Bitwarden is just fantastic. It's open source, the interface is clean, works fine on all platforms for me and pretty much everything is free. If the devs browse here, thanks for making it.
I have been using Bitwarden for over a year now and there are still tons of UX bugs that annoy me.
In Firefox extension:
1. There is no memory. If you close the window, to copy the password, you have to re-search for the account to find the username.
2. If you open up bitwarden before the page is loaded, it says it can't find the password box to fill in. This is probably an extension limitation, but still annoying.
iOS
1. No memory. If I search for a username, I have to re-search for the password. It always opens up to the search screen (when I am using it via the password helper keyboard).
2. iOS the keyboard doesn't always show up to let me search for an account via password helper keyboard.
In general
1. You should be able to set a default username or email to automatically use when creating a new account. I hate having to type my email address in every time when creating the account on mobile.
2. When you're registering an account on a website, I first create it in Bitwarden with a password then I paste the password into the textbox to register the account. If the website rejects the password cuz of formatting, I gotta go back into bitwarden, edit and update the password with the new format. it takes like 5 clicks. ugh.
This is what I figured out by accident that helped me overcome the memory issue. Ctrl + H on Firefox, click the top-left dropdown for Bitwarden.
> 2. If you open up bitwarden before the page is loaded, it says it can't find the password box to fill in. This is probably an extension limitation, but still annoying.
The sidebar trick above also helps this issue. When it can't find the password box you just click the "refresh" icon on the Bitwarden sidebar and it'll fill it in. This limitation may be by design so it doesn't have constant access to everything you browse, only allows a "snapshot" of the HTML to fill in when loaded (or refreshed) - complete guess though.
I'd used LastPass before and believe their solution is plan obvious, it just works. So that's what I suggested Bitwarden to do: opening up a new tab with all the extension UI for data entry, instead of depending on the volatile state of a pop-up window.
EDIT: I misread and thought the issue was with the data entry! but now I understand that parent meant manually copying username & password from the extension to a website. While I never do that (autofill seems to work fine for me), the same proposed solution still applies, I guess.
> You should be able to set a default username or email to automatically use when creating a new account.
I think that might be a mobile limitation. Profiles address that problem but I'm not sure if Android or iOS give developers the ability to autofill profiles.
Bitwarden's UX is pretty poor but the way I see it is that's what $12 a year gets me. :)
Hmm, I've tried LastPass, Enpass, a handful of Keepass clients I can't remember the name of and (shortly) 1Password, and I can't really find anything Bitwarden does that much worse than any of these. To be perfectly honest, they're all kind of clunky, IMHO.
> ...and I can't really find anything Bitwarden does that much worse than any of these.
I feel like I can think of a lot but I'll give you one that, to me, is Bitwarden in a nutshell:
What happens if you open your browser, go to https://news.ycombinator.com/login, and hit Bitwarden's autofill shortcut? Nothing, because you didn't log in to Bitwarden first. Pretty much every other password manager will ask you to log in and then they'll autofill.
Ah, I always use the toolbar button rather than the context menu shortcut, so it's a non-issue in my case, as it just will ask me to log-in there. Yeah, that would definitely be a better flow. Maybe I'm just "used" to it and am overlooking some irritants, I don't know.
Agree the UX is poor but I prefer this because there are tradeoffs involved in some of these choices. Auto filling, for example, caused a bunch of critical bugs with LastPass. As an extension, there’s always going to be limitations that I’d prefer security software not push.
Natively integrated password managers like Firefox or Chrome are in a much better position to push for UX but you can see they aren’t that much better either.
> 1. You should be able to set a default username or email to automatically use when creating a new account.
It's not a bad idea but you could also set up an identity, perhaps call it "New sign up", and it'll fill out the email address for you with two clicks - one to open Bitwarden, one to auto-fill.
Just want to echo this. I've been using Bitwarden for about a year now, and a few months ago, my mum (not technologically literate) had her email hacked. Getting her set up with Bitwarden & teaching her how to use it was one of the easiest experiences I've had when introducing her to new software. Really well designed.
I recently set this up with my mom and dad too, and they have been enjoying the relief of only having to memorize one password. It is also much more secure since then their previous methods of reusing passwords.
How dependent is it on them as a service? If their website/service disappeared off the face of the earth tomorrow, would I still have access to my passwords locally?
I'm still hesitant to use any form of password management that relies on cloud services. I still like Keepass (with auto-updates disabled for security because their updater uses HTTP, of course), for my purposes. I can Sync my keepass file any number of secure ways that don't rely on a single provider.
> If their website/service disappeared off the face of the earth tomorrow, would I still have access to my passwords locally?
They provide a selfhosted alternative to their cloud service.
Not only that, there is a rust based birwarden server reimplementation that doesn't phone home (IIRC I believe the official self-hosted server needs an API key?), is compatible with all platform clients (at least for my needs). https://github.com/dani-garcia/bitwarden_rs
Your passwords are cached locally on the devices. You can export your vault too. If their public service goes down (or if you don't want to use it in the first place) you can stand up your own server (there are at least 2 common implementations) and point your clients at it.
I like it so much I proposed it to my boss and we set it up at work. Small team, around 20 people, but even the non techs got up to speed with it with just a 20-minute explanation.
