I’ve been a huge fan of 1Password since the beginning. I bought several versions and upgrades for multiple machines and never regretted it.
Something happened with version 7 though, and I haven’t been as happy with the change.
What happened was subscriptions. Now, I have a number of software subscriptions, very very few make me content. If I stop, do I lose my stuff? Can I stop and start again at the same price? Do I have an option to pay up front and own my license – and more importantly, my data?
1Password makes it as hard as possible to answer those questions. They want you over a barrel.
Since I wanted a Windows version, there I was, over that barrel. A purchase was too expensive and gave me fewer features, so I paid for a year ($35 USD) but yes, it was definitely worth it. Fantastic integrations with everything (all browsers and mobile), online storage with browser access, and solid security. But now something else showed up.
That something is BitWarden.
BitWarden offers almost the same features, and is open source. The 100% free version includes online storage, binaries for every platform (including Linux), a good browser-based interface, and amazing integration with everything. You can even host the “online” portion yourself so you can use it in-house if you prefer, and never store your secrets on the cloud.
Some features are limited – like file attachments, one-time passwords and some other stuff require a subscription, but it’s only $10 USD a year.
File attachments I don’t really need. One-time passwords (two factor authentication) is really important these days, and integration is… well, it’s nice.
It has undergone an independent security audit. It’s reassuringly secure. There is no warrant canary clause that I can see, though.
What’s missing, since you are paying less than a third of the price – if you choose to pay at all?
1Password’s vaults are simple. Create a bunch of them and share them as you like.
BitWarden has a very convoluted and confusing version of this called “Organizations”. The free version allows (just) 2 users to share access to one organization. Once you share it though, it blends all of the shared entries in with yours, with no way to filter it. So if you have an entry called “Gmail” in both your home vault and the organization, have fun. There is a small share icon next to the Organization one by that’s it. It would be nice to have a search filter (to steal the VS Code syntax, something like @shared) or a smart list.
You can have “Collections” which are pretty much a security subgroup of Organizations and this allows you to… ok, no seriously… It sounds like it was designed for big companies, not family groups. Even the terminology is frightening.
If you pay ($1/month) you can get up to 5 users. Personally I would bump those up by 1 each level, 3 for free and 6 for personal.
1Password lets you move stuff between vaults with a right-click. BitWarden, I have no clue.
You can store license information in a secure note record, with all the details except icons, but they aren’t differentiated in any way.
There are none. No extra filtering or grouping, one folder for each entry and that’s it. You can mess around with an extra text field for each entry but this is all manual, nothing automatic here.
There is no drag and drop! Want to put something in a folder? Open the record, edit the record, choose a folder, save. Do it again.
And those folders. You’d think folders should be in a sidebar, kinda since that’s the default UI for folders in everything since, well, ever… nope. They’re almost at the bottom of a list when you exit out of everything.
Favorites are at the top of that same big old list.
Super linear and clumsy, especially when you have a large screen like a tablet or desktop to work with.
Sharing and extra features are split between two different subscriptions. It’s even split between annual and monthly payments. When you get one you don’t get the other, you need both!
This does mean that you don’t pay for what you don’t need. But you can end up with people in an organization some with premium some without.
Even with its many shortcomings, I can’t help but be excited about this product. It’s more than a little confusing and lacked a little foresight but when you want to fill a password, boom it’s there.
It’s about 80 cents a month for the full meal deal, and if you don’t want to pay that, you really don’t have to. Security researchers even recommend that you use a separate app like Authy to maintain your passwords and 2FA information in different apps.
Maybe what I like most is that it answers those disturbing questions about subscription software. If I stop, I don’t lose my stuff (file attachments, maybe?). If I stop, I can restart at the same price. I can own the license (for the basic features at least). I can even host my own server if I want.
It’s free and it’s fantastic. Spend some time (an hour, tops) and learn it, that will pay off many times over.