Bitwarden review — 2026

Why Bitwarden is the open-source password manager standard

Bitwarden is the open-source, audited, self-hostable password manager that quietly became the default recommendation among privacy-conscious users and developers. Founded 2016 by Kyle Spearrin (originally a side project), expanded into a real company in 2018, raised PSG Equity funding in 2022 (~$100M valuation).

Bitwarden's competitive position is unique: it offers the only genuinely usable free tier in password management, plus the lowest-priced premium ($10/year), plus optional self-hosting for users who want total control. No other major password manager combines all three.

What "open-source" actually means here

Bitwarden's entire client codebase (apps, browser extensions, CLI) is open-source on GitHub. The server software is also open-source (Bitwarden Server).

This matters because:

1. Independent security audits — Any security researcher can review the code. Bitwarden has commissioned formal audits from Cure53 (2018), Insight Risk (2020), and Cure53 (2023). The audit reports are public.

2. Reproducible builds — You can verify that the app you downloaded from the App Store matches the published source code. Closed-source apps require trusting the vendor.

3. Self-hostable — You can run Bitwarden on your own server (Docker container, VPS, home NAS) and never trust Bitwarden Inc.'s servers at all.

4. Survivable — If Bitwarden the company shuts down tomorrow, the open-source code lives on. Community forks would emerge within weeks.

LastPass is closed-source. NordPass is closed-source. 1Password is closed-source (audit-reviewed but not open). Only Bitwarden + Proton Pass are open-source among major password managers.

The free tier (actually usable)

Bitwarden's free tier supports: - Unlimited passwords - Unlimited devices - Sync across devices - Browser extensions: Chrome, Firefox, Safari, Edge, Brave, Opera, Vivaldi - Mobile apps: iOS, Android - Desktop apps: Windows, macOS, Linux - Web vault: vault.bitwarden.com - CLI: bw command-line tool

What's NOT free (in Premium at $10/year): - File attachments (e.g., scanned ID, important documents) - Emergency access (granting trusted contacts access if you're incapacitated) - Bitwarden Authenticator (built-in TOTP generator) - Vault health reports - Priority support - Hardware key support (YubiKey, FIDO2)

The free tier is enough for 80% of users. Premium at $10/year is cheaper than 1Password's $36/year and adds TOTP integration that's genuinely useful.

Self-hosting (if you want it)

Bitwarden Server (the company's reference implementation) can run on: - Docker (any system that supports it) - Bare-metal Linux (Ubuntu, Debian, CentOS) - Synology NAS - Raspberry Pi (with Vaultwarden, a Rust port of Bitwarden Server)

Self-hosting means: - Your passwords never leave your network - No subscription fees (one-time hardware cost) - Complete control over data, backups, retention - Required: technical setup (Docker, reverse proxy, SSL cert)

Vaultwarden (formerly bitwarden_rs) is a third-party Rust implementation of Bitwarden Server. It's compatible with all official Bitwarden clients but uses less memory. Most self-hosters run Vaultwarden instead of official Bitwarden Server because it's more efficient.

Self-hosting is excellent for technical users. For non-technical users, the cloud-hosted Bitwarden at $10/year is the simpler choice.

Pricing comparison ({{ year }})

Bitwarden Premium at $10/year is 3.6x cheaper than 1Password Individual. Bitwarden Family at $40/year is 33% cheaper than 1Password Family.

Strong family + organization features

Bitwarden Family ($40/year) covers up to 6 users with: - Shared collections (passwords visible to all family members) - Per-user vaults (private to each user) - Granular permissions - Premium features for all 6 users

Bitwarden Teams ($3/user/month) adds: - Multiple collections per user - Group-based access control - Event logs

Bitwarden Enterprise ($5/user/month) adds: - SSO integration (SAML 2.0) - API access for automation - Custom roles + permissions - Self-host included

These tiers are dramatically cheaper than 1Password Business ($19.95/user/month) or LastPass Business ($7/user/month).

What Bitwarden isn't best at

Apps polish: 1Password's apps are noticeably more polished. Smoother animations, better autofill, cleaner UI. Bitwarden works fine but feels more "indie."

Travel Mode: 1Password has Travel Mode (hide sensitive vaults at borders). Bitwarden doesn't.

Built-in dark web monitoring on free tier: 1Password has Watchtower (free with subscription). Bitwarden's vault health reports require Premium.

Customer support: 1Password has dedicated support team. Bitwarden support is community-first with ticket support for Premium users.

For users who want premium polish and Travel Mode, 1Password justifies its 3x price premium. For users who want functional + cheap + open-source, Bitwarden wins.

Security architecture

Bitwarden uses: - AES-256 encryption (industry standard) - PBKDF2 key derivation (600,000 iterations default, configurable) - Argon2id key derivation (optional, more memory-hard than PBKDF2) - Zero-knowledge architecture — master password never sent to Bitwarden servers - End-to-end encryption — vault data encrypted client-side before upload

The Argon2id option (added 2023) makes Bitwarden's encryption more resistant to GPU brute-force attacks than PBKDF2. Configure this in Settings → Security → Keys.

Master password best practices for Bitwarden (and any password manager): - Use 20+ characters or a 5-word passphrase - Never reused anywhere else - Stored in a physical safe place (paper, password journal) — if you forget it, your vault is unrecoverable

How Bitwarden compares to 1Password

The defining comparison in password management. Both are excellent. Pick based on priorities:

Pick Bitwarden if: - You want open-source (auditable code) - You want free tier (or $10/year Premium) - You want self-hosting option - You're technically comfortable with slightly less polished apps - You're privacy-paranoid (Bitwarden's transparency model is the cleanest)

Pick 1Password if: - You want the most-polished apps across every platform - You want Travel Mode for border crossings - You want Watchtower security audit on free trial - You want Family plan at $5/mo for 5 users (1Password's Family plan is the standout) - You're non-technical and want maximum hand-holding

Migration from LastPass to Bitwarden (post-2022 breach)

After LastPass's 2022 breach where encrypted vault backups were exfiltrated, many users migrated. The migration path:

1. Export LastPass vault (Account → Advanced → Export → CSV)
2. Import to Bitwarden (Tools → Import data → LastPass CSV)
3. Verify all entries imported correctly
4. Change all passwords for high-value accounts (banking, email, etc.) — assume LastPass-stored passwords are compromised
5. Delete the LastPass export CSV (it's plaintext)
6. Cancel LastPass subscription

The whole process takes 1-2 hours. Worth it.

Our verdict

Bitwarden is the right pick if you want: - Open-source transparency - Free tier that's genuinely usable forever - $10/year Premium (cheapest in industry) - Self-hosting option for total control - Solid family plan at $40/year for 6 users - CLI access for developer workflows

Skip Bitwarden if: - You want the most-polished apps → 1Password - You want bundled VPN → Dashlane - You want Travel Mode → 1Password - You're in the Proton ecosystem → Proton Pass

For most users, the Bitwarden free tier is the right starting point. Test it for 30-60 days. If you find yourself wanting file attachments, TOTP integration, or hardware key support, upgrade to Premium at $10/year. If you find yourself missing 1Password's polish, switch — migration takes an hour.

For the affiliate angle: Bitwarden pays $10 per Premium signup. Lower per-customer payout than 1Password ($15-$30) but easier conversions because Bitwarden converts at $10/year vs 1Password at $36/year. The lower price point dramatically improves close rate.