There's compatible Bitwarden server written in Rust called bitwarden_rs[0] for those who don't want to run the official Docker image with the requirement of Microsoft SQL Server and the demand for 2GiB of RAM.
I just set up my own Bitwarden server the other day using bitwarden_rs, a third-party implementation written in Rust.
It basically gives you all of the premium features for free, as opposed to the official server which requires a license.
I really wanted to run the official server, but they offered no option of a lifetime license (only a yearly license). For what it's worth, I would have been willing to pay a lot more for a license that never expired.
The whole reason I'm hosting the server myself in the first place is because I want _full_ control, so a subscription based license doesn't really fit well there.
Given that the project is licensed under the GPL, the license is effectively a donation anyway, so I hope they consider offering a lifetime license for those who want to self-host.
We've been using Bitwarden at work, the Teams plant, paying $15 per month, or $180 per year for 10 users. The only reason for why I picked it is its open source nature, otherwise I would have gone for 1Password Teams.
The pricing is odd. For example you can't self host it yourself without paying for a license. The code is AFAIK open source, so you could maintain your own fork with the required code branches removed, if you wanted to. I do hope the author doesn't pull a bait and switch, after enough users go down this route. Don't get me wrong, I'm actually not looking into hosting it myself, I'm glad to pay for a hosted service, but with open source I want that possibility to be there and I don't want licensing per user for self-hosting either.
And currently I like what the author has been doing. Adding some code in there that makes it require a license, but that you can remove, is totally fine. But I'm seeing more and more open source apps turning proprietary nowadays and I don't look kindly to such bait and switches, because I end up using those apps because they are open source. Like it is the case for Bitwarden, otherwise there are often better proprietary options available.
From a usability standpoint, Bitwarden is unfortunately inferior to 1Password in every way. But it works fine for our purposes, for now. And Bitwarden is better than LastPass in case you're wondering, even if it has some missing features.
The official servers are slow. I just had multiple login failures. I'm assuming that it's experiencing issues due to being featured on HN right now, but this isn't the first time that it's happening.
But as long as it is _open source_ and as long as it does a reasonable job, then I'll keep supporting it. Because I'd rather pay for open source solutions.
I've switched from KeePassXC, stored on my Google Drive with an offline key file, to BitWarden last month. I previously was a customer of LastPass and switched to KeePassXC after being tired of LastPass' UI mess.
Anyways, BitWarden works absolutely flawlessly. There are a few things here and there that I'd wish it had, like the ability to create templates for custom categories, but apart from that, it does an amazing job. The websites autocomplete works really well, and I was pleased to see that I can unlock my vault on my phone with my fingerprint reader.
Migrating data from KeePassXC to BitWarden went smoothly. I took a moment to clean my database and reorganize a few stuff. The database takes a bit of time to load, but nothing that's a real bother.
The only thing I don't store in BitWarden is the 2FA TOTP I use (mainly Google Authenticator) as I feel it breaks the entire concept for 2FA. I've seen people on HN do it, but to me it just feels wrong.
I currently use KeePassXC and think it's great. What made you switch? BitWarden seems interesting but it's not completely free and you'll need their servers (or you can set one up yourself). Granted I also use Google Drive to sync my KeePass db so I'm also using someone else's servers but
I've been considering changing that to syncthing to cut out the server.
I reviewed Bitwarden for use in my company a few months ago. I discovered that there was no way for an admin to allow the recovery of an account (i.e. allowing a master password reset). This is a non-starter in my organization since some small percentage of the users will forget their master password.
Has anyone else been successfully using Bitwarden in a team setting? If so, how do you work around the limitation I mentioned and other such things?
I'd still much rather stick with https://www.passwordstore.org/. It's encrypted with your keys (which I didn't see on Bitwarden's site) and has plugins for Chrome/Firefox (you can setup keyboard shortcuts to fill in your info automatically as well) and works with Git.
Although it is a bit of a hassle to setup on mobile devices (I use Pass for iOS), the security and functionality it provides is worth it.
I would argue that pass isn't that secure other than when your computer is off.
Namely that it requires copy and pasting. Any program on your computer can read your clipboard.
