Balancing the feature set between free and paid password managers can be tough.
Hold back too much and the free edition isn't viable.
Give away too much and people don't bother to pay.
The creators of Bitwarden Premium strike a nice balance.
You get all the necessary features for free, but the premium edition adds some very useful bonus features, at a lower-than-usual price.
Bitwarden Premium costs just $10 per year, while competing products charge quite a bit more.
Dashlane, for example, now lists for $59.99 per year, and Keeper for $29.99.
At one time, LastPass Premium($36/Year at LastPass) cost just $12, but that went up to $24, and more recently to $36 per year.
Bitwarden's price looks pretty good.
There's an extra charge of $1 per month if you want to use the full power of the secure sharing feature.
Team and Enterprise licensing are available with per-seat pricing.
If your people have the right skills, your company can even host your Bitwarden accounts in-house rather than relying on the cloud.
Bitwarden Premium isn't visibly different from the free edition.
It installs as a native app in Windows, macOS, iOS, Android, and Linux, and offers a browser extension for Chrome, Firefox, Edge, Opera, Safari, and a host of less-common browsers.
(Note, though, that the Edge extension isn't working properly at present.) You can also log into your data vault online from any modern browser, and indeed, some features require use of the vault.
It's worth noting that WWPass PassHub is even more flexible, platform-wise.
It runs entirely as a web application, with no local app or browser extension needed, so you can use it on any device that supports a modern browser.
This flexibility comes at the price of automation, though; PassHub doesn't capture and replay passwords.
Shared With Free
I'll ask you now to go read my review of the free Bitwarden, because this product incorporates all the features of the free edition.
What? No time? Okay, I'll summarize my findings here.
Bitwarden does everything you'd expect from a password manager.
It captures credentials when you log in to a site, create a new account, or change your password.
Its toolbar button displays the number of logins it holds for the current page.
Click the button to select one and fill your credentials.
You can also define any number of credit cards and personal data identities for use in filling web forms.
If your aim is to switch from another password manager, just log in to the online portal and pick from a list of more than 30 competing products, among them Dashlane, Keeper, and RoboForm.
It can also import passwords stored in your browsers.
Like almost all similar products, Bitwarden includes a random password generator.
You'll want to crank up the default length and tell it to use all character types.
Even the free edition supports two-factor authentication, either sending codes to your email account or using Google Authenticator (or a workalike).
As I mentioned, Bitwarden supports secure sharing using what it calls organizations.
A free organization supports just two users and lets you create two collections.
Collections can be important, because you can limit access by other users to a specific collection.
Paying an extra dollar per month lets you link up to five Bitwarden Premium accounts, with unlimited collections.
Advanced Two-Factor Authentication
One thing upgrading to premium level gets you is advanced two-factor authentication, or 2FA.
You can configure Bitwarden to require an old-style YubiKey, which generates one-time passwords at a touch.
Better, it can use any FIDO U2F security key such as the Security Key by Yubico or the Google Titan Security Key.
The free Duo Mobile is an app that you can use in place of Google Authenticator, even with the free Bitwarden.
In a business setting, you may encounter a Duo Security installation that supports other modes such as SMS authentication, or even phone-call based authentication.
Bitwarden Premium users can enable this higher level of Duo authentication.
Bitwarden's choices closely parallel those of LastPass and LastPass Premium.
With the free edition you can use various authenticator apps or a low-tech paper grid for your second factor.
Upgrading to LastPass Premium lets you use a YubiKey or a couple other hardware-based options.
When you turn on what Bitwarden calls Two-Step Login, you get a big warning that doing so could possibly lock you out.
For example, if you register just one YubiKey and then lose it, you've got trouble.
Bitwarden generates a recovery code for that situation, and advises you to keep it in a safe place.
You can also configure more than one authentication method, since not every device supports every method.
For example, security key products without NFC don't support mobile devices.
For testing, I registered a YubiKey with ease.
Now someone who steals my login credentials can't pillage my passwords, because Bitwarden won't open without the touch of a registered YubiKey.
I strongly suggest enabling one or more two-factor authentication options.
[embed]https://www.youtube.com/watch?v=AMOtB7XkTT4[/embed]
Time-Based One-Time Passwords
The technology inside Google Authenticator generates Time-Based One-Time Passwords, or TOTPs.
Each code is good for 30 seconds, with the authenticator app and the secure app or website generating new ones in perfect synchrony.
But using the app can be just a tad awkward, especially if you're sitting on a bus juggling a website on your laptop and a code on your smartphone.
Upgrading to Bitwarden Premium gets you some significant help for using two-factor authentication on websites.
Like Myki, Enpass, and AgileBits 1Password, Bitwarden can itself generate the necessary TOTPs.
Scan the QR code into the Bitwarden item with your smartphone, or copy and paste the equivalent secret code on a desktop device.
That's it!
When I tested Myki Password Manager & Authenticator, I found that it fills the username and password, and then fills the six-digit TOTP code.
I tried logging into a protected site using Bitwarden and waited for it to fill the TOTP, but it didn't.
A quick query revealed that the code awaited me in the clipboard.
A simple Ctrl+V did the job.
Reports and Analysis
Holders of a free Bitwarden account can go to the online vault and launch a data breach report.
This report sends your email to the HaveIBeenPwned website and reports details of any breaches that included your email.
Bitwarden's other five reports are reserved for paying customers.
Bitwarden's weak passwords report simply lists items whose passwords it rates as weak.
That's a help, but you still must go to each site, change the weak password, and let Bitwarden record the change.
The same is true of the reused passwords report, which lets you know when you've used the same password on different sites.
Where the data breach report checks for email addresses found in breaches, the exposed passwords report checks whether your passwords themselves got exposed.
I didn't get any hits; if you do, change the passwords stat!
Browser makers and internet experts are pushing hard for every website to use a secure HTTPS connection.
Certainly, any site that's sensitive enough to need a login password should be using HTTPS.
The unsecured websites report checks your collection and calls out any of your logins that go to an insecure HTTP page.
Avira Password Manager also flags such insecure pages in your collection of logins.
Because Bitwarden handles TOTP-based two-factor authentication for you, it knows whether you've enabled two-factor authentication for each saved site.
The inactive 2FA reports zings you if it detects that you've neglected to enable 2FA on sites that support it.
These reports are useful, and they cover a lot of ground.
Take their advice—fix any problems they report.
Even so, I prefer the full-scale password strength report like what comes with Dashlane, RoboForm, Keeper Password Manager & Digital Vault, and a few others.
The kind of report I'm talking about lists all your passwords (masked, of course), with a strength rating for each, and an option to sort from strongest to weakest.
Dashlane, LastPass, LogMeOnce, and Symantec Norton Password Manager take the concept a step further, automating the process of updating passwords for popular sites.
Anything that gets people to stop using "password" and "123456" as passwords is definitely a good thing.
A Good Deal
When you upgrade to Bitwarden Premium, you get enhanced two-factor authentication, advanced reporting and analysis, and the ability to automatically log into sites that use TOTP-style authentication.
You also get 1GB of storage for attachments to your logins and notes, and your support tickets get priority handline.
If those features interest you, $10 per year isn't much to spend.
Keeper Password Manager & Digital Vault comes with a strong focus on security and covers a wide range of platforms, and it offers a variety of advanced features.
Dashlane($59.99 at Dashlane), too, is on the cutting edge feature-wise, and it's very easy to use.
These two are our current Editors' Choice password managers, but Bitwarden Premium is worth a look, especially if you're on a budget.
