Bitwarden Is It Safe



Bitwarden is it safe

Whenever there is a security breach, everyone likes to point to “Have I Been Pwned.”

Your password is never transmitted to our servers and is processed locally in your device's web browser window. How do you calculate password strength? We use a tool called 'zxcvbn'. Your passwords are at risk. Any password manager encrypts your passwords and stores them on a computer. Any computer can be hacked. If a hacker gets the encrypted. Most premium password managers are way safer than the majority of the free ones. The latter are often buggy, developed by shady companies, and sometimes even include malware. Despite that, there are quality free password managers that are as safe as the paid services. In fact, the former often include a free version. The Bitwarden Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Bitwarden more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

It’s for a good reason.

The guy who runs it is a “Rock Star” in the internet security world. But that doesn’t mean much to most people so let me show you why you should trust Have I Been Pwned(HIBP).

Disclosure: I’m NOT being paid to write this. I don’t know the owner of HIBP and never met him. This is just the research I’ve done to find out if this site is trustworthy.

Who Owns HaveIBeenPwned?

Troy Hunt owns HaveIBeenPwned.

Personal site: https://www.troyhunt.com/

Twitter: https://twitter.com/troyhunt

Safe

YouTube: https://www.youtube.com/user/troyhuntdotcom

Visual studio insider

Who Is Troy Hunt?

Troy Hunt is an Australian web security expert. To learn more check out his Wikipedia page.

Most notable is that Microsoft awarded him “Microsoft Most Valuable Professional” in 2011.

HaveIBeenPwned History

HaveIBeenPwned was created in 2013. The thing that pushed HaveIBeenPwned to life was the Adobe breach in 2013. The Adobe breach had 153 million accounts compromised.

As Troy does, he was analyzing data breaches for patterns. He realized this data was easy for him to get ahold of, but for the average person, it was unfeasible. Troy wanted the everyday person to be able to check if their data was in a breach, so he created HaveIBeenPwned.

HaveIBeenPwned allowed anyone to check if their email address was ever in any breaches. If it was, they could take actions to secure their accounts again. Troy also added a way to check your passwords to see if they were in any breaches too.

HaveIBeenPwned Controversy

There was a bit of controversy for HaveIBeenPwned during the Ashely Maddison Breach.

There were sites created overnight to check to see if your email was in this breach. Since Ashely Madison was for cheating spouses, it provided an easy way to check if your partner was using the site.

HaveIBeenPwned got wrapped up in this but did all the right things. You had to verify you owned the email address before it would reveal if that email address was in the breach.

Other sites did not do this and outed many people.

Due to the media wanting a fast headline HaveIBeenPwned got wrapped up in this. To be clear, HaveIBeenPwned did the right thing by not exposing sensitive data of this breach.

Who Uses HaveIBeenPwned

I feel it’s important to point out what companies use HaveIBeenPwned. Many of these companies have a lot to lose if HaveIBeenPwned was not trustworthy.

HaveIBeenPwned has a way for other companies to use their database to check if customers login data was compromised. This is very useful for password managers and sign-up pages.

1Password – https://blog.1password.com/finding-pwned-passwords-with–1password/

Bitwarden – https://blog.bitwarden.com/have-you-been-pwned–7051d64e685b

FireFox Web Browser – https://www.infosecurity-magazine.com/news/mozilla-pwned-function-firefox/

U.K. and Australian governments – https://techcrunch.com/2018/03/02/uk-and-australian-governments-now-use-have-i-been-pwned/

What Real People Are Saying

Being able to see what real people say about HaveIBeenPwned is worth a look at if you ask me. I’ve listed off a few Reddit post that helps to back up the claim that HaveIBeenPwned is safe to use.

Have I been pwned? Check if your email has been compromised in a data breach –

What Other Sites Are Saying

Let’s not forget what other sites say about HaveIBeenPwned. Spoiler: It’s all good things!

Digitaltrends – https://www.digitaltrends.com/computing/best-websites-for-finding-out-if-youve-been-hacked/

CNET – https://www.cnet.com/how-to/find-out-if-your-passwords-been-hacked/

dailymail.co.uk – https://www.dailymail.co.uk/sciencetech/article–4767562/Have-PWNED-Site-reveals-password-safe.html

makeuseof – https://www.makeuseof.com/tag/hacked-email-account-checking-tools-genuine-scam/

Forbes – https://www.forbes.com/sites/adamtanner/2014/04/14/these-sites-tell-which-of-your-accounts-have-been-hacked/#50d20e403763

PCWorld – https://www.pcworld.com/article/2070080/new-website-lets-users-check-if-their-online-credentials-were-exposed-in-large-data-leaks.html

How Does HaveIBeenPwned Make Money?