And for a normal user who are more vulnerable to phishing, there isn't automatic domain checking. It would be their normal work flow to copy a password into a malicious site.
I’m a little put off by the login and service. It’s just one more thing that can be shut down. Especially since iOS and android allow syncing on remote services such as dropbox and iCloud (how it works in 1Password ver 6 and below). There’s really no necessary need for a centralize service.
Create the encrypted vault in your preferred cloud storage service and locally and sync across all devices.
Given the requirements of self hosting, ill just stick with keepass. The desktop and mobile clients are great and I can host them on my nextcloud and grab them over WebDAV.
I'm using Bitwarden and 1Password at the same time (private and company use).
1Password pros:
* very polished UI, pleasure to use
* good UX in general
1Password cons:
* I have constant issues with it loosing connection with browser. Extension just randomly stops working for few days. Tried to fix it multiple times, never succeeded
* Price (too expensive for my private use)
Bitwarden pros:
* Free
* Very simple app, easy to use
* More reliable than 1Password for me
* Fills login pages quicker than 1Password
* Feels quicker and more snappy than 1Password
Bitwarden cons:
* Lacks 1Password polish, generally UX and UI needs some work
* Can't login using fingerprint on Mac
* Crashes on my iPad when trying to save new credentials (need to report it as a bug, but I didn't go around to it yet)
* Slow on Android
All in all, I'm very satisfied with Bitwarden and use it daily.
I have the same situation, Bitwarden for personal use and 1pass at my job.
1pass does a few things better (2FA, background agent so I don't have to log into the browser and desktop app separately, general level of polish), but apart from that they're largely interchangeable for me.
Very interesting. Has anyone been using it as a daily driver and could comment of safety, reliability and browser integration? How well do they behave compared to e.g. 1Password?
I’m a very happy user (Firefox and iOS). Switched from LastPass about a year ago (found it on hacker news back then) and never looked back. I can’t compare it to 1Password, since I never used it.
I switched from 1Password to bitwarden. I feel like the browser plugin is a better experience for me. At work I set it to require 2factor to authenticate to use and at home only require my password. On my iPhone it uses faceid or thumb depending on phone model.
Switched to it after the most recent data problems with LastPass. It’s pretty good for me overall. The app and browser plugins are very similar but you do drop the icon on the right of text fields you can click to auto fill (There is an auto fill option but it’s in beta and slightly buggy). Overall though, I’m happy with it especially since it’s open sourced.
I use it daily on Linux, Android, and OS X (Firefox on both desktop platforms). It works great for me. My wife and I share an "organization" that holds credentials we both need (banking, etc).
Browser integration is great. There a a few sites in which it can't autocomplete, and I wish I had the ability to "program" it like you can do on KeePassXC. In KeePassXC, you can specify a chain of commands in a string, with hardcoded elements, like "{USERNAME}{TAB}1979-05-22{TAB}{PASSWORD}", and it's really good. The Android app work really well too.
Apart from that, it's been audited, and praised on HN multiple times.
Love it. By far the best fully cross-platform experience (including Linux) of any alternative, with great independent self-hosted server implementations.
They've done an external audit, and I've studied the architecture, but other than that I can't speak for it's safety. But it seems legit in all ways I can imagine.
As for reliability and browser integration it's much better than anything I've tested prior. Works great on all platforms I use.
I use on Mac (Firefox & Safari) and iPhone, wife uses on Mac (chrome) and Android. Neither has had any issues in the past year and a half outside of mild confusion about the new Safari extension after Apple removed support for the old extension format.
I'm a moderately happy user, no issues here. I switched from KeePass because the latter didn't have good browser integration, but if that got better since I last saw it, I wouldn't switch now.
Bitwarden has changed my life: it's the first password manager I can get my family to use. The commercial ones all had ads or upsells that interfered with the experience, while Bitwarden just worked. Props to this creation.
I find it ironic that they claim "[s]ource code transparency is an absolute requirement for software solutions like Bitwarden" on their website yet they require SQL Server 2017, a completely proprietary RDMBS.
