I don't care about raising prices, I'm worried about the new CEO having a PE mindset. That means Bitwarden will now focus on extracting value while the product stagnates and degrades in quality. Time to jump ship before their security and quality goes down the drain.

When I first learnt about Bitwarden about 3 years ago, I started hosting Vaultwarden right away. Right now I have one instance for myself and another for my friend's company. Everything runs as smooth as butter. If you can self-host something, do self-host a Vaultwarden instance. If you are (like me) somewhat paranoid about the fact that Vaultwarden hasn't got a proper security audit on its codebase, just run it behind a VPN, it will probably be fine.

I'm not particularly worried about Bitwarden going belly up because it has already have such a well-established open-source replacement. The worst-case scenario is that Bitwarden make the clients incompatible with Vaultwarden, and like how OP already mentioned in the post, somebody in the community will fork them as soon as this happen.

At this point it is too high of a risk to store my password elsewhere. I've been screwed over by dashlane, lastpass, potentially bitwarden now, I am with 1password now, but I've had my passwords in all these places, and I've had to change them each time, probably missing a few.

I like 1password, it is by far the highest quality product I've used in this category. I moved from BitWarden back then because their browser integration was quite poor.

I think I'll move to something custom, or a selfhosted keepass server, with the rugpulls, incidents, and whatnot, it is becoming too high of a risk.

Thankful for people like the author who surveil tech companies that take this well-worn path toward greater monetization

Thank you for this post/link. I have been side eyeing Bitwarden since they started ensh*ttifying the desktop UX last year to make it more like everything else and take up too much space. It had been working perfectly well for browser autofill - super fast and staying out of the way. Now it is bloated white space, slow, standardized UX elements like any SaaS built by AI. Will check out Vaultwarden, Proton Pass, Keepass, I guess. But sadly - yet another tool that worked perfectly well that was ruined in contempt of its own users (LastPass, Authy, Google Reader, etc - the list goes on)

I have moved to KeepassXC[1] on my desktop from Bitwarden. On phone, I use KeepassDX[2] which is Android client compatible with KeepassXC. On browser, I use KeepassXC Browser extension which connects with the desktop client. Since KeepassXC operates on a single file, you can use any Filesystem syncing tool to sync that file between devices or to store it in the cloud. I am really happy with the move.

[1]: https://keepassxc.org [2]: https://www.keepassdx.com

"The phrase “Always free” disappeared from the personal password manager page in mid-April."

It's still on the pricing page, albeit not as prominently. "Just getting started? Get basic password management today. Always free."

Wild to me that Bitwarden raised > $100m from VC. Seems like the kind of thing that would make a nice lifestyle business.

The enterprise version never went beyond password management so I'm not sure how this could have generated a viable ROI.

Lately I've been scrutinizing Bitwarden after discovering a long history of memory leak problems in the GitHub issue tracker. It's an extention I use with all of my browsers. It seems to use an unusually high amount of RAM on Safari and I suspect it's why RAM just never stops growing in MS Edge.

Overall it's not a problem for me if Bitwarden wants more money, but I have to draw the line at replacing top leadership with randoms from private equity and secret price hikes. I'm glad this is being highlighted and it's motivating me even more to find suitable FOSS-friendly alternative.

Ah damn. I've only recently moved in to Bitwarden - paid - largely on the basis of a multiple-user shared vault and emergency grants to personal vaults.

I'd really, really like them to not to ruin it or make it massively more expensive.

Good post. I switched from Bitwarden to KeepassXC / KeepassDX / Syncthing across my Android phone, Linux PC, and Windows PC. This was the setup I had prior to using Bitwarden for the first time. The Keepass experience is significantly better these days! Importing from Bitwarden is trivial too. Recommended!

It still says "Always free" on the website for me. It's both on the billing page on the page linked in the article.

I do share the concerns though. The change in leadership, the poor transparency, 100% price increase and the quiet change in core values.

I was happy paying $10 yearly for Bitwarden. I'm still okay with $20 but there's a seed of doubt.

It does seem like most password managers have no moat for import/export, so I’m kinda banking on the idea that I can quickly migrate to Proton Pass or vaultwarden if things get ugly.

I just don’t want to self-host if I can avoid it.

