single smart device, and a lot of accounts for different services, I feel like KeePass is a lot of a hassle as you have to sync the db file across your devices, and backup the local database file yourself. Bitwarden is open-source and audited, has a good customer service, a transparent business model, and handles backups, syncing, and security for you.

No, it isn't, because as others have pointed out - "100% safe" doesn't exist. Deciding whether or not using something like Bitwarden is appropriate for you is a personal decision that should be informed by your individual threat model and specific use case. compromised by whoever has access to where it's stored What am I missing? You may be missing that it's an open source project that encrypts everything client-side, which you can additionally protect further using a hardware security key so that your vault cannot be unlocked without it - even with your master password. And you can optionally self-host if you decide that you trust your capability to do so securely more than theirs. You can also do this without directly exposing your Bitwarden instance to the internet (access from outside only via a VPN). There are lots of options. In the event that there is some sort of data breach on Bitwarden's server, they still can't get your passwords. Bitwarden server administrators can't get your passwords. It might help to elucidate in more depth what specific attack vectors you have in mind that need to be better mitigated.

reddit.com › r/bitwarden › is bitwarden a good choice?

r/Bitwarden on Reddit: Is Bitwarden a good choice?

July 5, 2024 -

I currently use 1Password which is excellent, it does the job perfectly on my iPhone and my Windows PC. I would like to opt for Bitwarden since it is free, is it a good alternative? I use double authentication on 1Password, is it also effective on bitwarden?

Yes, Bitwarden is a good alternative. I assume by double authentication you mean some form of multi-form authentication to login. Bitwarden supports this as well.

1Password vs Bitwarden : I would ditch 1Password entirely. Bitwarden developers are transparent and proactive. I would also encourage you to subscribe to their premium service at 10$ a year. It’s cheap and you support the devs at the same time. Edit 1 : The UI of Bitwarden seems outdated by today’s standard but it just works and intuitive. You just have the settings you need to manage your stuff. Nothing fancy that could compromise security. The devs are also revamping their Ui entirely as well. While it would not add new features , it would be more pleasant to the eyes like the 1Password UI. I understand UI is important for good experience but Bitwarden is far from being unusable. It’s barebone UI makes it less vulnerable to bugs

reddit.com › r/bitwarden › is bitwarden safe and is it safe to have my master password the same as my master password hint?

r/Bitwarden on Reddit: Is Bitwarden safe and is it safe to have my master password the same as my master password hint?

April 28, 2025 -

I was downloading Bitwarden, but I was wondering if it was safe enough to store all my passwords in and is it safe to have my master password hint the same as my master password?

Hint same as password? Absolutely not, hint is public information and should not include password or any of its parts (it is like hiding you valuable stuff into vault and placing the key on the shelf next to it - would you do so??). Bitwarden will take care of all you passwords, except its own, which you need to memorize. This password becomes very importat now, since it protects all other credentials.

You can create an emergency sheet with your master password and 2FA recovery code, and keep it somewhere safe. Put the location of the sheet in the hint.

reddit.com › r/bitwarden › can you tell me reasons to not use bitwarden ?

r/Bitwarden on Reddit: Can you tell me reasons to NOT use Bitwarden ?

January 14, 2025 -

Well, just answer the question. /s

Let me explain why am I asking this question (a bit of context).

Originally, I followed the route everyone has done when talking about passwords and their management, in a word password-management, that is:

Small Notes > Structured file > Browser PM > dedicated password manager.

From 1st to 3rd step, well, the step is short and you realize that you have to change very quickly.

From 3rd to 4rth step, it usually takes way longer, much more to realize that using a browser manager is not the right chose to do.

That's were PASSWORD MANAGERS come to hand.

When I decided to go for a PM, during my preliminary research, I end up (maybe because it's famous or good-looking) with him Bitwarden.

after I found this name, I analyzed this product to see if it fit my needs...

...the rest is history.

Using Reddit, the algo suggested me a subreddit, called Password Mangers ( r/PasswordManagers).
My impulsive, spontaneous thought was:

"Why the hell is there a subreddit dedicated to discussing about password managers ? I think there is just ONE name, that is Bitwarden".

I've chosen it because:

FOSS (open source).
Free Tier. //N1
cross-platform (desktop, mobile and browsers).
2FA e E2EE.
Cloud based.
Self-hosted. //one of the few.
Free authenticator.
Clean&Slick UI. //N2

N1 Yes there is a paid version for $10/y with some EXTRA features, but you do not need them at all.

N2 Imo it's good-looking, functional, intuitive, quite compact.

So back to original question.

Can you tell me reasons to NOT use Bitwarden ?

