Bitwarden
bitwarden.com Self-HostedFully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also Vaultwarden, a self-hosted, Rust implementation of the Bitwarden server and compatible with upstream Bitwarden clients.
- Homepage: bitwarden.com
- GitHub: github.com/bitwarden/server
- Privacy: bitwarden.com/privacy
- iOS App: apps.apple.com/us/app/bitwarden-password-manager/id1137397744
- Android App: play.google.com/.../com.x8bit.bitwarden
- Subreddit: r/Bitwarden
- Web info: web-check.xyz/check/bitwarden.com
Bitwarden Privacy Policy
Privacy Policy Summary
- The service provider makes no warranty regarding uninterrupted, timely, secure or error-free service
- The service does not guarantee that software errors will be corrected
- This service prohibits users from attempting to gain unauthorized access to other computer systems
- This service gives your personal data to third parties involved in its operation
- The court of law governing the terms is in California, USA
- Some personal data may be kept for business interests or legal obligations
- Information is provided about what kind of information they collect
- Information is provided about how they collect personal data
- Information is provided about how your personal data is used
- Users are responsible for any risks, damages, or losses they may incur by downloading materials
- The service is provided 'as is' and to be used at the users' sole risk
- Features of the website are made available under a free software license (AGPL) v3.0
- The terms for this service are easy to read
- You authorise the service to charge a credit card supplied on re-occurring basis
- You are entitled to a refund if certain thresholds or standards are not met by the service
- Promises will be kept after a merger or acquisition
- You are tracked via web beacons, tracking pixels, browser fingerprinting, and/or device fingerprinting
- A list of all cookies set by the website is provided
- The service provides two factor authentification for your account
- Information is provided about how your personal data is collected
- This service claims User-generated content is encrypted, and they can not decrypt it
Score
Documents
- Privacy PolicyCreated 17 Jan 19, Last modified 2 months ago
- Terms of ServiceCreated 17 Jan 19, Last modified 2 months ago
Domains Covered by Policy
- bitwarden.com
- bitwarden.eu
- passwordless.dev
About the Data
This data is kindly provided by tosdr.org. Read full report at: #1348
Bitwarden Source Code
Author
Description
Bitwarden infrastructure/backend (API, database, Docker, etc).
Homepage
https://bitwarden.comLicense
NOASSERTION
Created
23 Nov 15
Last Updated
30 Jun 26
Latest version
Primary Language
C#
Size
54,080 KB
Stars
19,315
Forks
1,680
Watchers
19,315
Language Usage
Star History
Top Contributors
-
@kspearrin (2574)
-
@renovate[bot] (389)
-
@eliykat (297)
-
@amorask-bitwarden (248)
-
@r-tome (211)
-
@Hinton (191)
-
@justindbaur (184)
-
@cscharf (148)
-
@cyprain-okeke (139)
-
@MGibson1 (138)
-
@withinfocus (135)
-
@trmartin4 (133)
-
@vgrassia (129)
-
@connerbw (113)
-
@vincentsalucci (95)
-
@jrmccannon (91)
-
@Thomas-Avery (86)
-
@joseph-flinn (85)
-
@ike-kottlowski (82)
-
@JimmyVo16 (71)
-
@github-actions[bot] (63)
-
@BTreston (58)
-
@actions-user (56)
-
@mimartin12 (56)
-
@JaredSnider-Bitwarden (55)
-
@shane-melton (53)
-
@theMickster (52)
-
@gbubemismith (52)
-
@djsmith85 (51)
-
@addisonbeck (50)
-
@brant-livefront (48)
-
@nick-livefront (45)
-
@quexten (45)
-
@sbrown-livefront (44)
-
@michalchecinski (41)
-
@mpbw2 (40)
-
@jaasen-livefront (39)
-
@voommen-livefront (39)
-
@jlf0dev (36)
-
@mzieniukbw (36)
-
@Patrick-Pimentel-Bitwarden (36)
-
@kdenney (35)
-
@sven-bitwarden (32)
-
@Mart124 (31)
-
@coltonhurst (26)
-
@bitwarden-devops-bot (26)
-
@harr1424 (25)
-
@cd-bitwarden (25)
-
@prograhamming (24)
-
@differsthecat (24)
-
@enmande (23)
-
@JaredScar (23)
-
@Eeebru (20)
-
@coroiu (18)
-
@aj-bw (17)
-
@dani-garcia (16)
-
@ttalty (15)
-
@fedemkr (14)
-
@andrebispo5 (14)
-
@dereknance (12)
-
@Jingo88 (12)
-
@nikwithak (12)
-
@rr-bw (11)
-
@mcamirault (11)
-
@mandreko-bitwarden (11)
-
@jengstrom-bw (11)
-
@pixman20 (11)
-
@sneakernuts (9)
-
@tangowithfoxtrot (8)
-
@BrandonM-Bitwarden (7)
-
@bnagawiecki (7)
-
@jprusik (7)
-
@urbinaalex17 (7)
-
@itsadrago (7)
-
@contribucious (6)
-
@SaintPatrck (6)
-
@aj-rosado (5)
-
@mkincaid-bw (5)
-
@rkac-bw (5)
-
@audreyality (4)
-
@SoulSeekkor (4)
-
@nthompson-bitwarden (4)
-
@themikecom (4)
-
@jonashendrickx (4)
-
@AmyLGalles (4)
-
@alex8bitw (4)
-
@vvolkgang (3)
-
@gitclonebrian (3)
-
@bw-ghapp[bot] (3)
-
@adudek-bw (3)
-
@Papina (3)
-
@Overflow0xFFFF (3)
-
@calvinballing (3)
-
@iinuwa (3)
-
