For the closest experience, self-host Vaultwarden and keep using the bitwarden clients you're used to. They're GPL-3.0 and aren't going anywhere (and could be forked if there was ever drama).
If you want to fully disassociate from bitwarden, there are vaultwarden compatible 3rd party clients. I like Keyguard.
Kinda funny. I helped get passit.io off the ground YEARS ago but we pivoted away from it because Bitwarden more or less ate our lunch. They just moved way faster.
Passit still works! Just as a webapp + chrome and FF extensions. I think we had an Android app too, dunno if that's still a thing.
Maybe if the best open source option is a less viable option, I should poke at its creator to revive it...
I've been keeping my eye on AliasVault[1]. Open-source, self-hostable or pay for cloud hosting, handles both email aliases and passwords.
I'll probably switch for password management once it has a proper security audit, and for email aliases once (if) they implement IMAP/SMTP or similar so reading emails isn't restricted to in-app.
Tried self-hosting it and importing passwords. UX was very good, but I had some understandable UI hiccoughs that made me not want to use it. The non-native Android app also felt pretty slow.
I don't think these companies are obligated to run a free tier. Someone has to pay the infra. It's a little shady that they didn't announce any of this though. But bitwarden is open source and you can host it all yourself
I use BitWarden because I'd never trust a password manager with close source clients. Before BitWarden I used a local manager: BitWarden made my life easier.
The web interface I'd never use: I have no guarantee that my passphrase does not leave my computer. Same for the import feature: this also requires the passphrase to be sent to their servers.
Needless to say I move to the next ethical e2ee password manager if BitWarden turns it's back on open source.
I don't see the problem here. It's a great product and if they want to make money then I don't mind. If it's too expensive, and they hike the price to something ridiculous then I'll vote with my wallet.
Lately I've been scrutinizing Bitwarden after discovering a long history of memory leak problems in the GitHub issue tracker. It's an extention I use with all of my browsers. It seems to use an unusually high amount of RAM on Safari and I suspect it's why RAM just never stops growing in MS Edge.
Overall it's not a problem for me if Bitwarden wants more money, but I have to draw the line at replacing top leadership with randoms from private equity and secret price hikes. I'm glad this is being highlighted and it's motivating me even more to find suitable FOSS-friendly alternative.
Thank you for this post/link. I have been side eyeing Bitwarden since they started ensh*ttifying the desktop UX last year to make it more like everything else and take up too much space. It had been working perfectly well for browser autofill - super fast and staying out of the way. Now it is bloated white space, slow, standardized UX elements like any SaaS built by AI. Will check out Vaultwarden, Proton Pass, Keepass, I guess. But sadly - yet another tool that worked perfectly well that was ruined in contempt of its own users (LastPass, Authy, Google Reader, etc - the list goes on)
Not disputing the overall feeling about the changes at Bitwarden but "Always free" phrase is still actually there if you're creating a personal Free account.
funny, I just changed to bitwarden from 1-password after they had a big price increase (I probably otherwise would have been a lifetime customer if it could have been a leave it and never think about it again for the next 40 years deal).
I'm not too worried, if bitwarden changes their price somebody is going to vibecode a decent enough solution for pennies on the dollar, or there's always apples built-in product.
This is terrifying, but I couldn't help myself from frustration at the LLM writing that only worsened over the course of the post. Bloggers, it's not subtle. Please, stop, or at least disclose it.
I don't care about raising prices, I'm worried about the new CEO having a PE mindset. That means Bitwarden will now focus on extracting value while the product stagnates and degrades in quality. Time to jump ship before their security and quality goes down the drain.
Ah damn. I've only recently moved in to Bitwarden - paid - largely on the basis of a multiple-user shared vault and emergency grants to personal vaults.
I'd really, really like them to not to ruin it or make it massively more expensive.
After the LastPass fiasco I switched to selfhosting a password manager (bw).
Rapidly starting to think even a vibecoded solution may be a better plan relying on commercial options. High risk of don’t roll your own crypto mistakes but realistically that’s not the threat model here anymore for the random individual. It’s online breaches or perhaps a wrench attack not highly skilled crypto adversary. Plus there are probably ready made crypto modules so wouldn’t be a true handroll
Enshittification is properly viewed as a cybersecurity risk, a category of insider threat. You defend against it, when possible, by using open source software and open, documented file formats. That way, if open source enshittifies, the community can defend by forking. I’m so grateful for KeepassXC.
