Bitwarden Is Safe

Posted on  by



Bitwarden Pricing

Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. The websites and apps that you use are under attack every day. Bitwarden is a mature product that has been around for several years. It’s has trustworthy as any other pasword manager, as a bonus it is open source so you can review the code. Bitwarden has undergone security audits. Bitwarden appears to be based in the US, which is part of the 5, 9, and 14 eyes for surveillance. The good news for those wondering whether or not their data is safe with Bitwarden is that the answer is a resounding yes. There is no reason to suspect that your data is any less safe with Bitwarden than it is with any of the other major password managers. In addition to keeping your identity, credentials and sensitive data safe. Bitwarden is a lean, open-source encryption software password manager that can generate, store and automatically fill.

Bitwarden is free and open-source software, but unlike community-developed alternatives such as KeePass, it is a commercial venture.

The core product is free and will stay free forever, but you can support the developer by paying a very reasonable $10 per year subscription fee for a premium personal account. Premium users enjoy some cool (non-core) additional features, as outlined below.

In addition to a premium personal plan, Bitwarden offers family plans and a couple of enterprise plans aimed at businesses.

13 hours ago  Bitwarden's free version has the basics of a good password manager, and its premium features are inexpensive. However, Bitwarden isn't the most intuitive platform to use.

In this review, we will focus on personal plans.

What features does Bitwarden offer?

The following features are available to free users:

  • End-to-end encryption (e2ee) of passwords
  • 100% open source
  • Cross-platform apps for all major platforms
  • Browser add-ons for all major browsers
  • Web browser access from anywhere
  • Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
  • Can self-host
  • Two-factor authentication (2FA)

Paying $10 a year adds:

  • 1GB encrypted file storage
  • Additional 2FA options
  • Priority customer support

What is important to note is that there is no account recovery feature.

How easy is Bitwarden to use?

To start using Bitwarden, just download the app for your platform and sign-up in-app. A password is requested, but this is not verified. You’ll need to think of a strong master password, and can choose a hint to help you remember it.

And that’s it! Just don’t forget your master password!

The desktop clients

The Bitwarden desktop clients are basically identical in Windows, macOS, and Linux. Most versions of Linux are supported thanks to the app being packaged in the AppImage format. It is also available through the Ubuntu Software Center and, of course, you can compile the open-source code yourself.

We find the interface to be smart looking and very easy to use. Four “Types” of data entry are supported: login, card, identity, and secure note.

Each entry Type is formatted in a way suitable to entering data of that kind, and which the app can use to auto-fill passwords, web forms, and card detail forms. using browser add-ons.

An interesting new feature is a button in the password field which checks if the password you input has been exposed. This works much like our very own data breach tool and compares the username and password you enter with a database of known password breaches.

A more secure option than thinking up your own all-too-fallible passwords is to let the Bitwarden app generate secure passwords for you. These passwords can be tailored to conform with any specific requirements a website insists on.

You can also create folders and add items to them. What more do you want? If you need group password management and sharing features then these are provided by Bitwarden’s organization accounts.

Autofill functionality on the desktop is provided by browser add-ons for Firefox and Chrome.

The Mobile Apps

The mobile Android and iOS apps are very similar, and share the same attractive and intuitive design philosophy as their desktop siblings.

Both apps do everything their desktop siblings can including generate secure random passwords. They also both support fingerprint unlocking on devices which have fingerprint sensors.

The Androids app uses the Autofill Framework Service on Android 8+ devices and the Auto-fill Accessibility Service on older Android devices to auto-fill forms in any browser window or app. In addition to this, the browser add-ons work with the mobile versions of Firefox and Chrome.

In iOS 12+ the Bitwarden app integrates with Apple’s new Authentication Services framework to provide instant autofill functionality in most browsers and apps.

Web Vault

In addition to using apps, it is possible to access your passwords via the “Web Vault” from any browser. This is handy, although the possibility of compromised servers pushing malicious JavaScript code directly to your browser window means that using browser-based e2ee cryptography will never be quite as secure as performing the cryptography in a stand-alone client.

Interestingly, the only way to import data is via the Web Vault, which accepts files exported from a huge range of password managers

Command-line interface CLI

In addition to graphical user interfaces (GUIs) for all major platforms, Bitwarden provides a powerful CLI client for Windows, macOS, and Linux.

It doesn’t really do anything the GUI clients don’t, but it is very lightweight and geeks will love it!

Browser add-ons

Browser add-ons are available Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. A Firefox link is provided for the Tor Browser, but we do not recommend this as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.

The add-ons look like the Bitwarden apps and provide the same core functionally.

They also make auto-filling logins, forms, and suchlike a breeze.

Bitwarden customer support

An extensive help section provides detailed documentation on most aspects of Bitwarden. If you have any additional questions you can email them in.

Bitwarden is basically a one-man show, so all responses we received were from its developer Kyle Spearrin himself. Responses typically arrived on the same day. Alternatively, the Bitwarden website hosts an active forum on which Kyle is an enthusiast participant.

