Bitwarden raises $100M

I switched to Bitwarden when LastPass started using silly tactics to make customers pay. I didn&#x27;t switch because of the price - the service pricing of Bitwarden was a pleasant surprise.<p>I switched because I lost all trust in LastPass.<p>Managing credentials and sensitive information is all about trust. The second I lose trust in that kind of service, I don&#x27;t just stop using it, I will most likely never even consider coming back as a customer and I will warn people against them. I don&#x27;t give second chances to services that are trust based.<p>I&#x27;m pretty happy with Bitwarden so far. But if they betray my trust I&#x27;ll be out of there in a day, never to return. I switched from LastPass to Bitwarden in a day. LastPass never gets a second chance.<p>What the VCs have to understand is that if their greed makes them push Bitwarden to engage in silly tactics, they risk driving away their customer base.

Bitwarden already does one thing well. It&#x27;s everything I&#x27;m looking for - open source, costs money but not much ($10&#x2F;yr), 2FA, clean interface. I&#x27;m happy for the new investment, but I hope they don&#x27;t start adding new things just for the sake of growing.<p>Also - to the people who analyze funding rounds - $100M sounds like a huge amount to me. Why would a password manager need so much money?

The code for the server is AGPLv3 <a href="https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;server" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;server</a> , with only things in the &#x2F;bitwarden_license&#x2F; directory being proprietary.<p>The code for the mobile apps is GPLv3 <a href="https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;mobile&#x2F;blob&#x2F;master&#x2F;LICENSE.txt" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;mobile&#x2F;blob&#x2F;master&#x2F;LICENSE.txt</a><p>The code for the clients is GPLv3 <a href="https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;clients" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;clients</a><p>These are all copyleft... with a CLA (contributor license agreement). It&#x27;s the CLA that allows them the ability to dual-license for the server.<p>The VCs must really believe the company can produce a product based on Enterprise sales which would deliver a value North of $1B. And perhaps they can, as Bitwarden as we know it could be considered a strong beachhead to allow them to expand into other auth markets that have high value (hello Okta, Auth0, etc).<p>But this doesn&#x27;t seem that scary for Bitwarden users at this point.

Oh dear, this isnt good news at all. Now they&#x27;re going to be under pressure to produce excessive returns to fatten the company up for an IPO or sale. Having seen what happened to Lastpass when it was passed around from pillar to post this saddens me deeply. Lets see what anti consumer measures they start introducing to force us to pay more. Limitations on the free tier look likely and price rises as well.

We use BitWarden at work, we use their business&#x2F;hosted offering.<p>We pay them $3600 per year.<p>Why is everyone so concerned? They’re popular enough in businesses. Their product is great for teams, hence why we pay for it. I’ve found it much better than alternatives. The killer feature for me has been safer account sharing, including 2FA (and I know it makes it somewhat redundant, but it’s safer than turning it off completely)

Congrats to the Bitwarden team. Also wanted to mention it&#x27;s a c# (dotnet) project for those who say dotnet isn&#x27;t for startups.

Glad for them and I really hope them to succeed in the long run, engrosing the list of successful bussiness based on OS.<p>As a side note, I&#x27;ve been tempted so many times at this point on getting a payed subscription and getting rid of my &quot;keepass+keepassdb sync via Google drive+keepass keyfile local copy on each device&quot; for the sake of making things simpler. I&#x27;ve read how the internals work, checked the auditories, read forums etc. Everything looks great, but I am always paranoid of some security issue arising and my passwords being leaked. I have my entire life pretty much on my password manager and that being exposed would be disatrous at so many levels. Probably just me being irrational.

In the next couple of years, I expect FIDO2 Passwordless Auth to be ubiquitous, natively supported by all OS platforms. Built-in authentication credentials managers within Apple and Google&#x2F;Android platforms will get more focused attention to improve them significantly. I suspect this should basically render the consumer market not monetizable. So, their free forever strategy here is aligned.<p>In corporate market, I would expect more ubiquitous integration of cloud hosted identity providers and separate SSO auth providers (which will do MFA with device bound certs, biometric auth and FIDO2 auth) with all the services and they would all be protected behind BeyondCorp style VPN solutions (think Cloudflare, Tailscale etc). In this market, I wonder how they will continue to grow.

