One issue that I see with the Feature Requests category in the community forums is that many requests, even some with lots of votes, are focused on convenience and user experience rather than improvements to the functionality of Bitwarden software. Personally, I don’t believe there is anything inherently wrong with this, but at some point these requests start to cross the line when users ask for frivolous features (e.g., create a second “optional” interface so that Bitwarden behaves just like my previous password manager) or features that are difficult to implement without compromising security. Of course, one can only upvote a suggestion, not cast a dissenting vote, so it is difficult to judge how much support vs. opposition exists for any feature request.
Like many other Bitwarden customers, I chose Bitwarden because it is lean, efficient, and very secure (which differs greatly from some of my previous password managers!). I also fear that if the Bitwarden development team implements a lot of “convenience” features, the things I like about Bitwarden might be compromised. For example:
- some features may directly or unintentionally impact security (e.g., cross-client/cross-application communication of sensitive info, like decryption keys)
- increasing the codebase always increases exposure to bugs and/or security risks, at least to some degree
- increasing the codebase also increase the amount of development time needed to maintain the entire codebase, increasing costs
- increasing the number of features increases the amount of documentation that needs to be maintained, increasing costs
- increasing the number of features increases the demand for product support necessary to serve users, increasing costs
- increasing features, particularly “optional” features, necessarily leads to a more complex user interface, at least to some degree
So, I am curious to hear how others feel about such issues. Do you think the Bitwarden development team should prioritize user choice for features, as demonstrated by the support for various feature requests here on the forums, even if it compromises some degree of security or functionality? Or should they always prioritize security and functionality, and changes to user experience be given lowest priority if they expose security risks or reduce functionality (e.g., make the interface slower)? Or should new features be implemented based on community demand, but only if the impacts to security and functionality are expected to be low and are outweighed by convenience?
What approach do you want to see in a password manager?
- User experience and convenience is more important that strict security
- Security is more important than a convenient and feature-rich interface
- Balanced approach: I want a convenient interface even if it sometimes compromises security
I’ve got no dog in this hunt, but as someone who ran polls & surveys for years, this is inherently flawed. The wording forces people to choose between good and bad. Do you want pretty, or do you want secure? We were taught to not funnel people into choices based on wording.
I’m guessing most (all?) of the people who want a more “convenient interface” (your words) do not want to give up security.
It is probably not too late to change the poll if you have a constructive suggestion, @astrohip?
There’s very little in life that’s not a balance/compromise of some kind. But people do differ in their sense of where the optimum balance point lies (which I think is what you were trying to get at, but difficult to judge in a simple poll)
I have to admit the volume of user requests is high and some of them seem somewhat trivial or unnecessary to me. For the most part, I try keep my mouth shut in such cases (unless I think there is a factual misstatement or misunderstanding). My reasons are: A) I’m not an expert; B) with a large number of forum readers, then it can get messy and argumentative pretty quickly if everyone is chiming in with their opinion about the usefulness or non-utility of each request. I’m not really familiar with how the requests are ultimately evaluated, but I assume there is some careful judgement by the bitwarden team which goes far beyond the number of upvotes and the balance of pro-con discussion within the thread.
The assumption you’ve made is that convenience comes at the cost of security. Your poll outright asks if you’ll give up security for convenience. I doubt that’s what people who make suggestions have in mind. I don’t think there’s an impartial way to ask what you’re implying.
It’s like the political pollster who asks if you support their candidate, or if you’re okay with chaos & incompetence. Biased assumptions lead to flawed polls.
Please note I’m not commenting on the various requests. Just the poll itself. And also note that not one person has voted for “sure, screw strict security, I’ll take pretty”.
To be fair, I did provide a long list of reasons to explain why convenience will come at the cost of security and maintainability. Again, do you have a better suggestion here? I am totally open to constructive discussion, if you have any to offer. Cheers!
I agree that the feature request category contains many requests made without giving much thought to security or without them realizing that it would involve a lot of unnecessary addition to the code or make make the UI complex.
To some extent this problem could be due to the fact that not all users would be knowledgeable enough to understand the security aspects of a feature requested or how much effort would go in just maintaining these clients on multiple platforms.
Some may even be using password manager for the first time so it maybe naive on their part to ask for frivolous features.
The primary reason i trust bitwarden is because i am able to understand its security model and its working.
My expectation from bitwarden is to keep security at its core ,so that its easier for people to understand the basic working and security threats.
A popular request may have an affect on the way in which bitwarden evolves.
But i feel this largely depends on how bitwarden team reacts to these feature requests.
As getting more votes on a feature request won’t necessarily mean it would be implemented.
Bitwarden as an organization would have to cater to their customers demand in order to stay in the competition. So those factors would also come into play.
Maybe one way to prevent the product from becoming too complex and loaded with unnecessary bloatware is to educate people about the security risk involved in such features and the impact it would have on the performance.
A logical explanation or an argument against implementing a particular feature requests’ regarding its effect on the security or the performance issues could be provided. This could be very well considered instead of solely relying on number of votes as their is no method to give more weightage to valid arguments.