The old saying goes, “if you’re not paying for it, then you’re the product.” So how does HaveIBeenPwned make money?

The first way HaveIBeenPwned makes money is from donations. If you used his service in the past, please consider donating as it does help.

HaveIBeenPwned also has a partnership with 1Password.

1Password is a password manager, and it makes perfect sense to partner with HaveIBeenPwned. Troy Hunt says he used 1Password years before they ever became a partner.

It’s smart to partner with a password manager because it’s the next step to take after finding out you’ve been in a breach.

Bitwarden

I’m not aware of any other ways HaveIBeenPwned makes money. I know many people may be thinking that they’ll sell the information inside the database. While at first, that would seem like a great idea it’s not. The data that HaveIBeenPwned gets is already in the public domain anyway so anyone can grab it and do whatever they want with it. No need to sell data if you can get it free somewhere else.

Editor's Rating
Overall
Features
Price
Customer Service

Positives

  • Open source software
  • Top-notch security
  • Vast compatibility
  • Great premium price
  • Fantastic free forever version

Negatives

  • Limited customer support options
  • No categorization

Nowadays it’s essential to have a wide range of strong passwords to protect your accounts from being breached by hackers. Of course, it’s impossible to remember every single unique password which is why so many people are now using password managers to safely store everything in one handy place. Password management software is a competitive market, but one standout competitor is Bitwarden. Made by Florida-based 8bit Solutions, Bitwarden launched in 2016 and since then it’s become one of the best open source password managers on the market. Keeping credentials safe with military-grade encryption over an unlimited number of devices, Bitwarden comes with a free forever version that is packed full of features and users can upgrade to the premium version for just $10 a year.

Features

Once you open Bitwarden’s browser vault, you’ll find it easy to navigate and intuitive. The browser vault is actually the best way to experience Bitwarden since there are features that you won’t be able to access in any of the apps or extensions like importing/exporting data and viewing breach reports. The range of credentials you’re able to input includes passwords, bank cards, identities, and secure notes but adding new entries is a simple process that allows you to add custom fields to any entries for greater flexibility. Unfortunately, Bitwarden doesn’t allow you to categorize or tag your new password entries, but instead lets you to add them to folders – there’s also the option of favoriting select passwords to make them more easily accessible.

Password autofill works by using one of the many browser extensions that Bitwarden provides, which also allow you to save any logins you use directly to your vault. This is different for mobile users since the iOS and Android apps differ slightly; Android autofill works automatically while iOS only functions with compatible apps. Although the iOS compatibility list is very comprehensive, it does lack support for a few major apps including Facebook.

Add Password


Sharing passwords is a little trickier with Bitwarden. Unlike some other password managers that allow you to share directly between contacts, Bitwarden makes you set up an organization as a method of sharing credentials – this could be as a group of friends, family, or a business. From there you’re able to share passwords and create collections of shared credentials that everyone in your organization has access to.

Password Generation

Password generation gives you plenty of options to choose from, with password lengths going up to as high as 128 characters and giving you the options for a minimum amount of numbers, special characters, and to avoid ambiguous characters. Once you’ve completed the password generation or entered in one of your own, you then have the ability to test to see if your password has already come up in a previous data breach. It can be quite surprising to see how many times you’re old passwords have been exposed when searching for them in the breach database. One thing we would like to see Bitwarden add in future editions is the ability to add reminders for when passwords should be changed but you can at least see when your password was last updated.

Apps & Browser Extensions

Bitwarden is accessible on a wide range of devices – Windows, macOS, Linux, Android, and iOS all have native apps available as well as the web vault that is accessible on any browser. Speaking of browsers, there are a large amount of extensions for all the major names like Chrome, Firefox, Edge, and Safari as well as browsers that fewer password managers cater to like Vivaldi, Brave, and Tor.

All of Bitwarden’s apps are easy for any level of user to get to grips with, and although there are many features that password manager novices won’t have encountered before, they’ll have no problem working everything out thanks to the simple design. The apps also allow you to change the color theme between light and dark – it doesn’t make a lot of difference but it’s a nice feature to have anyway.

