Bitwarden Pricing
Bitwarden is free and open-source software, but unlike community-developed alternatives such as KeePass, it is a commercial venture.
Bitwarden Password Vault Free
The core product is free and will stay free forever, but you can support the developer by paying a very reasonable $10 per year subscription fee for a premium personal account. Premium users enjoy some cool (non-core) additional features, as outlined below.
In addition to a premium personal plan, Bitwarden offers family plans and a couple of enterprise plans aimed at businesses.
In this review, we will focus on personal plans.
Bitwarden Vault Is Locked
Enterprise-Grade Security and Compliance Protect your online data using a password manager you can trust. Bitwarden conducts regular third-party security audits and is compliant with Privacy Shield, HIPAA, GDPR, CCPA, and SOC 2 security standards. More about Bitwarden Security. In addition to keeping your identity, credentials and sensitive data safe, the best password manager also has a password generator to create strong. Bitwarden is a lean, open-source encryption.
Bitwarden is a secure, open-source password manager that offers cross-device sync and unlimited password entries for free.
What features does Bitwarden offer?
The following features are available to free users:
- End-to-end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- Two-factor authentication (2FA)
Paying $10 a year adds:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
What is important to note is that there is no account recovery feature.
How easy is Bitwarden to use?
To start using Bitwarden, just download the app for your platform and sign-up in-app. A password is requested, but this is not verified. You’ll need to think of a strong master password, and can choose a hint to help you remember it.
And that’s it! Just don’t forget your master password!
The desktop clients
The Bitwarden desktop clients are basically identical in Windows, macOS, and Linux. Most versions of Linux are supported thanks to the app being packaged in the AppImage format. It is also available through the Ubuntu Software Center and, of course, you can compile the open-source code yourself.
We find the interface to be smart looking and very easy to use. Four “Types” of data entry are supported: login, card, identity, and secure note.
Each entry Type is formatted in a way suitable to entering data of that kind, and which the app can use to auto-fill passwords, web forms, and card detail forms. using browser add-ons.
An interesting new feature is a button in the password field which checks if the password you input has been exposed. This works much like our very own data breach tool and compares the username and password you enter with a database of known password breaches.
A more secure option than thinking up your own all-too-fallible passwords is to let the Bitwarden app generate secure passwords for you. These passwords can be tailored to conform with any specific requirements a website insists on.
You can also create folders and add items to them. What more do you want? If you need group password management and sharing features then these are provided by Bitwarden’s organization accounts.
Autofill functionality on the desktop is provided by browser add-ons for Firefox and Chrome.
The Mobile Apps
The mobile Android and iOS apps are very similar, and share the same attractive and intuitive design philosophy as their desktop siblings.
Both apps do everything their desktop siblings can including generate secure random passwords. They also both support fingerprint unlocking on devices which have fingerprint sensors.
The Androids app uses the Autofill Framework Service on Android 8+ devices and the Auto-fill Accessibility Service on older Android devices to auto-fill forms in any browser window or app. In addition to this, the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+ the Bitwarden app integrates with Apple’s new Authentication Services framework to provide instant autofill functionality in most browsers and apps.
Web Vault
In addition to using apps, it is possible to access your passwords via the “Web Vault” from any browser. This is handy, although the possibility of compromised servers pushing malicious JavaScript code directly to your browser window means that using browser-based e2ee cryptography will never be quite as secure as performing the cryptography in a stand-alone client.
Interestingly, the only way to import data is via the Web Vault, which accepts files exported from a huge range of password managers
Command-line interface CLI
In addition to graphical user interfaces (GUIs) for all major platforms, Bitwarden provides a powerful CLI client for Windows, macOS, and Linux.
It doesn’t really do anything the GUI clients don’t, but it is very lightweight and geeks will love it!
Browser add-ons
Browser add-ons are available Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. A Firefox link is provided for the Tor Browser, but we do not recommend this as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and provide the same core functionally.
They also make auto-filling logins, forms, and suchlike a breeze.
Bitwarden customer support
An extensive help section provides detailed documentation on most aspects of Bitwarden. If you have any additional questions you can email them in.