&gt; The Bitwarden business model will not change<p><pre><code> Bitwarden remains committed to A fully featured free version, forever An open source architecture The ability to self-host Advanced business features </code></pre> This is great!

I shared an office and an apartment with Kyle in 2010 and I have vivid memories of him routinely talking how bad the state of password managers was at that time. I&#x27;ve been a happy customer since 2017. It&#x27;s been surreal watching the BitWarden team do what they have over the years. Congratulations!

This is interesting I guess. But can&#x27;t say it&#x27;s something to be excited about.<p>I&#x27;ve been using vaultwarden purely because I wanted to play around with rust and it turned into my favourite manager of all time.<p>10&#x2F;10 would recommend!

I&#x27;m not referring to Bitwarden here but isn&#x27;t this the standard M.O. of any SV startup?<p>1. Release great product for free<p>2. Attract as many free users as possible to signal growth to investors<p>3. Keep running the unprofitable free tier at a loss as long as possible using your massive VC war chest, while locking in your users with various gotchas<p>4. Once you reach critical scale and gained mass user adoption and you&#x27;ve obliterated your competition with your bigger war chest, start monetizing and rentseeking your locked in userbase and squeezing them so the VC investors can start getting their money back or cross your fingers for an exit from a FAANG with big pockets<p>5. Gain a lot of negative publicity, so now a lot of startups pop up like mushrooms after rain, to poach your disgruntled users and compete with you using the exact same M.O. you did. Rinse and repeat.<p>Did I miss anything?

Bitwarden replaced lastpass for me and really i&#x27;d never go back.<p>My only gripe is filling in card details, there is never a floating icon to click to do it automatically, you need to go to the menu bar and select the card.<p>Apart from that all perfect!

Not related to the fundraising, but a more general question I&#x27;ve had about password managers for a while: Why does anyone pay a subscription for their password manager when all you need is a client that talks to any old free cloud storage service (Dropbox, iCloud, Google Drive, etc)?<p>I feel like I might be grandfathered in and they switched to a new model now, but I got Enpass years ago and haven&#x27;t paid since. I sync my password archive through iCloud so I don&#x27;t have to trust a random company to store my password archive safely. If anything, by doing that you&#x27;re centralizing a ton of user logins in a single place that would be a great target if you found a way to hack in and read them.

Keypassxc,keypassxc browser plug-in, strongbox app for iPhone. Cloud drive of your choice for syncing. Works well

This is a smart play. They are one of the <i>very</i> rare consumer security products in the market and they have a lot of enterprise traction. Their average user lifetime will probably average a decade, and identity is an immensely sticky tech. Just as a channel to those users, they would be an asset to some megalithic platform (the way whatsapp was to facebook) who wanted to acquire users to sell other products into. I could see a defensive acquisition by one of them in the near term while it&#x27;s still cheap.<p>I was lucky enough to have a brief exchange with their CEO on his recent customer interview tour, and my impression was his product view was enterprise focused, which made sense in the context of this raise now. My relatively cold read was he seemed laser focused on a kind of &quot;do what we do really well,&quot; philosophical vision on their current product, which I think is a strong asset to secure their LTCV with current customers, and that will drive their valuation.<p>However, I get overexcited at the growth prospect because security products are never what anyone but security people actually want, and all the products in the identity space suffer from the same problem of being top down management frameworks with integration and federation as just something you say but never do. A consumer security product people actually choose for themselves and want their employers and services to integrate with because they already like the experience of it, is just infinite level growth potential in a market of slow moving dinosaurs. Okta&#x27;s massive expansion in just the last decade established that the gerontocracy of enterprise behemoths was too slow footed to respond to an incursion into the very foundation of their market (user identity), and what impressed me about this raise is that I think a well capitalized startup with traction could absolutely sack it.

