Labs PASSWORD MANAGERS
Last Pass has been many people’ s go-to password manager for years due to its generous free tier. Now that’ s been emasculated, which should you choose? We put four con tenders to the test Bitwarden If you don’t want a pricey password manager, this cheap,
Bitwarden is the only mainstream password manager that offers a truly unlimited service for free: you can store as many passwords as you like and access them across all of your devices. You can also share credentials with one nominated recipient, making it the number-one option for anyone who wants to protect their logins without breaking out the credit card.
Don’t overlook its subscription services, though. At $10 per year for the Premium plan, Bitwarden is much cheaper than either Dashlane ( see p62) or LastPass ( see p63), and subscribing unlocks warnings about weak or reused passwords, plus a trusted contact feature for emergencies. Subscribers also receive 1GB of secure file storage and can send files to other Bitwarden users, with optional password protection and expiration dates.
The Family plan at $40 per year lets you share passwords with up to five family members. It also enables the software to identify and integrate with sites that support two-factor authentication, and adds an emergency access feature. Bitwarden even offers a businessoriented Teams plan at $3 per month, and a $5 per month Enterprise option that includes single sign-in support.
How it works
There are desktop apps for Windows, macOS and Linux, as well as apps for Android and iOS – and extensions for eight browsers, including Brave, Opera and Vivaldi. It’s managed via Bitwarden’s website, but you can store and edit passwords directly in the browser or in apps.
Along with regular logins, cards and personal details, Bitwarden can store free-form Secure Notes, and organise your stored items using custom folders and a Favourites list. There’s a strong password generator, but you get no help with changing passwords that the program has
identified as weak or compromised – the report doesn’t even contain links to the sites in question.
This indicates where Bitwarden falls behind rivals: ease of use. There’s an autofill feature, but for desktop browsers it’s disabled by default and flagged as “experimental” to use at your own risk. Frankly, I’d rather not gamble. That leaves the manual method of entering credentials, which involves dragging your mouse pointer up to the top of your browser window, clicking on the Bitwarden extension icon, selecting your identity from a dropdown list and then clicking away to close the Bitwarden window.
Things are smoother on mobile platforms. On Android, for example, I was pleased to see that, when the keyboard popped up for me to enter my login details, a row of stored credentials appeared along the top and let me enter my details with a tap.
This only happens if your vault is unlocked, however. By default – and for good reason – it locks after 15 minutes, meaning your credentials won’t be shown above the keyboard. Instead, you’ll see a link that teleports you into the Bitwarden app, where you’re prompted to use biometrics or a PIN to unlock your vault. After that, you’re taken to a list of credentials for the site you started at; you’re finally bounced back to the browser only after tapping one. It only takes a few seconds to step through the process, but feels cumbersome.
I could make similar comments about the settings – not to mention the sharing system. Throughout, Bitwarden does everything you’ll need, but the learning curve includes a few stumbles and quirks.
Safety first
In case you’re worried about the safety of open-source security software, note that Bitwarden’s apps and servers are periodically audited by security specialists, and the most recent report found no major issues. Since it’s open source, any individual can audit the code for themselves too – something that can’t be said for commercial competitors.
At any rate, Bitwarden only stores your passwords in encrypted form, and it never sees your master password; if it did get hacked, your credentials would still be secure. You can optionally require 2FA to unlock your vault too. For the maximum possible security, Bitwarden even lets you host your personal data on your own server. In short, it’s extremely secure by default, and you can make it even more so if you choose.
There’s no way to either recover or reset a lost master password. If you’ve forgotten it, you can have a hint emailed to you. If that doesn’t jog your memory, however, then in most cases your only option is to authenticate biometrically on a mobile device and then export your credentials from there before nuking your Bitwarden account.
The other possible solution is to use the emergency access feature, which you’ve hopefully set up in advance. This lets you nominate one or more friends as emergency contacts, who can at any time request access to your vault. If you don’t respond within a preset time limit (which is configurable to between one and 90 days), they can log into your account and, if you’ve permitted it, reset your master password. Only Premium and Family subscribers can set emergency contacts, but the person on the receiving end can be a free user.
Crunch time
Bitwarden is less polished and less fleshed-out than its pricier rivals.
Its sharing options are more limited, and there’s nothing to match either the automated password-changer or VPN feature of Dashlane. If you’re looking for a free password manager, however, then Bitwarden really is a no-brainer. It’s the only free solution I’ve seen that makes it viable to upgrade your security with strong, unique passwords.
If you’re willing to get your wallet out then you’ve a decision to make. Bitwarden’s Premium tier adds the very valuable emergency access feature, along with password security reports, but both Dashlane and LastPass provide extra features and a breezier, more seamless experience.
Ultimately, it’s a question of whether you’re happy to pay around £30 a year for those additional features – and, in my view, it’s hard to justify the expense when you can get this effective, highly secure alternative for a pocket-money price.
“Bitwarden is the only free solution I’ve seen that makes it viable to upgrade your security with strong, unique passwords”