I switched from LastPass to bitwarden in November, and I love it.<p>- it's FOSS, and audited, so it's software I can trust<p>- great UX on Firefox, chrome, and even Edge. I had my issues, but the project improved them away very quickly.<p>- sharing support for families or organizations.<p>- convenient standalone clients for win/Mac/Linux... And even the CLI.<p>- built in 2FA code generation for each entry, so I don't need a separate app for that.<p>- the best autofill I've experienced, on desktop browser and even on mobile(!)<p>- open API so there are third party clients available<p>- the lead developer is super responsive on GH, so I've been able to contribute.<p>- cheaper than the alternatives (at least at the time), and I feel good about where my money is going.<p>I can't recommend it strongly enough. It's one of the OSS applications that has a permanent place on all my devices, right up there with Firefox quantum in my "great examples of OSS" liste.
I really, really want to be a big fan of Bitwarden. I even used it for the past year and a half. However, the last time HN talked about Bitwarden 7 months ago, I listed some reasons[0] why Bitwarden still fell massively short of 1Password, and I feel that those three points have not been addressed (which I believe impacts the friction/convenience of using Bitwarden).<p>My three points then were:<p>1. A stand-alone desktop app. Quite annoying to have to open up a browser every time I want to access a password. Basically, it's as inconvenient as Keychain on OSX if you're not using a browser when you need a login info. This could be solved if the browser plugin popup could be persisted as its own window.<p>2. iOS app is not polished. Not sure about Android app as I've not used it. (* biggest problem then was how slow search was. It has been improved although nowhere as fast as 1Password's—still)<p>3. In the Safari extension, I would love to be able to search and use item entries that are not specific to the domain. Sometimes, I have other info in secured notes or password entries without a domain that I want to get to from the extension. In these cases, I've had to leave the browser and open the actual app to get access to them.<p>I just migrated from Bitwarden to 1Password a few days ago and have been much happier since—especially with 1Password's ability to generate 2 factor tokens and put them in your pasteboard automatically so you don't ever have to pull up an Authenticator app!<p>[0]: <a href="https://news.ycombinator.com/item?id=15734260" rel="nofollow">https://news.ycombinator.com/item?id=15734260</a>
There are also two Bitwarden-compatible API implementations in Rust[0] and Ruby[1]. Their main advantage, IMO, is them doing away with the requirement of Microsoft SQL Server.<p>[0] <a href="https://github.com/dani-garcia/bitwarden_rs" rel="nofollow">https://github.com/dani-garcia/bitwarden_rs</a><p>[1] <a href="https://github.com/jcs/bitwarden-ruby" rel="nofollow">https://github.com/jcs/bitwarden-ruby</a>
If anyone wants an open source command line driven password manager that doesn't require signing up or hosting anything, I recommend checking out "Pass". It piggy backs off GPG encryption.<p><a href="https://www.passwordstore.org/" rel="nofollow">https://www.passwordstore.org/</a><p>I use it to manage over 300 passwords and other sensitive blobs of text (it lets you save arbitrary text snippets) and also has some nifty quality of life features like auto-copying a password to your clipboard for 30 seconds when you want to access a specific password.
<a href="https://github.com/bitwarden/core/blob/master/README.md" rel="nofollow">https://github.com/bitwarden/core/blob/master/README.md</a><p>SQL Server 2017, really? Interesting choice. Open source but we have to pay licenses for the database if we want to self host. I wonder what was wrong with PostgreSQL or MySQL even if they're using .NET Core as a language.<p>Edit: there is an issue for that <a href="https://github.com/bitwarden/core/issues/10" rel="nofollow">https://github.com/bitwarden/core/issues/10</a>
For years I've discouraged use of clouds for storing passwords. But because Bitwarden is FOSS software, encrypts data on the client, has good cross-platform support, and can operate if the company goes out of business they have won me over for the storage of secrets I'm not reserving for the sneakernet.
First paragraph on their page disqualifies it completely. I do not want my passwords on anybody’s servers.<p>Our secure cloud syncing features allow you to access your data from anywhere, on any device! Your vault is conveniently optimized for use on desktop, laptop, tablet, and phone devices.
I'm using KeepassXC on desktop, Keepass2Android on mobile and Dropbox for syncing the database and I'm quite happy with it. Bitwarden looks a bit more polished, but are there any other advantages over Keepass?
I love Bitwarden. I signed up when it first launched and happy to see it continue to add features. One of the only projects I pay to support the project rather than to get access to the additional premium features.
I recently switched to BitWarden from Lastpass after trying a few different options including pass, Enpass and KeePass options.<p>95% of my usage is in the desktop browser, and the UI of their add-on is great, IMO.<p>Lastpass' had been getting worse for some time, and their shuttering of Xmarks finally left me with no good reason to stay.<p>Using the add-on with Firefox on my phone is reasonable, although could be a bit better. Phone experience in general I'd say is also quite reasonable - not used it that much yet, but I think it is quite comparable to other offerings.