That is a LOT of money. $100M. That&#x27;s enough money for ~50 people to live on $100k&#x2F;year for the rest of their lives. You could pick 50 thinkers, scientists, artists and say &quot;hey you never have to work again, just do your thing&quot;. But instead you invest it in a startup that will almost certainly burn it up in a couple of years of 7 figure salaries for execs and fail.<p>What a waste.

I am afraid that my free tier plan data will go away. As for the self-hosting option, I am concerned that I don&#x27;t have enough infrastructure to ensure the safety of my data. I wish their backend supports cheaper static store like object storage instead of full-featured database.

This actually worries me.<p>Bitwarden will now be pressured to try to grow and monetize to make a return on that investment.

Ok I have been putting off for sometime now, but looks like it&#x27;s time to learn to host Vaultwarden

So many people here praising Bitwarden. I were using multiple password managers, but stuck with 1Password. Their last update is atrocious. I tried switching to Bitwarden and forced myself to live with it for 3 months. I gave up when it lost generated password. Apparently it is quite common with Bitwarden and bad connections, which I have a lot travelling to remote locations where I actually need to generate passwords.<p>Both app and server need so much polish. Like this is literally like touching something from 00s and everyone seems to be content with it.<p>I truly hope Bitwarden would put money to better their app and technology, focusing on User Experience, not on feature checklist.

Bitwarden is just great! One of the few pieces of software I am really happy to pay for.

Whatever the fuck do they need this for? I just cannot see any good reason to raise $100M. Hell, $10M might be too much.

Good. Maybe now they can finally get around to fixing some of the rough edges for enterprisey customers. Onboarding new users is a pain. The audit UI is a pain. There is (still!) no way to share a password with another user within the same organization (except by creating a Collection and granting access to that, that&#x27;s not what you want when you&#x27;re creating an email account for a user and want to give them their initial password).<p>That, and their UI is pretty cluttered and ugly, though the latter is subjective.

This worries as a Bitwarden customer of several years. The bigger a company gets the worse its treatment of customers gets. It&#x27;s not 100% true but in my experience it happens most times. I guess I should just write my own probably much less secure password keeping database just for fun as a backup and export my passwords often and keep them more local and unsecured than if it were just in the cloud. I suspect they will end free tier service in the next couple of years as well.

It’s the password manager of my choice. I hope they manage to survive. Maybe they should try increasing their annual fee. At $10&#x2F;year it’s a steal

After posting a simple comment, now I&#x27;m getting emails from Bitwarden...<p>&quot;Additional security has been placed on your Bitwarden account. We&#x27;ve detected several failed attempts to log into your Bitwarden account. Future login attempts for your account will be protected by a captcha.&quot;<p>Thanks HN! =)

Well, if Bitwarden becomes the new LastPass, there&#x27;s always room for another Bitwarden.

How is the user experience of bitwarden vs lastpass?<p>I find lastpass clunky.. ipad app is flakey (or is it the iOS integration layer itself?)<p>Integrating with chrome, iOS, etc, I assume is a difficult problem so I&#x27;ve assumed most password managers have the same issues. But it drives me crazy they haven&#x27;t innovated much either, e.g., searching for specific passwords in my vault. I have to export it to excel and then look for them, then make sure &#x2F; hope that the excel file didn&#x27;t drop any temporary file copies anywhere.

As folks talk about migrating, largely to yet another (insert another startup-themed password manager), I can&#x27;t help but wonder.<p>Which has taken more time? Learning how to use gopass and a yubikey, or migrating password services every few years and paying hundreds for arbitrarily pay-walled features?<p>Edit: idk, maybe there&#x27;s some UX aspects of the password sharing features that are more important to other folks, otherwise, the diy option is not that hard, or a UX sacrifice.

Excited to hear this. The most important use case for me that is unmet with Bitwarden is a shared vault in a company that has some pernissioning etc.<p>It would be cool if there were a Bitwarden &quot;extension vault&quot; that is only accessible so long as you are employed somewhere and which suggests rotation as part of offboarding etc. Anyway, congratulations and good luck.<p>How much would I pay for that? Perhaps with ACLs and stuff I think $10 &#x2F; user-month

I&#x27;d be really curious to know how much the move to passkeys has factored into this. I imagine it&#x27;s an immediate threat to existing password managers.

