Bitwarden is very good but critically lacks some secure input methods:
- A Bitwarden custom keyboard on Android
- A Bitwarden custom virtual keyboard as part of the browser extensions
This is not some decorative or convenience feature; this is required for security, which should be at the very heart of any password manager business.
-
Android needs a Bitwarden custom keyboard because you cannot rely on any other third party’s keyboard (like Google, Samsung, Microsfot Swiftkey, …) for not logging your key strokes. This is specially critical when logging to his Bitwarden account itself. As a matter of fact, all the keyboards with a predictive completion feature does exactly that. With a custom Bitwarden keyboard, one would have an input method with the company he/she already trusts for keeping his passwords anyway. (And needless to say, if any password manager company would deceive its customers by implementing a keylogger, that would be the end of that company overnight).
-
Likewise, a Bitwarden virtual keyboard is needed for the browser extensions. This is for when a user needs to log in to his Bitwarden account from a device he does not own or control, like at a public place or at some other people’s place. This keyboard would be part of the browser extension itself and would display a keyboard layout to click on. The keystrokes would only be made and processed within the plugin process, so with minimal exposure to any external keylogger or malware.
Once again, this is about security. This is core. Keepass has it; LastPass has it (maybe others I can’t say); but Bitwarden does not have it for some reason. This is critically needed.