On problem with password managers (that are using web authentication to create/manage an account for backing up the password manager in the cloud) is that the authentication password can be leaked during the authentication process. For example, the storage provider for password manager backup can simply read the password from the authentication web page since this web page is hosted at the provider. This is problematic if the authentication password is also used to encrypt the password manager, i.e. the provider could decrypt the password manager with the authentication password. You would actually need two passwords; one for authentication and one for encryption. Unfortunately, you usually don't even have the option to choose two passwords.<p>To solve this problem I'm working on FejoaAuth (<a href="https://fejoa.org/fejoapage/auth.html" rel="nofollow">https://fejoa.org/fejoapage/auth.html</a>). FejoaAuth uses an authentication protocol that does not leak the user password to the provider who is going to store the password manager. This protocol is run in a trusted browser plugin in order to ensure the correct execution of the protocol. Thus you can use a single password for authentication and password manager encryption.
Here’s why I switched from 1Password—<p>I recently picked up a Pixelbook and have gone all in on ChromeOS. Its replaced my MBP. But unfortunately, that meant parting ways with 1Password.<p>I needed a new password manager with the following:
Self hosted
TOTP support (have since decided not to use this)
A web UI
IOS app with face/Touch ID.<p>I tried the 1Password subscription but 1Password X just felt too clunky and I wasn’t in love with storing on their server.<p>Keepass/XC/whatever was a hot mess for me. I really wanted to use it and the idea of keeping and syncing a single db file still really appeals to me, but the ecosystem is such a mess. I tried running a self hosted container for Keepass Web but I kept having to enter a Dropbox API key on every client. I also couldn’t find an iOS app that supported Face ID or the option for storing TOTP. Maybe it’s a better experience on Android. On top of that, the UI was pretty jarring all around.<p>Bitwarden still has some work in the UI department. The lack of keyboard shortcuts and a native app adds some resistance but it’s manageable for me.
I've been a Keepass user for so long I just haven't wanted to switch. I just don't want to use someone else's server... or setup my own. Even so best of luck to them.
If you were curious about the Open Source part (I was) - <a href="https://github.com/bitwarden/" rel="nofollow">https://github.com/bitwarden/</a>
I've been using this for the last few months and couldn't be happier. I use the browser extensions in Firefox, Chrome and Edge, as well as the desktop, Android and web apps.
Has come up a fair bit before.<p><a href="https://hn.algolia.com/?query=bitwarden&sort=byPopularity&prefix&page=0&dateRange=all&type=story" rel="nofollow">https://hn.algolia.com/?query=bitwarden&sort=byPopularity&pr...</a>
1Password works great on iOS and macOS but it's not open source... and there's the subscription they try to impose... and their servers...
So I was looking to replace it. Bitwarden could be the one in the near future as Keepass is a real pain on iOS and mac for a non-techie. The problem I still have with bitwarden is that the app won't work unless connected to the internet. If the connection is missing you can't add or edit anything, store on your device and sync later :-(
"Each Bitwarden installation requires a unique installation id and installation key."<p>Sorry, it doesn't count as open source if everyone needs your permission to run it.
This is nice product, but server requirement completely eliminates it as a candidate instead of 1Password for me. I still can't find a better open-source solution which works completely offline on desktop, browsers and mobile devices with the possibility of synchronization using 3rd-party services, decent UI and at least the ability to store TOTP passwords.<p>Enpass is good, but it's proprietary too.
This looks like it could be better than LastPass. Bitwarden is the only password manager that I've seen that officially supports Opera, Vivaldi, and Brave. I wonder what the browser support on Android is like. LastPass seems to work only on Chrome on Android, but I like to use Firefox, Opera, and Samsung's optimized browser.
If you're searching for an open-source self-hosted alternative that offers corporate features like LDAP integration take a look at SysPass (<a href="https://github.com/nuxsmin/sysPass" rel="nofollow">https://github.com/nuxsmin/sysPass</a>). Doesn't look as nice as Bitwarden though.
We evaluated Bitwarden to use as our company vault for shared accesses, however found OneLogin to have a better UI, additional functionality (especially when it came to syncing with our Google directory) and the price (for enterprise) wasn't too much less than OneLogin (which is negotiable anyways).
If somebody wrote code to let me send the second factor from a nominated device as my banks use of Symantec technology does.. it would be cool: I keep meaning to remind myself having the second factor inside 1password is not a second independent factor.
What I really like about Bitwarden is, that you can define several URLs for one entry, I have some services which can be accessed from several addresses (same account) though.<p>It is also possible to define how a URL is matched which is a nice feature too.
I love the Linux app, and the integration on browser extensions and Android app, but the Android app is very limited on features. I love projects like this, and support them as a paid member, just like ProtonMail.
I love bitwarden, and have converted to it. However i just learned about <a href="https://passman.cc/" rel="nofollow">https://passman.cc/</a>
Has anyone used that?