Staying on top of managing the application and the environment is a whole different level of diligence when the thing I’m self hosting is the keys to my life. At a minimum it would have to be behind something like a wireguard tunnel to a trusted machine, and that’s an added headache for daily use.

I could quite easily ignore all this in the interest of not going through the pain of finding yet another password manager, but having your new CEO specialise in M&A is really hard to ignore.

After the LastPass fiasco I switched to selfhosting a password manager (bw).

Rapidly starting to think even a vibecoded solution may be a better plan relying on commercial options. High risk of don’t roll your own crypto mistakes but realistically that’s not the threat model here anymore for the random individual. It’s online breaches or perhaps a wrench attack not highly skilled crypto adversary. Plus there are probably ready made crypto modules so wouldn’t be a true handroll

> That’s not a software guy who happened to raise some money. That’s someone whose stated specialty is the PE integration and exit process.

Holy smokes has that's not just -> THAT IS become one of my trigger words.

Thank you for pushing me to migrate away from Bitwarden. I've used them for years but I was moving away slowly; now I've moved.

While I agree with the concerns raised in this article, I did not enjoy the writing style of it. Almost all of it feels AI generated, and is written in a very combative tone.

I got my parents using bitwarden a few years ago. This was a massive improvement over them writing passwords in a little notebook in a drawer (yes, really!).

But Keepass is a bridge too far for them. I'm not that enthusiastic about it myself to be honest. The UX is a bit meh (for the clients/extensions I've tried) and file syncing and handling is not something I can in good conscience push to a non technical user. It's just too many moving parts and you just have to do this, that, and the other thing. It's not really fit for purpose with normal users as far as I can see. Like much OSS stuff, UX for normal people seems to be a bit of an afterthought with Keepass.

The key selling point of Bitwarden was that it is free-ish and it is easy enough to work with for somebody that is not too technical. My father is an Android user and my mother has an iphone and ipad. They need access to each other's passwords so they share the same password manager. They are both in their seventies and I need something that is similarly useful and ideally without me self hosting a lot of stuff on their behalf. I don't want to be their system administrator. And I don't want to have to sit them down to migrate their passwords every few years either.

Right now the best move to me seems to be to stick with Bitwarden. I don't really gain anything from moving them over to some other solution and there isn't really anything out there that is materially better as far as I can see.

Say what you will, but the Apple ecosystem's Passwords app and integration works great. It locks me into their services (iCloud), but I don't see them ever charging for it or sunsetting it. (watch me eat my words in the near future)

This will probably finally push me to migrate away from Bitwarden. Somehow over the years the UI was getting worse and worse too. It's more steps to add custom hidden fields than it used to, etc.

It seems like it’s probably time for a bitwarden client alternative. I’m already running vaultwarden, it’d be nice to have a community-run client. The bitwarden client apps are so mid already - it seems like it couldn’t be that hard to out do them.

The Bitwarden chrome extension just randomly stopped working for me the other day. This is after years of working flawlessly. I had to remove the extension and add it back to get it working...What a shame. Hosting a password manager isn't a game; these are people's real lives and businesses at stake.

Omg, do we really need to make another app suck? I left last pass years ago, I'll leave again but wow I'm tired of this cycle. Private equity is truly the destroyer of value. The next time will be self hosted. Anyone know of a password manager that can encrypte and live in say Google drive?

What a shame. I've been a paying Bitwarden customer since 2018. I really don't have time to move off yet, but I'll need to keep an eye out for where to jump. It sucks that this seems to just be the logical conclusion of all great projects.

IANAL but if a company advertises "always free" and then starts charging, how is that not either false advertising and/or a breach of contract?

Tried everything and love 1pass. Dont want to have to think about it too much.

I think this is tentatively good for bitwarden - making money means you can more easily invest in the team and product. Counter to the prevailing notion in comments here, I much prefer a vc/paid product for security-critical tools.

Hope they didn't wait too long before deciding to kill the free tier.

I use BitWarden because I'd never trust a password manager with close source clients. Before BitWarden I used a local manager: BitWarden made my life easier.

The web interface I'd never use: I have no guarantee that my passphrase does not leave my computer. Same for the import feature: this also requires the passphrase to be sent to their servers.