@eligrubb (3)
-
@abergs (3)
-
@SethFalco (2)
-
@skaiser (2)
-
@fntyler (2)
-
@Jerome2103 (2)
Recent Commits
-
Jimmy Vo (30 Jun 26)
[PM-38798] Create validation link confirmation (#7895)
-
Justin Baur (30 Jun 26)
Stripe integration tests (#7828) * Add General Integration Test Doc * Add extensive stripe tests * Run formatting * Add Billing as owners
-
Justin Baur (30 Jun 26)
[PM-39512] Stricter data protection errors (#7837) * Add tests showing the poor error behavior when there are issues getting certificates * Fix tests by failing earlier with better errors * Make tests even stricter * Add more explicit catch cases
-
Oscar Hinton (30 Jun 26)
[PM-39734] Support Minimal API endpoints in OpenAPI (#7874) * Support Minimal API endpoints in offline OpenAPI generation Extract the PAM-free swagger foundation from the PAM POC so it can land on main independently. - Add Bit.HttpExtensions.StandaloneEndpointDataSource and the AddOpenApiEndpointDataSource registration helper. The offline OpenAPI generator (dotnet swagger tofile) never runs the Configure pipeline where Minimal API endpoints are mapped via UseEndpoints, so it omits them. A single DI-registered EndpointDataSource composes every feature's mapping delegate and is gated to swagger generation only, so it never replaces the runtime composite EndpointDataSource that routing and link generation depend on. - Teach SwaggerGenOptionsExt.BuildOperationId and ActionNameOperationFilter to derive the operation ID and action name from the endpoint name set via .WithName(...) when there are no controller/action route values, as is the case for Minimal API endpoints. - Guarantee BuildOperationId never returns a null/empty operation ID: a Minimal API endpoint mapped without .WithName() now falls back to a deterministic id derived from the HTTP method and route template. Swashbuckle writes the selector's value straight onto operation.OperationId, so a null/empty id would collapse distinct endpoints together and abort spec generation via CheckDuplicateOperationIdsDocumentFilter. - Add unit tests for BuildOperationId (including the route fallback), the ActionNameOperationFilter endpoint-name branch, StandaloneEndpointDataSource composition, and AddOpenApiEndpointDataSource gating/registration. * Make internal
-
Stephon Brown (30 Jun 26)
[PM-37514] Support Teams 2019 Migration (#7864) * style(global): remove byte order mark from files * feat(billing): introduce SeatCountPolicy enum for plan migrations * feat(billing): add SeatCountPolicy to MigrationPath record * feat(billing): define Teams 2019 migration paths with ActualUsage policy * feat(billing): implement ActualUsage seat calculation in PriceIncreaseScheduler * feat(billing): update UpcomingInvoiceHandler to support SeatCountPolicy * test(billing): add unit tests for Teams 2019 migration seat policies * test(billing): update MigrationPathIds snapshot tests for new paths * feat(billing): consolidate packaged plan seat items to usage-based line in migrations * docs(billing): clarify SeatCountPolicy enum and packaged plan migration logic comments * feat(billing): add update subscription handler logic for plan migrations * fix(billing): run dotnet format * feat(billing): introduce plan migration extension methods * test(billing): add tests for plan migration extensions * refactor(billing): use plan migration extensions in SubscriptionUpdatedHandler * refactor(billing): use plan migration extensions in UpcomingInvoiceHandler * refactor(billing): use plan migration extensions in PriceIncreaseScheduler * refactor(billing): extract packaged migration source check * fix(billing): run dotnet format * Update src/Billing/Services/Implementations/SubscriptionUpdatedHandler.cs Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * fix(billing): carry Phase 2 seat quantity for packaged subscriptions * test(billing): add tests for Phase 2 seat quantity in subscription preview --------- Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
-
Jared McCannon (30 Jun 26)
[PM-28365] - Add Feature Flag Admin Initiated Member Email change (#7887) * Adding Feature Flag for Admin initiated member email change work. * yep
-
Mick Letofsky (29 Jun 26)
Minor but important doc update to align with other overrides (#7889)
-
Jared Snider (29 Jun 26)
Seeder: fix RecipeOrchestratorIntegrationTests build after SeederDependencies arity change (#7888) SeederDependencies gained a 5th ILicensingService parameter (PR #7780) before PR #7870 merged; the new integration test file still used the 4-arg ctor, breaking the main build. Pass null! for LicensingService alongside Mapper - neither is touched by the pre-flight guard these tests exercise.