Firefox ExtensionAdd ItemPassword GeneratorSettings

Firefox Add Item


Firefox Settings


Setup

Setting up Bitwarden is a very easy process, you’ll just need to register for a Bitwarden account, input a master password, and you’re ready to go. One thing we noticed about setting up our master password is that although Bitwarden will notify you if your master password choice is weak (it could literally be password1) it has no problems letting you use it regardless. Bitwarden is probably assuming that if you’re downloading a password manager, you’ll know not to choose a weak master password, but an added safety net would be nice. One thing you must note is that there is no backup should you forget your master password. All Bitwarden can do then is allow you to recover your email address to start a new account but you will lose everything that was stored in your account previously.

If you already have used a password manager before and you’re now converting to Bitwarden then you’ll be happy to know that the program supports an incredible range of formats for importing data so you shouldn’t have any issues transferring all of your data. Meanwhile exporting data is possible either with a CSV or JSON file.

Security & Privacy

Bitwarden protects your data with very reliable security, using AES-265 military-grade encryption as well as PBKDF2 to keep all data secured. All data is encrypted locally so Bitwarden’s clouds are only ever storing encrypted data. If for whatever reason you still have doubts about the Bitwarden server’s safety, then you can use Docker to host the entire infrastructure yourself.

It’s reassuring that Bitwarden regularly undergoes third-party independent security tests. You could go and read the reports for yourself but to save you time we can tell you that the results are very positive, so you know your sensitive details are safe. Interestingly, Bitwarden encourages any hackers who are find any security issue to report it so Bitwarden is able to immediately fix any remaining issues.

Bitwarden allows for two-factor authentication using authenticators, email codes, or, if you’re a premium user, you have the ability to use security keys such as YubiKey or FIDO U2F. There’s also a handy data breach report feature that allows you to input any email addresses or usernames that you regularly use and find out if they have ever appeared in any publicly released data breaches.

Breach ReportBreach Report ResultsEncryption Key Settings

Breach Report Results

Bitwarden Is It Safe For A


Pricing

There are two different ways of setting up Bitwarden accounts; you can use the organizational ones aimed at sharing passwords between families or companies or instead stick with a normal solo account. We’ll start with the normal accounts which are divided between free and premium. The free forever version is excellent and comes with more features than even many competitors’ premium accounts do. The premium account gives you access to extra functions like further two-step login options and priority customer support. The price for the premium account is more than reasonable at just $10 a year which is less than a dollar a month.

Going back to those organizational accounts now, they’re divided into personal, family, or business. Free personal accounts allow you to share with one person while family accounts allow you to share with five users with added extras at just a dollar every month. Business accounts vary on the number of users but can be as cheap as $3 per user every month. Bitwarden accepts all major credit cards, PayPal, and Bitcoin and all purchases come with a 30-day money-back guarantee so you’re able to test out the premium features risk-free.

$0

Is Bitwarden Safe To Use

  • Cloud syncing
  • Unlimited password storage
  • Two-factor authentication
  • Optional self-hosting
  • Direct customer service
$0.83/mo
  • Cloud syncing
  • Unlimited password storage
  • Two-factor authentication
  • Optional self-hosting
  • Priority customer service
  • 1GB file storage
  • Security key login
  • Password health reports
  • 30-day money-back guarantee

Customer Service

Customer service is available through the email form on the Bitwarden website, response times are good, and you’ll always be put through to a human instead of an automated reply. It should be noted that premium members get priority support. As well as getting help via email there is some limited support through the regularly updated Twitter account and staff are regularly on the Bitwarden Reddit page which could be used as a further support channel.

The Bitwarden website has active forums for further support as well as well-written FAQs and user guides. Developers who want to go further and explore all the open software potential of Bitwarden can find an official online chatroom to discuss with like-minded people.

Forum


Bottom Line

While Bitwarden may not be the perfect password manager it is absolutely one of our favorites. We like the flexibility it provides allowing you to use it on a large number of devices with impressive browser support. The security is amongst the best around, so you don’t need to worry about your passwords being stolen. There are a couple of features we’d like to see in the future, in particular with password categorization as the current folder system isn’t the most efficient method.

What really makes it stand out is that personal users will be able to use the free forever version without ever feeling the need to upgrade because none of the essential features are hidden behind the premium membership. Even so, the premium version is so well priced that Bitwarden may very well be the best value-for-money password manager available.


Best Alternative Password Managers

Bitwarden Is It Safe
RankProviderInfoVisit
Editor's Choice 2021
  • Fantastic security
  • Flexible platform
  • Reasonably priced
  • Easy-to-use
  • Simple, straightforward
  • Flawless data import
  • Built-in VPN
  • Advanced iOS/Android app

  • Simple and straightforward client
  • Categorization of stored credentials
  • Biometric authentication
  • Versatile customer service