This makes me very glad that I switched my self-hosted password manager from Bitwarden to Vaultwarden. It implements the Bitwarden Server API so I can still use the same client applications.<p>I strongly suspect that this new VC-funded Bitwarden will eventually close off their applications API and client applications, but with an open-source server API provided by Vaultwarden it should be possible to create new, open-source clients, too.

So, the price for 3 millions active users is around 100m usd dollars. Or 3 dollars per a user vault. OK. Noted. It&#x27;s time to switch then.

With extra funding, hopefully soon their search results will show folder names so that organizing by folder makes sense in a search context.

I moved to pass cli (on i3 with a simple rofi selector) and the FOSS android app <a href="https:&#x2F;&#x2F;github.com&#x2F;android-password-store&#x2F;Android-Password-Store" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;android-password-store&#x2F;Android-Password-S...</a> synced over Syncthing and I never look back

I moved from LastPass to Bitwarden a few years ago because of the nimbleness and simplicity of it, it felt so refreshing.<p>How much time do we have left before Bitwarden gradually becomes as bad as LastPass for the sake of high growth? 2-3 years? I’m not passing any judgement on this raise, entrepreneurs do what they gotta do.

Question: all users of the free plan just don&#x27;t use 2FA or Yubikey? I am amazed how that would be good policy in 2022.<p>Nothing wrong with charging for a premium version, just curious how users handle things and why there seem to be so many users on the free plan. They all just don&#x27;t know or care about 2FA?

Maybe with this new money they can fix the only bug stopping me from ditching LastPass <a href="https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;clients&#x2F;issues&#x2F;2304" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bitwarden&#x2F;clients&#x2F;issues&#x2F;2304</a>

I always enjoyed the value that Bitwarden provides: free to use, password generator, and a vault to keep other texts. But somehow I never got the TOTP working.<p>Once I locked out of Bitwarden because of Cloudflare blocking my IP address for some unknown reason. I restarted my router and the problem got fixed.

Yeah it&#x27;s nice and all but I wish they brought fingerprint auth to Linux already:<p><a href="https:&#x2F;&#x2F;community.bitwarden.com&#x2F;t&#x2F;linux-fingerprint-and-or-biometric-support&#x2F;16715" rel="nofollow">https:&#x2F;&#x2F;community.bitwarden.com&#x2F;t&#x2F;linux-fingerprint-and-or-b...</a>

I really like bitwarden, but I do wish their internal API was more clear&#x2F;open so 3rd party clients were easier to write. There have been a few times where I&#x27;ve been on an obscure OS on a device too slow to run a modern web browser, but wanted to use Bitwarden.

Any Apple-devices users here? Why would I use this instead of Apple built-in password manager?

Been strongly considering switching from Dashlane (no idea why I chose it originally, but here we are) to Bitwarden for a while now. Despite some of the comments I don&#x27;t think this changes anything, though I might just wait a little longer.

Here comes price hikes. This is why I kept asking these guys if they had a lifetime sub.

Even better! Kudos to the team. A viable alternative to 1Password and others. I agree there are open source alternatives available, but I prefer to pay for the premium version, which works across all devices. Good stuff.

Lots of people worried about Bitwarden. Where are the people worried about PSG? As passkeys gain adoption, fewer people will need a password manager, and PSG is going to have a hard time getting their money back.

This is fantastic. Bitwarden is a great service and them having more resources to do yet another thing The Right Way is only a good thing in my books. Really keen to see what they produce.

Happy user here. Congratulations to the company. Would be cool if they invested some into autofill functionality for their Android app because that doesn&#x27;t seem to work as it should.

I love Bitwarden. Super happy about this. Congrats to everyone!

What does a password manager company need $100M for? Aren’t they doing just fine without VC money? Wouldn’t $1M be largely enough?