-
Jared Snider (29 Jun 26)
Seeder: add --owner-email and --org-name CLI override flags (#7870) Adds two CLI flags to util/SeederUtility for parameterizing preset and organization seed runs: - --owner-email: override the default owner@<domain> owner address - --org-name: override the fixture/preset-supplied organization name Both flags route through a new SeederSettings record, picked up by CreateOrganizationStep, CreateOwnerStep, and CreateRosterStep (the roster path was a mid-development bug discovered during e2e testing — presets with roster-declared owners bypass CreateOwnerStep, so the override has to apply at the roster step too). Adds a pre-flight DB check in RecipeOrchestrator that throws an actionable InvalidOperationException when --owner-email collides with an existing User.Email, rather than letting BulkCommitter fail with a deep SQL unique-constraint exception. The check is skipped when --mangle is enabled (per-run unique tag prevents collisions). Test coverage: 43 new tests under test/SeederApi.IntegrationTest/ {Cli,Pipeline,Steps}/, including SQLite-backed integration tests verifying both RecipeOrchestrator.Execute overloads invoke the guard. Test project dependency: SeederApi.IntegrationTest now references util/SeederUtility (was: util/Seeder only). This was added so the new test/SeederApi.IntegrationTest/Cli/ tests can construct PresetArgs and OrganizationArgs directly to exercise their Validate() and ToOptions() logic. CommandDotNet appears as a transitive entry in packages.lock.json as a consequence — it is the CLI parser SeederUtility already uses (via PackageReference Include="CommandDotNet"), not a new runtime dependency of the test process. Only types reachable from PresetArgs/OrganizationArgs (the [Option] attribute) are touched at test time; the actual CommandDotNet runtime is not invoked by tests. Note: tests for the new override flags live in the existing SeederApi.IntegrationTest project even though they are mostly unit-scope. The project is a long-standing hybrid; a proper test/Seeder.Test split is a separate follow-up.
-
Jackson Engstrom (29 Jun 26)
[PM-29251] Remove pm-23384-browser-premium-spotlight feature flag (#7885)
-
Jackson Engstrom (29 Jun 26)
[PM-19169] Remove feature flag pm-19148-innovation-archive (#7884)
-
Shane Melton (29 Jun 26)
[PM-31107] Seeder: blob-migration preset + fido2/password-history/linked-field fixture support (#7809)
-
Ned Thompson (29 Jun 26)
add MyItems to ApplyEnterpriseFeatures (#7882)
-
Jared McCannon (29 Jun 26)
[PM-38928] - Add name, email to org user update (#7871) * adding name and email to the request model * Created nullable strict email for when its nullable.
-
github-actions[bot] (29 Jun 26)
Bumped version to 2026.6.2 (#7879) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-
Mick Letofsky (26 Jun 26)
PM-33964 - Resolve defect in premium user licensing (#7788)
-
Alex Morask (26 Jun 26)
[PM-39569][PM-39286] fix: Wait for Stripe test clock before migration grace write (#7872) The schedule-triggered business migration wrote SM grace metadata to the subscription without waiting for an advancing Stripe test clock to settle. In the test-clock-driven QA migration flow the write was rejected, 500-ing the webhook and leaving the org plan-changed but with MigratedDate unstamped (PM-39569's 500; PM-39286's org stuck in "Scheduled"). Wait for the clock to settle before the grace write, mirroring the unpaid-cancel path. No-op in production, where there is no test clock. Also consolidate the duplicated WaitForTestClockToAdvanceAsync onto IStripeAdapter and move the Stripe test-clock statuses into StripeConstants.
