alt.hn

5/15/2026 at 12:11:38 PM

Bitwarden scrubs 'Always free' and 'Inclusion' values from its site

 https://www.fastcompany.com/91542655/bitwarden-scrubs-always-free-and-inclusion-values-from-its-website-as-longtime-execs-step-down

by gpi

5/15/2026 at 1:26:49 PM

Actually, the part of the article that made me prick my ears up was this paragraph:

In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.

In combination with downplaying the free plan and removing any hint of now politically unfashionable DEI-like language, what this screams to me is: Bitwarden is being prepped for a sale.

by chipotle_coyote

5/15/2026 at 2:26:45 PM

This feels like deja-vu with Lastpass.

LogMeIn buys Lastpass, multiple massive breaches occur[, people move to Bitwarden].

by nacs

5/15/2026 at 3:31:26 PM

Did Lastpass have a project like Vaultwarden behind it at the time? I'm hoping against hope that that will keep us with an open vault.

by troyvit

5/15/2026 at 4:35:49 PM

vaultwarden is great, but password managers are security critical software that need consistent maintenance and constant updates.

if bitwarden is acquired and the new owner decides an open source version of their product is not a business necessity, without someone actively supporting the salaries of engineers it’s unlikely to continue to be secure for much longer.

by jmux

5/15/2026 at 6:48:19 PM

> vaultwarden is great, but password managers are security critical software that need consistent maintenance and constant updates.

You’re acting like this isn’t the case already with vaultwarden? (and it’s easier to host as well, making for easier updates) https://github.com/dani-garcia/vaultwarden/releases

by joecool1029

5/16/2026 at 10:18:08 AM

Is it possible that you are assuming they are referring only to Vaultwarden itself? Half of the equation is a server component compatible with every app produced by a company, the other is every app that is produced by a company. If the company decides to stop being compatible (by changing their own communication), what are you left with besides the built-in web interface and a handful of “maybe-compatible, maybe-secure” apps?

Security updates aren’t just about the vault. What does having a fancy locking system mean if the moment you open the door everyone can just walk in?

Most people just want a product to do what it says from all their devices, and don’t care about any of this stuff. As such, they are more inclined to simply move to yet another least-friction mature ecosystem.

Vaultwarden as an alternative is a bit like suggesting a third-cousin who homebrews beer in a trash can knows a viable alternative as a nationwide replacement for Budweiser, because they both happen to use the same shape of bottles. I’m sure some family and friends might go along, but everyone else is just going to pick a new common brand that is similar to what they had, not start brewing their own beer. Some will…for a while.

The best thing about self-hosting your password vault is that you can be naive about how many times it has been compromised without detection.

(I’m not against self-hosting things — I’m against acting like it is a realistic alternative for average people who almost never have the skills to implement it securely.)

by therealpygon

5/15/2026 at 5:56:21 PM

But since it's already open source and popular among tech savvy people, they have to weigh any attempts at increasing profits against the risk of losing customers to a fork.

by hgoel

5/16/2026 at 5:56:59 AM

They will make the wrong decision.

by nerdsniper

5/15/2026 at 10:28:06 PM

The issue is that a huge amount of value is tied up in the client applications, which do not have community-maintained equivalents.

by noplacelikehome

5/16/2026 at 10:55:12 PM

Well the first thing they can do is block access to self hosted servers in the official app. And they could petition Google to not allow clones in the play store. Together with Google's sideloading harassment that will make it much harder to use vaultwarden.

by wolvoleo

5/15/2026 at 4:14:03 PM

Well, it was nice while it lasted.

by fbd_0100

5/15/2026 at 10:30:41 PM

I use bitwarden, but it not being able to share a single secret is becoming an issue.

In my search for alternatived I stumbled across https://passbolt.com/ AGPLv3 and does support sharing single secrets, but no free hosted version. Free if you self host of course.

It guess it's a vaultwarden without "the man in Nebraska" problem.

by rstuart4133

5/16/2026 at 4:50:08 PM

A free hosted version pretty much just looks like prep for a rug pull to me.

by thfuran

5/16/2026 at 9:38:58 AM

Looks promising. But no hosted offers for individuals as far as i can see.

by throwaway270925

5/15/2026 at 9:43:40 PM

Hardly.

I wanted to like it, but didn’t.

by sshine

5/17/2026 at 5:58:53 AM

What do you prefer?

by DANmode

5/17/2026 at 10:35:51 AM

Firefox Sync.

