Affiliate links on Android Authority may earn us a commission. Learn more.
Is Bitwarden safe? Here's what you need to know.
It’s essential to choose services that value your personal data and security, and this is especially true with password managers. These services keep some of your most precious information safe from prying eyes. One service many users swear by is Bitwarden, but is Bitwarden safe? We explore this question in more depth below.
QUICK ANSWER
In our experience, Bitwarden is safe to use. The company employs the zero-knowledge encryption method with a near-impenetrable encryption algorithm, only stores encrypted versions of your passwords within a secure vault, and uses open-source code that the public can scrutinize. These systems and measures help bolster Bitwarden's security.
JUMP TO KEY SECTIONS
Is Bitwarden safe?
Yes, in our experience Bitwarden is safe to use. The service takes security seriously and implements several methods to protect its users.
For one, it employs zero-knowledge encryption, ensuring data is encrypted with a user’s unique encryption key before being sent to Bitwarden’s servers. This means that Bitwarden, or any other party, can access your encrypted passwords unless they know your key. If you don’t like the idea of this data being hosted by Bitwarden, you can also run a self-hosted instance of the service. Bitwarden also employs AES-256 encryption. This algorithm is pretty near impenetrable and uses a 256-bit key to scramble your data into random information that bad actors cannot use. This method is also practically resistant to brute force attacks.
To add another layer of security, Bitwarden also uses two-factor authentication. Even if a user knows your account email and master password, they’d still require the unique one-time PIN to log in to your account and access your passwords. Nevertheless, keeping your unique log in details safe is always a good idea. Unlike other password managers, Bitwarden also uses open-source code that can be viewed on GitHub. This allows for more transparency and allows anyone to scrutinize its inner workings. Finally, Bitwarden invites annual audits from third-party firms in the security industry. These findings are then published and perusable by the public.
These methods and measures make Bitwarden a great password management tool for those who put security and open technology first.
How does Bitwarden store passwords?
According to Bitwarden, the company does not store user passwords. Instead, it holds “encrypted versions” of passwords that can only be unscrambled using a user’s unique encryption key. Any encryption is done on-device before that data is relayed to Bitwarden’s servers. As mentioned above, users can also self-host Bitwarden on their devices or the service of their choice.
Can Bitwarden be hacked?
As mentioned above, Bitwarden uses zero-knowledge encryption, which means that Bitwarden itself cannot access your data — only you can by using your master password. This stands to reason, then, that the only way a bad actor can access your password vault is by obtaining your master password.
With this in mind, there are a few things to consider when creating and keeping your master password safe. For one, create a strong master password that’s not easily guessable and contains numbers, special characters, and upper/lowercase letters. Once you’ve created your Bitwarden account, you should enable two-factor authentication. This will provide another protection barrier, even if your master password is compromised. Finally, if you absolutely have to access Bitwarden on a publically-available computer, always log out.