-
sven-bitwarden (25 Jun 26)
[PM-35314] Backfill Revocation Reasons to All Users (#7713) * Proposed mgiration for backfilling users to have revocation reasons * fix lint issues * update migration + PR comments * fix migration name * fixes migration files --------- Co-authored-by: rkac-bw <[email protected]>
-
Oscar Hinton (25 Jun 26)
[PM-39561] Copy ListResponseModel from Api to HttpExtensions (#7868) With PAM we are storing endpoints in a separate dotnet library where they instead are imported into Api. We ran into an issue with ListResponseModel since it's currently in Api. ListResponseModel is a general-purpose API response wrapper. Moving it and ResponseModel to the HttpExtensions library. Which lets lower-level libraries reference it without taking a dependency on the Api project.
-
Alex Morask (25 Jun 26)
[PM-39562] fix: Reconcile org seats to billed quantity on packaged-plan migration (#7869) * [PM-39562] fix: Reconcile org seats to billed quantity on packaged-plan migration A Teams Starter -> Teams migration billed the occupied per-seat quantity in Stripe but left organization.Seats at the flat bundle cap (10), leaving unpaid seat capacity and bypassing per-seat enforcement. Reconcile Seats to the billed seat line item quantity for packaged sources. * Add multi-item subscription test for seat reconciliation
-
Stephon Brown (25 Jun 26)
fix(billing): allow license generation for sales trial orgs (#7793)
-
Robyn MacCallum (25 Jun 26)
Add PM39071_DefaultPasswordManagerPrompt constant (#7866)
-
bnagawiecki (25 Jun 26)
Add ability to enable SM on SingleOrgScene (#7861) * add enableSM logic to SingleOrgScene * give owner SM access on org seeding
-
Maciej Zieniuk (25 Jun 26)
Revert "[PM-38851] Crypto cipher suite feature flag (#7852)" (#7863) This reverts commit 276410bacc5b05389979bf83c901a06cbe69804f.
-
Jared McCannon (24 Jun 26)
[PM-38922] - Adding Problem Details Result (#7853) * Added problem details type and new project to hold it. * Removes dependency on Core and adds ext method to Api instead * adding packages.lock.json * few other lock files updated for deps
-
Dave (24 Jun 26)
llm(rules): Auth tokenables must be minted via factory. (#7857)
-
sven-bitwarden (24 Jun 26)
remove flag (#7865)
-
sven-bitwarden (24 Jun 26)
[PM-33402] Remove Feature-Flagged Logic: pm-33398-refactor-members-invite-org-users-command (#7855) * remove feature-flagged logic for pm-33398 * formatting
-
Jared McCannon (24 Jun 26)
[PM-39474] - Updating Lock Files (#7862) * Updating lock files from release * more files.
-
Ned Thompson (24 Jun 26)
add AccessSecretsManager to OrganizationUserScene (#7860)
Bitwarden Security
Bitwarden Website
Website
Best Password Manager for Business, Enterprise & Personal | Bitwarden
Bitwarden is the most trusted password manager for passwords and passkeys at home or at work, on any browser or device. Start with a free trial.
Redirects
Does not redirect
Security Checks
All 65 security checks passed
Server Details
- IP Address 151.101.193.91
- Location San Francisco, California, United States of America, NA
- ISP Fastly Inc.
