Usually, when it comes to open source programs, I expect to see something that is not very beautiful or convenient. But safe. At first glance, Bitwarden promises cloud synchronization in a convenient interface on all platforms.
This is auto translated version of this post
Bitwarden is an open source password manager for popular operating systems with synchronization.
The application is accessible via the web interface, command line, on Windows, macOS, Linux, Android, iOS and in the form of extensions for popular browsers, including Tor. If you wish, you can configure your server and deploy Bitwarden on it. Data is encrypted using end-to-end AES-256, salted hashing and PBKDF2 SHA-256.
For the review, I took the Windows and Android versions, and also installed the extension in Chrome. Fortunately, for Windows there is a version without installation.
As in similar applications, at the first start you will need to create data for authorization in the password database.
The difference is that you need to register at the mail address. After all, Bitwarden involves synchronization between devices.
After authorization, the standard interface for such programs opens. If you used KeePass, then you can easily imagine what to expect here.
Passwords in Bitwarden can be stored in folders, you can create nested elements through editing. The data itself is divided into four types: login, card, personal data, notes.
For passwords (login), you can specify a name, specify a login-password pair, an authentication key (TOPT), one or more URLs for authorization, a note, a user field (text, hidden, logical), specify the owner. The latter is necessary for collaboration, which I will discuss below. Owner can be specified for any data type.
Sorry, you cannot add files.
For the card, you can specify the name, owner name, number, type (Visa, MasterCard, etc.), expiration date, CCV.
For personal data, you can fill out a passport, TIN and other information that is usually needed during registration. Custom fields are also available.
And for notes, the usual free input in plain text is available without support for attachments, but with custom fields.
Of course, Bitwarden has its own password generator and change history.
If you run the extension during authorization on the site, Bitwarden will by default display the available logins for the site and help to automatically fill in the fields.
Or you can copy or enter the login-password by hand. On separate tabs, you can view all the data from the password database and generate a new password.
If there is no data for authorization, then through the context menu you can generate data for the required fields. They will be automatically saved.
Unfortunately, Bitwarden cannot provide live screenshots. The Android version blocks their removal, and you can’t disable this option in the settings.
In the application, you can also manage the password database and create new passwords. It supports automatic authorization in third-party applications and sites, blocking using a pin or biometrics.
For corporate users
Bitwarden offers organizations the ability to share data between users, delimiting access levels, file storage, reporting “health” of passwords, grouping users, synchronizing with Active Directory, etc., logging, increased security, access to the RESTful API, two-factor authorization.
Bitwarden has a free tariff with the possibility of collaboration between two users and a limitation of two folders. At the same time, synchronization is maintained between any number of devices and there are no restrictions on the amount of data stored.
For $ 10 a year, home users will get collaboration (up to five people), all restrictions will be removed, file storage will be added, the ability to raise Bitwarden on their server, password reports, authorization using YubiKey, FIDO U2F, & Duo.
Bitwarden pleased me with its capabilities. Perhaps this is one of the best password managers.
Developers offer at a free rate enough features for most users. The app will be a great alternative to password managers like Dashlane and LastPass.