Needless to say I move to the next ethical e2ee password manager if BitWarden turns it's back on open source.

I don't see the problem here. It's a great product and if they want to make money then I don't mind. If it's too expensive, and they hike the price to something ridiculous then I'll vote with my wallet.

Not disputing the overall feeling about the changes at Bitwarden but "Always free" phrase is still actually there if you're creating a personal Free account.

what are some bitwarden alternatives?

Even if the clients go closed source and forked, there's still the very serious issue of closed app ecosystems on iOS and Android. It's one thing to self-host a Vaultwarden instance, it's another entirely to pay Google and Apple $100 a year to publish your own app.

I started looking for a replacement when I noticed how much RAM the extension was using. >1GB for a password manager seems ridiculous. I'm currently debating between Keepassium and Strongbox but I wonder if there is something better.

I believed Steve Gibson about lastpass, then about bitwarden.

How hard is it to fully migrate from Bitwarden to Apple Passwords / Google Passwords? I guess I'm going to have to spend 2 hours on this next weekend.

Dupe https://news.ycombinator.com/item?id=48157588

funny, I just changed to bitwarden from 1-password after they had a big price increase (I probably otherwise would have been a lifetime customer if it could have been a leave it and never think about it again for the next 40 years deal).

I'm not too worried, if bitwarden changes their price somebody is going to vibecode a decent enough solution for pennies on the dollar, or there's always apples built-in product.

Wonder if Sullivan is the same Sullivan involved in the Autonomy lawsuit

This feels more like an expectation management problem than a product problem.

This is terrifying, but I couldn't help myself from frustration at the LLM writing that only worsened over the course of the post. Bloggers, it's not subtle. Please, stop, or at least disclose it.

I don't think these companies are obligated to run a free tier. Someone has to pay the infra. It's a little shady that they didn't announce any of this though. But bitwarden is open source and you can host it all yourself

Besides vaultwarden, I have been testing both AliasVault and peerpass, there’s also passbolt for self hosting. That being said, keep a copy of your vault in keepassXC, and better, don’t put your eggs in one basket so 2FA in keepassXC and passwords in one of the above.

If the price ever became unresaonable i'd host my own VaultWarden instance.

I'm sure if BitWarden ever went closed source, it would be forked and maintained by the community and that most would migrate to the open source solution.

BitWarden being open source and auditable is one of the main reasons I use it, no hidden backdoors from them or three letter government agencies.

I started getting banner ads for them, as well.

Ah! Curse your sudden but inevitable betrayal!

curious whether "always free" is only marketing or actually has some legal implications

Password protection by a for-profit (where the password protection is the product that you can't have unless you pay for it) is a fundamentally stupid and dangerous business model.

Waiting for everyone to understand this.

We've got to remove "quiet" as GPTism. It's a renovation. That's it.

For people looking for an alternative, Proton Pass is one, Keepass + Syncthing is another.

Enshittification is properly viewed as a cybersecurity risk, a category of insider threat. You defend against it, when possible, by using open source software and open, documented file formats. That way, if open source enshittifies, the community can defend by forking. I’m so grateful for KeepassXC.

This is terrible news. Jump off the ship while it's still possible!

I just read the linked Fast Company article [0]. One question that particularly frustrates me about this process is: why are the former leadership of companies that become enshittified so quiet about it? Do they just get paid out with restrictive NDAs?

One of the only exceptions to this I can remember is the founder of Whatsapp, who gave an interview pretty critical of Meta some years back after it acquired Whatsapp.

[0] https://www.fastcompany.com/91542655/bitwarden-scrubs-always...

is there an enshittification watch site? or something to track acquisition and red flags in products/oss projects? itsenshittifiedyet.info if not, what would it take to do that? i think it can be vibed in a weekend.

edit: s/of/and

Crap. I just switched to Bitwarden as it was the only password manager that Just Worked and didn't seem scammy. Oh well

I am tired of this bullshit.

Want to raise the price? Fine, be honest about it and make sure it stays sustainably stable for a long while.

I am not leaving because of the price, but because of the dishonest behaviour around something so central and vital to my daily life.

Can someone just fork BitWarden into another open source project already? Maybe MorselGuardian lol

[dead]

[dead]

[dead]

[flagged]

[flagged]