Hacker News new | past | comments | ask | show | jobs | submit login

I haven't had a single bad experience with Bitwarden. I even pay for it now and still run it locally just to support them. Highly recommended if you don't want to be forced into 1Password's service.

I moved to Bitwarden from Lastpass also, and I'm definitely happy for the most part.

The chrome extension leaves a tiny bit to be desired, but definitely still usable:

* Not as good about determining correct sign-in URL and lots of times will send me through the auth redirect from registration

* Launching sites without mouse isn't possible (shortcut exists to open extension but can't select site to launch it using arrow keys, for instance)

* Button locations aren't consistent between search view and opening it on a site you have a password on

Definitely still the best for me though. It's frustrating, though, that I don't feel like the paid plans really give me anything useful, so I'd be paying basically just to support the product (which I'm happy to do!). It's a weird spot for sure, I feel like table-stakes for a free password product is infinite devices + usable browser extension + phone apps + password generation. But figuring out what to add on top of that is always either directed at businesses or families, or things I don't care about like 2FA or an authenticator. I want to support you, damnit!

One other thing I do not like about BW (but not enough to switch) is that when you click out of the bitwarden window, it disappears and loses your place so you have to navigate to the secret again. Kind of annoying if you are on a website that resists autofill or want to copy something from custom fields.

Tip: Pop-out the extension as a window. Even if you close it, your browser’s Ctrl+Shift+N is going to restore that window with the same secret/state, even if the vault locks.

I don’t have issues with the URL, there’s lots of options for how the matching works. I found it to be superior to 1Password (tho I haven’t used that in a few years so I donno if they improved it)

The paid plan support OTP token and allow big file so you can embed stuff like google cloud json token file. The free has 1000character limit(per field) if I remember correctly.

Bitwarden run so much faster than 1password despite being a browser extension.

The CLI is great too. I pretty much use it like a cheap version of Vault to feed secret into K8S.

I use chrome shortcuts. In extensions, look at the option to assign keyboard shortcuts. I have set it Alt+D combination. The 2FA codes are copied in the background, and when the screen comes, ctrl+v does the magic. Simple.

I'm also happy with Bitwarden--I switched from 1Password a while ago when 1Password started the push toward subscription (which involved dropping support for features that I used, and dark UI patterns around pushing the subscription version as well as getting and using the non-subscription version).

I had bought several versions and both the Mac and Windows editions of 1Password over time, none of which were what I would consider inexpensive for a password manager. I consider their treatment of me as a customer to have been terrible.

I wouldn't be so pissed off about it if they had just dropped the product and started a new one, but slowly turning something paid for, used regularly, and liked into something different that I didn't want at all tells me that they are absolutely not worth doing business with again. They're not trustworthy.

I use Bitwarden for shared passwords with my family (using an Organisation).

For my personal passwords, I prefer keeping a local KeePass vault (I access over a local network drive, VPN in elsewhere).

I totally agree that primitives are some of the least important parts of choosing password managers, but what I like about KeePass is that you can use Argon2 as the password derivation function and specify your hardness factors. Because my laptop and desktop have a strong-enough CPU and I don't mind waiting 20-or-so seconds before the first unlock, I can set quite high values for this.

I love that KeePass works with pretty much whatever sync service you prefer. Personally, I use it with Google Drive and it even works with Android/iOS clients. However, would definitely recommend KeePassXC for desktop.

The browser integration is... Crap though especially compared to 1Password. Is there even a Safari integration?

Dev here.. Thanks for the feedback. Please note that you're comparing a big product to a small open source software :) Of course would like to know how to make the extension better, so if you want to help us, make an issue to GitHub, thanks. Safari integration is coming eventually.

Bitwarden's UX is so frustrating. The Firefox extension has no memory to it.

For example, if you're logging into your credit card provider from Mint.com, you have to search your card, copy the username. when you paste the result on Mint, you lose the window, and you have to re-search for your card to get the password. Very frustrating.

Does it still do that if you click the pop-out button so that Bitwarden has it's own window?

It doesn't, but you shouldn't have to do that.

I agree - the UX of the extension isn't that great.

This is probably an edge case where the fields in the browser cannot be identified by their ids/classname. In this kinds of a scenario, you can set extra fields (and their corresponding values) in Bitwarden after inspecting the field elements in Dev tools.

No he means that Bitwarden's extension does not remember state. When you go back and forth between the form and opening the extension window, you always start at the default page. It does not remember you had an item open before. This happens with your credit card for instance which is typically not linked to a particular url.

This is one of my annoyances as well. Copy the credit card number... go to paste it. Come back and you have to find the credit card again and then copy the next bit... then go paste and when you come back you're once again presented with the full list so you have to go find the credit card again.

I've found just opening the main app to be a better solution in these cases, but it sure is annoying.

