How to manage your passwords with Bitwarden, a LastPass alternative

Learn how to set up and use open source password manager Bitwarden.
430 readers like this.
Password laptop

geralt, via Pixabay. CC0.

Do you ever feel you have more passwords than you can keep track of? It's probably more than just a feeling. Like most of us, you probably have a hard time remembering all those passwords, no matter how simple or complex they are.

Many people turn to popular services like LastPass and 1Password to help them wrangle their passwords. While solid, those services are also proprietary and closed source. So where can an open source enthusiast turn to find an alternative?

Enter Bitwarden, an application that's aiming to become the go-to open source password manager on the web. Let's take a quick look at how to use it.

Note: I'm not going to cover all Bitwarden's features in this article, just its core password management ones. You've been warned.

Getting started

Sign up for an account. It's free (although there are also paid plans). Your account gives you access to a secure space (called a vault) to store your passwords.

When you're signing up, you'll be asked to create a master password. That's the one that will keep your other passwords safe. It's in your best interest to make your master password as strong and complex as you can—and as you can remember.

If you want a little more control and to embrace your inner geek, you can grab the source code on GitHub and install Bitwarden on your server. There's even a Docker image.

Me? I went with the hosted edition. I know ...

Once you've set up your account, grab the Bitwarden extension for one of the supported browsers (you probably use at least one of them): Chrome, Firefox, Opera, Edge, Safari, Vivaldi, Brave (you can install the extension from within the browser), or Tor Browser.

Now you're ready to go.

Using Bitwarden

You've got your Bitwarden account set up and the browser extension installed. Now what? Head over to a website that you want to sign up for or where you already have an account. When you enter your username and password, Bitwarden will ask you if you want to save your login information. Click Yes, Save Now.

setting up a Bitwarden account

opensource.com

Congratulations! That login is now in your vault. That was easy, wasn't it?

Bitwarden vault

opensource.com

The next time you want access to that site, head on over to the site's login page. Click the Bitwarden icon on your browser's toolbar, then click on the login to fill in your information.

Bitwarden browser extension

opensource.com

The browser extension has a setting that automatically fills in your username and password. You can enable that by clicking the Bitwarden icon, selecting Settings, and clicking Options. From there, click Enable Auto-fill On Page Load. I don't use that feature—I've run into sites where it didn't work. Anyway, an extra click isn't going to do me any harm.

Importing your passwords from another service

What if you're using another password manager and want to move to Bitwarden? You definitely don't want to type in all those logins again, do you? Bitwarden has an import function that you can use to import passwords from a couple dozen other tools, including LastPass, 1Password, KeePass, and several web browsers.

To get started, you'll need to export your passwords as a CSV, HTML, XML, or JSON file (depending on which password manager you're using). Then, log into your Bitwarden vault. Click Tools and Import Data. Select the application you're importing passwords from, then upload the file containing the passwords. Click Import.

Migrating from another password manager

opensource.com

The import is surprisingly quick, even with a large number of passwords. Just remember to securely delete the import file after you've done the deed. You don't want to leave the keys to your various kingdoms lying around, especially if they're not encrypted.

How safe is it?

How safe is anything, really? The folks behind Bitwarden try to make it as secure as possible. Things can happen, though, and someone could breach your account.

It always helps, as I mentioned earlier in this article, to have a strong, complex master password. You can also set up two-factor authentication to further harden your account.

If you decide to use Bitwarden, the only advice I can give you is to not store logins to financial institutions or other sites that contain sensitive information. In the end, it's up to you to decide how and with what you use Bitwarden.

Final thought

Until about a year ago, I was a dedicated user of LastPass. But Bitwarden won me over. While it might not have all the bells and whistles of its competitors, Bitwarden does what I need it to do, and it does it securely.

If you'd like to learn more about Bitwarden, read for my interview with Kyle Spearrin, Bitwarden's developer.

That idiot Scott Nesbitt ...
I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself all that seriously and I do all of my own stunts.

3 Comments

Hey Scott,

Thanks for the overview! I have one question regarding your comment on "not stor[ing] logins to financial institutions or other sites that contain sensitive information". From my understanding one of the main reasons to use a password manager is to let them create long, random passwords, which make it harder to get hacked. If I don't use it for my sensitive stuff, I will fall back to strings I can remember and which are therefore (often) easier to hack. Wouldn't you want a password manager especially for the sensitive stuff? Or would you then use something like this offline: https://gist.github.com/NonlinearFruit/7b6f72f97f0d70086f3f229fbf23850f ?

Cheers,
Al

For really sensitive stuff, I'd use a desktop password manager like KeePassX or Pass along with longer, more complex, and hard-to-remember passwords. That way, I have a bit more control over the password store. But for a majority of my web logins, Bitwarden is my tool of choice.

In reply to by Al (not verified)

Written in asp.not, no thanks, I'm not going to trust my passwords to anything that has been touched by Microsoft

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.