I'm paying for a Bitwarden subscription because I want to support their product and their vision. But I don't know, time passes and some much needed improvements don't seem to arrive.

The most glaring issue (for me, anyway; I fully understand I'm just a sample size of 1!) they have is relying on the pop-up UI of the browser, which I guess is stateless (state is lost when the popup closes, it seems?). The decision of using this UI was already wrong from its inception, IMHO, not sure why they thought it would be a good idea. But more surprising is that they haven't yet moved to the much more reliable and user friendly method of opening their UI on a new tab, which was a no brainer when using LastPass. Oh well. They said to have this in the backlog, so hopefully it gets some attention sooner than later... but in the meantime the end users are faced with silly issues like this, software that loses user data should not be a concern in the first place, and for sure they won't care about some technical explanation about how the browser handles pop-up windows.

(for anyone interested: https://community.bitwarden.com/t/persist-bitwarden-ui-and-m...)

Tavis Ormandy (of Google Project Zero) has a pretty convincing post arguing that relying on browser extensions that modify the DOM (which includes [almost?] all password managers) is a bad idea: https://lock.cmpxchg8b.com/passmgrs.html

(he recommends using your browser's built-in password manager, which isn't as convenient but is much more secure)

It'd be ideal if browsers offered standard hooks into their password-filling mechanisms. Let the password managers volunteer "I know a password for this site!" and fill it through the browser's standard UI.

Basically, I want the browsers to implement something close to what Apple has for password management on iOS. Ideally go a bit further and expose hooks for creating/saving a new login, too.

Unless they already do this, and nobody has actually taken them up on using it?

That's an amazing idea! Do you know if any browser vendor has this concept even in the radar? It would be very cool that password managers were able to do that: manage passwords, and not have to deal with each browser's idiosyncrasies which if you think about it, is just a distraction from their actual mission of being a password storage.

I haven't heard any rumblings about it from browser vendors, unfortunately. Even Apple hasn't extended it to desktop-Safari, as far as I can tell.

iPhone does this already. You can choose from different password managers (I use built inn and and old version of 1P). So works on safari, but also other apps that I assume use some standard password field.

Now that you mention it, that would a fantastic idea; create an extension that exposes some sort of API that the browser can tap into to load suggested credentials for the current domain.

I guess it makes sense, but it's a very very unhelpful suggestion... we're painfully and slowly moving in the direction of teaching users how passwords are less and less useful as long as they are not random, so the ideal alternative is having all random passwords and using a vault that remembers them for us.

But this whole proposition totally breaks if I store my Amazon password in Chrome at work, and then later I cannot access it in Firefox at home, or the native app in my Android phone.

I only open the webui, log in, copy paste my usernames and passwords. I don't trust that my passwords are safe otherwise.

The clipboard is not exactly a secure channel. Browsers need to catch up to mobile and provide dedicated APIs for password managers to hook into so they don’t have to interact with the DOM.

I don't trust the safety of passwords going through my clipboard and me having to manually verify the URL.

It gets worse. Their browser extension doesn't work when using a private window in Firefox. The GitHub issue[0] around it was raised in 2017. They've been blaming Mozilla for deprecating and subsequently removing an API. It's pretty ridiculous.

[0] https://github.com/bitwarden/browser/issues/136

I thought it was just me where Bitwarden didn't work on the private window.

I use Bitwarden in the Firefox sidebar. That provides a persistent state experience.

Good idea! I'm however limited here by the fact that (Firefox at least) only one sidebar can be open at the same time. And for me that's occupied full-time by the fantastic Tree Style Tab extension. I would definitely find it useful if more sidebars could be open at the same time.

Which also doesn't work when using a private window.

I had the exact same experience. I don’t want to care about the app UI etc but when you use a password manager as often as you do it really matters. Not to mention selling the idea to less tech-savvy family members, it really does have to be as simple as can be.

I self-host Bitwarden_rs and use the client apps on Windows, Linux, and MacOS. To me, the UI seems very usable, polished and attractive. It doesn’t seem that different from 1Password, which I switched from a few years ago. What exactly about the UI needs improvement?

I'm a 1Password user right now, but I've tried self-hosting Bitwarden_rs and like it very much.

The one killer feature which is preventing me from switching is the ability to use multiple self-hosted servers at once (so I can separate family vaults from business) [1], but "client profiles" are likely to be implemented some time soon [2].

Now that I've learnt that local vaults are going away in 1Password 8 [3], I'll probably make a move to Bitwarden sooner rather than later.

[1] https://community.bitwarden.com/t/log-in-with-multiple-bitwa...

[2] https://community.bitwarden.com/uploads/default/original/2X/...

[3] https://news.ycombinator.com/item?id=28107225

I thought there were some features missing from vaultwarden compared to bitwarden. I think the one that stuck out to me was lack of AD integration. Any chance you’ve seen a list of what is and isn’t in vaultwarden? My search hasn’t turned anything up. Maybe they’re at feature parity now?

Personally the UI itself is fine. The UX on the other hand not so much.

- Firefox Extension doesn't work fully in a private window in Firefox.

- Extension loses data when you click away from it.

- Extension is hard to navigate using keyboard - e.g. there is no way to copy specific username/password/otp code.

There is lots more issues.

Good to know, extensions always feel like the weak link in password manager security (again, not a developer so happy to be proven wrong here) so I don't use them. I always just copy out of the desktop app (Ctrl + P), still a really fast keyboard-only workflow once you get used to it.

The mobile apps were the primary problem for me. Regrettably it was long enough ago that I can’t remember all the details but I’m pretty sure at the time it didn’t support TouchID for one.

I'd say give it another try sometime! The mobile app (I've only used the iOS version) is very usable and has FaceID support for those that want it. Also, safari can work with the app to pull passwords quickly.

I'm just really grateful this project exists. I've tried most of the major password managers out there and I feel like BW/VW is the clear winner, especially if you're willing to host your own server. If not, their pricing for an annual personal account is incredibly reasonable.

my less savvy family members all use bitwarden with sharing and don't see any major problems fwiw ymmw

I find this surprising. I’ve been using Bitwarden for a few years now… the mobile app is easy to use. They even make MFA painless by automatically copying the code after the password is entered. The browser extensions seem to work fine too. Perhaps the web app is not as clean, but I rarely use it.

That lack of polish and lack of improvement over the couple years I used Bitwarden are why I switched back to 1Password. Being open-source is not a free pass to ignore issues like that.