What caused me to not consider Bitwarden was the way it handled iframes. It could send the parent sites credentials to an iframe even if the iframe was on a different domain. This is a big no-no in my book.

This was a discovery in a security review they did and choose not to change.

This was some time ago so things may have changed. But, that red flag kept me away.

Most likely because credit card forms are very often served in iframes. 1Password fills iframes too (though maybe only for cards, not sure).

1Password fills iframes based on their domain rather than the parents. If you have an entry in 1Password it will use the value for the domain of the iframe.

I’ve gone so far as to test this.

In my opinion this is the right security model

That definitely makes sense for logins.

+1 for Bitwarden

I used to use Enpass and never had an issue but it's not open-source and you have to pay for Mobile client.

I'm in the same boat. Password sharing with my wife was a big plus for Bitwarden, and I got my kids in on it as well. I paid for the family plan and can share select items with my kids.

It's honestly fantastic to see how they have adapted to password managers.

I stay with Enpass.

Same here. Enpass works perfectly for me (I don't require family sharing, though, so no idea if it's lacking in that respect).

Bitwarden all the way. I've never had a single issue at all with them, and it always just works which for me is the single most important feature

Bitwarden and KeePass here, bitwarden is very good. I do not use browser plug-ins so both are kind of the same but bitwarden just wins on the little things.

You might want to check out the Strongbox iOS app if you don't use Desktop, it's also really good. It uses a Keepass database also.

May I ask why do you use both Bitwarden and KeePass? Do they have some kind of story of working together?

personally, i use bitwarden for passwords only, and i store backups of OTP seeds in a seperate keepass file.

I have my OTP codes on yubikey for daily use. (works great, and breaking a yubikey is a lot harder then destroying your phone and losing all your OTP).

Yes it has been a breeze to switch to it, especially with their native import of Lastpass logins.

Lastpass frequently messed up the autologin and injected a lot of ugly css/html in the forms which Bitwarden doesn't.

Also it works really well as a chrome extension with Kiwi browser on Android.

What's the main point of Bitwarden or competitors over traditional password managers such as KeePassXC? Better autofill features?

Multi-device access, browser integration, mobile platform integration, and sharing with spouse or team members. I know there are solutions to some of those based on some variant of KeePass, but using something like Bitwarden is very easy. Bitwarden is really nice in that you can host the server yourself (or use bitwarden-rs), so you're not having to mess around with WebDAV or some other storage sharing mechanism.

What I’m getting is "it’s easier to set up"?

Though one more point that’s more than just "ease of use" is probably shared access. AFAIK Keepass has issues there while bitwarden (IIRC) supports it completely.

Advantages of bitwarden:

- conflict-less sync; with KeepassXC, I learned to live with keepass-diff, once the inevitable sync conflict happens

- no need to have entire app running, or even installed; in browser, the extension is enough. KeepassXC was a kind of annoying to launch.

- password sharing

Advantages of KeepassXC:

- can autofill http auth dialogs; bitwarden still cannot do this

- can serve as ssh agent, so synced database takes care of your ssh keys too

I have bitwarden for my company stuff, and I find it .... very clumsy. The interface is nowhere near as polished as 1password IMHO

yeah the interface is crap compared to 1password but i do find a bit of comfort that even though it's not the best interface it's fully opensource unlike 1password.

+1 on Bitwarden. UX is perhaps not perfect. I've had some IOS sync issues but that seems to have gotten much better. Use it in Firefox every day and have no complaints.

I convinced my wife to pick it up and we now share a bunch of stuff and she loves it. And she's low tolerance for UX issues.

Is there a good command line client for bitwarden. I recently moved from keepass (using kpcli) to bitwarden (so I can share passwords with my spouse), but am so far, very unhappy with the command line tools.

The official command line tool is way too clumsy. I've tried rbw and rbw-fzf which are ok. rbw doesn't let me view all properties of an entry (attachments, notes), and rbw-fzf has issues if things have spaces in them and is limited to only passwords, not other info.

I'm a happy and paid user of bitwarden too. On top of being open source, what made me choose it is that the desktop client downloads my vault locally in an open and secured format. So I can make an automated backup of this file wherever I want.

Mostly the same; but the only thing I miss in Bitwarden compared to Lastpass is, if the vault is logged out, it doesn't prompt me to log in (to the vault) when it finds a login prompt for a site I have saved in the vault.

Same. Left 1Password for Bitwarden and have zero regrets.

Been paying since 2017 and it’s totally worth it.

i switched from lastpass to bitwarden for about a year or so and its what i recommend to most people.

i would be still using it myself but i also wanted to login to desktop applications so ive been using keepassXC since.

keepass's auto-type feature is also a great way of autofilling passwords without having to give your browser access to your password vault

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact