This article was first published, in a slightly different form, at Opensource.com and appears here via a Creative Commons CC-BY-SA 4.0 license.
Do you ever feel you have more passwords than you can keep track of? It’s probably more than just a feeling. Like most of us, you probably have a hard time remembering all those passwords, no matter how simple or complex they are.
Many people turn to popular services like LastPass and 1Password to help them wrangle their passwords. While solid, those services are also proprietary and closed source. So where can an open source enthusiast turn to find an alternative?
Enter Bitwarden, an application that’s aiming to become the go-to open source password manager on the web. Let’s take a quick look at how to use it.
Note: I’m not going to cover all Bitwarden’s features in this post, just its core password management ones. You’ve been warned.
Sign up for an account. It’s free (although there are also paid plans). Your account gives you access to a secure space (called a vault) to store your passwords.
When you’re signing up, you’ll be asked to create a master password. That’s the one that will keep your other passwords safe. It’s in your best interest to make your master password as strong and complex as you can—and as you can remember.
If you want a little more control and to embrace your inner geek, you can grab the source code on GitHub and install Bitwarden on your server. There’s even a Docker image.
Me? I went with the hosted edition. I know …
Once you’ve set up your account, grab the Bitwarden extension for one of the supported browsers (you probably use at least one of them): Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave (you can install the extension from within the browser), or Tor Browser.
Now you’re ready to go.
You’ve got your Bitwarden account set up and the browser extension installed. Now what? Head over to a website that you want to sign up for or where you already have an account. When you enter your username and password, Bitwarden will ask you if you want to save your login information. Click Yes, Save Now.
Congratulations! That login is now in your vault. That was easy, wasn’t it?
The next time you want access to that site, head on over to the site’s login page. Click the Bitwarden icon on your browser’s toolbar, then click on the login to fill in your information.
The browser extension has a setting that automatically fills in your username and password. You can enable that by clicking the Bitwarden icon, selecting Settings, and clicking Options. From there, click Enable Auto-fill On Page Load. I don’t use that feature—I’ve run into sites where it didn’t work. Anyway, an extra click isn’t going to do me any harm.
Importing Your Passwords from Another Service
What if you’re using another password manager and want to move to Bitwarden? You definitely don’t want to type in all those logins again, do you? Bitwarden has an import function that you can use to import passwords from a couple dozen other tools, including LastPass, 1Password, KeePass, and several web browsers.
To get started, you’ll need to export your passwords as a CSV, HTML, XML, or JSON file (depending on which password manager you’re using). Then, log into your Bitwarden vault. Click Tools and Import Data. Select the application you’re importing passwords from, then upload the file containing the passwords. Click Import.
The import is surprisingly quick, even with a large number of passwords. Just remember to securely delete the import file after you’ve done the deed. You don’t want to leave the keys to your various kingdoms lying around, especially if they’re not encrypted.
How Safe Is It?
How safe is anything, really? The folks behind Bitwarden try to make it as secure as possible. Things can happen, though, and someone could breach your account.
It always helps, as I mentioned earlier in this article, to have a strong, complex master password. You can also set up two-factor authentication to further harden your account.
If you decide to use Bitwarden, the only advice I can give you is to not store logins to financial institutions or other sites that contain sensitive information. In the end, it’s up to you to decide how and with what you use Bitwarden.
Once upon a time, I was a dedicated user of LastPass. But Bitwarden won me over. While it might not have all the bells and whistles of its competitors, Bitwarden does what I need it to do, and it does it securely.