On iPhone, Firefox Mobile can work as a password manager.

I'd like something that is easier to self-host, and isn't tied to Firefox.

But my botched migration to Bitwarden has left me looking for something that works better; in the meantime, I'm staying with Firefox + Firefox Sync. I use another browser on iPhone, since Firefox Mobile has memory problems with many tabs. (The problem was there for years, got fixed, and reoccurred.)

by sshine

5/15/2026 at 2:44:55 PM

This is what made me and others nervous when they announced a huge investment into the company a few years ago. It was already a good and self-sustaining product, and taking on that investment was just going to create an expectation of returns later down the line, something that was more likely to result in enshittification.

by rcxdude

5/15/2026 at 6:17:02 PM

When did they remove DEI language?

And how is that relevant, either way?

by YFriedman

5/15/2026 at 7:26:29 PM

It's relevant because it was ostensibly a value of Bitwarden's at some point, but they've thrown it under the bus now that they're looking for a buyer.

by nozzlegear

5/15/2026 at 7:48:33 PM

[flagged]

by thefz

5/15/2026 at 11:06:13 PM

As the other person implied: if they're throwing out some values now, which other values will they throw out in the future?

by nozzlegear

5/15/2026 at 10:06:57 PM

Yes. Enshitification after an acquisition by private equity is a real threat to Bitwarden's perennity as a secure and free password manager.

by thrance

5/15/2026 at 10:05:18 PM

To get approval for a merger under the current US admin, a company needs to show ideological purity.

by thrance

5/16/2026 at 4:14:24 AM

yay for kowtowing to fascism to make a quick buck. the capitalist machine continues to show indifference to our suffering

by cybercatgurrl

5/16/2026 at 5:09:06 AM

Well that's a shame. I've been paying for years now, very happy in general.

What do people recommend? I'm on Linux/Firefox/android and don't want to self host.

by duttish

5/15/2026 at 2:06:34 PM

urgh of course it has to be private equity. Really liked the product and did not mind paying for it...but not ready for the PE enshittification.

by persedes

5/16/2026 at 6:30:39 PM

I knew something was wrong when they started showing a popup on the web vault asking you to subscribe, every time you open it.

Enshittificstion incoming.

by xinayder

5/15/2026 at 2:41:54 PM

[flagged]

by beAbU

5/15/2026 at 1:50:43 PM

The price doesn't seem bad, though this case smells of some sort of greater internal shift that's, at least for me, indicative the Bitwarden is being turned into a profit-machine-at-any-cost rather than providing a good service for money.

This new CEO is a massive red flag. Literally nothing about anything relevant to the product or industry, though he's apparently good at private equity and selling orgs.

Probably worth jumping ship now before it mutates into another shitty corporate org, except this one is keeping your passwords.

by nusl

5/16/2026 at 2:31:23 AM

They bumped prices just a few months back.

by webworker

5/15/2026 at 1:20:54 PM

I stopped endorsing closed-source software to friends and family years ago, because you can't trust the companies behind them not to quietly change directions.

Years ago I used a free workout app that I really liked. After a few months of using it I recommended it to friends. I only much later found out that I was on a grandfathered version of the free plan without ads or restrictions. The company had made changes to the free plan since I joined, and all new accounts (like my friends) were subject to ads and restrictions.

It was embarrassing to have unknowingly recommending something like that.

by Cyan488

5/15/2026 at 1:27:21 PM

Bitwarden is open-source though? This is about the hosted version of it, which has a free tier. But you can run the same software on your server at home if you want, for free.

(That said, I am also concerned about the direction Bitwarden is taking. I just think this shows that even OSS projects can have direction/rugpull issues.)

by 542458

5/15/2026 at 1:39:18 PM

> But you can run the same software on your server at home if you want, for free.

Whats to say this will still be true if the company gets sold?

by alt227

5/15/2026 at 1:45:41 PM

The fact that Vaultwarden exists?

by xienze

5/15/2026 at 1:51:48 PM

How long after a public sale will Bitwarden clients keep compatible with Vaultwarden? The new owners could put a check in all clients on the first day of ownership if they wanted, and Vaultwarden would immediately be obselete and useless.

by alt227

5/15/2026 at 1:58:15 PM

I wonder if Bitwarden shit on everyone, how long it would take for Vaultwarden specific clients to appear. A browser extension would be pretty simple, app store apps are a bit more complicated because of the pay-to-play aspects.

by GCUMstlyHarmls

5/15/2026 at 2:26:59 PM

The problem is once Vaultwarden clients appear, then Vaultwarden becomes its own complete system and is no longer able to rely on the good reputation of Bitwarden. Plus developing clients for multiple browsers and OSes is a lot more difficult than just keeping a back end up to date.

