BitWarden is not free if you compare apples to apples, and sign up for the same features including cloud hosting, 2FA, and family or enterprise accounts.
$620M isn’t for a password manager, it’s financing for a business with an enormous and growing user base.
Bitwarden is free for individuals and couples. So, it's free user-friendly (WAF!!) wise [0] in comparison to 1pass [1]. But much more important thing is the fact that bitwarden is open source and 1pass not. Closed source is deal-breaker for me.
"Crippled" is a big word. It does everything that KeePass would do, for example; it only falls short when it comes to sharing passwords among a group or family (you can send a secret via BW Send, but you cannot have a shared store unless you pay for Premium).
Yubikey and its likes are advanced features that the overwhelming majority of regular users will never need.
"Crippled" implies a degree of everyday suffering in the "cripple", or a downgrade from a previous state of health. The advanced features in Bitwarden were never free, in fact I think some of them were eventually added to free plans too. I honestly don't even want stuff like yubikey support, and could see that as feature bloat!
I don't expect everything to be free, I'm perfectly fine with the freemium model when the set of free features is reasonable - as, in my humble opinion, is the case with Bitwarden. So I wouldn't use a word like "crippled" when it's more like "normal for regular users vs enhanced for advanced needs".
I thought that it had all the same features, just not cloud sync. As far as I know the Yubikey is used for authenticating with their sync server. It doesn't actually help with the encryption
Bitwarden's free plan does have end-to-end encrypted cloud sync with no device limit. The free plan lacks TOTP support, but Bitwarden's $10/year plan does include TOTP support and is cheaper than 1Password's $35.88/year plan. Bitwarden is also open source, while 1Password is not.
I'm referring to Bitwarden Authenticator, which stores TOTP secrets and displays 6-digit codes like Google Authenticator does.[1] This feature requires a Bitwarden Premium account, with the $10/year plan being the cheapest option.[2] (Self-hosting through Vaultwarden is another option.[3])
This is separate from having TOTP 2FA on the Bitwarden account itself, which is available on the free plan.[4]
Well let me ask the much more obvious question, for something as important as protecting your passwords, why on earth would you go with a proprietary service where you have no idea about the security, that could take away your access at a whim without any recourse for you?
> Because much like privacy, password security shouldn't always be only a premium option.
So then who foots the bill? Password managers are the duct tape used to protect a user because we don't inherently trust application providers.
> proprietary code is a deal break for lots of people
Sort of. First, "lots of people" seems like "lots of people" because we're on HN. The wider population doesn't care whether your application is proprietary or not - they just want something that works. Apple's wall garden is proof of this. Second, you can still charge for a product and it be open source. An application being open source simply provides an audit log of the code and allows for "wisdom of the crowd" when it comes to bug and security issues. So yes I agree that having a password manager be openly auditable is a great feature, but I (and many others) likely would rather have the features of strong UX and known tenure (OSS tools get abandoned all of the time) then we would having an auditable source code.
Bitwarden does charge for certain features like TOTP support, organizations, and enterprise features. They manage to have subscription income while remaining open source, whereas 1Password chooses to keep its code closed source.
If you are saying that Bitwarden is worse because it offers a free plan, I disagree. It's nice that Bitwarden offers a security-audited* password manager to those who can't afford a subscription, who aren't ready to pay for one, or who don't have the means to make payments online. Unlike 1Password, Bitwarden is not pressured to deliver high returns to venture capital firms, and Bitwarden can focus on providing its product to its users at superior price points.
> Unlike 1Password, Bitwarden is not pressured to deliver high returns to venture capital firms, and Bitwarden can focus on providing its product to its users at superior price points
Well said - and this is the important part of the 'non-proprietary' argument of mine (above) - right now I consider 1Password's real customers being their shareholders/investors, not its users - the users are just another tool they use to bring value to their real customers (investors,etc.).
> If you are saying that Bitwarden is worse because it offers a free plan, I disagree.
For the record, I'm not. The overall discussion was that charging for a product was somehow bad. Bitwarden does charge for their product, just at higher tier levels. My bigger point is that you do want a provider that is going to stay solvent so charging money (which Bitwarden also does) is not some perverse way of satisfying customers.
$620M isn’t for a password manager, it’s financing for a business with an enormous and growing user base.