If I had to be really nit-picky (as NES, native English speakers say), the only ones I would say are:

- it doesn't recognize A FEW fields (happened with network operator spusu and a local public transportation (when I was on holiday in Sicily)) apps.
(this was easily solved by open opening Bitwarden app in floating windows from sidebar. So no real problem and auto fill works perfect)
- it doesn't switch DOMAIN when login to your account (you can choose between .com (US server) and .eu (EU server)).
(not a big problem since I have to effectively login to my account just one, when I set up the service to work, but doing for several devices it's time-consuming.
What I suggest to developers is to open a little pop-up saying "we detected you are using Bitwarden from EU, would you like to use .eu domain from now on?")

As you can understand, small flows, but GREAT, PERFECT product.

In two words THE PASSWORD MANAGER.

THE PASSWORD MANAGER is three words.

Can you tell me reasons to NOT use Bitwarden I know you're just being facetious for entertainment's sake, but keep in mind that there are plenty of reasons not to use a product regardless of its quality. The biggest one as an example: Bitwarden is a business. It's not a public utility, it's not a freely shared gift. With your patronage you don't just support the product, you automatically support and validate all the decisions that business makes and you support the venture capital behind it. That can be a turn-off for many people.

reddit.com › r/bitwarden › is it safe to store my banking information on bitwarden (free version)?

r/Bitwarden on Reddit: Is it safe to store my banking information on bitwarden (free version)?

November 12, 2022 -

And assuming it is, what's the safest way to go about doing so?

Yes. Make sure 2fa is enabled

You can store your banking info on bitwarden *if* (here's my 2 cents) you use a strong master password; 2. Never EVER reuse a password; add some pepper to your bank password (ie. in addition to the password kept in bitwarden, also have 6 to 8 more chars not held in bitwarden that you have to manually type in - make these easy to type on your phone). The real danger is that an off-line attack that works on your encrypted vault has a lot of time to break your master password and then gain access to ALL of your passwords. BTW I've never understood the notion of using "words" in a password. That's just silly. Instead use a phrase and record the first letter of each word: "now I lay me down to sleep, I pray" ==> "nilmdtsip" - it's easier to remember a favourite phrase rather than some random string of words, and it's easy to salt with numbers and grammar: "my birthday is on May 3rd, 2004" ==> "mbioM3rd,2004". You can just repeat the phrase in your head as you type out the 1st chars. Easy-peasy. NB. Some idiotic sites make using extra pepper chars awkward. Costco, for example makes it impossible. As soon as you click on the bitwarden entry the costco javascript takes it and runs with it then reports an error and clears the password box. Idiots! This pepper idea still woks on most commerce and banking sites. Remember not to include your email password that you anchor your bitwarden account on in your vault!

reddit.com › r/bitwarden › would you bet your life on bitwarden's security?

r/Bitwarden on Reddit: Would you bet your life on Bitwarden's security?

March 30, 2022 -

I am a long time user of both Bitwarden and KeePassXC (I love both). Bitwarden in convenient for auto-fills, but somehow I feel more secure with an offline database which KeePass offers (old school). I have ended up saving my high-stakes passwords with KeePass.

Is my apprehension unfounded?

If you're not paranoid, you're not paying attention. :-) But that having been said, What exactly are you worried about? Nothing is perfect. I gather you're worried about happens if a malefactor gets his hands on a hard disk that has your passwords on it, but why are you worried about that? Of course you should have a long, strong, unique password — the longer the better — but if you do, then it won't matter much whether they get access to Bitwarden's cloud servers or whether a thief or burglar carriers off your laptop. Encrypted is encrypted is encrypted. The Bitwarden servers are a more attractive target I suppose. But they're also surely much better protected than your personal computers, even if you take them to bed with you at night. Everything is a compromise, and in the world of digital security you're always compromising between security and convenience. The more secure we make things, the less convenient they become, and at some point that inconvenience itself becomes a sort of security risk, because it causes us to start taking shortcuts. Bitwarden's solid. So's 1Password, NordPass and many others. I don't know KeePass but it's probably solid, too. Pick the one you like and then use it with appropriate carefulness.

If you are happy with what you are doing, you should keep doing it. Everyone has a different threat profile and everyone has different risk tolerances. So where you should be on the security-convenience spectrum is a personal decision that only you can make. Usually it’s less about trust and more about compartmentalization, just in case.

Find elsewhere

Google Bing Mojeek

reddit.com › r/bitwarden › what prevents bitwarden from being breached like lastpass?

r/Bitwarden on Reddit: What prevents BitWarden from being breached like LastPass?

