How is it with security in the free version?

What if someone hacked BitWarden database, for example, would be able to have all of my passwords if I’m using the free version? or something like that?

Our encryption is the same, regardless of version :slight_smile:

Secure password management for everyone is one of our missions!

Security FAQs | Bitwarden Help & Support.

5 Likes

Then the hackers would only see encrypted data. The only one who has the password to decrypt this data is the user.

2 Likes

Good, but some users still saying the KeePassXC is better whyy xdd

Because of Bitwarden’s EULA. I’m inspecting it now and I see several major issues in it, even being payed used.

You would have to ask them about that.

The “advantage” of Keepass (which I use to backup my Bitwarden database) is that you can store it on your own computer. Whether this is an advantage or not depends on your viewpoint.

It took me some time to think through the issues of storing all my passwords on a database running on a cloud service. The fact is that all encryption/decryption is done on your device. As Peter_H says, even if someone cracked the database all they would see was encrypted data.

Bitwarden’s business is built on the security of their product. Their business would disappear if they were not looking after customers’ data well.

Feel free to tell us what they are, in your view.

3 Likes

I tremendously dislike the following:

  1. “Bitwarden has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. Bitwarden reserves the right to refuse service to anyone for any reason at any time.” — like heck if I paid money, and they decide to stop providing their services to me. THEY DO HAVE ALL MY PASSWORDS!! Just imagine if you can’t have access to them out of nowhere without any notice.

  2. "Bitwarden does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service. "

  3. “You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that Bitwarden (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases Bitwarden of all liability); and (3) provides to you all reasonable assistance, at your expense.” – here I dislike “including but not limited to”, it means that I should be defending them in any case, even if it’s their fault.

1 Like

They don’t as all of them are encrypted with the password only you know.

As with all important data it is your task to make sure that you have a backup that is up-to-date.

All that text is common stuff you will find within the terms of service of many companies.

Just one example: Google One TOS
"Google may stop providing Google One to you at any time, including for breach of these Terms. If you are on a Sponsored Plan, your access to Google One may also be suspended or terminated by your sponsoring party.

Google reserves the right to suspend or terminate Google One at any time, upon reasonable notice to you."

Source: https://one.google.com/terms-of-service

2 Likes

I meant under “They have all my passwords”, that they can stop me from reaching my encrypted passwords.

Google is a quite bad example here, because it’s not a privacy oriented service company. The better example is here: Terms of Use | Mailfence secure email ; or here https://www.logmein.com/legal/terms-and-conditions; or here https://www.keepersecurity.com/termsofuse.html; or here End user license agreement (EULA) | Sticky Password

They have all my passwords

They only had your encryped passwords not YOUR passwords.

1 Like

It’s not about encryption, Bitwarden can just block my account without any notice or reason “Bitwarden has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately”, e.g. block me from accessing all my encrypted passwords - that is my main concern. Here guys asked to share my concerns and I did it. I’ll also be thinking what to do (change the password manager, install it on my server or do nothing)

1 Like

My another concern is, why does Bitwarden Community wants to track my browser through the Canvas Fingerprinting of the website icons? I know it because Firefox notifies me about it.

My another concern is, why does Bitwarden Community wants to track my browser through the Canvas Fingerprinting of the website icons? I know it because Firefox notifies me about it.

why not :v

Have you ever come across an online service where the operators do not assert that ability? I doubt it.

Were Bitwarden to do that I would simply continue accessing sites using the passwords I have stored in other locations. Much the same as I would do if another software company stopped access to some of my data for some reason. That’s a sensible precaution with any software.

Have you read the help system?

I have done so and am happy to have the icons turned on.

Any operator of any website can stop you reaching your data stored on that site, should they decide to do so. Bitwarden is not the exception that you are implying. That is why backups are advised.

Until you logout you can access the local copy of your passwords on your device.

My personal opinion is that Bitwarden’s business depends on customer confidence. If they do things which upset customers then there will not be much business left for them. That’s my view as a satisfied customer.

3 Likes

You misunderstood me. The Bitwarden Community’s website icon is fingerprinting our browsers via Canvas. My main question to myself - why? This question doesn’t require answers of other persons.

I agree with you, that many services use this statement in their Terms of use. But still it doesn’t stop me from disliking it.

That’s just a standard TOS. Bitwarden can’t decrypt your vault, but you have the sole responsibility in case of data loss.