Bitwarden is an open-source password manager launched in 2016 by Kyle Spearrin, headquartered in Florida. Free tier covers personal use with unlimited passwords across unlimited devices. Premium tier ($10/year) adds hardware-key 2FA, encrypted file attachments, and emergency access. Self-hostable for users who want to run their own server (Vaultwarden is the lightweight community-built fork popular in self-hosting communities).
What it means in practice
Bitwarden’s structural value: open source (the client and server code are auditable on GitHub), free for the use case most consumers actually need, and self-hostable for users who do not want to trust the Bitwarden cloud. Independent audits (Cure53 multiple times) have validated the encryption architecture (PBKDF2 by default with 600,000 iterations, Argon2id available since 2023, AES-256-CBC for vault encryption, end-to-end with the master password as the root). The trade-offs against 1Password: less polished UX in some flows, the audit cadence is regular but slightly less aggressive than 1Password’s, and the Watchtower-equivalent (Reports) is less feature-rich though functional. Predaxia’s editorial position: Bitwarden is the right answer for users who prioritize open source and self-hosting capability, 1Password for users who prioritize UX polish and the Secret Key architecture.
Who uses it, and against whom
Customer base: privacy-conscious individuals attracted by open source, developers and security-aware users who appreciate the auditability, small-to-mid-size organizations using Bitwarden Teams or Enterprise tier, and the self-hosting community running Vaultwarden on personal infrastructure. Adversaries: account-takeover crews running credential-stuffing against the Bitwarden cloud login (defeated by hardware-key 2FA on the Bitwarden account), targeted phishing against the master-password entry (the Bitwarden browser extension’s autofill behavior detects domain mismatches), and the structural threat that an attacker with access to your unlocked computer reads everything in the open vault (mitigated by short auto-lock timers).
What you can change today
Sign up at bitwarden.com with a Diceware passphrase you have memorized as the master password. Enable 2FA in Account Settings, Security, Two-step Login: TOTP via Aegis or Raivo on the free tier, hardware key (YubiKey) on the $10/year Premium tier. Install the browser extensions and mobile apps. Import existing credentials from your prior manager (Bitwarden has importers for most major formats). Set the vault timeout to 5-15 minutes of inactivity rather than the default longer values. Walk through the Reports section quarterly to identify reused, weak, or breached credentials and rotate them. Total setup: 2 hours; ongoing maintenance: minutes per month.
