Apr 06, 2020 Brief: Bitwarden is a popular open-source password manager. Here, we take a look at what it has to offer. Here, we take a look at what it has to offer. Bitwarden is a free and open-source password manager. R/Bitwarden: Bitwarden is an open source password management platform for individuals, teams, and business organizations. Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts. Jan 01, 2021 Bitwarden is one of the best open-source password managers that can easily compete with other propriety software in this category. You can consider it a good alternative to LastPass in the free and open-source group. Open source password management solutions for individuals, teams, and business organizations.
Open source password management solutions for individuals, teams, and business organizations.
The importance of password management
When you’re using weak passwords, or in the worse case, even reusing the same weak password across many services, you’re risking a lot. Hacks happen more often than you would thought.
Honestly, how well is safeguarded your main, personal email? You know, the one you created many years back and haven’t reviewed since?
Email is arguably the center of our digital lives – imagine what damage could one do if they could access it.
That’s where password managers come into play to save the day.
How password managers work
Contrary to their name, password managers don’t only take care of your passwords. They are a useful tool to keep many of your digital secrets safe:
- logins to online services
- personal information (name, address, phone number etc. for shopping purposes)
- credit card info
- and even secure notes and attachments
Password managers strongly encrypt all these sensitive information and make them very accessible as well. Many of them come in various formats – web-based, as plug-ins for web browsers, mobile and standalone apps.
Main benefits
The main benefit of using a password manager lies in the fact, that you won’t need to ever again reuse or remember your usual password(s), however long and secure you think they are.
With a password manager, you will be free to use different and ridiculously long and secure passwords for each service separately.
Are you using 2-factor authentication (2FA)? No problem – password managers can take care of those very elegantly as well.1
In practice, all you will ever need with a password manager is only one, but very secure and long password to open it 2.
Meet Bitwarden
When I choose my software, I always prefer those that are open source (think transparent and auditable code, so that there’s not any funky business happening behind the curtain) and as multiplatform as possible (available on ideally all operating systems in case I want to switch).
Bitwarden excels in all of these. As a nice cherry on top, it’s perfectly usable in it’s free plan, so it won’t make a hole in your pocket.
Seriously, if you’re still not using any password manager, now is the time to jump in. Your digital security and possibly your future self will thank you greatly!
Secure password generator
Let’s start with the obvious. Password managers, like Bitwarden, can generate strong passwords. And by that, I mean ridiculously long and complex passwords like:
Are your current passwords anything like this?
So why not to treat yourself to a nice 70+ character password combining the weirdest symbols available? 3
What’s even better is that you canshould have a different password like this for each of the service you’re using. This way, even when the worst happens and the service gets compromised, the attacker can’t exploit the same password on other services you use.
That’s why using the same passwords everywhere is a very bad idea.
Auto-fill feature
So how do you handle all these various long passwords for each site and app?
Every time you visit a page for which you have a password saved in Bitwarden, you’ll get a notification that allows you to use it instantly. It doesn’t matter if you’re using Bitwarden on your phone or in your web browser (via plug-in).
With this approach, not only it saves your time and energy to type in your password, it also prevents you to mistype them.
As mentioned before, Bitwarden takes care of your other digital secrets as well. The same auto-fill feature applies to credit cards and your personal information (e.g. by auto-filling your name and address when shopping online).
Nobody forces you to use all that though. However the option is there if you need/want it.
Auto-save
Of course it also works the other way around. Let’s say you just signed up on a new site. Bitwarden recognizes the form and asks you if you would like to save your login details right away. Effortless!
Wrapping up
I think that should all give you a nice overview of how password managers work and why you definitely need one. Many password managers exist, but Bitwarden is my personal favorite for all the reasons I mentioned.
With a free plan, it doesn’t cost you anything, except for a bit of your time to go through your services and change their passwords to a unique and secure ones. You can do that gradually, but the sooner the better.
To help out with that, Bitwarden offers a nifty feature called Reused Passwords Report, where you can easily see all the services that still share the same weak passwords:
Do I sound like I’m pushing this too hard? Maybe I do.
This is seriously one of the most impactful things to do in the increasingly digital age. I write all of this from my personal experience.
So, do you really need more reasons to level up security of your digital identities?
