No one likes to maintain hundreds of credentials, nor do people enjoy creating secure passwords with proper entropy on the spot. This is a serious problem that is often a weak link in operational security for both individuals and organizations. Luckily, there are solutions for this problem thanks to password managers that also have browser extensions to accommodate ease of use.
Bitwarden is my preferred password manager and for good reason.
- Open Source
- Free account is feature-packed
- Organizational features
Bitwarden uses AES-CBC 256-bit encryption for your Vault data, and PBKDF2 SHA-256 to derive your encryption key.
Data is always encrypted on whatever local client you’re using.
Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data.
Thanks to Zero-Knowledge
“…Bitwarden as a company cannot see your passwords, they remain encrypted end-to-end with your individual email and Master Password. We never store and cannot access your Master Password.”
It is akin to Zero-Knowledge proofs in some blockchains and is an important security feature when dealing with credentials stored on hardware, not under your control. The entity that administers the platform (in this case Bitwarden) does not have the ability to see your secrets. This removes important attack vectors that involve malicious actors at Bitwarden, security breaches at Bitwarden, and Bitwarden being compelled by a third party to hand over your secrets.
This is possibly the most vital feature of Bitwarden. When working with in the cloud, it is important to minimize the damage that can be caused by third parties.
There’s a standalone application that runs on Windows, OS X, and Linux (via AppImage). The bulk of your time will likely be with the Android and iOS apps. There are also command-line tools in addition to a web vault.
I would say the majority of users will be just fine with the free account, only really needing to upgrade if you frequently work with teams, especially for the API and hardware key features.
The command-line tool allows you to manage your entire Vault and integrate it into your workflow and applications.
Sharing credentials will sometimes be required when working in teams. Luckily, Bitwarden has the concept of “Organizations”. Not only does this allow you to share credentials with others who you add to your Organization, but you have the ability to secretly share notes and credit card details.
The API and CLI software provide you with all the tools you need to tightly integrate Bitwarden into your specific use case.
By Bitwarden being a fully-featured open source solution, it supports on-premise installation and deployment. Giving you even more control over your credential infrastructure.