Bitwarden

bitwarden.com
Bitwarden

Fully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also Vaultwarden, a self-hosted, Rust implementation of the Bitwarden server and compatible with upstream Bitwarden clients.

Open Source

Bitwarden Privacy Policy

Privacy Policy Summary

  • The service provider makes no warranty regarding uninterrupted, timely, secure or error-free service
  • The service does not guarantee that software errors will be corrected
  • This service prohibits users from attempting to gain unauthorized access to other computer systems
  • This service gives your personal data to third parties involved in its operation
  • The court of law governing the terms is in California, USA
  • Some personal data may be kept for business interests or legal obligations
  • Information is provided about what kind of information they collect
  • Information is provided about how they collect personal data
  • Information is provided about how your personal data is used
  • Users are responsible for any risks, damages, or losses they may incur by downloading materials
  • The service is provided 'as is' and to be used at the users' sole risk
  • Features of the website are made available under a free software license (AGPL) v3.0
  • The terms for this service are easy to read
  • You authorise the service to charge a credit card supplied on re-occurring basis
  • You are entitled to a refund if certain thresholds or standards are not met by the service
  • Promises will be kept after a merger or acquisition
  • You are tracked via web beacons, tracking pixels, browser fingerprinting, and/or device fingerprinting
  • A list of all cookies set by the website is provided
  • The service provides two factor authentification for your account
  • Information is provided about how your personal data is collected
  • This service claims User-generated content is encrypted, and they can not decrypt it

Score

B

Documents

Domains Covered by Policy

  • bitwarden.com
  • bitwarden.eu
  • passwordless.dev

About the Data

This data is kindly provided by tosdr.org. Read full report at: #1348

Bitwarden Source Code

Author

bitwarden

Description

Bitwarden infrastructure/backend (API, database, Docker, etc).

#api#aspnet#aspnetcore#bitwarden#csharp#docker#dotnet#dotnet-core#signalr#sql#sql-server

Homepage

https://bitwarden.com

License

NOASSERTION

Created

23 Nov 15

Last Updated

30 Jun 26

Latest version

v2026.6.1

Primary Language

C#

Size

54,080 KB

Stars

19,315

Forks

1,680

Watchers

19,315

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • Jimmy Vo (30 Jun 26)

    [PM-38798] Create validation link confirmation (#7895)

  • Justin Baur (30 Jun 26)

    Stripe integration tests (#7828) * Add General Integration Test Doc * Add extensive stripe tests * Run formatting * Add Billing as owners

  • Justin Baur (30 Jun 26)

    [PM-39512] Stricter data protection errors (#7837) * Add tests showing the poor error behavior when there are issues getting certificates * Fix tests by failing earlier with better errors * Make tests even stricter * Add more explicit catch cases

  • Oscar Hinton (30 Jun 26)

    [PM-39734] Support Minimal API endpoints in OpenAPI (#7874) * Support Minimal API endpoints in offline OpenAPI generation Extract the PAM-free swagger foundation from the PAM POC so it can land on main independently. - Add Bit.HttpExtensions.StandaloneEndpointDataSource and the AddOpenApiEndpointDataSource registration helper. The offline OpenAPI generator (dotnet swagger tofile) never runs the Configure pipeline where Minimal API endpoints are mapped via UseEndpoints, so it omits them. A single DI-registered EndpointDataSource composes every feature's mapping delegate and is gated to swagger generation only, so it never replaces the runtime composite EndpointDataSource that routing and link generation depend on. - Teach SwaggerGenOptionsExt.BuildOperationId and ActionNameOperationFilter to derive the operation ID and action name from the endpoint name set via .WithName(...) when there are no controller/action route values, as is the case for Minimal API endpoints. - Guarantee BuildOperationId never returns a null/empty operation ID: a Minimal API endpoint mapped without .WithName() now falls back to a deterministic id derived from the HTTP method and route template. Swashbuckle writes the selector's value straight onto operation.OperationId, so a null/empty id would collapse distinct endpoints together and abort spec generation via CheckDuplicateOperationIdsDocumentFilter. - Add unit tests for BuildOperationId (including the route fallback), the ActionNameOperationFilter endpoint-name branch, StandaloneEndpointDataSource composition, and AddOpenApiEndpointDataSource gating/registration. * Make internal

  • Stephon Brown (30 Jun 26)