All of the software written by "Bitwarden" is open source. The fact that it uses some pre-existing propriety software doesn't change that. If it did, then that logic could really be extended to any piece of software written for Windows.
For people who don't want to go through the trouble of self-hosting and also don't want to pay for a subscription I have had pretty good luck with Enpass.
* It stores an encrypted file on a cloud storage platform of your choice (gdrive/dropbox etc) and syncs across devices.
* No subscription fees
I found the pricing to be a bit confusing. I'm self-hosting it now and been happy with it, but when installing for the first time I couldn't find how to share some of the passwords with another user. Well it turned out that in self-hosted instance you don't have that possibility to share to another user without a paid license. Ok, fine by me so I bought the one year premium for the self-hosted instance as from one of the tables in their website it said that would be needed. So now I had the one year premium with all the nice features but still I couldn't share passwords. Importing the license key to create an organization (for sharing) failed every time. I contacted their support and found out I had just misunderstood the pricing. To create an organization you need an organization license, which was another roughly ten euros a year. After bying that I had it working as I wanted. Their support also gave the possibility to get money back from the unneeded personal premium license as it wasn't needed for my usecase, but I kept it as I found the price to be quite ok.
So that might have sounded like a rant, but my only issue was that I didn't understand the pricing for self-hosted. My one year is up soon and I will be renewing my license as we've (as in me and my wife) been happy with Bitwarden.
Its good for personal use, but enterprise features are weak/missing and the layout isnt very enterprise ready. I tried their "Organizations" feature out to see if I could deploy it at work instead of teampass, and it wasn't comparable. They are still fixing and developing, so it might be enterprise ready someday. It really is a nice with all the addons.
I use the bitwardern docker version for people to use, I have it installed, but for my own use, sticking with keepass.
I have been using Bitwarden because its free for about 1.5 years. The UX experience is so bad on both mobile and extensions. If the extensions closes, like when you copy the password and paste it into the box, it looses its location, so you have to re-find the account, click on it, and then copy the username. You get what you pay for.
I tried it back in May this year - I was looking for alternatives having just moved f/t onto Linux given 1Password doesn't have a proper Linux app. Though Bitwarden seemed fundamentally sound, I was pretty unimpressed by the client. It wasn't then in 1Password's class. I don't remember which part of my informal Electron app screening it failed on (ctrl-a perhaps), but I do remember I couldn't live with it then. I can live with poor affordances for occasional apps, but not for something used as frequently in a typical day as a password manager.
The Bitwarden apps (native and web) aren’t as polished but they function well. I would recommend Bitwarden to anyone except the most handholding-needing of users.
I used (paid for across Windows/macOS/iOS) 1Password for years but switched to Bitwarden because AgileBits kept openly making progressively more hostile moves against customers like me, and weren’t remotely apologetic about it. I would strongly advise anyone considering use of their products against it. Capturing and controlling use is more important to them now than serving users.
I changed from LastPass to Bitwarden. Have been quite satisfied with it so far. The save suggestion was annoying sometimes but overall everything works pretty fine.
Would recommend it to everyone in need of a password manager now.
Is it possible to migrate (export then import) data from bitwarden? I'd like to sign up for a free account, and I'm wondering if I'd be able to move my data to a private (bitwarden_rs) instance later.
[+] [-] m_sahaf|6 years ago|reply
[0] https://github.com/dani-garcia/bitwarden_rs
[+] [-] dang|6 years ago|reply
2019 https://news.ycombinator.com/item?id=18433144
2018 https://news.ycombinator.com/item?id=17503917
2017 https://news.ycombinator.com/item?id=15733540
https://news.ycombinator.com/item?id=14865932
https://news.ycombinator.com/item?id=14264117
2016 https://news.ycombinator.com/item?id=12676979
[+] [-] Unklejoe|6 years ago|reply
It basically gives you all of the premium features for free, as opposed to the official server which requires a license.
I really wanted to run the official server, but they offered no option of a lifetime license (only a yearly license). For what it's worth, I would have been willing to pay a lot more for a license that never expired.
The whole reason I'm hosting the server myself in the first place is because I want _full_ control, so a subscription based license doesn't really fit well there.
