Bitwarden

Bitwarden is the open-source cloud password manager with verifiable self-host fallback — a cross-platform encrypted password vault where the free tier is generous, the paid tier is ~$10/year, the entire client + server stack is open source, and Vaultwarden (a Rust reimplementation of the Bitwarden server) provides a lightweight self-host alternative for users who don't want to trust the hosted service. Listed at Grade A because Bitwarden occupies the convenience-plus-verifiability point on the password manager spectrum — sync across devices without the user thinking about it, while preserving the option to bail out to self-host if you stop trusting the operator.

Background. Bitwarden was created in 2016 by Kyle Spearrin and is operated by Bitwarden, Inc. (US-incorporated company, headquartered in Florida). The product has grown from a free open-source side project to a commercial company with enterprise customers, while maintaining the open-source codebase and free-tier-for-individuals model that defined its early reputation. Independent security audits have been published by Cure53 (the Berlin-based firm that also audits Tor Browser, Mullvad, IVPN, and SimpleX); audit reports linked from bitwarden.com. Vaultwarden (formerly bitwarden_rs) is a community-maintained Rust reimplementation of the Bitwarden server, written for users who want a lighter self-host footprint than the official Bitwarden server's Microsoft-stack containers; Vaultwarden is API-compatible with Bitwarden's official clients, listed separately at xmr.club. The Bitwarden clients themselves are open source under the AGPLv3 license; the server code is under the same license.

What you trust. End-to-end encryption — your vault is encrypted client-side with PBKDF2 (configurable iterations) key derivation from your master password; the server stores ciphertext only. Open-source clients + server — every component is auditable; reproducible builds documented. Cure53 audited cryptography — audit reports public, findings remediated. Self-host option — official Bitwarden server (Microsoft-stack) or Vaultwarden (lightweight Rust reimplementation) — both API-compatible with Bitwarden's clients. Zero-knowledge architecture — Bitwarden, Inc. cannot read your vault even with a court order, because they don't have the key. Strong cryptography — AES-256 for vault content, RSA-2048 for key exchange in shared organisations, PBKDF2 + scrypt-equivalent KDF for master password. 2FA support — TOTP, FIDO2/WebAuthn (hardware tokens like YubiKey), Email codes, Duo. What you don't trust: master password loss is unrecoverable — Bitwarden cannot reset your password without breaking the zero-knowledge model. Set up an emergency-access trusted contact, or print a paper backup of your master password. Light-KYC at signup — Bitwarden requires an email address for the account; use a privacy-respecting email if signup-privacy matters.

Operational specs. Platforms: macOS, Windows, Linux desktop apps; iOS, Android mobile; web vault at vault.bitwarden.com; browser extensions for Firefox, Chrome, Safari, Edge, Brave; CLI client for scripting. Vault content: passwords, secure notes, credit cards, identities, files (paid tier). Sync: encrypted vault syncs via Bitwarden server (or your self-hosted server); the server never sees plaintext. Free tier: unlimited passwords, unlimited devices, optional TOTP storage (basic), 1 cipher type per item, basic 2FA (email + TOTP). Premium tier ($10/year): TOTP code generation for any service, file attachments (encrypted), Bitwarden Authenticator (TOTP-only standalone app, separate), advanced 2FA (FIDO2/WebAuthn, Duo, YubiKey OTP), security health reports, emergency access. Families plan: $40/year for 6 users with shared vault items. Organizations: enterprise tiers with shared collections, granular access control, audit logs. Payment methods: credit card, PayPal — no cryptocurrency option directly (this is a notable gap vs Standard Notes or some VPN providers). Encryption: AES-CBC-256 for ciphertext, HMAC-SHA-256 for integrity, PBKDF2 with configurable iterations (default 600,000+). Self-host: official server (Docker), Vaultwarden (lightweight alternative), both with documented setup.

Philosophy. Bitwarden's editorial differentiator is the convenience-with-bailout-option posture. KeePassXC is the local-first canonical for users who treat password storage as infrastructure they fully control. Bitwarden is the canonical for users who want cross-device sync without thinking about file-sync mechanics, but who don't want vendor lock-in: if Bitwarden, Inc.'s priorities change (acquisition, business model pivot, jurisdiction change), users can deploy Vaultwarden or the official self-host server and migrate their data without losing functionality. This bailout option is the editorial signal that distinguishes Bitwarden from closed-source competitors (1Password, LastPass, Dashlane) where the same scenario would mean exporting your data and rebuilding your workflow elsewhere.

Grade rationale. Grade A reflects: open-source AGPLv3 codebase (both clients and server); 9+ years of operational continuity (since 2016); independent Cure53 audits with public findings; cross-platform clients (desktop, mobile, web, browser extensions, CLI); end-to-end encryption with documented cryptography; zero-knowledge architecture; self-host fallback via official server or Vaultwarden (community Rust reimplementation, API-compatible); generous free tier (unlimited passwords + devices); strong 2FA support (TOTP, FIDO2/WebAuthn, Duo); cross-listed in Privacy Guides peer directory as the recommended cloud-sync password manager. Last verified 2026-05-12.

Useful when. You want cross-device sync for your passwords without managing file-sync mechanics. You want a password manager that's open-source + auditable + has a self-host fallback option. You're an organisation or family that needs shared password vaults with granular access control. You want TOTP-in-password-manager convenience (paid tier) — the trade-off is single-compromise-exposes-both-factors. You want a proper 2FA on the vault itself — FIDO2/WebAuthn support is solid on the paid tier. You're considering self-host but want to start with the hosted service to evaluate; you can migrate to self-host (Vaultwarden) later without losing functionality. You want emergency access for trusted contacts to recover your vault in case you become incapacitated (paid tier feature). You're a developer who wants a CLI to script credentials access for build pipelines.

Caveats. No cryptocurrency payment — credit card / PayPal only at this writing; if you want a password manager you can pay for with XMR/BTC, your options are limited (KeePassXC is free; Standard Notes accepts crypto for notes but not passwords specifically; some paid password managers accept crypto but with weaker open-source stories). Light-KYC at signup (email required) — unlike KeePassXC's no-account model. Use a privacy-respecting email if signup-privacy matters. TOTP in password manager is convenience-vs-defence-in-depth tradeoff — storing your TOTP secret alongside your password means a vault compromise exposes both factors. For high-stakes accounts, use a separate authenticator app (Aegis on Android, Ente Auth cross-platform) or a hardware token (YubiKey). Master password recovery is impossible without backup — zero-knowledge cryptography means a forgotten password is unrecoverable. Set up emergency access (paid tier) or print a paper backup. Bitwarden, Inc. is US-incorporated — for users whose threat model involves US-state-actor concerns, the operator jurisdiction is a factor. Self-host with Vaultwarden eliminates the operator concern entirely. Server-mediated sync is unavoidable on the hosted service — even though the server only sees ciphertext, it sees connection metadata. Self-host eliminates this. Vaultwarden is community-maintained — not officially supported by Bitwarden, Inc. The Vaultwarden team is active and the project is well-regarded, but the maintenance is a separate trust evaluation. Some advanced features are paid-only — file attachments, TOTP generation, Bitwarden Authenticator, advanced 2FA. The free tier covers the password-storage core; the paid tier adds quality-of-life features. Browser-extension surface adds fingerprinting risk — the extension is auditable but installing browser extensions adds attack surface generally; for high-threat users, consider whether the autofill convenience is worth the extension footprint. No native voice/audio support — passwords + notes + identities + files only.