    [PM-37514] Support Teams 2019 Migration (#7864) * style(global): remove byte order mark from files * feat(billing): introduce SeatCountPolicy enum for plan migrations * feat(billing): add SeatCountPolicy to MigrationPath record * feat(billing): define Teams 2019 migration paths with ActualUsage policy * feat(billing): implement ActualUsage seat calculation in PriceIncreaseScheduler * feat(billing): update UpcomingInvoiceHandler to support SeatCountPolicy * test(billing): add unit tests for Teams 2019 migration seat policies * test(billing): update MigrationPathIds snapshot tests for new paths * feat(billing): consolidate packaged plan seat items to usage-based line in migrations * docs(billing): clarify SeatCountPolicy enum and packaged plan migration logic comments * feat(billing): add update subscription handler logic for plan migrations * fix(billing): run dotnet format * feat(billing): introduce plan migration extension methods * test(billing): add tests for plan migration extensions * refactor(billing): use plan migration extensions in SubscriptionUpdatedHandler * refactor(billing): use plan migration extensions in UpcomingInvoiceHandler * refactor(billing): use plan migration extensions in PriceIncreaseScheduler * refactor(billing): extract packaged migration source check * fix(billing): run dotnet format * Update src/Billing/Services/Implementations/SubscriptionUpdatedHandler.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * fix(billing): carry Phase 2 seat quantity for packaged subscriptions * test(billing): add tests for Phase 2 seat quantity in subscription preview --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

  • Jared McCannon (30 Jun 26)

    [PM-28365] - Add Feature Flag Admin Initiated Member Email change (#7887) * Adding Feature Flag for Admin initiated member email change work. * yep

  • Mick Letofsky (29 Jun 26)

    Minor but important doc update to align with other overrides (#7889)

  • Jared Snider (29 Jun 26)

    Seeder: fix RecipeOrchestratorIntegrationTests build after SeederDependencies arity change (#7888) SeederDependencies gained a 5th ILicensingService parameter (PR #7780) before PR #7870 merged; the new integration test file still used the 4-arg ctor, breaking the main build. Pass null! for LicensingService alongside Mapper - neither is touched by the pre-flight guard these tests exercise.

  • Jared Snider (29 Jun 26)

    Seeder: add --owner-email and --org-name CLI override flags (#7870) Adds two CLI flags to util/SeederUtility for parameterizing preset and organization seed runs: - --owner-email: override the default owner@<domain> owner address - --org-name: override the fixture/preset-supplied organization name Both flags route through a new SeederSettings record, picked up by CreateOrganizationStep, CreateOwnerStep, and CreateRosterStep (the roster path was a mid-development bug discovered during e2e testing — presets with roster-declared owners bypass CreateOwnerStep, so the override has to apply at the roster step too). Adds a pre-flight DB check in RecipeOrchestrator that throws an actionable InvalidOperationException when --owner-email collides with an existing User.Email, rather than letting BulkCommitter fail with a deep SQL unique-constraint exception. The check is skipped when --mangle is enabled (per-run unique tag prevents collisions). Test coverage: 43 new tests under test/SeederApi.IntegrationTest/ {Cli,Pipeline,Steps}/, including SQLite-backed integration tests verifying both RecipeOrchestrator.Execute overloads invoke the guard. Test project dependency: SeederApi.IntegrationTest now references util/SeederUtility (was: util/Seeder only). This was added so the new test/SeederApi.IntegrationTest/Cli/ tests can construct PresetArgs and OrganizationArgs directly to exercise their Validate() and ToOptions() logic. CommandDotNet appears as a transitive entry in packages.lock.json as a consequence — it is the CLI parser SeederUtility already uses (via PackageReference Include="CommandDotNet"), not a new runtime dependency of the test process. Only types reachable from PresetArgs/OrganizationArgs (the [Option] attribute) are touched at test time; the actual CommandDotNet runtime is not invoked by tests. Note: tests for the new override flags live in the existing SeederApi.IntegrationTest project even though they are mostly unit-scope. The project is a long-standing hybrid; a proper test/Seeder.Test split is a separate follow-up.

  • Jackson Engstrom (29 Jun 26)

    [PM-29251] Remove pm-23384-browser-premium-spotlight feature flag (#7885)

  • Jackson Engstrom (29 Jun 26)

    [PM-19169] Remove feature flag pm-19148-innovation-archive (#7884)

  • Shane Melton (29 Jun 26)

    [PM-31107] Seeder: blob-migration preset + fido2/password-history/linked-field fixture support (#7809)

  • Ned Thompson (29 Jun 26)

    add MyItems to ApplyEnterpriseFeatures (#7882)

  • Jared McCannon (29 Jun 26)

    [PM-38928] - Add name, email to org user update (#7871) * adding name and email to the request model * Created nullable strict email for when its nullable.