Given that the project is licensed under the GPL, the license is effectively a donation anyway, so I hope they consider offering a lifetime license for those who want to self-host.
[+] [-] bad_user|6 years ago|reply
The pricing is odd. For example you can't self host it yourself without paying for a license. The code is AFAIK open source, so you could maintain your own fork with the required code branches removed, if you wanted to. I do hope the author doesn't pull a bait and switch, after enough users go down this route. Don't get me wrong, I'm actually not looking into hosting it myself, I'm glad to pay for a hosted service, but with open source I want that possibility to be there and I don't want licensing per user for self-hosting either.
And currently I like what the author has been doing. Adding some code in there that makes it require a license, but that you can remove, is totally fine. But I'm seeing more and more open source apps turning proprietary nowadays and I don't look kindly to such bait and switches, because I end up using those apps because they are open source. Like it is the case for Bitwarden, otherwise there are often better proprietary options available.
From a usability standpoint, Bitwarden is unfortunately inferior to 1Password in every way. But it works fine for our purposes, for now. And Bitwarden is better than LastPass in case you're wondering, even if it has some missing features.
The official servers are slow. I just had multiple login failures. I'm assuming that it's experiencing issues due to being featured on HN right now, but this isn't the first time that it's happening.
But as long as it is _open source_ and as long as it does a reasonable job, then I'll keep supporting it. Because I'd rather pay for open source solutions.
[+] [-] thatsnotmepls|6 years ago|reply
What happens to the SaaS offering if he gets run over by a car?
[1] https://github.com/bitwarden/server/graphs/contributors
[+] [-] fbnlsr|6 years ago|reply
Anyways, BitWarden works absolutely flawlessly. There are a few things here and there that I'd wish it had, like the ability to create templates for custom categories, but apart from that, it does an amazing job. The websites autocomplete works really well, and I was pleased to see that I can unlock my vault on my phone with my fingerprint reader.
Migrating data from KeePassXC to BitWarden went smoothly. I took a moment to clean my database and reorganize a few stuff. The database takes a bit of time to load, but nothing that's a real bother.
The only thing I don't store in BitWarden is the 2FA TOTP I use (mainly Google Authenticator) as I feel it breaks the entire concept for 2FA. I've seen people on HN do it, but to me it just feels wrong.
[+] [-] flanbiscuit|6 years ago|reply
[+] [-] justin_oaks|6 years ago|reply
Has anyone else been successfully using Bitwarden in a team setting? If so, how do you work around the limitation I mentioned and other such things?
[+] [-] sdan|6 years ago|reply
Although it is a bit of a hassle to setup on mobile devices (I use Pass for iOS), the security and functionality it provides is worth it.
[+] [-] georgyo|6 years ago|reply
Namely that it requires copy and pasting. Any program on your computer can read your clipboard.
And for a normal user who are more vulnerable to phishing, there isn't automatic domain checking. It would be their normal work flow to copy a password into a malicious site.
[+] [-] ngrilly|6 years ago|reply
Same with Bitwarden: https://help.bitwarden.com/article/can-bitwarden-see-my-pass...
[+] [-] pedrogpimenta|6 years ago|reply
[+] [-] edoceo|6 years ago|reply
[+] [-] dev_dull|6 years ago|reply
Create the encrypted vault in your preferred cloud storage service and locally and sync across all devices.
[+] [-] alistproducer2|6 years ago|reply
[+] [-] StavrosK|6 years ago|reply
[+] [-] christilut|6 years ago|reply
[+] [-] pkalinowski|6 years ago|reply
1Password pros:
* very polished UI, pleasure to use
* good UX in general
1Password cons:
* I have constant issues with it loosing connection with browser. Extension just randomly stops working for few days. Tried to fix it multiple times, never succeeded
* Price (too expensive for my private use)
Bitwarden pros:
* Free
* Very simple app, easy to use
* More reliable than 1Password for me
* Fills login pages quicker than 1Password
* Feels quicker and more snappy than 1Password
Bitwarden cons:
* Lacks 1Password polish, generally UX and UI needs some work
* Can't login using fingerprint on Mac
* Crashes on my iPad when trying to save new credentials (need to report it as a bug, but I didn't go around to it yet)
* Slow on Android
All in all, I'm very satisfied with Bitwarden and use it daily.
