from Hacker News

Bitwarden: Free, open-source password manager

by singingwolfboy on 10/6/19, 9:35 PM with 167 comments

  • by m_sahaf on 10/6/19, 10:29 PM

    There's compatible Bitwarden server written in Rust called bitwarden_rs[0] for those who don't want to run the official Docker image with the requirement of Microsoft SQL Server and the demand for 2GiB of RAM.

    [0] https://github.com/dani-garcia/bitwarden_rs

  • by dang on 10/6/19, 10:37 PM

  • by Unklejoe on 10/7/19, 12:32 PM

    I just set up my own Bitwarden server the other day using bitwarden_rs, a third-party implementation written in Rust.

    It basically gives you all of the premium features for free, as opposed to the official server which requires a license.

    I really wanted to run the official server, but they offered no option of a lifetime license (only a yearly license). For what it's worth, I would have been willing to pay a lot more for a license that never expired.

    The whole reason I'm hosting the server myself in the first place is because I want _full_ control, so a subscription based license doesn't really fit well there.

    Given that the project is licensed under the GPL, the license is effectively a donation anyway, so I hope they consider offering a lifetime license for those who want to self-host.

  • by bad_user on 10/7/19, 7:07 AM

    We've been using Bitwarden at work, the Teams plant, paying $15 per month, or $180 per year for 10 users. The only reason for why I picked it is its open source nature, otherwise I would have gone for 1Password Teams.

    The pricing is odd. For example you can't self host it yourself without paying for a license. The code is AFAIK open source, so you could maintain your own fork with the required code branches removed, if you wanted to. I do hope the author doesn't pull a bait and switch, after enough users go down this route. Don't get me wrong, I'm actually not looking into hosting it myself, I'm glad to pay for a hosted service, but with open source I want that possibility to be there and I don't want licensing per user for self-hosting either.

    And currently I like what the author has been doing. Adding some code in there that makes it require a license, but that you can remove, is totally fine. But I'm seeing more and more open source apps turning proprietary nowadays and I don't look kindly to such bait and switches, because I end up using those apps because they are open source. Like it is the case for Bitwarden, otherwise there are often better proprietary options available.

    From a usability standpoint, Bitwarden is unfortunately inferior to 1Password in every way. But it works fine for our purposes, for now. And Bitwarden is better than LastPass in case you're wondering, even if it has some missing features.

    The official servers are slow. I just had multiple login failures. I'm assuming that it's experiencing issues due to being featured on HN right now, but this isn't the first time that it's happening.

    But as long as it is _open source_ and as long as it does a reasonable job, then I'll keep supporting it. Because I'd rather pay for open source solutions.

  • by fbnlsr on 10/7/19, 7:53 AM

    I've switched from KeePassXC, stored on my Google Drive with an offline key file, to BitWarden last month. I previously was a customer of LastPass and switched to KeePassXC after being tired of LastPass' UI mess.

    Anyways, BitWarden works absolutely flawlessly. There are a few things here and there that I'd wish it had, like the ability to create templates for custom categories, but apart from that, it does an amazing job. The websites autocomplete works really well, and I was pleased to see that I can unlock my vault on my phone with my fingerprint reader.

    Migrating data from KeePassXC to BitWarden went smoothly. I took a moment to clean my database and reorganize a few stuff. The database takes a bit of time to load, but nothing that's a real bother.

    The only thing I don't store in BitWarden is the 2FA TOTP I use (mainly Google Authenticator) as I feel it breaks the entire concept for 2FA. I've seen people on HN do it, but to me it just feels wrong.

  • by justin_oaks on 10/7/19, 3:11 AM

    I reviewed Bitwarden for use in my company a few months ago. I discovered that there was no way for an admin to allow the recovery of an account (i.e. allowing a master password reset). This is a non-starter in my organization since some small percentage of the users will forget their master password.

    Has anyone else been successfully using Bitwarden in a team setting? If so, how do you work around the limitation I mentioned and other such things?

  • by sdan on 10/6/19, 10:19 PM

    I'd still much rather stick with https://www.passwordstore.org/. It's encrypted with your keys (which I didn't see on Bitwarden's site) and has plugins for Chrome/Firefox (you can setup keyboard shortcuts to fill in your info automatically as well) and works with Git.

    Although it is a bit of a hassle to setup on mobile devices (I use Pass for iOS), the security and functionality it provides is worth it.

  • by dev_dull on 10/6/19, 10:18 PM

    I’m a little put off by the login and service. It’s just one more thing that can be shut down. Especially since iOS and android allow syncing on remote services such as dropbox and iCloud (how it works in 1Password ver 6 and below). There’s really no necessary need for a centralize service.

    Create the encrypted vault in your preferred cloud storage service and locally and sync across all devices.

  • by alistproducer2 on 10/6/19, 10:56 PM

    Given the requirements of self hosting, ill just stick with keepass. The desktop and mobile clients are great and I can host them on my nextcloud and grab them over WebDAV.

  • by pkalinowski on 10/7/19, 12:55 PM

    I'm using Bitwarden and 1Password at the same time (private and company use).

