ZDNET’s key takeaways
- Bitwarden offers unlimited secure password management for free, with additional premium features available for $10 per year for individuals or $40 per year for families with up to six users.
- Bitwarden features a simple user interface that is consistent and compatible across multiple platforms, and its premium plan is more affordable than other paid password managers.
- Some Bitwarden features, like password generation for new logins, are less intuitive than those on other platforms.
When selecting a password manager, you’ll probably want to weigh the features you need against how much it’ll cost to keep your data secure and have access to it when you need to log into a website or app. Bitwarden already tops our list of the best free password managers, and its paid plans offer premium features at a more affordable price than similar services.
Bitwarden has three account tiers, including an entirely free subscription that does everything you need a password manager to do: create, store, and sync an unlimited number of passwords accessible on an unlimited number of devices, secure sharing and text sending, and some basic security monitoring. A premium account (which costs $10 per year) comes with extras like emergency access, vault health reports, and priority support, and a family account ($40 per year) extends these features to up to six users.
Bitwarden is also compatible with more devices and operating systems than most. In addition to the web vault, there are browser extensions for Chrome, Safari, Edge, Firefox, Brave, Opera, Vivaldi, Tor, and DuckDuckGo (on MacOS) as well as desktop apps for MacOS, Windows, and Linux and mobile apps for iOS, WatchOS, Android, and F-Droid. There’s also a command line interface.
Also: The best free password managers: Expert tested
Installation and setup process
To set up a Bitwarden account, you’ll need to enter your email address and choose a 12-character (minimum) master password — this can’t be recovered if you forget, so make sure you save it somewhere. Bitwarden also allows you to create a master password hint and check if your chosen password has been revealed in a known data breach.
The first thing to familiarize yourself with is the web vault, which is the most fully featured version of Bitwarden available. You can add individual logins, credit cards, identities, and notes or import data from other password managers or your browser keychain in a variety of file formats (such as .csv, .xml, and .json). The web vault is also where you’ll manage security settings like enabling two-factor authentication (2FA) for your vault, changing your master password, and logging in with passkey.
After orienting to the web vault, add the Bitwarden extension to your browser, which will enable you to autofill logins and forms, and download the mobile and desktop apps to your devices. Note that to use the Safari and DuckDuckGo extensions, you must also have the MacOS app on your device.
While you can probably get by without the desktop app otherwise, it does allow you to be logged in and switch between up to five accounts at a time (where the web app is limited to one). The browser extensions — Safari excepted — and mobile apps offer this same feature, which is helpful if you use Bitwarden for both personal and professional purposes or are also a member of a shared family or team account.
Bitwarden basics
Bitwarden saves and autofills credentials in web browsers and apps, suggesting logins already stored in your vault or allowing you to create a new record. Bitwarden’s credential types are limited to logins, credit cards, and identities, and you cannot create a custom item like a passport or medical record unless you store the information in a note (which cannot autofill). Vaults are easy to access with biometrics: Face ID and Touch ID on iOS and MacOS, fingerprint and face unlock on Android, Windows Hello on PC, and system authentication on Linux.
There are a few Bitwarden features that can feel clunky. My vault didn’t connect immediately between desktop and browser when I entered a new credential — I had to manually sync before my login showed up. And where other platforms will auto-suggest and save newly generated passwords in form fields, Bitwarden’s password generator requires you to go back and forth between the extension or app and the login page to copy and paste.
Bitwarden uses strong AES-256 encryption and is open source, so its code is available for anyone to review for security issues. The platform is zero-knowledge and your vault can be opened only with your master password, so unless you have emergency access set up with a trusted contact, you won’t be able to recover your data if you lose your login. Bitwarden supports several multi-factor authentication options for securing your vault, including email, authentication apps, or FIDO2 WebAuthn credentials — paid subscribers can also use YubiKey and Duo Security.
For premium users, Bitwarden offers vault health reports, which show passwords that are weak or have been reused or exposed in breach, saved logins for unsecure websites, and missing two-step logins. These reports are only visible in the web app, and those on the free tier can only see usernames that have appeared in data breaches.
Unique features (and how well they work)
Bitwarden Send allows users to securely share data (and files, for those on premium tiers), even if the recipient doesn’t have a Bitwarden account, via text, email, AirDrop, or other method of messaging. Send is available in all apps and extensions, and you can set up expiration and deletion dates, access counts, and passwords to keep your data from being accessible to just anyone or for too long. While you can share individual vault items with other Bitwarden users if you set up an organization, you cannot do so outside of the platform.
While most password managers have a built-in password generator, Bitwarden can also generate unique usernames in all of its apps and extensions. Instead of using the same simple username or your personal email for every login, you can create a plus-addressed or catch-all email or a random word (depending on the site or service’s requirements). Bitwarden also integrates with email alias services like SimpleLogin and Fastmail.
On its premium tier, Bitwarden has an Emergency Access feature, which lets you choose trusted contacts who can access your vault if needed. Trusted contacts can have either viewing or editing (takeover) permissions, and access will automatically be granted after a configured wait time if you have not approved or rejected their request. This may be helpful if you are incapacitated or in the event you lose your own master password. Note that your trusted contact(s) must also have a Bitwarden account.
Finally, premium users have access to an integrated authenticator, which generates time-based one-time passwords (TOTPs) for multi-factor logins, in lieu of third-party authentication apps. Bitwarden’s integrated authenticator will generate and autofill your TOTPs, which you can also view inside the vault record or the verification code section of the mobile app.
ZDNET’s buying advice
Bitwarden stands out with its free tier, which easily meets the needs of users looking for a highly secure tool to create, save, and fill strong passwords with unlimited storage and syncing. A paid subscription also offers many benefits at a low cost compared to other premium password managers, with emergency access, additional multi-factor authentication features, and more robust security monitoring. Bitwarden is an especially good value for families, with a premium plan coming in at less than $7 per person, per year.
Featured reviews