Bitwarden
bitwarden.com Self-HostedFully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. See also Vaultwarden, a self-hosted, Rust implementation of the Bitwarden server and compatible with upstream Bitwarden clients.
- Homepage: bitwarden.com
- GitHub: github.com/bitwarden/server
- Privacy: bitwarden.com/privacy
- iOS App: apps.apple.com/us/app/bitwarden-password-manager/id1137397744
- Android App: https://play.google.com/store/apps/details?id=com.x8bit.bitwarden
- Subreddit: r/Bitwarden
- Web info: web-check.xyz/results/bitwarden.com
Bitwarden Privacy Policy
Privacy Policy Summary
- You have the right to leave this service at any time
- This service keeps user logs for an undefined period of time
- Users agree to comply with the law of the service's country
- This service does not sell your personal data
- The service does not guarantee accuracy or reliability of the information provided
- The service provider makes no warranty regarding uninterrupted, timely, secure or error-free service
- The service provides two factor authentification for your account
- You are responsible for maintaining the security of your account and for the activities on your account
- This service can share your personal information to third parties
- Tracking pixels are used in service-to-user communication
- The service is transparent regarding government requests or inquiries that may involve user data.
- The user is informed about security practices
- The services will notify users if personal data has been affected by data breaches
- This service requires first-party cookies, which are cookies that only belong to the domain of the service and not a third party.
- This service holds onto content that you've deleted
- very broad term possibly violating copyright law
- The service can sell or otherwise transfer your personal data as part of a bankruptcy proceeding or other type of financial transaction.
- Third parties may be involved in operating the service
- Promises will be kept after a merger or acquisition
- Your personal data is given to third parties
- The service promises to inform and/or notify users regarding government inquiries that may involve users' personal data
- Your data may be processed and stored anywhere in the world
- They may stop providing the service at any time
- Users should revisit the terms periodically, although in case of material changes, the service will notify
- This service does not guarantee that it or the products obtained through it meet the users' expectations or requirements
- The service does not guarantee that software errors will be corrected
- The service can suspend or terminate your access to all or any part of the Website and refuse service to anyone for any reason at any time
- Your personal data is aggregated into statistics
- This service ignores the Do Not Track (DNT) header and tracks users anyway even if they set this header.
- This service gathers information about you through third party analytics and service providers (such as Google Analytics)
- Blocking cookies may limit your ability to use the service
- This service throttles your use
- This service prohibits users from attempting to gain unauthorized access to other computer systems
- You can delete your content from this service
- This service gives your personal data to third parties involved in its operation
- The court of law governing the terms is in California, USA
- This service assumes no liability for any losses or damages resulting from any matter relating to the service
- You are tracked via web beacons, tracking pixels, browser fingerprinting, and/or device fingerprinting
- Third-party cookies are used for statistics
- Information is provided about how your personal data is used
- Some personal data may be kept for business interests or legal obligations
- Information is provided about what kind of information they collect
- Information is provided about how they collect personal data
- Extra data may be collected about you through promotions
- You agree to defend, indemnify, and hold the service harmless in case of a claim related to your use of the service
- Users are responsible for any risks, damages, or losses they may incur by downloading materials
- The service is provided 'as is' and to be used at the users' sole risk
- This service is only available to users of age 13 and up
- Features of the website are made available under a free software license (AGPL) v3.0
- The terms for this service are easy to read
- Your personal data may be sold or otherwise transferred as part of a bankruptcy proceeding or other type of financial transaction
- You are entitled to a refund if certain thresholds or standards are not met by the service
- You authorise the service to charge a credit card supplied on re-occurring basis
- You should revisit the terms periodically, although in case of material changes, the service will notify
Score
Documents
- Terms of serviceCreated 17 Jan 19, Last modified 3 years ago
- Privacy PolicyCreated 17 Jan 19, Last modified 3 years ago
Domains Covered by Policy
- bitwarden.com
- bitwarden.eu
- passwordless.dev
About the Data
This data is kindly provided by tosdr.org. Read full report at: #1348
Bitwarden Source Code
Author
Description
The core infrastructure backend (API, database, Docker, etc).
