Repo Review: Bitwarden

by CgBoy

The desktop client for Bitwarden was recently added to the repository, so I thought I'd write an article about it. Bitwarden is an open source, online cloud-based password management service. There are native clients for Linux, Windows, macOS, Android and iOS, as well as plugins for a variety of popular web browsers. There is also a completely web-based vault. However, for this review I'll be focusing on the Linux desktop client.

As I mentioned, it is entirely cloud-based, so the password database is stored on cloud servers. The password entries are encrypted before they're even sent from your computer to the cloud servers. Bitwarden uses AES 256 bit encryption and PBKDF2 for encrypting the data.

Although Bitwarden is open source, there's an optional $10.00 per year Premium membership. This offers 1GB of encrypted file storage ($4.00 per extra GB a year), more options for two-step login, and priority customer support. But for this review I just used a free account, so I can't comment on those extra features.

The interface has a very modern and clean look to it. On the left side of the program is where you can choose to display all the entries, favorite entries, certain types of entries, or entries stored in specific folders. The password entries themselves are listed in the middle of the program, with a search box. On the right side is where you view and edit the contents of the currently selected entry.

You can use Bitwarden to store normal login usernames and passwords (which is what most people will use it for), credit card information, identity information, and secure notes. Adding a new entry is really quick and easy.

All types of entries can be assigned to folders, and can have notes and custom fields attached.

Bitwarden also comes with a handy random password generator. You can set how long the generated password will be, and what types of characters to include. When you've chosen a password, Bitwarden can check it against a known passwords database to see if it's been exposed before.

Bitwarden supports two-step login using an authenticator app, YubiKey (premium account only), Duo Security (premium account only), FIDO U2F (premium account only), or through email. Two-step login has to be set up from the web vault. And make sure not to lose your recovery code just in case!

If you've been using a different password manager and now switched to Bitwarden, you can import password databases from a variety of popular password managers such as LastPass, KeePass 2, KeePassX, 1Password, and many more. However, password databases can't be imported from the desktop client, you have to use the web vault.

If you don't like the idea of your passwords being stored in the cloud, you can actually host your own Bitwarden server. I did not have the time to try out this feature, but there's plenty of documentation available on their website.

Another feature I didn't have time to try out was Organizations. According to the Bitwarden website “A Bitwarden organization is an entity that relates users together that want to share logins. An organization could be a family, team, company, or any other type of group that desires to share logins in Bitwarden.”, but like I said, I didn't have time to try it out.

Summary

Compared to other password managers I've tried, I found Bitwarden fast and easy to use. I have to say that I'm not really a huge fan of Bitwarden being cloud-based, but I'm sure it makes it much easier to sync with multiple devices. While I myself don't actually use any password managers outside of the one built into my web browser, I would recommend Bitwarden to anyone looking for a good free, cross-platform password manager.