Privacy and security

Bitwarden is a US company and is therefore subject to FISA, the Patriot Act, and very likely surveillance by the NSA. Which shouldn’t matter because…

Bitwarden uses fully audited open-source end-to-end encryption (e2ee). Which is as good a guarantee that it is secure and private as it’s possible to get. The only way to decrypt your data is by using the correct master password, which is not recoverable should you forget it. So don’t.

Because e2ee is used, it shouldn’t matter that Bitwarden uses Microsoft Azure cloud servers to host accounts, although if this really bugs you then you can self-host on a home or rented server of your choice using the open-source Docker framework.

Audit

In November 2018 a crowdfunded independent security audit by Cure53 found no major issues with the software. Some non-critical issues were discovered, the most important of which were patched immediately. We can only presume that developer Kyle has been working hard this last year to fix any additional issues raised by the audit.

Technical security

Data at rest is protected using an AES-256 cipher. PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all respected third-party cryptographic libraries.

Data in transit is protected by regular TLS - which is fine. Even if your data was somehow intercepted in transit (via a MitM attack using fake SSL certificates) it could not be accessed because it is encrypted with AES-256 before leaving your device.

In 2018 a flaw was found in the Chrome add-on’s cryptography. This was largely fixed immediately, although you should never use the ‘never forget’ option of Bitwarden if you do not want your encryption key to exist on disk.

Two-factor authentication (2FA)

Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.

Check out our 'what is 2FA' page if you are new to this.

Bitwarden Is Safe

Final thoughts

Bitwarden

Bitwarden is a free and open-source password manager that can go head-to-head with any of its closed- source subscription-based rivals. It is powerful, looks good, is intuitive to use, and syncs seamlessly across all your devices.

In our view, Bitwarden’s only real rival is the similarly open-source KeePass and its various forks. Bitwarden looks prettier than KeePass and is easier to set up and use, but thanks to the huge number of add-ons available to KeePass, it is no-where near as powerful or flexible.

KeePass is also true community-developed software rather than a one-man for-profit product (albeit one which is open-source). Bottom line: Bitwarden is the ideal password manager for the less technically minded.

Get 3 months free
  • Fastest VPN we test
  • Servers in 94 countries
  • Unblocks Netflix, iPlayer and more
23hours
25seconds
Get ExpressVPN 30-Day Money-Back Guarantee

Tuesday, May 1st, 2018

Update 2021-02-25: (Disclaimer: I’m not a cryptographer, and not affiliated or sponsored by Passbolt in any way, shape or form). I’ve reviewed another Open Source personal and team password manager called Passbolt. Without going into a full review, its security looks impressive. Passbolt uses plain, old, trusted GPG with asymmetric public / private key encryption to encrypt and share secrets. Secrets are end-to-end encrypted, and a separate browser plugin is used for the client-side encryption. This (apparently) makes the crypto safer than plain Javascript client-side encryption. (yada, yada, CPRNG) This architecture is also more resilient against server-side breaches, as an attacker that gains access to the server cannot inject code into the javascript, given that it’s a separate plugin. The private key never leaves your client, as far as I can tell. The Open Source version does not support 2FA, however it already requires the private key and a password (with which the private key is encrypted). So basically it’s already 2FA by design. Passbolt is slightly less easier to use, but for team-based password sharing, I highly recommend it.

Update: Kyle Spearrin, the lead developer of Bitwarden, contacted me regarding this blog post. Some issues (unnecessary loading of resources from CDNs and disclosure of my email address to a third-party without confirmation) have already been resolved. Mitigations for other issues were already in place, although I haven’t had time to confirm this yet. I’ll update this post with more details as soon possible.

Bitwarden is an open source online password manager:

The easiest and safest way for individuals, teams, and business organizations to store, share, and sync sensitive data.

Bitwarden offers both a cloud hosted and on-premise version. Some notes on the scope of this blog post and disclaimers:

  • I only looked at the cloud hosted version.
  • This security review is not exhaustive, I only took about a few minutes to review various things.
  • I’m not a security researcher, just a paranoid enthusiast. If you find anything wrong with this blog post, please contact me at ferry DOT boender (AT) gmaildotcom.

Here are my findings:

Encryption password sent over the wire

There appears to be no distinction between the authentication password and encryption password.

When logging in, the following HTTP POST is made to Bitwarden’s server:

That’s a base64 encoded password. (Don’t worry, I anonymized all secrets in this post, besides, it’s all throw-away passwords anyway). Lets see what it contains:

Okay, at least that’s not my plain text password. It is encoded, hashed or encrypted somehow, but I’m not sure how. Still, it makes me nervous that my password is being sent over the wire. The master password used for encryption should neverleave a device, in any form. I would have expected two password here perhaps. One for authentication and one for encryption.

Bitwarden Security Review

The reason it was implemented this way is probably because of the “Organizations” feature, which lets you share passwords with other people. Sharing secrets among people is probably hard to do in a secure way. I’m no cryptography expert, but there are probably ways to do this more securely using asymmetric encryption (public and private keys), which Bitwarden doesn’t appear to be using.

Bitwarden has a FAQ entry about its use of encryption, which claims that passwords are never sent over the wire unencrypted or unhashed:

Bitwarden always encrypts and/or hashes your data on your local device before it is ever sent to the cloud servers for syncing. The Bitwarden servers are only used for storing encrypted data. It is not possible to get your unencrypted data from the Bitwarden cloud servers.