Bitwarden is basically a one-man show, so all responses we received were from its developer Kyle Spearrin himself. Responses typically arrived on the same day. Alternatively, the Bitwarden website hosts an active forum on which Kyle is an enthusiast participant.
Privacy and security
Bitwarden is a US company and is therefore subject to FISA, the Patriot Act, and very likely surveillance by the NSA. Which shouldn’t matter because…
Bitwarden uses fully audited open-source end-to-end encryption (e2ee). Which is as good a guarantee that it is secure and private as it’s possible to get. The only way to decrypt your data is by using the correct master password, which is not recoverable should you forget it. So don’t.
Because e2ee is used, it shouldn’t matter that Bitwarden uses Microsoft Azure cloud servers to host accounts, although if this really bugs you then you can self-host on a home or rented server of your choice using the open-source Docker framework.
Audit
In November 2018 a crowdfunded independent security audit by Cure53 found no major issues with the software. Some non-critical issues were discovered, the most important of which were patched immediately. We can only presume that developer Kyle has been working hard this last year to fix any additional issues raised by the audit.
Technical security
Data at rest is protected using an AES-256 cipher. PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all respected third-party cryptographic libraries.
Data in transit is protected by regular TLS - which is fine. Even if your data was somehow intercepted in transit (via a MitM attack using fake SSL certificates) it could not be accessed because it is encrypted with AES-256 before leaving your device.
In 2018 a flaw was found in the Chrome add-on’s cryptography. This was largely fixed immediately, although you should never use the ‘never forget’ option of Bitwarden if you do not want your encryption key to exist on disk.
Two-factor authentication (2FA)
Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
Check out our 'what is 2FA' page if you are new to this.
Final thoughts
Bitwarden is a free and open-source password manager that can go head-to-head with any of its closed- source subscription-based rivals. It is powerful, looks good, is intuitive to use, and syncs seamlessly across all your devices.
In our view, Bitwarden’s only real rival is the similarly open-source KeePass and its various forks. Bitwarden looks prettier than KeePass and is easier to set up and use, but thanks to the huge number of add-ons available to KeePass, it is no-where near as powerful or flexible.
KeePass is also true community-developed software rather than a one-man for-profit product (albeit one which is open-source). Bottom line: Bitwarden is the ideal password manager for the less technically minded.
- Fastest VPN we test
- Servers in 94 countries
- Unblocks Netflix, iPlayer and more
Introduction
This article will cover setting up your own self-hosted Bitwarden instance with Docker and configuring ngnix to allow for public exposure for cross-device access to your vault.
What is Bitwarden?
Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. The Bitwarden platform offers a variety of client applications including a web interface, desktop applications, browser extensions, mobile apps, and a CLI.
I use Bitwarden as my main password vault. It stores my card details for automating the filling out of payment forms. Saves me from having to find or remember my card details. I also use Bitwarden for storing all of my passwords.
Having Bitwarden as a public endpoint means that I can connect to my password vault using the Bitwarden app on Android, specifying my self hosted instance.
Setting up the Bitwarden Server
This section of the tutorial is to set up the main Bitwarden 'hub'. This will be a publicly exposed Bitwarden API that will live on your server.
Require some assistance?
Our experts can help get you set up!Step 1: Setting up your Linux server
You'll need to either have an existing server instance or create one. I use a Proxmox instance running on a server in my loft. You could also use something like Digital Ocean to host your Bitwarden Server. Using the following link will give you $100 worth of credits for 60 days to play around with, just sign up using this link.
You could also use a cheap Raspberry PI to set up your own Linux server.
Once you have the server set up, or have logged in. You'll need to do some updates and run some prerequisite installs.
Next, we need to install Docker. Docker is the layer which your containers run.
To install Docker on your instance, you need to run the following command.
The following script is a convenience script provided by the Docker team. It's highly recommended to always check what you're going to execute, before executing it.
Once you have executed the Docker install script. You should see an output like the following.
As you can see in the output, the command was executed successfully. You may also notice that there is a console message specifying how to use Docker as a non-root user.