  • github-actions[bot] (29 Jun 26)

    Bumped version to 2026.6.2 (#7879) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

  • Mick Letofsky (26 Jun 26)

    PM-33964 - Resolve defect in premium user licensing (#7788)

  • Alex Morask (26 Jun 26)

    [PM-39569][PM-39286] fix: Wait for Stripe test clock before migration grace write (#7872) The schedule-triggered business migration wrote SM grace metadata to the subscription without waiting for an advancing Stripe test clock to settle. In the test-clock-driven QA migration flow the write was rejected, 500-ing the webhook and leaving the org plan-changed but with MigratedDate unstamped (PM-39569's 500; PM-39286's org stuck in "Scheduled"). Wait for the clock to settle before the grace write, mirroring the unpaid-cancel path. No-op in production, where there is no test clock. Also consolidate the duplicated WaitForTestClockToAdvanceAsync onto IStripeAdapter and move the Stripe test-clock statuses into StripeConstants.

  • sven-bitwarden (25 Jun 26)

    [PM-35314] Backfill Revocation Reasons to All Users (#7713) * Proposed mgiration for backfilling users to have revocation reasons * fix lint issues * update migration + PR comments * fix migration name * fixes migration files --------- Co-authored-by: rkac-bw <[email protected]>

  • Oscar Hinton (25 Jun 26)

    [PM-39561] Copy ListResponseModel from Api to HttpExtensions (#7868) With PAM we are storing endpoints in a separate dotnet library where they instead are imported into Api. We ran into an issue with ListResponseModel since it's currently in Api. ListResponseModel is a general-purpose API response wrapper. Moving it and ResponseModel to the HttpExtensions library. Which lets lower-level libraries reference it without taking a dependency on the Api project.

  • Alex Morask (25 Jun 26)

    [PM-39562] fix: Reconcile org seats to billed quantity on packaged-plan migration (#7869) * [PM-39562] fix: Reconcile org seats to billed quantity on packaged-plan migration A Teams Starter -> Teams migration billed the occupied per-seat quantity in Stripe but left organization.Seats at the flat bundle cap (10), leaving unpaid seat capacity and bypassing per-seat enforcement. Reconcile Seats to the billed seat line item quantity for packaged sources. * Add multi-item subscription test for seat reconciliation

  • Stephon Brown (25 Jun 26)

    fix(billing): allow license generation for sales trial orgs (#7793)

  • Robyn MacCallum (25 Jun 26)

    Add PM39071_DefaultPasswordManagerPrompt constant (#7866)

  • bnagawiecki (25 Jun 26)

    Add ability to enable SM on SingleOrgScene (#7861) * add enableSM logic to SingleOrgScene * give owner SM access on org seeding

  • Maciej Zieniuk (25 Jun 26)

    Revert "[PM-38851] Crypto cipher suite feature flag (#7852)" (#7863) This reverts commit 276410bacc5b05389979bf83c901a06cbe69804f.

  • Jared McCannon (24 Jun 26)

    [PM-38922] - Adding Problem Details Result (#7853) * Added problem details type and new project to hold it. * Removes dependency on Core and adds ext method to Api instead * adding packages.lock.json * few other lock files updated for deps

  • Dave (24 Jun 26)

    llm(rules): Auth tokenables must be minted via factory. (#7857)

  • sven-bitwarden (24 Jun 26)

    remove flag (#7865)

  • sven-bitwarden (24 Jun 26)

    [PM-33402] Remove Feature-Flagged Logic: pm-33398-refactor-members-invite-org-users-command (#7855) * remove feature-flagged logic for pm-33398 * formatting

  • Jared McCannon (24 Jun 26)

    [PM-39474] - Updating Lock Files (#7862) * Updating lock files from release * more files.

  • Ned Thompson (24 Jun 26)

    add AccessSecretsManager to OrganizationUserScene (#7860)

Bitwarden Security

6.4/10

Repo Security Summary

Updated 15 Jun 26

  • Maintained 10/10
  • Security-Policy 10/10
  • Code-Review 10/10
  • CII-Best-Practices 0/10
  • Dangerous-Workflow 10/10
  • License 9/10
  • Token-Permissions 0/10
  • Branch-Protection 5/10
  • Signed-Releases 0/10
  • Packaging 10/10
  • Binary-Artifacts 10/10
  • Pinned-Dependencies 2/10
  • Fuzzing 0/10
  • SAST 9/10

Bitwarden Website

Website

Best Password Manager for Business, Enterprise & Personal | Bitwarden

Bitwarden is the most trusted password manager for passwords and passkeys at home or at work, on any browser or device. Start with a free trial.

