HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Bitwarden Review

In our Bitwarden review, we explain the password manager´s key features and explore its strengths and weaknesses to help you evaluate whether this is a suitable solution to meet your password management needs.

Bitwarden Review Summary

Bitwarden is an open-source, vault-based password manager with a strong range of features and capabilities in both the free and premium versions. Ideal for empowering users to become more security conscious, Bitwarden is quick to set up, highly customizable, and can be deployed as a Software-as-a-Service solution or self-hosted if required.

On the downside, there is no live support if you encounter issues. Although the Bitwarden user interface is more intuitive than most, and there are plenty of online resources that can help resolve your issues, there is no chat or phone support to help you climb the steep learning curve if you are unfamiliar with how vault-based password managers work.

Bitwarden Key Features

Bitwarden is a multi-platform password manager that enables users to generate, store, use, and share passwords securely from any location. Bitwarden also supports the secure storage of credit cards, notes, and identities, enabling users to autofill payment details and forms using keyboard shortcuts and keep personal information secure.

Among Bitwarden´s key features, the two most useful to personal and businesses customers are the capability to synchronize and access stored login credentials and other data across multiple devices, operating systems, and browsers; and the option to conduct password health checks to identify weak, reused, and exposed passwords.

Below we have compiled a list of some of the other key features available to customers and indicated whether they are available in the free version (Free), in the premium plan for individuals (P), in the family plan (F), business “Teams” plan (T), or in the business Enterprise plan (E). Personal customers are advised that the Free and Premium Plans support two users per plan, with unlimited sharing between users. Plan prices appear later in our Bitwarden review.

Bitwarden Review - Key Features

Bitwarden Security

Security is one of the most important considerations when choosing a password manager, especially in healthcare. Bitwarden security is first rate, offering military-grade end-to-end encryption (AES 256-bit) and PBKDF2 SHA-256, with only the administrator able to manage organization data. Bitwarden operates under the zero-knowledge model, so does not have access to users’ password vaults.

Bitwarden only receives hashed versions of passwords, which are then hashed again when data is transmitted. Furthermore, one-way hash functions are used with salting, so it is not possible for Bitwarden to reverse that process. Therefore, in the event of a breach of Bitwarden-managed servers, or an organization’s servers if self-hosting, only unusable encrypted, hashed and salted passwords will be disclosed.

Bitwarden is built on open source software, which is great for security. This transparency means anyone can access, review, and audit the code, identify bugs, and suggest updates. Additionally, the company runs a bug bounty program on HackerOne. Bitwarden has also undergone a third-party security audit and cryptographic analysis with Cure 53, which included Bitwarden applications and backend server systems.

HIPAA Compliance

Bitwarden stands out as an ideal password manager solution for HIPAA compliance in terms of security, with the solution having undergone a third-party audit for HIPAA Security Rule compliance in December 2020. Furthermore, Bitwarden is prepared to enter into a Business Associate Agreement with HIPAA Covered Entities if required.

Bitwarden has also been confirmed as meeting the security standards of other regulations including GDPR, CCPA, SOC 2, SOC 3, and the EU-US and Swiss–US Privacy Shield frameworks – although it is important to be aware that HIPAA compliance is dependent on how the solution is configured and used rather than its technical capabilities.

Setup, Interface, and Usage

Most users will set up Bitwarden using the web app, and then configure the password manager via an app. Apps are available for Windows, macOS, iOS, Android, and Linux operating systems. Browser extensions are also available for all major browsers including Chrome, Firefox, Edge, and Opera, as well as less popular browsers such as Brave, and Vivaldi.

Thereafter, the user interface is intuitive and simple, making effective password management easy for all users – even those with no experience of vault-based password managers. Additionally, if you are currently using an alternative password manager, Bitwarden has an easy-to-use import feature for importing your passwords, identities, and credit card information from all major password management solutions.

Customer Service and Support

Customer service and support is limited to online Help pages for the free version of the product, and only offered via online contact form for paid plans. That said, Bitwarden´s social media accounts appear to be monitored around the clock, and the company hosts an active community forum as well as quickly responding to queries raised on the Bitwarden subreddit.

The reason for flagging customer service and support as a negative in our Bitwarden review is because, if you have no experience of vault based password managers, you may not set your account up properly. Ideally you should use a different email address for your Bitwarden account from your main email address, not save your master password in the Bitwarden vault, and write down 2FA recovery codes to keep in a safe place.

This isn´t an issue unique to Bitwarden – all vault-based password managers assume new customers already know what they are doing. Nonetheless, because of this assumption, we recommend that users unfamiliar with vault-based password managers read through Bitwarden´s Help pages before creating an account to ensure you don´t make mistakes in the account creation process that cannot be rectified later (because Bitwarden operates under a zero knowledge model).

Pricing and Plans

Bitwarden has one of the most extensive free versions of any vault-based password manager solution. However, the additional benefits of the premium version coupled with the low price make it worth an investment. Personal Bitwarden Premium plans cost less than $1 per user, per month ($10 per year), with a Family plan for up to 6 users costing $3.33 per month ($40 per year).

Bitwarden offers a feature-limited Teams plan for businesses for $3 per user per month, and a business Enterprise plan for $5 per user per month. The Family plan and both business plans are available on a 7 day no obligation free trial and – once subscribed – the option exists to purchase additional storage space if required.

Personal Accounts

Personal Accounts Cost Main Features
Basic Free Account 100% free Core password management features; 1-to-1 text sharing, unlimited vault items, sync across all devices, secure password generator, and a self-host option.
Premium Account $1 per month ($10 annually) Premium password security and management features including: Bitwarden Authenticator (TOTP), emergency access, encrypted file attachments, 1-to-1 text and file sharing, 2-step login (YubiKey, U2F, Duo), and vault health reports.
Family Organization $3.33 per month ($40 annually) All premium features for up to 6 users plus priority customer support, self-host option, plus unlimited collections and shared items.

Business Accounts

Business Accounts Cost Main Features
Team Plan $3 per user, per month Unlimited users, collections, items storage and shared items. Text and file sharing, 1GB storage (personal) and 1GB storage (organizational) user groups, event logs, directory connector, API access, vault health reports, priority support, Bitwarden Authenticator (TOTP), and 2FA, YubiKey, U2F, Duo.
Enterprise Plan $5 per user, per month Team plan features plus secure business secrets, enterprise policies, SSO authentication via SAML 2.0 and OpenID connect, plus a self-hosting option.

Bitwarden Review: Verdict

It is hard to fault Bitwarden. The free account offers great usability and extensive features and is a superb introduction to vault-based password managers. Security is first rate, with military grade encryption, open-source transparency, and configurable password generators. The paid-for versions of Bitwarden are very competitively priced and offer most individual and business users everything they will need to securely manage login credentials, identities, and payment details. The only negative we found to include in our Bitwarden review is the lack of chat or phone support.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.