Homepage
https://bitwarden.comLicense
NOASSERTION
Created
23 Nov 15
Last Updated
29 Apr 24
Latest version
Primary Language
C#
Size
27,674 KB
Stars
14,351
Forks
1,199
Watchers
14,351
Language Usage
Star History
Top Contributors
- @kspearrin (2552)
- @Hinton (169)
- @eliykat (161)
- @cscharf (148)
- @MGibson1 (116)
- @renovate[bot] (93)
- @vgrassia (91)
- @justindbaur (90)
- @joseph-flinn (85)
- @withinfocus (79)
- @r-tome (70)
- @Thomas-Avery (60)
- @github-actions[bot] (59)
- @vincentsalucci (58)
- @amorask-bitwarden (44)
- @trmartin4 (39)
- @mpbw2 (37)
- @michalchecinski (35)
- @mimartin12 (35)
- @cyprain-okeke (33)
- @cturnbull-bitwarden (33)
- @Mart124 (31)
- @gbubemismith (27)
- @djsmith85 (27)
- @shane-melton (26)
- @coltonhurst (23)
- @jlf0dev (23)
- @addisonbeck (18)
- @coroiu (16)
- @Eeebru (15)
Recent Commits
- SmithThe4th (29 Apr 24)
get updated cipher and used that in the response model (#4030)
- renovate[bot] (29 Apr 24)
[deps] Auth: Update del to v6.1.1 (#3607) * [deps] Auth: Update del to v6.1.1 * fix bootstrap --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ike Kottlowski <[email protected]> Co-authored-by: Ike <[email protected]>
- Thomas Rittson (29 Apr 24)
Fix migration script date to be merge date (#4028)
- Thomas Rittson (29 Apr 24)
[AC-2172] Member modal - limit admin access (#3934) * update OrganizationUsersController PUT and POST * enforces new collection access checks when updating members * refactor BulkCollectionAuthorizationHandler to avoid repeated db calls
- Ike (27 Apr 24)
target bootstrap v4.6.2 (#4024)
- SmithThe4th (26 Apr 24)
Changed PutCollections response model to return collection ids (#4023)
- Rui Tomé (26 Apr 24)
[AC-1978] Flexible collections: EF data migrations for deprecated permissions (#3969) * [AC-1682] Added MySql migration and script (cherry picked from commit d367f6de6b65343f1e99c9cf928e77215b13c34d) * [AC-1682] Added Postgres migration and script (cherry picked from commit 9bde1604da8432a6066fc6b48e88738fdc171869) * [AC-1682] Added Sqlite migration and script (cherry picked from commit 262887f9c3e484d5de856b715ee3c40092b4eb5f) * [AC-1682] dotnet format (cherry picked from commit 00eea0621c7c1092ea51c936fe2e7389a46109b9) * [AC-1682] Fixed Sqlite query (cherry picked from commit 26f5bf8afdf7607d01d56be8ba880ae592a127fc) * [AC-1682] Drop temp tables if they exist when starting the scripts (cherry picked from commit c20912f95c237da671a69eba0e39e5449a1a6d60) * [AC-1682] Removed MySql transaction from script because EF migration already wraps it under its own transaction (cherry picked from commit 7b54d78d6755788cabcc035f293af04881b0015a) * [AC-1682] Setting FlexibleCollections = 1 only for Orgs that had data migrated in previous steps (cherry picked from commit 28bba94d81d3c1a2515882b40829170b42096026) * [AC-1682] Updated queries to check for OrganizationId (cherry picked from commit a957530d5ed9caaa42fae6901fceb83b93ae99ce) * [AC-1682] Fixed MySql script (cherry picked from commit deee483ab7037f46233ca0802d1fcc698aa4d3d4) * [AC-1682] Fixed Postgres query (cherry picked from commit c3ca9ec3c8de625a5cf560c76474ee03eb1a50b2) * [AC-1682] Fix Sqlite query (cherry picked from commit fada0a81bf21b89d3debda9d3b51d31b1867631f) * [AC-1682] Reverted scripts back to enabling Flexible Collections to all existing Orgs (cherry picked from commit bd3b21b9698f13f57322a1eb5bac9fd1b99f779a) * [AC-1682] Removed dropping temporary table from scripts (cherry picked from commit eb7794d592cdd782a64154068046d708d30f371b) * [AC-1682] Removed other temp table drops (cherry picked from commit 26768b7bf82fd297fafa2638f59e600e7ac093a5) * [AC-1978] Fix issue that allows the web app to have the user type Manager available (cherry picked from commit 2890f78870a8b624c0598c9c39df22c6f05eecc0) * [AC-1682] Bump dates on migration scripts --------- Co-authored-by: Thomas Rittson <[email protected]>
