Lastpass hasn’t earned itself many supporters recently, and Bitwarden is coming for its password management crown with a massively feature-packed, cross-platform free consumer tier. It’s also almost unique in having a free business tier which, while limited to two users, is an obvious choice for micro-businesses and partnerships. The main drawback is that it has more limited 2FA options and lacks support for advanced features such as attaching encrypted files to entries and password vault health reports.
Bitwarden Teams expands on this free two-person tier, with an API for easy automation, event logs, user groups, a directory connector to automatically manage users when they’re added to your corporate LDAP server, extra two-factor authentication options, password vault health analysis, and the ability to grant emergency access rights to trusted users.
For larger businesses, Bitwarden Enterprise is very competitively priced, supports SSO and granular policy control, has the transparency benefit of open-source code and the convenience of a fully managed service. It’s also priced comparably to the mid- or entry-level tiers of many rivals, and if you want, you can even self-host it on your own servers with no additional licensing.
Bitwarden review: Client features
The web-based incarnation of Bitwarden’s vault and settings are more functional than beautiful. Everything’s pretty easy to find, although we’d have liked download links to the critical Bitwarden apps to be more clearly signposted. You’ll find them on the pull-down from your profile icon at the top right, and at https://bitwarden.com/download/.
Dedicated desktop apps are available for Windows, macOS and Linux. Mobile apps cater to iOS and Android, with the open source F-Droid store hosting a copy for de-Googleised Android devices. An extensive range of browsers are covered, including Firefox, Safari, Chrome and browsers that share their rendering engines, even with the unusual addition of Tor Browser.
Bitwarden’s command line tool (which primarily exists to make automation easier) is available for bash and PowerShell, and can be found via a number of package managers including NPM – the recommended install path if you’re already using node.js – Homebrew, Chocolatey and Snap.
The client is eminently easy to use and does exactly what you’d expect from a password manager. Corporate users of Bitwarden get a free personal account, which they’ll log into to access their corporate password collection. When they save a password, they’ll be prompted to choose whether it belongs to their personal account or in the business’. Business passwords have to be in a collection, and the collections that each user is given access show up in their clients and online vault.
The Google Play Store version of Bitwarden’s Android client was recently found to include two trackers, which the company has convincingly justified as required for push notifications and crash reporting; if you’d rather avoid them, they are not included in the version distributed on F-Droid.
Bitwarden review: Management features
Users can be invited with standard, limited privileges to access items in collections that have been assigned to them and, if they are given write access, to add, edit and delete passwords and secure notes from those collections.
Managers have the power to assign users and groups to collections, as well as to create and delete said collections. Admins can create and assign users to user groups, invite new users, manage policies, check event logs and export the organisation’s vault data en masse, making this a role of trusted authority.
Only the owners can control billing, subscriptions and integrations for third-party applications and services. However, custom roles can also be created, providing granular control over exactly who gets to do what. Additional permissions are available to Enterprise admins via the Bitwarden Business portal.
We’re not too keen on this division between the main management interface and this dedicated portal for making policies and SSO. It’s easy to use, and we like the addition of features such as the ability to deny personal password ownership for organisation users and mandate specific security and password options. However, there aren’t quite as many settings here as you’ll find in comparable services from Dashlane, Keeper, and LastPass, and relatively few options are spread across rather too many pages.
Bitwarden review: Verdict
Bitwarden’s Free Organization tier has limited features, but is entirely free. For those who need more than two users and two collections, Bitwarden Teams costs $36 per user, per year or $4 per user, per month and the Enterprise tier costs $60 per user, per year or $6 per user, per month if you don’t want to commit to a full year.
This puts it among the cheapest business password management services around, and the Enterprise tier, with its fine-grained policy control, would benefit businesses of almost any size, even if they don’t need SSO. Furthermore, Bitwarden’s transparent, audited, zero-knowledge approach to security is solid and thoroughly documented.
Although its admin interface isn’t the most polished around, Bitwarden’s excellent feature set and well-designed range of cross-platform clients, as well as its low prices, make it our favourite business password management service.