Musings on the demise of MYKI and the future of Bitwarden (Was: It's time to leave Bitwarden)

In March 2022 I received a very well-intentioned message from MYKI Security, the company behind the MYKI password manager. Underneath all the corporate speech their plight was simple: it is very hard to turn a profit for our company so we are deciding to move to other venues.

If you haven’t used or heard of MYKI, here’s what it offered in its free tier:

Unlimited passwords
Unlimited devices
Unlimited 2FA keys
Unlimited secure notes
Unlimited credit cards

A very appealing offer for most users. Their intended customers were teams and businesses but turn out there are not that many of them. Most teams either don’t want a password manager (“not a problem” scenario) or they are already using a different one (LastPass etc.).

The problem with MYKI was simple: they didn’t want to charge the majority of their users to encourage higher signups, more growth, etc. I was also one of their free users who refused to upgrade because I never felt any need to. I could store unlimited passwords & unlimited 2FA keys, and have them synced across unlimited devices. Why would I upgrade when there were 0 extra features I needed? That was also one of the reasons it was so hard to migrate when they did eventually kill off MYKI — no other password manager, including Bitwarden, offered the breadth of features MYKI did in their free tier.

What does this have to do with Bitwarden?

Let me explain.

Until now the only source of revenue behind Bitwarden were their users (or teams/businesses). Unlike MYKI they do not include 2FA in the free tier but everything else was free (very appealing for new users). What did they charge though? $10/yr:

That is not a boatload of money. Why? Because they know that no one would pay otherwise. Password managers don’t have a lot of innovation left in them and the only saving grace behind Bitwarden is its open-source nature. Password managers are a fire-and-forget kind of software. You never even open a password manager except to unlock it. The only real use case of a password manager is to, well, manage your passwords. That’s it.

Bitwarden is the only password manager recommended by the majority of the security community to layman users due to its simplicity & security. A wonderful product, to be sure.

But the problem with their approach would be apparent to any business-minded person: there is not a lot of selling potential in a password manager. After a point, you are forced to look towards the B2B market (via MYKI Teams or Bitwarden Business plans) but that is clearly not enough.

The evidence lies in the recent move by Bitwarden to raise a $100M seed fund to shift their focus towards other opportunities (authentication). Bitwarden succeeded. It got popular and hit its peak potential (aside from acquiring more users).

What does the $100M seed funding mean for Bitwarden?

Any kind of seed funding is focused on 2 primary things:

The potential in the team/product to succeed.
The need to generate a lot of revenue.

VC-backed startups are intensely revenue-focused. They no longer have the option to say no to business propositions that’d be harmful to the freeloaders at the cost of paywall-ing content, cutting features from the free plan, etc. This makes perfect business sense. You can’t make money by selling free food.

Why would Bitwarden be any different? $100M is a lot of money. The first thing that’ll happen is either the team’s focus will move towards a lot of different things or they’ll build things around Bitwarden turning it into a complicated mess no one wants to use (unlikely).

As with any VC-backed startup, Bitwarden will have a limited time to turn a significant profit by whatever means possible. Investors don’t like to lose money. And let me tell you one thing. $100M is a lot of money and once you see & handle that kind of money, it’s hard to look back. I wouldn’t be surprised if after the first few years of trying, Bitwarden the password manager gets discontinued.

The impact of this decision will reverberate over a few months. If the core team starts a different project, you’ll see reduced activity in their GitHub repository — the death of Bitwarden is near.

But Bitwarden is open source!

It won’t become another MYKI, for sure (unless they close source their code (highly unlikely)) but won’t it impact you, as a user, when suddenly the perfect product becomes buggy due to negligence? I am not sure what’ll happen here. Maybe the community will take up the project, maybe another company will acquire Bitwarden. In any case, Bitwarden’s future is quite shaky.

You can always stay on a certain version, never upgrade, self host and live off of that but how feasible is that for the average Joe? The open source nature of Bitwarden makes this sort of thing more bearable but it’ll still be a huge hit.

What can you do?

When MYKI got acquired moving my passwords was extremely hard. There are not many open source (or closed source) alternatives that offer the same set of features as Bitwarden. I eventually settled with Keepass which isn’t ideal either (manual sync, old UI, broken clients) but I am quite sure it isn’t going anywhere (it’s community-run, multiple clients, no centralization, no servers, just a DB version that can’t be killed off).

Does this recent news mean Bitwarden is dying off? No. All this is conjecture but based on a lot of previous evidence. Seed funding is extremely bad for the consumer market (unless you are Netflix). Should you migrate to another password manager? Too soon to say anything. You’re probably safe for a few years. It is only wise to prepare beforehand, however, in case something of this kind does happen. This includes researching & trying out alternatives or,if you are like me, building your own.

Closing thoughts

I honestly hope this doesn’t happen and that Bitwarden stays true to their original purpose but it appears highly unlikely. Moves like these should make you cautious of what can happen (exactly what this blog aims to do).

Hey there, you might be interested in reading the recent response from our founder and CTO, Kyle:

Hi. As mentioned in the article, Bitwarden has already had VC investors for years. I think our track record to date shows how we operate in this relationship. We specifically choose partners that align with our vision, not just anyone that comes off the street wanting to throw money at us (though there are many). I am not sure what caused the downfall of LastPass, but this is not some takeover, buyout, or shift in our business plan by any means. I realize that actions speak louder than words, so we’ll continue on as planned and hopefully you’ll still be a happy customer years from now.

Or visit the thread on Reddit.

You can also read a blog post form the team about it here: Accelerating Value for Bitwarden Users - Bitwarden raises $100 million | Bitwarden Blog

On a side note, to answer one of your statements above, the free tier does include 2FA options, including email or authenticator app, unless you’re referring to seed generation, which does require a premium account but there are many great free acounts out there to choose from should you need this functionality without a premium account, such as Raivo or Aegis.


TL; DR:   

Title: “It’s time to leave Bitwarden”

Body: “You’re probably safe for a few years.” :roll_eyes:

This is all conjecture. If I see something I don’t like I’ll move to another password manager, as I’ve done more than once in the past. I’m not worried at all from what they’ve conveyed and how they’ve conducted themselves in the past.

I could not be happier with BW! Its too cheap from my perspective. This will be a little harsh but if somebody doesn’t want to pay 10 bucks a year and yet wants to complain about missing features just let them leave. I am a security Admin on other sites and its always those not paying the freight referencing missing features on great products. As a “Business Mgr” I would suggest the model where a new user gets absolutely ALL premium features available for 30 days and then its either subscribe or be cutoff. There could be a mechanism in place for someone that literally cannot afford BW safety to petition Mgmt here via PM’s based on an honor system. .02


BW has a lot of business customers - the company I work for included. This is how they make their money. I love that their business model includes providing free services to individuals, whilst charging a fair amount for commercial businesses to use it.

1 Like

“I eventually settled with Keepass” The title is a bit misleading, it should be something like “Reasons why I did not choose BW”

“the problem with their approach would be apparent to any business-minded person: there is not a lot of selling potential in a password manager” 1Password seems to be having some success.

I have been a BW subscriber since migrating from LP a few years ago Not because I needed the extra features, but feel it is important to support quality OSS. Of course they have added features to the premium tier, so I now consider it essential and a bargain. I hope you consider donating to keepas.

Good point. As I am authorized to edit topic titles, I changed the title to Musings on the demise of MYKI and the future of Bitwarden (Was: It’s time to leave Bitwarden).