Bitwarden Review: The Best Free Password Manager for 2022
Editor's Choice: The open-source champion that leaves no device hanging is steadily improving its offering with a richer feature set and more customizability.
Updated May 1, 2022 4:00 a.m. PT
Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission.
Reviews ethics statement
Rae HodgeFormer senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
But what do we know about Bitwarden? Is it as safe to use as LastPass? Is it as convenient and user-friendly? Is it as compatible across platforms, and is it as packed with as many features? You bet your login it is. Bitwarden's open-source code base creates a transparent security foundation beneath its otherwise streamlined and designed-for-simplicity interface. This -- combined with its hyper-flexible platform, browser compatibility and its feature-rich premium options -- push Bitwarden ahead of its competitors.
You'll be hard-pressed to find a traditional platform Bitwarden isn't compatible with. Bitwarden works with Windows, MacOS, Linux, Android, iPhone and iPad. Its browser extensions are available for Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave and Tor. The site's extensive knowledge base also specifically includes instructions on using Bitwarden with popular services like Twitch, and offers walk-throughs on integrating Bitwarden with common browser settings to ensure a smoother experience.
With Bitwarden's free tier, you can store an unlimited number of logins, notes and cards in its encrypted vault, all of which you can access from as many devices as you like once you've installed the app. A must-have for any password manager, Bitwarden's free tier also includes a random password generator. Free tier users can also enable two-factor authentication for logins and can use Bitwarden's database breach feature, which checks across multiple sites to see if any of your logins have been involved in a breach.
Bitwarden's free tier isn't as feature rich as LastPass', which offers a password strength gauge that checks all your vault entries for duplicates and weak passwords. But the ability to use Bitwarden for free on multiple devices, which you can no longer do with LastPass, more than makes up for the lack of bells and whistles.
Bitwarden has steadily increased its range of flexible features, however. In March, it announced a new convenience perk that will allow you to quickly switch between different Bitwarden user accounts on the same websites. You can also create customizable fields for your logins. It's a seemingly small benefit that offers big convenience for those who want to get the most out of the app's modular design. Bitwarden has also upped its biometric security option for those who prefer physical authentication over passwords, and enabled security key support for its mobile apps.
More bells and whistles are available in Bitwarden's $10 yearly premium tier subscription service, including a nearly identical password strength report for your vault. The premium subscription also comes with up to 1 gigabyte of encrypted file attachments and secure login via YubiKey, U2F and Duo.
If you really want to take your household privacy up a notch, you can opt for Bitwarden's family plan, which comes with six user accounts and costs $40 a year. Bitwarden offers a 30-day money-back guarantee on its premium services.
Bitwarden security and privacy
When it comes to privacy management services, I'm slow to recommend free services. Online services cost money to develop and maintain, and companies often pay for free services by sharing your data with third-party advertisers, putting your privacy at cross purposes with a corporation's revenue stream.
But Bitwarden's free service has me at ease. Its open-source roots are one of Bitwarden's most appealing features, allowing the web at large to inspect its code for flaws and suss out hidden security threats that aren't as easily identified in proprietary, closed-source software.
Bitwarden's efforts at transparency extend to its public collection of readily accessible audits, certifications and codebase -- including its independent audit by Cure53. In fact, it offers a convenient, ongoing list of all of its security certifications and audits. Its security is just as strong as LastPass', with both offering two-factor authentication, zero-knowledge password encryption (neither company can see your vault entries) and customizable password complexity rules. Bitwarden also allows you to self-host. That means if the public-facing Bitwarden service ever gets breached, your own vault should theoretically be secure.
Outside of actual security strength, privacy is also a priority for password managers.
The web trackers on LastPass included those from Google Analytics, AppsFlyer and Mixpanel. While LastPass' password encryption normally protects your passwords from being viewed by any tracker or site, these trackers let third-party companies collect a startlingly complete record of the sites you visit.
But the list of third-party entities it shares that data with -- my larger concern -- is fairly limited by comparison, and Bitwarden does have an opt-out option which would further reduce that number. Still, I'd like to see more disclosure from the company about which subsidiaries and affiliates Bitwarden may be able to share your data with.
Is Bitwarden's interface as pretty as LastPass'? Not if you like digital gewgaws and finessed design (don't we all?). But, as a former LastPass devotee now firmly in the Bitwarden camp, I'm more convinced than ever that simple is beautiful.