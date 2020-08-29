Bitwarden releases you from the grip of browser password managers getty

Where do you store your passwords? Most people will surrender to the nagging and save them in their web browser, avoiding the need to remember complex passphrases every time they visit a site.

That, as Bitwarden founder and chief technology officer, Kyle Spearrin, admits is “better than not using anything”, because people using browser password managers is preferable to the alternative of not using them at all and re-using the same, easy-to-crack passwords across multiple sites. But it’s not as good as a standalone password manager for many reasons – and Bitwarden is the best password manager I’ve ever used.

Bitwarden has many plus points. It’s free, albeit with a modestly priced ($10 a year) premium offering that brings additional features. It’s not pulling the same trick that some better-known rivals do, where the “free” version is more like a free trial, limiting you to saving only a certain number of passwords before you have to pay. You can save as many passwords as you like in Bitwarden, as well as other personal information.

It’s open source, which means its code is open for inspection by anyone, allowing the tech community to spot any potential security flaws – not that they’ve discovered a serious one yet. To be doubly sure, the software is routinely audited by renowned security experts to make sure holes don’t appear.

Perhaps best of all, it works with almost any device and browser you can mention: Windows, Mac, Linux; iOS and Android; Chrome, Firefox, Safari, Edge, and many more niche browsers. That, as Spearrin explains, leaves you free to roam, unlike the browser password managers.

Avoiding the browser lock-in

The problem with browser-based password managers is that they quickly become redundant if you mix and match browsers and devices. Save all your passwords in your iPhone, for example, and you can’t access them in Chrome on Windows. “As we enter this world where people use their devices in different ways, where they’re not necessarily locked into a specific vendor, it quickly breaks down,” says Spearrin.

“I’m an iPhone user, but I’m also a Windows user on the desktop. I have three different browsers on my desktop for different things. So, I can’t be locked into a specific vendor,” he says.

The browser makers want your passwords to keep you locked into their products. Rival browsers will never sync logins and passwords between them because it’s not in their best interests to do so. “Chrome doesn’t want to add value to Firefox and Firefox doesn’t want to add value to Chrome,” Spearrin says. “That’s where we really shine and offer a lot of value for our users. We’re platform agnostic. Our goal is to make your passwords available on any platform you may use. We don’t care what vendor that is.”

Browser biteback

Bitwarden operates by providing browser extensions for all of the different browsers, allowing it to sync, save and autofill your passwords. Is Spearrin worried that the browser makers will eventually act in their own self-interest and make it harder for third-party password managers to exist by, say, blocking their browser extensions? “It’s not really something that keeps me up at night,” he claims.

If anything, Spearrin claims, the vendors have made it easier for third-party password managers over the past few years – both Google and Apple have allowed password managers to autofill on their mobile operating systems, for example. “I think that’s come from demand from their user base,” Spearrin claims. “They don’t want to just use Chrome’s password manager or Safari Keychain. We’ve seen the browser vendors and operating system vendors responding to that and opening it up even more.”

“Even though it’s not in their direct interest to help us out, it’s in their interests to satisfy consumers. I don’t see them retreating and trying to lock us out.”

One-man band?

Spearrin started Bitwarden only four years ago. While the company has continued to grow, there are repeated fears among Bitwarden’s loyal community of users on Reddit that Bitwarden is something of a one-man band. They see Spearrin author the vast majority of Bitwarden code changes on GitHub and wonder what would happen to Bitwarden if the chief technology officer were to go under the proverbial bus?

“I’ve mostly been the face of the company, but I’m not the only behind operations,” Spearrin insists. “About a year ago I bought in a CEO, Michael Crandell, to help run the company, and Gary [Orenstein] to be our chief customer officer and do a lot of the go-to-market and customer interaction.”

“We’ve also expanded significantly our engineering department over the past year, with several full-time developers that now work on the team as well. We have a customer support team, sales team, marketing team… we’re a little over 20 people now,” he says, with the company continuing to hire.

With an engineering team now behind him, Spearrin is looking forward to implementing some of the new Bitwarden features that have long been on the company’s roadmap, which – like almost everything else Bitwarden does – is made public for everyone to see.

On the list of new features Bitwarden is working on are emergency access, allowing trusted users to recover someone’s passwords should a user find themselves locked out (currently, if you forget your Bitwarden master password, there is no way of recovering the password or any of the passwords stored in the account). The firm is also working on client profiles, allowing you to easily switch between work and personal Bitwarden vaults, for example.

And while the roadmap also includes greater support for FIDO 2, a new security specification that authenticates users with fingerprint readers, cameras or security keys, Spearrin is pretty sure passwords won’t die anytime soon, despite constant predictions about their demise.

“The reality is passwords are not going away,” he says. “If someone tells you this new technology is going to destroy passwords, I think historically you can look at that with a very skeptical eye and make a strong case about why that’s not going to happen.”