March 3, 2023 -

Hey, all! Long-time LastPass user. I've been digging through various threads, but I haven't been able to find a good outline for this, so perhaps someone can point me in the right direction. From everything I've gathered, BitWarden's security is top-notch, esp if you use the recommended, but optional, Argon2 encryption. Notably, at least some things that LastPass did (like number of iterations), were not better on BW side (https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/). It seems like Argon2 bypasses the whole issue altogether.

What I'd like to find out though is how BitWarden's organizational structure and security practices prevent exfiltration of data like LastPass has suffered. Does BW store unencrypted 2FA seeds like LP did, which could be exfiltrated together with their associated vaults? What are their data structure and practices like, and what's encrypted / not encrypted? I see lots of mentions how BW and 1Pass are much better on security, but I have not seen a clear point-by-point break-down of company fundamentals around security and internal workings. I've not seen these contrasted against LP either. "We've never been hacked" isn't a compelling argument, as that could be a combo of luck, or user-base size, or it might be truly due to their superior practices, but it's hard to point out exactly.

They undergo regular audits. This was posted recently and may answer some of your questions: https://www.reddit.com/r/Bitwarden/comments/11ekbbl/bitwarden_upholds_high_security_standards_with/

At one level, the answer is, "nothing". There are multiple ways that your encrypted vault can be stolen. For instance, someone can steal your laptop, mount your hard disk on their hardware, and boom: they have your encrypted vault. A server breach is not necessary. At another level, Bitwarden and LP are very different. The encryption implementation in the LP super duper secret private source code is crap. The more we find out, the worse it is. Bitwarden may have deficiencies, but they get addressed (yay, open source and audits). Look, your master password remains the linchpin of your security. Assuming the encryption itself is sound, UNLIKE LastPass, you do not need to rely on the opsec on the server. Spend your efforts cleaning up the opsec on your own devices: good password hygiene, don't let your devices get stolen, virus scanning, etc.

reddit.com › r/bitwarden › is it safe to use bitwarden on a public computer with extra caution?

r/Bitwarden on Reddit: Is It Safe to Use Bitwarden on a Public Computer with Extra Caution?

March 11, 2025 -

Hello! I’m a new user of Bitwarden and have a couple of questions about security.

Is it safe to log into Bitwarden from a public computer's web browser (not as a plugin, but through the official website in incognito mode)? For extra caution, I plan to log in using my mobile device instead of typing my master password. I also have 2-factor authentication enabled.

You should just pull up your phone and read it off your phone app and type your password that way.

The simplest malware is a key logger. Using mobile device to prevent entering master password can protect against this. If someone got your master password, 2-factor authentication would prevent them from logging into the Bitwarden website or app, which is good, but mostly irrelevant to this situation. However, the biggest problem: If there is more advanced malware, it can save your entire UNENCRYPTED vault as soon as you open it in any browser, extension, normal tab, incognito tab, doesn't matter. The best way to log into a public computer is to have a physical USB device that can act as a passkey to log into that service. Unlocking the vault on that device is not recommended. All that being said. Most likely the library runs regular malware scans and tries to make sure that other users don't install bad programs, so you should be fine... but if we're talking about the worst case scenario... it's pretty bad.

reddit.com › r/bitwarden › why do you trust bitwarden?

r/Bitwarden on Reddit: Why do you trust Bitwarden?

November 4, 2022 - 23 votes, 49 comments. 97K subscribers in the Bitwarden community. Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive information. With a trusted, open source approach to password management, secrets ...

reddit.com › r/bitwarden › bitwarden is very secure against hackers, but i have my concerns

r/Bitwarden on Reddit: Bitwarden is very secure against hackers, but I have my concerns

September 13, 2020 -

Won't there just be a time this service shuts down? What if it happens suddenly? What if something happens to the servers (well atleast I hope there's backups)

Also I get the part where all ur passwords are encrypted by your master password, but how is the master password ITSELF kept secure and encrypted?

You might read Bitwarden's Encryption article and come back with focused and studied questions. Also generally, you should satisfy yourself about important matters by reviewing BW's documentation, vs getting it second hand here. Hopefully, we'll see you here as a Bitwarden Project supporter!

ALWAYS keep your own current offline backup. Even if you trust Bitwarden 99.9% you don't want to risk being locked out of all your accounts.

reddit.com › r/bitwarden › is bitwarden more secure than 1password?

r/Bitwarden on Reddit: Is Bitwarden more secure than 1Password?

August 1, 2024 -

I’m thinking of switching password managers when my Dashlane subscription expires. I’m debating whether to go with Bitwarden or 1Password.

