Bitwarden

What is Bitwarden?

Bitwarden is an open-source password manager founded in 2016 by Kyle Spearrin in Santa Barbara, California. It is the only major password manager with a combination of a competitive free tier, a GPL-3.0 open-source codebase, and a self-hosted deployment option. Independent security audits by Cure53 in 2018 and 2022 found no critical vulnerabilities. As of 2025, Bitwarden has over 10 million active users globally and is one of the two most recommended password managers by independent security researchers.

The free tier is Bitwarden’s defining feature: unlimited passwords on unlimited devices with all client apps (browser extensions for Chrome, Firefox, Safari, and Edge; mobile apps for iOS and Android; desktop apps for Mac, Windows, and Linux; and a CLI). No competitor offers equivalent free-tier coverage without device limits or item caps. The product uses AES-256 encryption with a zero-knowledge model — vault data is encrypted on-device before syncing to Bitwarden’s servers.

Bitwarden sits at the center of the 80/20 of password managers we cover for cost-sensitive teams and open-source-mandated organizations. It integrates with Okta, Azure AD, Google Workspace, and Duo for enterprise SSO and directory sync.

How does Bitwarden work?

Bitwarden is built on three components: the encrypted vault, the team organization system, and the self-hosted deployment infrastructure. The open-source codebase makes all three independently verifiable.

Encrypted vault and core features

The Bitwarden vault stores logins, secure notes, credit cards, and identities in encrypted categories. Items sync across all connected devices through Bitwarden’s cloud servers or a self-hosted server. The browser extension autofills credentials on matching sites and generates strong passwords and passphrases on demand. Passkey support is available on the mobile apps and browser extension.

The free vault has no item limit and no device limit. The only features behind the $10/year Premium paywall are TOTP code generation (replacing a separate authenticator app), Vault Health Reports (identifying weak, reused, or compromised passwords), encrypted file attachments up to 1GB, and emergency access designation. For most individual users, free is a complete solution.

Team organizations and collections

Bitwarden Organizations allow groups of users to share vault items through Collections — organized sets of credentials with defined access levels. A marketing team might have a Social Media Collection for shared platform logins, an Advertising Collection restricted to the media buyer, and a CMS Collection shared with the content team. Access levels range from read-only view to edit to admin.

The organization setup is more configuration-intensive than 1Password’s Teams Vault interface, which uses a simpler drag-and-drop permission model. Bitwarden’s approach is more flexible for complex permission hierarchies but requires more setup time. Teams new to password managers often find the 1Password onboarding more accessible; security-focused teams who have mapped their permission requirements in advance prefer Bitwarden’s granularity.

Self-hosted deployment

Bitwarden’s full server stack is available as open-source Docker containers that organizations can deploy on their own infrastructure. Official deployment documentation covers Linux servers, cloud VMs (AWS, Azure, GCP), and NAS devices for home use. Bitwarden Unified is a single-container deployment for small teams that reduces the infrastructure complexity of the multi-container standard deployment.

Vaultwarden — a community-maintained, Rust-based Bitwarden-compatible server — is a popular alternative for self-hosting with lower resource requirements. Vaultwarden is not maintained by Bitwarden Inc. but is widely used and has a strong security track record. Self-hosting removes Bitwarden’s cloud from the trust model entirely: vault data stays on your infrastructure.

How does Bitwarden compare to 1Password, Dashlane, and Proton Pass?

Bitwarden leads on free-tier capability, open-source transparency, and cost at every paid tier. 1Password leads on UX polish and developer secrets tooling. Dashlane leads on VPN bundling and dark web monitoring. Proton Pass leads on privacy-focused architecture within the Proton ecosystem.

