Tokyo Olympics opening ceremony EA Play Live Deepfake version of young Paul McCartney Dune trailer Mercedes-Benz plans all-electric lineup by 2030 Unemployment tax refunds
CNET editors pick the products and services we write about. When you buy through our links, we may get a commission.

Bitwarden review: The best free password manager for 2021

The open-source champion that leaves no device hanging (looking at you, LastPass).

Listen
- 05:30
bitwarden-app-cnet-2021-password-manager-on-phone-002

Bitwarden is our top choice for a free password manager. 

Sarah Tew/CNET

Up until spring of 2021, only two of our leading password managers offered free service tiers that allowed you to synchronize and use your password manager across multiple devices. So when LastPass restricted its free service to use on only a single device in March, Bitwarden -- the only other app with the same offer -- sealed the deal and became the de facto champion of the free password manager game. 

But what do we know about Bitwarden? Is it as safe to use as LastPass? Is it as convenient and user-friendly? Is it as compatible across platforms, and packed with as many features? You bet your login it is. Bitwarden's open-source code base creates a transparent security foundation beneath its otherwise streamlined and designed-for-simplicity interface. This -- combined with its hyperflexible platform and browser compatibility and its feature-rich premium options -- push Bitwarden ahead of its competitors. 

My once long-held love of LastPass notwithstanding, I finally made the switch to Bitwarden and found out why it's gathered such a devoted fanbase. Here's the scoop on my browser's new best friend.

Read more: Later, LastPass: How to switch to a new password manager

Bitwarden

Like

  • Open-source and transparent
  • Free version syncs across unlimited devices
  • Feature-rich premium versions

Don't Like

  • Free version has fewer features than competitors
  • User interface isn't as smooth as competitors'
  • Premium users get better customer support

Bitwarden cost and compatibility

006-bitwarden-app-laptop-cnet-2021
Sarah Tew/CNET

You'll be hard-pressed to find a traditional platform Bitwarden isn't compatible with. Bitwarden works with Windows, MacOS, Linux, Android, iPhone and iPad. Its browser extensions are available for Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave and Tor. 

With Bitwarden's free tier, you can store an unlimited number of logins, notes and cards in its encrypted vault, all of which you can access from as many devices as you like once you've installed the app. A must-have for any password manager, Bitwarden's free tier also includes a random password generator. Free tier users can also enable two-factor authentication for logins and can use Bitwarden's database breach feature, which checks across multiple sites to see if any of your logins have been involved in a breach. 

Bitwarden's free tier isn't as feature rich as LastPass', which offers a password strength gauge that checks all your vault entries for duplicates and weak passwords. But the ability to use Bitwarden for free on multiple devices, which you can no longer do with LastPass, more than makes up for the lack of bells and whistles. 

Many of those bells and whistles, however, are available in Bitwarden's $10 yearly premium tier subscription service, including a nearly identical password strength report for your vault. The premium subscription also comes with up to 1 gigabyte of encrypted file attachments and secure login via YubiKey, U2F and Duo. 

If you really want to take your household privacy up a notch, you can opt for Bitwarden's family plan, which comes with six user accounts and costs $40 a year. Bitwarden offers a 30-day money-back guarantee on its premium services.

Read more: Need a LastPass alternative? This is the best free password manager we've found

Bitwarden security and privacy

bitwarden-app-cnet-2021-password-manager-on-phone-007
Sarah Tew/CNET

When it comes to privacy management services, I'm slow to recommend free services. Online services cost money to develop and maintain, and companies often pay for free services by sharing your data with third-party advertisers, putting your privacy at cross purposes with a company's revenue stream. But Bitwarden's free service has me at ease. 

Its open-source roots are one of Bitwarden's most appealing features, allowing the web at large to inspect its code for flaws and suss out hidden security threats that aren't as easily identified in proprietary, closed-source software. 

Bitwarden's efforts at transparency extend to its public collection of readily accessible audits, certifications and codebase -- including its independent audit by Cure53. Its security is just as strong as LastPass', with both offering two-factor authentication, zero-knowledge password encryption (neither company can see your vault entries) and customizable password complexity rules. Bitwarden also allows you to self-host. That means if the public-facing Bitwarden service ever gets breached, your own vault should theoretically be secure. 

007-bitwarden-app-laptop-cnet-2021
Sarah Tew/CNET

Outside of actual security strength, privacy is also a priority for password managers. 

The web trackers found on LastPass' website previously raised a privacy concern worth noting and pushed me past the tipping point toward Bitwarden. The Exodus Privacy app, developed by the Guardian Project to document the number of trackers and permissions other apps use, discovered seven web trackers (now down to five) in the Android version of LastPass earlier this year. 

The web trackers on LastPass included those from Google Analytics, AppsFlyer and Mixpanel. While LastPass' password encryption normally protects your passwords from being viewed by any tracker or site, these trackers let third-party companies collect a startlingly complete record of the sites you visit. 

By comparison, Bitwarden had just two. LastPass' premium competitors 1Password and KeePass have no trackers. 

Being open-source, Bitwarden's privacy policy and terms of use are somewhat easier to believe than some others, since so much of the machinery is visible. Even so, Bitwarden's privacy policy reads as plainly as you could ask for. Yes, Bitwarden does collect certain types of data: Your credit card number if you're a premium user, your email address so you can log in, your IP address and other information that could verify your identity.

But the list of third-party entities it shares that data with -- my larger concern -- is fairly limited by comparison, and Bitwarden does have an opt-out option which would further reduce that number. Still, I'd like to see more disclosure from the company about which subsidiaries and affiliates Bitwarden may be able to share your data with. 

Is Bitwarden's interface as pretty as LastPass'? Not if you like digital gewgaws and finessed design (don't we all?). But, as a former LastPass devotee now firmly in the Bitwarden camp, I'm more convinced than ever that simple is beautiful.