I’m currently looking for the ability to migrate passwords to open source, a cross-platform password manager, which can not only synchronize passwords, but also access passwords offline, but I found Bitwarden, It was advertised as “an open source password management solution for individuals, teams and business organizations”.
After about a week of use, I can tell you that Bitwarden may be the best open source alternative to LastPass. It has browser support, cloud password (as well as notes and credit card information) synchronization, 2FA, can be self-hosted, cross-platform and easy to use.
|Bitwarden desktop application|
- Not only store passwords, but also store secure notes, credit cards and identity information
- Support two-step verification (2FA)
- Built-in password generator
- Store unlimited items
- Unlimited synchronization between all devices
- Password import and export function (supports import from a large number of password managers, including 1Password, Chrome, Enpass, Firefox, Opera, Vivaldi, Gnome/Seahorse, KeepassX and 2, Lastpass and other)
- Fill out the form on the browser (including mobile devices)
- Optional: Host your own server yourself
- Open source
|Bitwarden Firefox extension|
Bitwarden provides mobile applications, browser extensions and web vaults, as well as desktop applications that can work offline, so even if you are not connected to the Internet, you can access the password, which is a big advantage for me.
The following is a list of all Bitwarden apps/ ways to access the passwords (and notes or credit card information) stored by Bitwarden:
- Desktop application for Windows, macOS and Linux (no Internet connection is required to access the password)
- Web browser extensions for Google Chrome, Mozilla Firefox, Vivaldi, Tor browser, Opera, Safari, Microsoft Edge and Brave
- Mobile apps for Android and iOS
- Web vault, accessible through any web browser
There are also plans to use the command line Bitwarden vault in the future. Update: Bitwarden password manager adds command line library
As for encryption, all stored data is fully encrypted before leaving the device. Bitwarden seals everything end-to-end AES-256 Bit encryption, Salted hashwith PBKDF2 SHA-256. For more information about Bitwarden security, please check This one page. Bitwarden has not yet been reviewed because “Performing proper audits is quite expensive. We are still in a heavy development model in various areas of the code base, and auditing things that are still changing is a waste of time and money.” However, a formal audit may be conducted by the end of this year . Update: Bitwarden has passed the review-you can download the PDF at the end of the content below to view the complete Bitwarden security assessment report. This articleFor synchronization, Bitwarden can use the Bitwarden cloud hosted by Bitwarden or host the server itself. Bitwarden Cloud is free for individuals to use, and it also provides paid accounts for teams and businesses.
Using the Bitwarden cloud solution is the most convenient way, but even if the server itself (like all Bitwarden components) is free and open source software, and the password is encrypted, you still might not want to hand over the (encrypted) password to a company. In this case, you can use the “host your own Bitwarden” approach and host the server yourself. To simplify this process, Bitwarden provides Instructions Information on how to set up everything with Docker on Linux, MacOS and Windows
Although this is not the purpose of this article, I should mention that Bitwarden provides some additional features for businesses, such as shared login names, user groups, secure file storage and So on and so forth.