    1Password pros:

    * very polished UI, pleasure to use

    * good UX in general

    1Password cons:

    * I have constant issues with it loosing connection with browser. Extension just randomly stops working for few days. Tried to fix it multiple times, never succeeded

    * Price (too expensive for my private use)

    Bitwarden pros:

    * Free

    * Very simple app, easy to use

    * More reliable than 1Password for me

    * Fills login pages quicker than 1Password

    * Feels quicker and more snappy than 1Password

    Bitwarden cons:

    * Lacks 1Password polish, generally UX and UI needs some work

    * Can't login using fingerprint on Mac

    * Crashes on my iPad when trying to save new credentials (need to report it as a bug, but I didn't go around to it yet)

    * Slow on Android

    All in all, I'm very satisfied with Bitwarden and use it daily.

  • by dangom on 10/6/19, 10:18 PM

    Very interesting. Has anyone been using it as a daily driver and could comment of safety, reliability and browser integration? How well do they behave compared to e.g. 1Password?

  • by mwexler on 10/7/19, 1:27 PM

    Bitwarden has changed my life: it's the first password manager I can get my family to use. The commercial ones all had ads or upsells that interfered with the experience, while Bitwarden just worked. Props to this creation.

  • by theta_d on 10/7/19, 12:17 PM

    I find it ironic that they claim "[s]ource code transparency is an absolute requirement for software solutions like Bitwarden" on their website yet they require SQL Server 2017, a completely proprietary RDMBS.

  • by theferalrobot on 10/6/19, 10:42 PM

    For people who don't want to go through the trouble of self-hosting and also don't want to pay for a subscription I have had pretty good luck with Enpass.

    * It stores an encrypted file on a cloud storage platform of your choice (gdrive/dropbox etc) and syncs across devices. * No subscription fees

  • by strathos on 10/7/19, 5:34 AM

    I found the pricing to be a bit confusing. I'm self-hosting it now and been happy with it, but when installing for the first time I couldn't find how to share some of the passwords with another user. Well it turned out that in self-hosted instance you don't have that possibility to share to another user without a paid license. Ok, fine by me so I bought the one year premium for the self-hosted instance as from one of the tables in their website it said that would be needed. So now I had the one year premium with all the nice features but still I couldn't share passwords. Importing the license key to create an organization (for sharing) failed every time. I contacted their support and found out I had just misunderstood the pricing. To create an organization you need an organization license, which was another roughly ten euros a year. After bying that I had it working as I wanted. Their support also gave the possibility to get money back from the unneeded personal premium license as it wasn't needed for my usecase, but I kept it as I found the price to be quite ok.

    So that might have sounded like a rant, but my only issue was that I didn't understand the pricing for self-hosted. My one year is up soon and I will be renewing my license as we've (as in me and my wife) been happy with Bitwarden.

  • by IronWolve on 10/7/19, 1:49 AM

    Its good for personal use, but enterprise features are weak/missing and the layout isnt very enterprise ready. I tried their "Organizations" feature out to see if I could deploy it at work instead of teampass, and it wasn't comparable. They are still fixing and developing, so it might be enterprise ready someday. It really is a nice with all the addons.

    I use the bitwardern docker version for people to use, I have it installed, but for my own use, sticking with keepass.

  • by jf on 10/6/19, 10:18 PM

    As someone who has used 1Password for many years, how does Bitwarden compare?

  • by shelune on 10/7/19, 1:51 PM

    I changed from LastPass to Bitwarden. Have been quite satisfied with it so far. The save suggestion was annoying sometimes but overall everything works pretty fine.

    Would recommend it to everyone in need of a password manager now.

  • by brunoqc on 10/6/19, 10:52 PM

    I wish the Bitwarden mobile app would support multiple accounts so I could use a server at work and another server for my personal stuff.

  • by RHSeeger on 10/7/19, 5:39 PM

    Is it possible to migrate (export then import) data from bitwarden? I'd like to sign up for a free account, and I'm wondering if I'd be able to move my data to a private (bitwarden_rs) instance later.

  • by rb666 on 10/7/19, 11:54 AM

    Big fan of Bitwarden! I have tried almost all the password managers over the last few years, and this is the one I finally settled on. Every previous one had some element that bothered me or was principally wrong.

  • by thatthatis on 10/7/19, 11:33 AM

    For business users, can a single password be stored in multiple “shared folders” or groups?

    For example, can I share a password with both “marketing” and “customer support”

    The lack of this is one of the biggest pains I have with LastPass

  • by thrownaway954 on 10/7/19, 12:12 PM

    my only gripe with Bitwarden is that it only allows one login per website that I've seen. At work we use DashLane cause you can have multiple saved logins per website, which is a God send when dealing with multiple clients.

    Bitwarden is great for personal use, but I can't use it at work cause of this one missing feature. If anyone knows of a way to make it have multiple logins per site, I'm all ears as I would love to get rid of DashLane and it's horrible Chrome Extension.

  • by infinityplus1 on 10/7/19, 4:10 AM

    There are no screenshots of the UI on the homepage. Adding them would be helpful.

  • by joe_the_user on 10/6/19, 10:28 PM

    You know,

    I just had a thought. What I would like is password protected, "password notepad". When activated, it remembers the text of passwords, shows it to you in text when you go to a website and then you type it into the site. (people looking over your shoulder is a way overestimated danger, the password-hiding thing dates to shared terminals).

    The thing I hate about password managers is I am afraid I would stop knowing my passwords. This would allow me to remember my passwords since I would type them each time.

    I've only seen Firefox and Chrome's built-in password managers so maybe this exists already. But it seems a decent way to do it.