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address 151.101.193.91
  • Location San Francisco, California, United States of America, NA
  • ISP Fastly Inc.
  • ASN AS54113

Associated Countries

  • US US
  • FR FR
  • CA CA

Safety Score

Website marked as safe

100%

Blacklist Check

bitwarden.com was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview

Bitwarden Android App

APK Info

De-Googled Compatibility

Native 3.93 / 4 74 ratings
microG 3.99 / 4 92 ratings
  • GrapheneOS Native 3.9 / 4 (36)
  • CalyxOS microG 4.0 / 4 (13)
  • LineageOS microG 4.0 / 4 (11)
  • e OS microG 4.0 / 4 (9)
  • iodeOS microG 4.0 / 4 (8)
  • crDroid microG 4.0 / 4 (8)

Tested on Android 10–16 · Updated 25 Jun 26 · View on Plexus →

Trackers

  • Google Analytics
  • Google Firebase Analytics
  • HockeyApp
  • Google Tag Manager

Permissions

  • Access Network State
  • Access Wifi State
  • Camera
  • Internet
  • Nfc
  • Request Install Packages
  • Use Fingerprint
  • Wake Lock
  • Write External Storage
  • Receive
  • Write Use App Feature Survey

Bitwarden iOS App

App Info

Bitwarden Password Manager

Recognized as best password manager by PCMag, The Verge, CNET, G2, and more! SECURE YOUR DIGITAL LIFE Secure your digital life and protect against data breaches by generating and saving unique, strong passwords for every account. Maintain everything in an end-to-end encrypted password vault that only you can access. ACCESS YOUR DATA, ANYWHERE, ANYTIME, ON ANY DEVICE Easily manage, store, secure, and share unlimited passwords and passkeys across unlimited devices without restrictions. EVERYONE SHOULD HAVE THE TOOLS TO STAY SAFE ONLINE Utilize Bitwarden for free with no ads and or selling data. Bitwarden believes everyone should have the ability to stay safe online. Premium plans offer access to advanced features. EMPOWER YOUR TEAMS WITH BITWARDEN Plans for Teams and Enterprise come with professional business features. Some examples include SSO integration, self-hosting, directory integration and SCIM provisioning, global policies, API access, event logs, and more. Use Bitwarden to secure your workforce and share sensitive information with colleagues. More reasons to choose Bitwarden: World-Class Encryption Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashing, and PBKDF2 SHA-256) so your data stays secure and private. 3rd-party Audits Bitwarden regularly conducts comprehensive third-party security audits with notable security firms. These annual audits include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications. Advanced 2FA Secure your login with a third-party authenticator, emailed codes, or FIDO2 WebAuthn credentials such as a hardware security key or passkey. Bitwarden Send Transmit data directly to others while maintaining end-to-end encrypted security and limiting exposure. Built-in Generator Create long, complex, and distinct passwords and unique usernames for every site you visit. Integrate with email alias providers for additional privacy. Global Translations Bitwarden translations exist for more than 60 languages, translated by the global community though Crowdin. Cross-Platform Applications Secure and share sensitive data within your Bitwarden Vault from any browser, mobile device, or desktop OS, and more.

Rating

Rated 4.74 out of 5 stars by 27,783 users

Version Info

  • Current Version 2026.5.0
  • Last Updated 30 May 26
  • First Released 02 Sept 16
  • Minimum iOS Version 15.0
  • Device Models Supported 128

App Details

  • IPA Size 85.98 Mb
  • Price Free (USD)
  • Age Advisory 4+
  • Supported Languages 59
  • Developer Bitwarden Inc
  • Bundle ID com.8bit.bitwarden

Screenshots

  • App screenshot
  • App screenshot
  • App screenshot
  • App screenshot
  • App screenshot
  • App screenshot
  • App screenshot
  • App screenshot

Bitwarden Docker

Container Info

bitwardenrs

This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal..

#Other#Tools bitwardenrs/server:latest

Run Command

docker run -d \
  -p :80/tcp \
  -v /portainer/Files/AppData/Config/Bitwarden-rs:/config \
  --restart=unless-stopped \
  bitwardenrs/server:latest

Compose File

version: 3.8
services:
  bitwarden-rs:
    image: "bitwardenrs/server:latest"
    ports:
      - ":80/tcp"
    volumes:
      - "/portainer/Files/AppData/Config/Bitwarden-rs:/config"
    restart: unless-stopped

Port List

  • :80/tcp

Volume Mounting

  • /portainer/Files/AppData/Config/Bitwarden-rs /config

Bitwarden Reviews

More Password Managers

About the Data: Bitwarden

Change History

  • Amended (androidApp, subreddit)
  • Amended (iosApp)
  • Amended (description) by @baddate #108
  • Renamed previously: BitWarden from Essentials › Password Managers by @jamescridland #90

API

You can access Bitwarden's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/bitwarden

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Bitwarden

Help your friends compare Password Managers, and pick privacy-respecting software and services.
Share Bitwarden and Awesome Privacy with your network!

View Password Managers (7)