Support Bitwarden
As with every open source software, it’s a nice idea to support the developer giving away their product transparently and for free. Bitwarden’s premium plan costs humble $10 a year and adds some nice features on top of everything mentioned so far:
- Two-step login (2FA) into Bitwarden itself via hardware security keys (Yubikey, FIDO U2F, Duo)
- Support for 2FA one-time codes (TOTP) for password entries
- 1 GB of encrypted file storage (think attachments for your password entries and other)
- Warm feeling for supporting the developer :)
Although 2FA code support is included only in the Bitwarden’s Premium plan (at affordable price of $10 per year) ↩︎
You can secure your password manager even further with use of 2FA like hardware security keys (e.g. Yubikey) ↩︎
Be aware though – some services actually limit their password length, so you might need to trim it down sometimes ↩︎
Most of the Password Manager tools available to download offer at least one plan free of cost. However, in case you don’t want to pay for their paid plans and need full control over your data, there are a few best open-source password managers to install and use. They are not just limited to one platform only, we can use them on Windows, Linux, macOS, Android, or iOS without paying any penny.
When everything is almost moving towards online, we are performing more and more registrations to subscribe to various services whether it is Netflix or Banking. Thus, everyone can’t remember all passwords they have used to signup unless they use a similar kind of password. However, using the same password for all the crucial online services will make the user more prone to get hacked. Therefore, it is necessary to use some password manager that helps us to manage our credentials securely while we just focus on our work rather than remembering them.
Are open-source password managers safe?
Yes, of course, one can trust reputable and regularly updated open-source projects such as KeePass, Bitwarden, and Passbolt. Moreover, if you are using the self-hosted option of open-source password manager then all your data will be with you only. Well, the setup complexity will be there. And if one is still worried about safety, then think about the paid options where everything is in the control of some third party. If they want they can spy on someone’s data, however, this has not happened so far with any of the popular paid or premium solutions. Thus, yes, the open-source password managers are secure. Furthermore, community support of an active project mitigates the chances of loopholes.
Let’s have a look at some top security-focused open-source tools to manage passwords, not to use in only 2020 but also for the upcoming 2021.
Contents
1. Bitwarden– Open Source
Bitwarden is one of the best open-source password managers that can easily compete with other propriety software in this category. You can consider it a good alternative to LastPass in the free and open-source group.
The best thing about this tool is its wide range of support to various platforms such as Windows 10/8/7, macOS, Linux; as a browser extension to Chrome, Opera, Tor, Firefox, Brave, Vivaldi, Edge, and Safari. Including a web version to use directly on any web browser to manage stored data. Furthermore, as most of the time, we use our smartphones for web browsing, thus, the BitWarden is also available as an app for Android and iOS platforms.
When we talk about storing data it is not just limited to only passwords, the user can save their Credit cards and other important identification documents along with secure notes. Moreover, there is no limit on storage items.
Well, teams or enterprises having technical sound people can set up their own server to host Bitwarden for syncing and storing items.
However, if you are using the Bitwarden cloud server, then Encrypted file storage will not be there in free to use plan. Here are some important features available in the Bitwarden password manager – Secure Password Generator, Two-step login, Cloud host, Self-host option, Sync all of the devices and item storage (Logins, Notes, Cards, Identities).
Whereas those want some extra advanced features such as 2FA, YubiKey, U2F, Duo; Vault health reports, Priority support, Encrypted file storage, and more… They can go for paid plans. Here is this open-source password manager GitHub page link. Also, learn how to install Bitwarden on Linux or use it as Browser Extension.
2. Passbolt
If you are looking for a self-hosted open-source password managerGitHub project for your Team, then try out Passbolt.
In case you don’t want to set up your own server to host this project, the Passbolt cloud option is there. However, that is a paid one, and a user has to bear a cost of 9 Euros per 3 users. So, basically, the cloud option is for those looking for an enterprise password management solution.
14 days trial option is available for Cloud-hosted Passbolt.
Well, coming back to the open-source version which is the main topic of this article. It is completely free and offers password management, users and group management, Granular password sharing, Import/export (CSV, Xls, kdbx), browser extensions & CLI; Open API; Installation scripts, docker container, and Community support.