Thanks!

probably not much difference in terms of security but bw is only ten bucks a year

You're going to get biased answers in this sub. We're all here because we like Bitwarden. Best thing I can tell you is to do your research on both products and make an informed decision based on that.

reddit.com › r/bitwarden › how safe is the extension?

r/Bitwarden on Reddit: How safe is the extension?

December 24, 2023 -

I have been using bitwarden app on Windows, and I mostly store(write) password in Note. I was thinking about adding extension into browser but I have doubts.

So generally speaking, how safe can an extension be? What if browser get infected and data breached by extension? In infected browser, can someone read data from extension? Also how safe are the cookies?

I don't view that the bitwarden chrome extension poses any hazard. In fact the bitwarden chrome extension offers phishing protection if you use it the right way (I fill from the extension using cht-shift-L, and that only works if I'm on the right sight matching what I saved into bitwarden) OTHER chrome extensions installed can pose a hazard if they are malicious (malicious extensions can read anything on any site including passwords filled from the bitwarden extension or any other means. So vet your extensions, review their permissions, and don't install more extensions than you need (or segregate your browsing into different browsers or browser profiles so that fewer extensions are in the browser/profile where you do important logins using bitwarden) Tavis Ormandy offered a critique of password manager extensions here . But he works for google and would prefer you to leave your passwords in the chrome browser itself (I believe most security professionals would disagree with his position on that)

If your computer is infected, no password manager app running on your computer is safe. With that caveat, using the browser extension is safer than not using it, as long as you don't override any of the security safeguards (e.g., by enabling auto-fill on page load, by setting a vault timeout of "Never", or by setting a PIN or biometrics but preventing the extension from locking with the master password when the browser restarts).

reddit.com › r › Bitwarden

Bitwarden | Password Manager - Secrets Manager - Passwordless.dev - Authenticator

January 18, 2017 - r/Bitwarden: Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive information. With a trusted, open source approach to password management, secrets management, and passwordless and passkey innovations, Bitwarden makes it easy for users to extend robust security practices to all of their online experiences.

reddit.com › r/bitwarden › is bitwarden really safe?

r/Bitwarden on Reddit: Is Bitwarden really safe?

February 16, 2021 -

How can we be really sure of Bitwarden's security since it is open source unlike LastPass?

Can someone really smart just figure out a way to reverse-engineer something in the source and get access to a lot of people's passwords?

I'm a CS student but haven't dealt with a lot of crypto stuff but I would love to learn more about this.

since it is open source That's exactly how you can be sure of it. You are free to review the code yourself for any vulnerabilities whereas with LastPass you just had to trust them that none were there. More eyes on the code mean more people to find (and report) and vulnerabilities that may be present.

Reverse that question. How can you be sure Lastpass is doing what it claims to be? All you have are their word. At least with BW, you have their code.

reddit.com › r/bitwarden › how insecure is bitwarden?

How insecure is Bitwarden? : r/Bitwarden

January 29, 2022 - Use a VPN for example. Then we can start looking at risks. Bugs in your implementation of Bitwarden (or vaultwarden); then again that would be the same risk as the Bitwarden servers. Keeping up to date on releases/fixes. Denial of service attacks. Safe backups.

reddit.com › r/bitwarden › do you actually put in all your passwords ?

r/Bitwarden on Reddit: Do you actually put in ALL your passwords ?

June 8, 2023 -

Newbie here, have been in the background just seeing posts here and there. Not really replying but I think I am ready to start using bitwarden BUT I’m not sure if I trust it enough to input my information for financial stuff, 401k login, bank etc.

Is anyone using this for that? I get if you don’t want to answer (I get it OPSEC)..but also when do you know if and when to trust it?

Other programs which have had breaches just makes me so hesitant

Yep, I put everything in it. The entire point of encryption and the zero-knowledge architecture is that a bad actor can get everything Bitwarden has and they are not going to be able to get my passwords. Just make sure you use a strong master password. Switch to Argon2ID (which is really just icing on the cake if you created a strong master password). Use 2FA (which only helps if someone is trying to log in as you) and you'll be fine.

Bitwarden is completely open source, so you can inspect what they're running on their servers (and even run it on your own like I do). One thing that makes Bitwarden stand out from others like LastPass (that was breached) is that everything in your vault is encrypted using a key that's partially dependent on your master password, which Bitwarden has no knowledge of. That encryption happens on your device before transit as well.

reddit.com › r/bitwarden › just how safe is bitwarden?!

r/Bitwarden on Reddit: Just how safe IS Bitwarden?!

June 23, 2019 -

I'm new to using it and want to know if I should feel safe adding online banking password s and other information?

On a scale of unsafe to safe, it's about 14 blue.

You have literally put more effort deleting and reposting this without the last line than it would have taken to search this Reddit.