Well, guess it&#x27;s time to cancel my subscription and start preparing my departure from Bitwarden...sad to hear this.

Is this PSG related to Paris Saint-Germain?

I&#x27;m quite happy with the premium service, and I see myself staying there for the foreseeable future.

Well I supposed authn landing in Safari this fall is good timing (for us) as a backup option

Does vaultwarden have plans to reimplement everything Bitwarden does so that we another option?

Oh $100m VC injection, exactly how 1Password started going to garbage..

Wonder if they could have raised the yearly sub or added a tier to make that instead?

Honest question: what&#x27;s the main benefit to using a password manager?

serious question, is there any benefit to a password manager if you are using the Apple ecosystem via your Keychain across devices for password management with pin and faceID?

More competition in this space is good for users.

Ho the sweet irony of people praising them over 1password not two weeks ago. Queue the typical HN, &quot;I switched from Bitwarden to X&quot; in a couple of weeks.

but why? I don&#x27;t see the main core have any bigger value at all (a few millions yes, but not more)

Looking forward to autotype

After lastpass, I am a little wary about password managers. Not sure when they plan to &quot;monetize&quot; me.<p>Been using google password since lastpass turning on paywall. What&#x27;s your opinion of Bitwarden? Reasons to give it a try? Having all passwords locked up is no fun.

does bitwarden scale up to 20-30-50 thousand users?

that’s a lot of money for a password store

how does bitwarden compared to 1password?

Well that’s annoying. I guess the clock is ticking on Bitwarden becoming user hostile. I can’t see how they’ll be able to produce a return on that investment at their current price points.<p>Having said that, I do think there is an opportunity for Bitwarden to expand into application secret management, and that could be a lucrative market with big enterprise customers if they get it right.<p>The announcement seems to be a generic “nothing will change” announcement though, which doesn’t inspire confidence as:<p>- These are almost always reneged on later<p>- Clearly something has changed (or why bother getting investment), they’re just not telling us what “we can deliver on our roadmap more quickly” could not possibly be more vague.

In many ways it&#x27;s a shame when a useful tool turns into a high growth startup. They&#x27;re going to hire a bunch of developers who will need to justify their existence by adding features, they&#x27;ll probably eventually either fail or get purchased and shut down. And then all the overly complex applications will start to rot.<p>What&#x27;s wrong with saying &quot;this is a useful tool&quot; and leaving it at that?

If you&#x27;re a Bitwarden user and this doesn&#x27;t worry you, you haven&#x27;t been paying attention to the history of almost every company that has accepted VC funds.<p>It doesn&#x27;t matter how well intentioned the founders are - once you accept that kind of money, it&#x27;s not your product anymore. You are now in the business of making money, nothing else, and those skewed incentives will start bleeding into their product and business practices sooner or later.<p>As a company, Bitwarden has been a huge role model for me, and I hope they&#x27;ll be the exception to the rule. But $100M is a lot of money, and I simply can&#x27;t imagine it having a net-positive effect on the company and product. But we&#x27;ll see...<p>For anyone looking for a bootstrapped, open source alternative to Bitwarden, check out Padloc:<p><a href="https:&#x2F;&#x2F;padloc.app&#x2F;" rel="nofollow">https:&#x2F;&#x2F;padloc.app&#x2F;</a> <a href="https:&#x2F;&#x2F;github.com&#x2F;padloc&#x2F;padloc" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;padloc&#x2F;padloc</a><p>(Disclaimer: I&#x27;m the founder)

I don&#x27;t like that Bitwarden needs an external server so I use KeepassXC but for the people that do, I guess it is always time to fork it.

What&#x27;s wrong with KeePassXC?

I would never have someone else manage my passwords for me.<p>You have to trust the server. It could serve the user with malicious JS code or an app update at any time.<p>You can self host it though.

Shit.

The trend of open source spyware is really worrisome to me.<p>More often than not these corporate open source projects include spyware features (Bitwarden included) that phone home without user consent.<p>They claim selfhosting is a goal, yet their published client will report on your activity to Microsoft without your consent.