It is licensed under APGL and the user can integrate it in Browser using an extension or extend it further using JSON API. The biggest benefit is all your Teams’ secret data will be on your own server not in some third party’s.
3. KeePass Password Safe
KeePass Password is another offline Password Manager that stores all your data on the local machine or remote server that you have chosen to do that while installing it. In terms of the device, it is a bit restricted as compared to the other two open-source password solutions mentioned above. Also, syncing between multiple devices will not be there out of the box, however, the user can add that with the help of KeePass plugins such as KeeCloud, KeeAnyWhere, KeePassSync, KeeGoogleSync, and more… Also, whatever the credential you save on it will remain on your local machine.
The interface of KeePass is quite classic and one can easily understand its working. It is available for Windows 10/8/7 and servers. Furthermore, the portable version of KeePass can add further security, just put it in the USB drive and only plug it into the Windows system where you want to access the credential, bank details, or other information.
Being one of the oldest open-source password manager projects, it supports a wide range of formats to import and export passwords. Even from various popular freemium solutions such as Dashlane and LastPass. To extend its functionality, a wide range of plugins are available for Backup, Synchronization, Import & Export, Cryptography & Key Providers, Automation & Scripting, and more.
Although officially it is available for Desktop OS, being open source there are fork versions are also available for Android and iOS smartphones & tablets.
We can install KeePass 2 on Ubuntu with just one single command. To use it on Web browsers, KeeWeb is available.
Few key features Strong Security (Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm), Multiple User Keys; Export To TXT, HTML, XML and CSV Files; Easy Database Transfer; Intuitive and Secure Clipboard Handling; Strong Random Password Generator; Auto-Type, Global Auto-Type Hot Key; Drag&Drop and more…
4. PSONO– Self-hosted solution for teams
PSONO is a multi-level encryption password manager with enterprise features. It offers a true end to end encryption for password sharing, followed by SSL and storage encryption. PSONO uses Curve25519 and Salsa2with the help of NaCl “Networking and Cryptography library”.
The software is written in Python and just like Passbolt, the users easily install it on their own servers or cloud. The source code of the password manager is available at GitLab.
To access the server, the user can use the various PSONO clients such as Web client, Android, and browser extensions for Chrome & Firefox. Dedicated Docker images for quick setup of PSOSN is also available.
If we talk about the available versions of PSONO, there are three- Community version, Enterprise Edition limited, and Enterprise Edition for big companies.
Bitwarden Open Source Password Manager Reviews
Community and Enterprise Edition limited versions are available to use free of cost. The EE limited edition which is meant to use free of cost for the small teams comes with some extra features such as LDAP & SAML SSO, Audit Logging, Compact Enforcement, and Basic support but with a restriction of 10 users.
Those who are interested in Enterprise Edition for big companies, they have to pay 2 euro per month (billed manually); suitable for Teams with a minimum, 25 users.
Well, if you are a startup and have a developer team then it would be not very much difficult to adapt and make the PSONO to full fill the password managing demands.
Open Source Software
Nevertheless, if you are an individual or small team and don’t want to set up your own server then it is possible to use the PSOSON server to save passwords. For that just like any other password management provider service, the user has to register on the official website.
5. Padloc– Password Manager
Padloc is also a Githubpassword manager project that can be installed by the user on their own premises. However, they also provide their own cloud service with various plans, like Bitwarden they also offer a free plan but with some limitations which is it can store up to 50 passwords, credit cards, and other items up to 2 connected devices. If you want more than that on the developer’s cloud then you have to go for Premium, Family, Team, or business plans.
The client apps for the Padloc server are available for Windows, macOS, Linux, Android, iOS along with an extension for Google Chrome and Firefox.
Bitwarden Open Source Password Manager Download
Closing thoughts on Best Open-Source Password Managers
Those days are gone when open-source projects were not enough capable to compete with proprietary services. Now, we can easily compare them with some well-known services such as Dashlane and Lastpass. The benefit of using an open-source software manager is transparency, we can audit the source code and even can modify it as per our requirements, and above that the community support. Yes, indeed when it comes to the self-hosting of such projects then setup complications would be there especially for those who don’t have a technical background.
Open-source password managers also use complex encryption algorithms along with multi-step authentication tools to offers high security. So, any startup or enterprise that wants to host all credentials on their own server can use them.