Attribute	Bitwarden	1Password	Dashlane	Proton Pass
Best for	Cost-sensitive, open-source teams	Teams + developers	VPN + monitoring bundle	Proton ecosystem users
Free tier	Unlimited passwords, unlimited devices	No free tier	50 passwords	Unlimited passwords, unlimited devices
Open-source	Yes (GPL-3.0)	No	No	Yes (AGPLv3)
Self-hosted option	Yes (official)	No	No	No
TOTP generation	Yes (Premium only)	Yes	Yes	Yes
Travel Mode	No	Yes (unique)	No	No
Developer secrets (CI/CD)	No	Yes (Secrets Automation)	No	No
Data breach history	None	None (vault data)	None	None
Individual price	Free / $10/year Premium	$2.99/month	$4.99/month	Free / $4.99/month Plus
Team price (per user)	$3/user/month	$7.99/user/month	$8/user/month	$3.99/user/month Business
80/20 verdict	Pick for cost + open-source	Pick for teams + devs	Pick for VPN bundle	Pick for Proton users

“Bitwarden removed every excuse for not using a password manager — it’s free, it’s open-source, it works on every device, and independent auditors have verified the encryption. The UX isn’t as polished as 1Password, but the security model is identical,” said Priya Nair, AI & Security Editor at tools8020 and a former ML engineer with hands-on security tooling experience.

Who uses Bitwarden in 2026?

Bitwarden’s primary users are security-conscious individuals who want independent auditability, small and mid-size teams seeking the most cost-effective shared credential tool, and enterprises with open-source or self-hosting mandates. The open-source community broadly recommends Bitwarden as the default password manager for new users — its free tier coverage removes the financial barrier without sacrificing the core security model.

IT and security teams at regulated organizations — healthcare, finance, legal, government — frequently choose Bitwarden for its self-hosted deployment option. Storing credentials on company-controlled infrastructure satisfies data residency requirements that prevent using third-party cloud password managers like 1Password or Dashlane. The self-hosted deployment is a documented compliance path rather than a workaround.

Developer communities represent a growing segment. Bitwarden’s CLI enables credential retrieval in shell scripts without exposing plaintext passwords. The SSH key storage in Bitwarden’s vault stores private keys alongside associated service credentials. For developers who haven’t adopted 1Password’s Secrets Automation, Bitwarden’s CLI provides a lighter-weight path to keeping credentials out of dotfiles and configuration repositories.

When should you skip Bitwarden?

Bitwarden is the wrong tool in three scenarios. Identify these before building your credential management around a platform that won’t support your needs.

• You need Travel Mode. 1Password is the only major password manager with Travel Mode — the ability to hide specific vaults so they don’t appear during border searches. If you regularly cross borders with sensitive professional credentials, 1Password’s Travel Mode has no Bitwarden equivalent.
• You need developer Secrets Automation for CI/CD. 1Password’s Secrets Automation injects credentials into GitHub Actions, Terraform, and Docker without hardcoding. Bitwarden’s CLI can retrieve secrets in shell scripts, but the purpose-built pipeline integration depth of 1Password’s Secrets Automation has no equivalent in Bitwarden. For engineering teams managing infrastructure secrets at scale, this gap matters.
• You prioritize UX over cost. 1Password’s browser extension autofill, mobile app design, and onboarding experience are measurably more polished than Bitwarden’s. If your team is skeptical about password managers and UX quality determines adoption, 1Password’s interface reduces the “this is annoying” barrier more effectively.

How much does Bitwarden cost?

The free tier is the most capable free password manager offering: unlimited passwords, unlimited devices, all clients, and no expiration. Premium at $10/year adds TOTP generation and Vault Health Reports. Teams plans add organization management and admin controls.

Plan	Price	Key inclusions
Free Individual	$0	Unlimited passwords, unlimited devices, all apps, Bitwarden Send
Premium Individual	$10/year	TOTP generation, Vault Health Reports, encrypted attachments, emergency access
Teams	$3/user/month	Shared Collections, admin console, event logs, up to 6 users
Enterprise	$5/user/month	SSO, SCIM, advanced policies, custom roles, priority support

Pricing verified at bitwarden.com/pricing on 2026-05-24. Teams plans require a minimum of 1 user billed monthly. Enterprise includes self-hosted deployment support and a dedicated customer success manager for accounts over 100 users.

How we evaluated Bitwarden

This review draws on Priya Nair’s direct use of Bitwarden’s free, Premium, and Teams tiers across web, mobile, and CLI interfaces, alongside Bitwarden’s published security audit reports from Cure53 and comparison testing against 1Password across equivalent credential management tasks. Pricing was verified at bitwarden.com on 2026-05-24.

See our evaluation methodology for the full criteria. For the premium-UX alternative with developer tooling, see 1Password. For the 80/20 view of password manager selection, the choice between Bitwarden and 1Password is almost always determined by whether cost or UX is the primary constraint.