Review: Bitwarden Password Manager

A password manager makes creating strong passwords—and remembering them!—easy. Good password managers will generate strong passwords for you, store them in a secure vault and log you into websites, all without you doing anything. There are dozens of cloud-based password managers on the market, but in my testing one consistently rises to the top—Bitwarden.

Bitwarden is open source, secure, works across platforms, and offers an intuitive workflow that makes it easy to manage your passwords across all your devices. The free plan makes a good, basic, but secure password manager, and Bitwarden's premium features cost less than the competition.

The Open Source Advantage

The code that runs Bitwarden is open source. That means it's freely available for anyone to inspect, attack, seek out flaws, and report them. In theory, the more eyes on the code, the more airtight it becomes. None of the other major cloud-based password managers out there are open source. While this doesn't make Bitwarden invulnerable, the company has never had a breach.

Like most password managers, Bitwarden uses AES-256 encryption to protect your data. Your passwords are only ever unencrypted on your own devices. Bitwarden maintains a zero-knowledge system. All your usernames, passwords, URLs, notes, and other vault data are end-to-end encrypted, which means that Bitwarden cannot see or access any of your data.

To further enhance its security standing, Bitwarden is regularly audited by third-parties to ensure it's secure. The most recent overall test is from 2023, when the Cure53 security firm did a source code audit and penetration test of the core application and library. Individual platform apps and the web interface have also been audited, all of which leaves me feeling pretty good about the security behind Bitwarden. It's also worth noting that, if you know what you're doing, you can install Bitwarden's backend code on your own server for self-hosting if you prefer to run your own cloud.

Using Bitwarden

All the security in the world is kinda useless, though, if actually using the apps and services isn't a good experience. Fortunately, Bitwarden has a mostly smooth workflow that integrates well with different platforms and takes advantage of standardized security features like passkeys. You can even log into Bitwarden with a passkey, which means you don't even need to use your username or password to open your vault.

There are apps for Android, iOS, Windows, macOS, and Linux, as well as extensions for all major web browsers. I've used Bitwarden on every platform and in every browser. Yes, even Opera. At the start of 2025, Bitwarden switched to native apps for Android and iOS. I never minded the old app, but this is decidedly faster in my testing (at least on Android. The final iOS version is not out of beta yet).

Bitwarden also recently revamped its browser extension, giving it a cleaner look with more customization options to tailor the user experience to fit your workflow. There's a new compact mode that saves a bit of space, and light and dark themes to fit with your PC's theme.

Although I do use the browser extension, I very rarely actually interact with it. When I land on a page where I need to log in, I just use the keyboard shortcut Control+Shift L, which autofills the username and password. Hit return and you're done. Note that you can have forms fill automatically on page load. This is disabled by default, but you can turn it on in the app settings.

Bitwarden can also fill in forms for payment, address, and the like, but for the free plan, this only works using the browser extensions on desktop. Paid users can use form fill on mobile as well.

To create a new login in Bitwarden, just fill out a form on a webpage. Bitwarden's browser extension will offer to fill in password fields with a generated password string. Accept the generated password, send the form, and Bitwarden will offer to save the new login for you. Just click "yes" and the new login will be added to your account and synced to all your devices.

Bitwarden supports passwordless authentication, meaning you can log in with a one-time code, biometric authentication, or a security key (like Yubikey, but this does require a paid account). Bitwarden supports Windows Hello and Touch ID on its desktop apps for Windows and macOS, giving you the added security of those biometric authentication systems.

Bitwarden also has excellent support for passkeys.

Passkeys are an attempt to replace the password with a key that you don't have to remember or worry about at all. When you create a passkey for a website, the site spits out two pieces of code, one it saves on the server, one it saves on your device. When you return to the site, the site checks for the code it saved to your device and if it's there, it logs you in. The idea behind passkeys is promising, and they are secure, but the user experience is hit or miss. Bitwarden is a bright spot in this regard, as it provides a very good user experience with passkeys.

Once you've set up a passkey for a site, logging in is easy. You just enter your username and Bitwarden’s browser extension will ask if you want to log in with your passkey. Click yes and you're logged in. The mobile experience is similar, though you do have to first set up Bitwarden as your passkey provider on your device. You can find instructions on how to do that on the Bitwarden website.

If Bitwarden has a weak spot in its suite of apps, it's probably the desktop app. They're perfectly serviceable, though with the browser extension able to do nearly everything, there's not much use for the desktop apps. I wish that the desktop app had access to things like reports (which let you scan your vault for exposed passwords, duplicates, weak passwords, and more) and setting up emergency access. Unfortunately these things are currently only available through the web interface. It's not a huge deal, but it does seem like the desktop app should be as capable as the web app.

Almost all of Bitwarden's features are available with only a free account. The Free plan gets unlimited passwords, passkeys, and secure notes across as many devices as you have. You also get access to the password generator and even Bitwarden Send, a sharing service for sending sensitive info to other people.

If you upgrade to a Premium account ($10/year), you'll get access to some nice additional features like emergency access, which allows you to designate another user who can access your account in an emergency. You'll also get 1 gigabyte of secure storage, two-factor authentication options like Yubikey, and the ability to share files via Bitwarden Send.

The last feature you get with a Premium subscription is access to reports, which will tell you if a password has been compromised in a security breach, or if you have any weak or duplicate passwords. Reports are manual, meaning you have to log in to the web interface and run them. Some services will run these sorts of scans for you.

Bitwarden has long been WIRED's top pick for password managers, and recent updates have only cemented its position. Bitwarden offers everything you need to manage passwords and passkeys with a free account, and it bundles in some nice extras for just $10 per year. That's the best deal in the password manager market.