- Rui Tomé (26 Apr 24)
[AC-2323] Flexible collections: automatically migrate data for all Organizations (#3927) * [AC-2323] Added script to migrate all sql organizations to use flexible collections * [AC-2323] Overriding FlexibleCollectionsSignup to true for local usage * [AC-2323] Fix script comment * [AC-2323] Fixed typo * [AC-2323] Bump up date on migration script * [AC-2323] Bump migration script date --------- Co-authored-by: Thomas Rittson <[email protected]>
- Alex Morask (25 Apr 24)
Updated CB to use both flag and provider status. (#4005)
- Thomas Avery (25 Apr 24)
[SM-1150] Add secret sync endpoint (#3906) * Add SecretsSyncQuery * Add SecretsSync to controller * Add unit tests * Add integration tests * update repo layer
- Alex Morask (25 Apr 24)
Handle case where Stripe IDs do not relate to Stripe entities (#4021)
- renovate[bot] (25 Apr 24)
[deps] Tools: Update aws-sdk-net monorepo to v3.7.300.81 (#4019) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- renovate[bot] (25 Apr 24)
[deps] Tools: Update LaunchDarkly.ServerSdk to v8.4.0 (#4020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- cyprain-okeke (25 Apr 24)
[AC-2312] Server: Update ProviderOrganizationsController.Delete to update provider plan (#4008) * initial commit Signed-off-by: Cy Okeke <[email protected]> * fix the failing unit test Signed-off-by: Cy Okeke <[email protected]> * Resolve some pr comments Signed-off-by: Cy Okeke <[email protected]> * resolves some pr comments Signed-off-by: Cy Okeke <[email protected]> * resolve the collection expression suggestion Signed-off-by: Cy Okeke <[email protected]> * resolve pr comments Signed-off-by: Cy Okeke <[email protected]> * test for when the flag is on Signed-off-by: Cy Okeke <[email protected]> * rename the test Signed-off-by: Cy Okeke <[email protected]> --------- Signed-off-by: Cy Okeke <[email protected]>
- Alex Morask (25 Apr 24)
[AC-2488] Return default state for billing metadata when Organization has no Stripe entities (#4018) * Return default state for billing metadata when no stripe entities * Fix tests
- Alex Morask (24 Apr 24)
[AC-2488] Add billing endpoint to determine SM standalone for organization (#4014) * Add billing endpoint to determine SM standalone for org. * Add missing attribute
- cyprain-okeke (24 Apr 24)
[AC-2512] Admin: Seat Minimum input fields are showing for Reseller-type providers (#4013) * resolve the issue Signed-off-by: Cy Okeke <[email protected]> * remove the unused reference Signed-off-by: Cy Okeke <[email protected]> --------- Signed-off-by: Cy Okeke <[email protected]>
- renovate[bot] (23 Apr 24)
[deps] Auth: Update bootstrap to v5 (#3610) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ike <[email protected]>
- renovate[bot] (23 Apr 24)
[deps] Auth: Update DuoUniversal to v1.2.3 (#3866) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ike <[email protected]>
- renovate[bot] (23 Apr 24)
[deps] Auth: Update sass to v1.75.0 (#3609) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ike <[email protected]>
- renovate[bot] (23 Apr 24)
[deps] Auth: Update jquery to v3.7.1 (#3608) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Ike <[email protected]>
- Kyle Spearrin (23 Apr 24)
Revert "[PM-6977] Migrate to FCM v1 (#3917)" (#4009) This reverts commit dd8d5955a4b9dae187e10799918bdaca4372497f.