Good post. I switched from Bitwarden to KeepassXC / KeepassDX / Syncthing across my Android phone, Linux PC, and Windows PC. This was the setup I had prior to using Bitwarden for the first time. The Keepass experience is significantly better these days! Importing from Bitwarden is trivial too. Recommended!
When I first learnt about Bitwarden about 3 years ago, I started hosting Vaultwarden right away. Right now I have one instance for myself and another for my friend's company. Everything runs as smooth as butter. If you can self-host something, do self-host a Vaultwarden instance. If you are (like me) somewhat paranoid about the fact that Vaultwarden hasn't got a proper security audit on its codebase, just run it behind a VPN, it will probably be fine.
I'm not particularly worried about Bitwarden going belly up because it has already have such a well-established open-source replacement. The worst-case scenario is that Bitwarden make the clients incompatible with Vaultwarden, and like how OP already mentioned in the post, somebody in the community will fork them as soon as this happen.
It seems like it’s probably time for a bitwarden client alternative. I’m already running vaultwarden, it’d be nice to have a community-run client. The bitwarden client apps are so mid already - it seems like it couldn’t be that hard to out do them.
I just read the linked Fast Company article [0]. One question that particularly frustrates me about this process is: why are the former leadership of companies that become enshittified so quiet about it? Do they just get paid out with restrictive NDAs?
One of the only exceptions to this I can remember is the founder of Whatsapp, who gave an interview pretty critical of Meta some years back after it acquired Whatsapp.
Password protection by a for-profit (where the password protection is the product that you can't have unless you pay for it) is a fundamentally stupid and dangerous business model.
78 comments
[ 2.4 ms ] story [ 58.1 ms ] threadAll locally synced
There are sharing options but they are not really convenient, not a problem for me since I mostly don't share passwords
If you want to fully disassociate from bitwarden, there are vaultwarden compatible 3rd party clients. I like Keyguard.
Passit still works! Just as a webapp + chrome and FF extensions. I think we had an Android app too, dunno if that's still a thing.
Maybe if the best open source option is a less viable option, I should poke at its creator to revive it...
I'll probably switch for password management once it has a proper security audit, and for email aliases once (if) they implement IMAP/SMTP or similar so reading emails isn't restricted to in-app.
[1]: https://www.aliasvault.net/
The web interface I'd never use: I have no guarantee that my passphrase does not leave my computer. Same for the import feature: this also requires the passphrase to be sent to their servers.
Needless to say I move to the next ethical e2ee password manager if BitWarden turns it's back on open source.
Overall it's not a problem for me if Bitwarden wants more money, but I have to draw the line at replacing top leadership with randoms from private equity and secret price hikes. I'm glad this is being highlighted and it's motivating me even more to find suitable FOSS-friendly alternative.
I do share the concerns though. The change in leadership, the poor transparency, 100% price increase and the quiet change in core values.
I was happy paying $10 yearly for Bitwarden. I'm still okay with $20 but there's a seed of doubt.
I'm not too worried, if bitwarden changes their price somebody is going to vibecode a decent enough solution for pennies on the dollar, or there's always apples built-in product.
I'd really, really like them to not to ruin it or make it massively more expensive.
Rapidly starting to think even a vibecoded solution may be a better plan relying on commercial options. High risk of don’t roll your own crypto mistakes but realistically that’s not the threat model here anymore for the random individual. It’s online breaches or perhaps a wrench attack not highly skilled crypto adversary. Plus there are probably ready made crypto modules so wouldn’t be a true handroll
I'm not particularly worried about Bitwarden going belly up because it has already have such a well-established open-source replacement. The worst-case scenario is that Bitwarden make the clients incompatible with Vaultwarden, and like how OP already mentioned in the post, somebody in the community will fork them as soon as this happen.
One of the only exceptions to this I can remember is the founder of Whatsapp, who gave an interview pretty critical of Meta some years back after it acquired Whatsapp.
[0] https://www.fastcompany.com/91542655/bitwarden-scrubs-always...
Waiting for everyone to understand this.