| Application range and ease-of-use |
|
| Wide download and deployment options |
Cloud, private cloud, self-hosted, mobile, desktop, CLI |
| Mobile Apps (with Mobile Login Controls) |
Available for iOS and Android |
| Browser extensions |
Chrome, Firefox, Opera, Edge, Vivaldi, Brave, Tor, Safari |
| Desktop applications |
Windows, Mac, Linux |
| Streamlined UI design |
|
| Administrative features and capabilities |
|
| Directory Connector |
Synchronize with your existing directory. Provision, de-provision users, groups, group associations |
| User type access controls |
Custom role, granular controls (hide passwords, read only), password inheritance and custodianship, LDAP group permissions, Personal and Company Vaults |
| User management |
Add/remove seats, onboard/offboard users (flags and assistance) |
| Security |
|
| Secure storage for Logins, Notes, Cards, and Identities |
Bitwarden Vault items |
| Secure password generator |
Generate secure, random passwords |
| Encrypted export |
Download encrypted exports from Bitwarden clients |
| Biometrics, mobile |
Android (Google Play or FDroid); iOS (Touch ID, Face ID) |
| Biometrics, desktop |
Windows (Windows Hello using PIN, Facial Recognition, or other hardware that meets Windows Hello biometric requirements); macOS (Touch ID) |
| Biometrics, browser extensions |
Chromium-based browsers (Chrome, Edge, Opera, Brave, etc.), Firefox 87+, and Safari 14+ |
| Emergency Access |
Users can designate and manage trusted emergency contacts |
| Zero knowledge encryption |
All Vault data is end-to-end encrypted |
| Account fingerprint phrase |
Uniquely and securely identifies a Bitwarden user account when encryption-related operations are performed. |
| Subprocessors |
https://bitwarden.com/help/article/subprocessors/ |
| Authentication |
|
| Two factor authentication |
|
| Login with SSO |
Use your existing Identity Provider to perform authentication for Bitwarden via SAML or OPENID |
| Two-step login |
Duo for Organizations |
| Touch ID/ Windows Hello Support |
Configure Bitwarden to accept biometrics was a method to unlock your Vault |
| Compliance, Audits, Certifications |
|
| SOC 2 Type 2 |
https://bitwarden.com/blog/post/bitwarden-achieves-soc-2-certification/ |
| 2018 Security Assessment |
https://bitwarden.com/blog/post/third-party-security-audit/ |
| 2020 Security Assessment |
https://bitwarden.com/blog/post/bitwarden-network-security-assessment-2020/ |
| White box testing |
Performed by unit tests and QA Engineers |
| Black box testing |
Performed via automation or manual testing |
| Bug bounty program |
HackerOne |
| Privacy |
|
| GDPR, CCPA, HIPAA, Privacy Shield |
https://bitwarden.com/compliance/ |
| Reporting |
|
| Vault Health reports |
Exposed passwords, reused passwords, weak passwords, and more |
| Data breach reports |
compromised data (email addresses, passwords, credit cards, DoB, etc.) in known breaches |
| Event logs |
User, item, collection, group, organization events |
| Directory integration |
|
| Bitwarden Directory Connector |
Sync with Active Directory or LDAP, Azure, G Suite, Okta, OneLogin |
| Single Sign On (SSO) |
|
| SAML 2.0 |
Enabling login with SSO for SAML 2.0 |
| OIDC |
Enabling login with SSO for OpenID Connect |
| Link existing account |
Link existing account to SSO |
| Vault access |
Authenticate Vault using SSO |
| APIs and Extensibility |
|
| Programmatically accessible |
Public and private APIs |
| Command line interface |
Public and private APIs Fully featured CLI client application |
| Extensibility Plug-in and extension supports |
Output log data via the API, automate workflows with the API and CLI |
| Technical implementation |
|
| Passwords stored encrypted in-memory until revealed |
|
| Strong and flexible password generation |
Configurable password generator. Policy for Password Generator strength |
| Vendor cannot access passwords |
Bitwarden employs a zero-knowledge encryption model with no ability to see customer vault data |
| Confirming to cryptography standards |
https://bitwarden.com/help/article/what-encryption-is-used/ |
| Resiliency |
|
| Local cache/offline access |
|
| Extras |
|
| Temporary password sharing and generation |
|
| Auto clear clipboard after copying a password |
|
| Duplicate password detection |
|