- Kyle Spearrin (23 Apr 24)
[PM-6977] Migrate to FCM v1 (#3917) * fcmv1 update * try without nested data obj * type must be a string * fcmv1 migration flag * lint fixes * fix tests --------- Co-authored-by: Matt Bishop <[email protected]>
- Bitwarden DevOps (23 Apr 24)
Bumped version to 2024.4.2 (#4007)
- Conner Turnbull (19 Apr 24)
Updated missing logic for 2023 plans (#4000)
- Addison Beck (19 Apr 24)
Refactor `PolicyService.SaveAsync()` (#4001) * Move dependent policy checks to a dedicated function * Invert conditional * Extract enable logic
- Alex Morask (19 Apr 24)
[AC-2461] Scale provider seats on client organization deletion (#3996) * Scaled provider seats on client organization deletion * Thomas' feedback
- Conner Turnbull (19 Apr 24)
Updated GetIdsByMetadata to support providerId (#3994) * Refactored the charge succeeded handler a bit * If refund charge is received, and we don't have a parent transaction stored already, attempt to create one * Converted else if structure to switch-case * Moved logic for invoice.upcoming to a private method * Moved logic for charge.succeeded to a private method * Moved logic for charge.refunded to a private method * Moved logic for invoice.payment_succeeded to a private method * Updated invoice.payment_failed to match the rest * Updated invoice.created to match the rest with some light refactors * Added method comment to HandlePaymentMethodAttachedAsync * Moved logic for customer.updated to a private method * Updated logger in default case * Separated customer.subscription.deleted and customer.subscription.updated to be in their own blocks * Moved logic for customer.subscription.deleted to a private method * Moved logic for customer.subscription.updated to a private method * Merged customer sub updated or deleted to switch * No longer checking if the user has premium before disabling it since the service already checks * Moved webhook secret parsing logic to private method * Moved casting of event to specific object down to handler * Reduced nesting throughout * When removing secrets manager, now deleting 100% off password manager discount for SM trials * Added method comment and reduced nesting in RemovePasswordManagerCouponIfRemovingSecretsManagerTrialAsync * Updated GetIdsByMetadata to support providerId
- Conner Turnbull (19 Apr 24)
[AC-2427] update discount logic for complimentary password manager (#3990) * Refactored the charge succeeded handler a bit * If refund charge is received, and we don't have a parent transaction stored already, attempt to create one * Converted else if structure to switch-case * Moved logic for invoice.upcoming to a private method * Moved logic for charge.succeeded to a private method * Moved logic for charge.refunded to a private method * Moved logic for invoice.payment_succeeded to a private method * Updated invoice.payment_failed to match the rest * Updated invoice.created to match the rest with some light refactors * Added method comment to HandlePaymentMethodAttachedAsync * Moved logic for customer.updated to a private method * Updated logger in default case * Separated customer.subscription.deleted and customer.subscription.updated to be in their own blocks * Moved logic for customer.subscription.deleted to a private method * Moved logic for customer.subscription.updated to a private method * Merged customer sub updated or deleted to switch * No longer checking if the user has premium before disabling it since the service already checks * Moved webhook secret parsing logic to private method * Moved casting of event to specific object down to handler * Reduced nesting throughout * When removing secrets manager, now deleting 100% off password manager discount for SM trials * Added method comment and reduced nesting in RemovePasswordManagerCouponIfRemovingSecretsManagerTrialAsync
- Addison Beck (18 Apr 24)
Properly handle new policy enrollments in the public API (#4003) * Test the use case * Properly instantiate model from null * Rename query parameter
Bitwarden Website
Website
The password manager trusted by millions | Bitwarden
Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.
Redirects
Does not redirect
Security Checks
All 66 security checks passed
Server Details
- IP Address 199.232.194.22
- Location San Francisco, California, United States of America, NA
- ISP Fastly Inc.
