Date : 05-14-2020
Bitwarden is a free and open-source password manager that stores sensitive information such as website login credentials, account credentials, credit card information, personal information, etc. Bitwarden supports several platforms such as web extensions, desktop applications, and mobile applications. Most people have seen several other applications out there like LastPass, Dashlane, Keeper, etc which could rival Bitwarden. However, the factor that makes Bitwarden different and unique is as of right now, Bitwarden is the only application that offers the option to let you host your own data, on your own server, or host it on their server. This is great especially if you are not comfortable with having a third-party service hold your sensitive data (encrypted or not) on their server. With Bitwarden you can set up all of your data on your local machine at your home or your office and be able to access the data from anywhere. The only aspect to strongly consider is if your internet goes down then so does your access to your data.
Nowadays, passwords theft is a big problem, and this is primarily due to users using the same passwords to access all of their accounts. But honestly, can you blame users for doing that, and isn’t it expected? Frankly, most of us use the same password and you can’t blame anyone because it is not always easy to remember thirty different passwords for different accounts. This is because we rely on technology to make our lives easier, and there is no point in going back and saying back in the day because chances are it will never go back to those days and it is better to adapt. When new security rules come out and we as users are forced to use different and complicated passwords that we cannot remember, we tend to ignore those rules and do it our own way. However, because of this, more and more accounts are compromised on a daily basis which involves leakage of sensitive information. But this can change if we use Bitwarden. Below is a list of features Bitwarden offers:
· Supported platforms include Windows, Mac OS, Linux, Android, iOS, command line, web, and major browsers
· Secure Password Generator
· Secure Password Sharing
· Reports & Analysis
· Form Filling
· 2FA and TOTP Support
· Password Import/Export
· AES-256, PBKDF2 Encryption on your device
· 1GB encrypted file storage
· Synchronizes across all your devices and browsers
· Optional self-hosting of your data
· Store logins, secure notes, credit card info, and multiple identities
· Group items into Collections
· Securely sync passwords between all your devices
· Store an unlimited number of items in your vault
· Use Two Factor Authentication (2FA)
· Securely generate passwords
· Securely share passwords
· Import and export passwords
· Auto-fill forms
· Auto-fill passwords on mobile apps
If you pay ten dollars annually for a membership account you get:
· 1GB encrypted file storage
· Two-step login w/ YubiKey, U2F, Duo
· Vault health reports
· TOTP authenticator storage & gen.
· Priority customer support
For businesses, there is a free tier for two users which includes:
· Sharing for 2 users
· Limit 2 collections
· Unlimited shared items
For businesses that need more users can pay five dollars a month for five users and two dollars for every additional user and it includes:
· Unlimited users
· Unlimited collections
· Unlimited shared items
· Vault health reports
· 1GB enc. file storage
· Priority tech support
· Premium available for purchase
For enterprises, you would have to pay three dollars per month per user and that includes:
· All Business Tier Features
· User groups
· Directory sync (AD, G-Suite, & more)
· Enterprise policies
· On-premises hosting (optional)
· Event/audit logs
· RESTful API access
· MFA with Duo Security
· Users get premium automatically
To expand on the enterprise plan if you have an enterprise account you get:
o Securely share and manage logins, secret keys, and more with users across your organization.
· Access Control
o Implement fine-grained access control policies and organize your vault with collections.
· File Storage
o Store & share sensitive files such as private keys, certificates, documents, photos, and more.
· Vault Health Reports
o Practice good password hygiene by auditing your vault with insightful reports.
· User Groups
o Use groups for easier user management and greater control across departments and teams.
· Directory Sync
o Sync groups and users from Active Directory (and other LDAP), Azure, G Suite, OneLogin, and Okta.
· Enterprise Policies
o Manage organization-wide security options such as password requirements and two-step login.
· Event Logs
o Review an audit trail of actions and changes performed by your organization's users.
· RESTful API Access
o Flexible APIs allow you to integrate your organization with other tools and systems.
· Multi-factor Authentication
o Enforce multi-factor login policies for your users by integrating with Duo Security.
· Priority Support
o Get the help you need when you need it, fast!
As a society, most people nowadays rely strongly on technology to remember things for them, such as, a phone storing contacts, an email account remembering everyone’s emails, etc as stated above. With Bitwarden you can put all of this information in one location, give each account or website a different password that is complex and nearly impossible to crack, and with one authentication you can have Bitwarden automatically log you in when you visit the website or account. Chances are after reading what we just stated in the previous sentence, it may sound like you would be at even more of a risk because if someone gains access to Bitwarden, your whole life is over. Technically speaking, yeah that is absolutely true and it is extremely scary when you think about it, but like everything, there are contingencies in place. For example, when setting up Bitwarden we always recommend using a password you know and can remember. Make it personal but random so it is not easy for someone to figure it out by knowing you or who you are. On top of that, we recommend having login alerts set up, this way if someone logs into your account or attempts to log into your account you would be notified immediately especially if you never authorized the login. Lastly and possibly the most important thing we recommend is to enable Multi-factor Authentication or Two-Factor Authentication. We recommend enabling that on every account and having two apps one for authenticating and the other for logging in using credentials.
Keeping everything on one app or service is not something we recommend. It is better to have an authenticator app that is used to provide you with a pin, so you can log into the account after you type your actual credentials. This is so the only way a person can log into your account is by having both forms of identification. Which significantly reduces the risk of getting information stolen or hacked. Also, keep in mind that all the information you enter into Bitwarden's application or web app is encrypted using end-to-end AES-256-bit encryption, salted hashing, and PBKDF2 SHA-256 even before it leaves your device. Even people at Bitwarden cannot decrypt the information that is put into the account by you.
The main reason most people haven’t heard of Bitwarden before is most likely because Bitwarden does not advertise much, if at all. Since Bitwarden is a 100% open-source, the code to this application can be found on GitHub. So, if they decided to try to charge for a service there is a good chance no one would pay for it since it is free anyway. However, they do have a premium version available which is ten dollars a year for several additional features. Do you need to get the premium version for Bitwarden to function properly? Absolutely not! We believe 99% of users will be perfectly fine and happy with the free version. However, if you do like the free version, we are sure Bitwarden would appreciate the ten dollars a year fee as support to their work. They also have a family plan in which you can have up to five users that cost one dollar a month and all five users can share the information. For enterprise users, they have several additional features that can help if configured properly. On top of that, the cost for an enterprise account is three dollars per month per user. As you can tell there are ways Bitwarden makes money, however, by no means does the money influence or compromise on the service or application they provide. It is more of a convenience or bonus features they provide for the fee, which as we stated most users would not need or care about. Spending with Bitwarden is entirely optional and that is one of the biggest reasons we believe you should give them a try. Think about it what is the worst that could happen? You waste a little bit of time?