The FAQ entry on hashing is also relevant:

Bitwarden salts and hashes your master password with your email address on the client (your computer/device) before it is transmitted to our servers. Once the server receives the hashed password from your computer/device it is then salted again with a cryptographically secure random value, hashed again and stored in our database. This process is repeated and hashes are compared every time you log in.

The hashing functions that are used are one way hashes. This means that they cannot be reverse engineered by anyone at Bitwarden to reveal your true master password. In the hypothetical event that the Bitwarden servers were hacked and your data was leaked, the data would have no value to the hacker.

However, there’s a major caveat here which they don’t mention. All of the encryption is done client-side by Javascript loaded from various servers and CDNs. This means that an attacker who gains control over any of these servers (or man-in-the-middle’s them somehow) can inject any javascript they like, and obtain your password that way.

Indiscriminate allowance / loading of external resources

The good news is that Bitwarden uses Content-Security-Policy. The bad news is that it allows the loading of resources from a variety of untrusted sources. uMatrix shows the type of resources it’s trying to load from various sources:

Here’s what the Content-Security-Policy looks like:

Roughly translated, it allows indiscriminate loading and executing of scripts, css, web workers (background threads) and inclusion of framed content from a wide variety of untrusted sources such as CDNs, Paypal, Duosecurity, Braintreegateway, Google, etc. Some of these I know, some I don’t. Trust I have in none of them.

It would take too long to explain why this is a bad idea, but the gist of it is that the more resources you load and allow from different sources, the bigger the attack surface becomes. Perhaps these are perfectly secure (right now…), but an import part of security is the developers’ security mindset. Some of these resources could have easily been hosted on the same origin servers. Some of these resources should only be allowed to run from payment pages. It shows sloppy configuration of the Content-Security-Policy, namely site-wide configuration in the web server (probably) rather than being determined on an URL by URL basis.

The actual client-side encryption library is loaded from vault.bitwarden.com, which is good. However, the (possibility of) inclusion of scripts from other sources negates any security benefits of doing so.

The inclusion of Google analytics in a password manager is, in my opinion, inexcusable. It’s not required functionality for the application, so it shouldn’t be in there.

New password entry is sent securely

Is Bitwarden Safe As Lastpass

Bitwarden

When adding a new authentication entry, the entry appears to be client-side encrypted in some way before sending it to the server:

It’s base64 again, and decodes into the same obscure binary string as the password when logging in. I have not spent time looking at how exactly the encoding / encryption is happening, so I cannot claim that this is actually secure. So keep that in mind. It does give credence to Bitwarden’s claims that all sensitive data is encrypted client-side before sending it to the server.

Disclosure of my email address to a third part without my consent

Bitwarden

I clicked on the “Data breach report” link on the left, and Bitwarden immediately sent my email address to https://haveibeenpwned.com. No confirmation, no nothing; it was disclosed to a third party immediately. Well, actually, since I use uMatrix to firewall my browser, it wasn’t and I had to explicitly allow it to do so, but even most security nerds don’t use uMatrix.

That’s not cool. Don’t disclose my info to third parties without my consent.

Developer mindset

One of, if not the, most important aspects is the developer mindset. That is, do they care about security and are they knowledgeable in the field?

Bitwarden appears to know what they’re doing. They have a security policy and run a bug bounty program. Security incidents appear to be solved quickly. I’d like to see more documentation on how the encryption, transfer and storage of secrets works. Right now, there are some FAQ entries, but it’s all promisses that give me no insight into where and how the applied security might break down.

One thing that bothers me is that they do not disclose any of the security trade-offs they made and how it impacts the security of your secrets. I’m always weary when claims of perfect security are made, whether explicitely, or by omission of information. There are obvious problems with client-side javascript encryption, which every developer and user with an reasonable understanding of web developers recognises. No mention of this is made. Instead, security concerns are waved away with “everything is encrypted on your device!”. That’s nice, but if attackers can control the code that does the encryption, all is lost.

Please note that I’m not saying that client-side javascript encryption is a bad decision! It’s a perfectly reasonable trade-off between the convenience of being able to access your secrets on all your devices and a more secure way of managing your passwords. However, this trade-off should be disclosed prominently to users.

Safe

Conclusion

So, is Bitwarden (Cloud) secure and should you use it? Unfortunately, I can’t give you any advice. It all depends on your requirements. All security is a tradeoff between usability, convenience and security.

I did this review because my organisation is looking into a self-hosted Open Source password manager to manage our organisation’s secrets. Would I use this to keep my personal passwords in? The answer is: no. I use an offline Keepass, which I manually sync from my laptop to my phone every now and then. This is still the most secure way of managing passwords that I do not need to share with anyone. However, that’s not the use-case that I reviewed Bitwarden for. So would I use it to manage our organisation’s secrets? Perhaps, the jury is still out on that. I’ll need to look at the self-hosted version to see if it also includes Javascript from unreliable sources. If so, I’d have to say that, no, I would not recommend Bitwarden.