- ASN AS54113
Associated Countries
- US
Saftey Score
Website marked as safe
100%
Blacklist Check
bitwarden.com was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
Bitwarden Android App
Update Info
- App Bitwarden
- Creation Date 28 Apr 22
- Last Updated 07 Dec 23
- Current Version 2.18.0
Trackers
- Microsoft Visual Studio App Center Crashes
- Google Firebase Analytics
Permissions
- Use Biometric
- Write External Storage
- Use Fingerprint
- Receive
- Access Network State
- Wake Lock
- System Alert Window
- Nfc
- Internet
- Camera
- Write Use App Feature Survey
Bitwarden iOS App
App Info
Bitwarden Password Manager
Recognized as best password manager by PCMag, The Verge, CNET, G2, and more! SECURE YOUR DIGITAL LIFE Secure your digital life and protect against data breaches by generating and saving unique, strong passwords for every account. Maintain everything in an end-to-end encrypted password vault that only you can access. ACCESS YOUR DATA, ANYWHERE, ANYTIME, ON ANY DEVICE Easily manage, store, secure, and share unlimited passwords across unlimited devices without restrictions. EVERYONE SHOULD HAVE THE TOOLS TO STAY SAFE ONLINE Utilize Bitwarden for free with no ads and or selling data. Bitwarden believes everyone should have the ability to stay safe online. Premium plans offer access to advanced features. EMPOWER YOUR TEAMS WITH BITWARDEN Plans for Teams and Enterprise come with professional business features. Some examples include SSO integration, self-hosting, directory integration and SCIM provisioning, global policies, API access, event logs, and more. Use Bitwarden to secure your workforce and share sensitive information with colleagues. More reasons to choose Bitwarden: World-Class Encryption Passwords are protected with advanced end-to-end encryption (AES-256 bit, salted hashtag, and PBKDF2 SHA-256) so your data stays secure and private. 3rd-party Audits Bitwarden regularly conducts comprehensive third-party security audits with notable security firms. These annual audits include source code assessments and penetration testing across Bitwarden IPs, servers, and web applications. Advanced 2FA Secure your login with a third-party authenticator, emailed codes, or FIDO2 WebAuthn credentials such as a hardware security key or passkey. Bitwarden Send Transmit data directly to others while maintaining end-to-end encrypted security and limiting exposure. Built-in Generator Create long, complex, and distinct passwords and unique usernames for every site you visit. Integrate with email alias providers for additional privacy. Global Translations Bitwarden translations exist for more than 50 languages. Cross-Platform Applications Secure and share sensitive data within your Bitwarden Vault from any browser, mobile device, or desktop OS, and more.
Rating
Version Info
- Current Version 2024.2.1
- Last Updated 21 Mar 24
- First Released 02 Sept 16
- Minimum iOS Version 11.0
- Device Models Supported 94
App Details
- IPA Size 171.79 Mb
- Price Free (USD)
- Age Advisory 4+
- Supported Languages 32
- Developer Bitwarden Inc
- Bundle ID com.8bit.bitwarden
Screenshots
Bitwarden Docker
Container Info
bitwardenrs
This is a Bitwarden server API implementation written in Rust compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal..
DockerHub Metrics
- Pull Count 323,775,757
- Stars 417
- Date Created 12 May 19
- Last Updated 2 years ago
View on DockerHub
bitwardenrs/serverRun Command
docker run -d \ -p :80/tcp \ -v /portainer/Files/AppData/Config/Bitwarden-rs:/config \ --restart=unless-stopped \ bitwardenrs/server:latest
Compose File
version: 3.8 services: bitwarden-rs: image: bitwardenrs/server:latest ports: - :80:tcp environment: volumes: - /portainer/Files/AppData/Config/Bitwarden-rs:/config restart: unless-stopped
Port List
- :80/tcp
Volume Mounting
- /portainer/Files/AppData/Config/Bitwarden-rs /config
Permissions
- read ✅ Yes
- write ✅ Yes
- admin ✅ Yes
Bitwarden Socials
Bitwarden Reviews
More Password Managers
-
Hardened, secure and offline password manager. Does not have cloud-sync baked in, deemed to be gold standard for secure password managers. KeePass clients: Strongbox (Mac & iOS), KeePassDX (Android), KeeWeb (Web-based/ self-hosted), KeePassXC (Windows, Mac & Linux), see more KeePass clients and extensions at awesome-keepass by @lgg.
-
LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it.
-
A modern, open source password manager for individuals and teams. Beautiful, intuitive and dead simple to use. Apps available for all platforms and you can self-host it as well.
-
From the creators of ProtonMail, ProtonPass is a new addition to their suite of services. They have a full collection of user-friendly native mobile and desktop apps. ProtonPass is one of the few "trustworthy" providers that also offers a free plan.
-
The Standard Unix Password Manager
About the Data: Bitwarden
API
You can access Bitwarden's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/essentials/password-managers/bitwarden
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share Bitwarden
Help your friends compare Password Managers, and pick privacy-respecting software and services.
Share Bitwarden and Awesome Privacy with your network!