- ASN AS54113
Associated Countries
-
US -
FR -
CA
Safety Score
Website marked as safe
100%
Blacklist Check
bitwarden.com was found on 0 blacklists
- AntiSocial Blacklist
- Artists Against 419
- Badbitcoin
- Bambenek Consulting
- CERT Polska
- CoinBlockerLists
- CRDF
- CryptoScamDB
- EtherAddressLookup
- EtherScamDB
- Fake Website Buster
- MetaMask EthPhishing
- NABP Not Recommended Sites
- OpenPhish
- PetScams
- PhishFeed
- PhishFort
- Phishing.Database
- PhishStats
- PhishTank
- Phishunt
- RPiList Not Serious
- Scam.Directory
- SecureReload Phishing List
- Spam404
- StopGunScams
- Suspicious Hosting IP
- ThreatFox
- ThreatLog
- TweetFeed
- URLhaus
- ViriBack C2 Tracker
Website Preview
Bitwarden Android App
APK Info
- App Bitwarden Password Manager
- Creation Date 09 Aug 18
- Last Updated 19 Jul 24
- Current Version 1.17.1
- Creator 8bit Solutions LLC
- Downloads 100,000+ downloads
- Privacy Report View on Exodus →
De-Googled Compatibility
- GrapheneOS Native 3.9 / 4 (36)
- CalyxOS microG 4.0 / 4 (13)
- LineageOS microG 4.0 / 4 (11)
- e OS microG 4.0 / 4 (9)
- iodeOS microG 4.0 / 4 (8)
- crDroid microG 4.0 / 4 (8)
Bitwarden iOS App
App Info
Bitwarden Password Manager
Recognized as best password manager by PCMag, The Verge, CNET, G2, and more! SECURE YOUR DIGITAL LIFE Secure your digital life and protect against data breaches by generating and saving unique, strong passwords for every account. Maintain everything in an end-to-end encrypted password vault that only you can access. ACCESS YOUR DATA, ANYWHERE, ANYTIME, ON ANY DEVICE Easily manage, store, secure, and share unlimited passwords and passkeys across unlimited devices without restrictions. EVERYONE SHOULD HAVE THE TOOLS TO STAY SAFE ONLINE Utilize Bitwarden for free with no ads and or selling data. Bitwarden believes everyone should have the ability to stay safe online. Premium plans offer access to advanced features. EMPOWER YOUR TEAMS WITH BITWARDEN Plans for Teams and Enterprise come with professional business features. Some examples include SSO integration, self-hosting, directory integration and SCIM provisioning, global policies, API access, event logs, and more. Use Bitwarden to secure your workforce and share sensitive information with colleagues. More reasons to choose Bitwarden: World-Class Encryption Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashing, and PBKDF2 SHA-256) so your data stays secure and private. 3rd-party Audits Bitwarden regularly conducts comprehensive third-party security audits with notable security firms. These annual audits include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications. Advanced 2FA Secure your login with a third-party authenticator, emailed codes, or FIDO2 WebAuthn credentials such as a hardware security key or passkey. Bitwarden Send Transmit data directly to others while maintaining end-to-end encrypted security and limiting exposure. Built-in Generator Create long, complex, and distinct passwords and unique usernames for every site you visit. Integrate with email alias providers for additional privacy. Global Translations Bitwarden translations exist for more than 60 languages, translated by the global community though Crowdin. Cross-Platform Applications Secure and share sensitive data within your Bitwarden Vault from any browser, mobile device, or desktop OS, and more.
Rating
Version Info
- Current Version 2026.5.0
- Last Updated 30 May 26
- First Released 02 Sept 16
- Minimum iOS Version 15.0
- Device Models Supported 128
App Details
- IPA Size 85.98 Mb
- Price Free (USD)
- Age Advisory 4+
- Supported Languages 59
- Developer Bitwarden Inc
- Bundle ID com.8bit.bitwarden
Screenshots
Bitwarden Docker
Container Info
bitwardenrs
This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal..
bitwardenrs/server:latestRun Command
docker run -d \ -p :80/tcp \ -v /portainer/Files/AppData/Config/Bitwarden-rs:/config \ --restart=unless-stopped \ bitwardenrs/server:latest
Compose File
version: 3.8
services:
bitwarden-rs:
image: "bitwardenrs/server:latest"
ports:
- ":80/tcp"
volumes:
- "/portainer/Files/AppData/Config/Bitwarden-rs:/config"
restart: unless-stopped Port List
- :80/tcp
Volume Mounting
- /portainer/Files/AppData/Config/Bitwarden-rs /config
Bitwarden Reviews
More Password Managers
-
End-to-end encrypted open source password and alias manager with built-in email server. AliasVault protects your privacy by creating alternative identities, passwords and email addresses for every website you use. Use the cloud version, or self-host and deploy within minutes via Docker.
-
Hardened, secure and offline password manager. Does not have cloud-sync baked in, deemed to be gold standard for secure password managers. KeePass clients: Strongbox (Mac & iOS), KeePassDX (Android), KeeWeb (Web-based/ self-hosted), KeePassXC (Windows, Mac & Linux), see more KeePass clients and extensions at awesome-keepass by @lgg.
-
LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it.
-
Store secrets and passwords on encrypted paper with distributed keys. Designed to last generations. Open source, client-side only, works offline.
-
The Standard Unix Password Manager
-
From the creators of ProtonMail, ProtonPass is a new addition to their suite of services. They have a full collection of user-friendly native mobile and desktop apps. ProtonPass is one of the few "trustworthy" providers that also offers a free plan.
About the Data: Bitwarden
Change History
API
You can access Bitwarden's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/bitwarden The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share Bitwarden
Help your friends compare Password Managers, and pick
privacy-respecting software and services.
Share Bitwarden and Awesome Privacy with your network!