[+] [-] davefp|6 years ago|reply
1pass does a few things better (2FA, background agent so I don't have to log into the browser and desktop app separately, general level of polish), but apart from that they're largely interchangeable for me.
[+] [-] dangom|6 years ago|reply
[+] [-] dragosiulian|6 years ago|reply
[+] [-] philliphaydon|6 years ago|reply
[+] [-] slimginz|6 years ago|reply
[+] [-] JshWright|6 years ago|reply
[+] [-] RexM|6 years ago|reply
I have the Firefox extension and use the iOS app, also. Chrome extension works well, too when I need it, but I don’t use Chrome often.
You can self-host it since it’s open source if you’re worried about their servers shutting down for whatever reason.
[+] [-] koevet|6 years ago|reply
PROS:
- no issues whatsoever. The rust implementation is rock solid.
- I have clients for Android, Linux, OSX, Windows and browser plugin for every browser I use. Again, a friction-less experience.
- I was able to import my 1Password vault into Bitwarden without issues
CONS:
- Android client is quite slow compared to 1Password
- The Firefox plugin on OSX tends to freeze Firefox. Not so much an issue for me anymore, since I moved to Linux
- The bitwarden_rs server does not support multiple users
[+] [-] fbnlsr|6 years ago|reply
Apart from that, it's been audited, and praised on HN multiple times.
[+] [-] shazow|6 years ago|reply
[+] [-] shafyy|6 years ago|reply
I would say they are similar, but I always had problems with 1Password's syncing across clients. Not sure if they resolved that in the meantime.
What I like also about Bitwarden is that it's open-source, and in general the UI feels more light-weight and performant.
[+] [-] croon|6 years ago|reply
They've done an external audit, and I've studied the architecture, but other than that I can't speak for it's safety. But it seems legit in all ways I can imagine.
As for reliability and browser integration it's much better than anything I've tested prior. Works great on all platforms I use.
[+] [-] kerpele|6 years ago|reply
[+] [-] StavrosK|6 years ago|reply
I do like BitWarden's TOTP support, though.
[+] [-] jammygit|6 years ago|reply
[+] [-] ohadron|6 years ago|reply
[+] [-] mwexler|6 years ago|reply
[+] [-] theta_d|6 years ago|reply
[+] [-] Unklejoe|6 years ago|reply
All of the software written by "Bitwarden" is open source. The fact that it uses some pre-existing propriety software doesn't change that. If it did, then that logic could really be extended to any piece of software written for Windows.
[+] [-] Tepix|6 years ago|reply
[+] [-] firepoet|6 years ago|reply
[+] [-] theferalrobot|6 years ago|reply
* It stores an encrypted file on a cloud storage platform of your choice (gdrive/dropbox etc) and syncs across devices. * No subscription fees
[+] [-] strathos|6 years ago|reply
So that might have sounded like a rant, but my only issue was that I didn't understand the pricing for self-hosted. My one year is up soon and I will be renewing my license as we've (as in me and my wife) been happy with Bitwarden.
[+] [-] IronWolve|6 years ago|reply
I use the bitwardern docker version for people to use, I have it installed, but for my own use, sticking with keepass.
[+] [-] jf|6 years ago|reply
[+] [-] itake|6 years ago|reply
[+] [-] crispinb|6 years ago|reply
[+] [-] yakz|6 years ago|reply
I used (paid for across Windows/macOS/iOS) 1Password for years but switched to Bitwarden because AgileBits kept openly making progressively more hostile moves against customers like me, and weren’t remotely apologetic about it. I would strongly advise anyone considering use of their products against it. Capturing and controlling use is more important to them now than serving users.
[+] [-] dev_dull|6 years ago|reply
Definitely consider it over the $5/month subscription to 1Password or if you need shared vaults.
[+] [-] shelune|6 years ago|reply
Would recommend it to everyone in need of a password manager now.
[+] [-] brunoqc|6 years ago|reply
[+] [-] RHSeeger|6 years ago|reply