This means that whenever you are executing the Docker command, you'll no longer need to type in your sudo password.
If this sounds good to you, you can simply run the provided command, substituting your-user
for your server user. In my case, my user is ubuntu
. My command would look like this.
We also need to install Docker Compose. This can be done by running the following commands.
Step 2: Provisioning your Bitwarden Server
Next, you'll need to create a new folder, this will house your Bitwarden Server, you can call it anything memorable. I'll just call mine bitwarden
Next, you'll need to create a docker-compose.yml
file. This is an orchistration file which docker-compose
will use to provision your Docker instance.
Next, you'll need to edit your `docker-compose.yml` file and paste in the following content.
I'm using bitwarden_rs as it's written in Rust, faster and more reliable. Also entirely opensource with a heavy user-base.
Save your docker-compose.yml
file and exit back to your bitwarden
directory.
Step 3: Running your Bitwarden Server locally
Now, you have everything provisioned for running your Bitwarden Server.
The next thing to do is run it.
This will start up your Bitwarden Server inside Docker, it may take some time to pull down the images.
You can eventually see your instance running by executing the following
This will list your running instance.
If all is well, you can locally view your Bitwarden Server by navigating to http://localhost:PORT
. Or from another machine by using your ip address instead of localhost
You should see something that looks like the following.
Finally, you'll just need to register for an account on your new hosted instance.
Click the Create Account
button
Then fill out your details. If you have an existing Bitwarden account, you'll still have to create a new account on this instance. You can then Export and Import between accounts.
The last thing to do is hit Submit
If your instance isn't on your local machine, you will need to set up Nginx routing, which you can follow in Step 4.
Step 4: Exposing your new server publicly
This part may sound scary, but it is required to allow your Bitwarden Clients (Android, iOS, Chrome extension etc) to connect to your server.
We're going to be using nginx.
Setting up nginx
Nginx is a reverse proxy that allows you to point incoming web traffic to your new Bitwardeb server.
Firstly, install nginx if you haven't already
If you have UFW installed, you will have to Allow Nginx through your local firewall.
I have a tutorial for setting up UFW here
As you can see, there are three profiles available for Nginx:
- Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
- Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic)
- Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
You can enable this by typing:
Next thing to do is just double check your nginx server is up and running
You should see something that looks like the following
The next part allows us to take incoming traffic and point it to your container instance. Allowing you to expose your Bitwarden server to the internet.
Navigate to /etc/nginx/
Use your favorite text editor and open the following file with sudo
I use the following code for my syncing server
Port-forwarding
You will need to port forward your instance to allow public access to your instance. This will involve googling how to port forward from your router.
You'll need to point port 80 and 443 to your instance where Nginx is set up.
Linking Bitwarden Server with your public domain
You will also need to set up a public domain name. This can then be used to call your new public instance with port 443 exposed.
For example, I would set up a subdomain on bowlerdesign.tech
to be vault.bowlerdesign.tech
. Notice this is also the domain I specified in my Nginx config above.
Here's something to search for with regards to setting up a domain name
Setting up Certbot
Certbot allows us to generate SSL certificates for free with Let's Encrypt. It's simple to install and use. Even hooks in with Nginx, meaning that there's no more manual configuration required.
To install Certbot, simply run the following command
Then, to set up your SSL certificate, run
Follow the instructions, select your domain name from the nginx list.
Also, select redirect
as this will upgrade any http requests to https.
Step 5: Connecting to your new Bitwarden instance from a client.
I'm going to use the Firefox Bitwarden Plugin for this part of the tutorial. But the process is identical for all Bitwarden clients.
First, if you haven't already, install your chosen Bitwarden client and open it.
In the top left corner, click the cog icon
You'll then get some configuration. Simply add your full url into the Server URL
field
Like so, then just hit Save
and log in as normal
That's it
Pretty easy right?
Please don't hesitate to get in touch in the comments if you get stuck. I'd be more than happy to help out with any issues you may face.
This post contains affiliate links meaning we may receive a small commission on purchases made through links in this post. At no extra cost to you 😊