If they went this path I think I would jump ship to a paid service.

by alt227

5/15/2026 at 6:21:24 PM

The Bitwarden client is FOSS, so Vaultwarden could fork it.

by YFriedman

5/15/2026 at 6:17:20 PM

As soon as they break compatibility with the official clients, it becomes much tougher. Even though the current versions can be forked, the whole system is set up to work against any kind of grassroots effort to maintain an open source version.

Apple and Google being the gatekeepers for all mobile app distribution is a real pain point. Without the clout of a big brand name the risk of being unable to distribute apps goes up.

by donmcronald

5/15/2026 at 1:44:52 PM

Except that we do have Vaultwarden, so those who haven't already switched still have an option.

by happymellon

5/15/2026 at 1:52:21 PM

Vaultwarden relies on the goodwill of Bitwarden to allow it to use its clients for compatibility. I would wager a new owner looking for money would block that pretty soon after buying the company.

by alt227

5/15/2026 at 2:09:53 PM

The clients are open source. If Bitwarden removes the ability to select the server, people will just fork the clients.

by lern_too_spel

5/15/2026 at 2:29:18 PM

Again, for how long? The answers to all the questions seems to be the same. If Bitwarden was sold they could remove all of this free functionality and interoperability with 3rd party clients immediately.

Then you could say well Vaultwarden will work with these forked clients, but then you are placing your security into the hands of multiple different open source maintainers and vaultwarden then has nothing to do with Bitwarden and becomes some random back end + some random 3rds party clients.

by alt227

5/15/2026 at 2:47:18 PM

Sure, but vaultwarden as a system would be entirely usable, I don't think a lot of it is really relying on the bitwarden compatibility for much more than a little convenience.

by rcxdude

5/15/2026 at 3:02:02 PM

Useable yes, but trustable? Not without some serious backing and regular auditing from some public security experts.

IMO that fact that the existing Vaultwarden system relies on Bitwarden clients and therefore caries Bitwardens secure reputation is its main selling point. Take that away and Vaultwarden is nothing more than some random back end software that can not really be trusted.

by alt227

5/15/2026 at 3:36:24 PM

> the existing Vaultwarden system relies on Bitwarden clients and therefore caries Bitwardens secure reputation is its main selling point.

I hope that this could be a starting point and not an end-point of Vaultwarden. It has gotten far on the shoulders of the Bitwarden giant. If it forked, would it have a large enough community to continue to carry that trust forward (including building new clients)? How much financial support would they need? Could they find a sponsor? It's a European project -- would the EU help fund it as a data sovereignty push?

by troyvit

5/15/2026 at 3:54:05 PM

Agreed, it would be great to have a fully open source solution, however I would be wary of it until it was audited and backed by secuirty professionals in the field.

by alt227

5/15/2026 at 5:53:55 PM

Maybe, I don't think that reputation really should transfer anyway, and it's not something I would consider necessary for using it. (I mean, some scrutiny is obviously good, but I don't think it needs to be as big as Bitwarden).

by rcxdude

5/15/2026 at 7:28:15 PM

> I don't think that reputation really should transfer anyway

Why not? The most important security bits are implemented client-side which is developed by Bitwarden. If the clients are secure then my database is safe even if Vaultwarden turns out to be evil.

Switching from Bitwarden Client to Vaultwarden Client would require about 3 orders of magnitude more trust than switching the server which primarily deals with encrypted blobs. If the client turns out to be malicious then it's game over.

by dns_snek

5/15/2026 at 1:30:50 PM

You're right, though the friends and family that I would feel the need to recommend a password manager to aren't the type that would self-host their own servers.

by Cyan488

5/15/2026 at 1:49:22 PM

So what would you recommend to your friends and family that need a password manager? Genuinely curious.

I pay for a service for my family because I need reliable and easy for my wife and daughter to use it.

by maineldc

5/15/2026 at 2:22:18 PM 

  - KeePass files synced between laptop and phone on OneDrive, DropBox, etc
  - KeePassXC on Windows and Mac
  - Keepass2Android mobile client
  - Browser integration on mobile. 
  - On laptop, I prefer no browser integration; Copy username and password with Ctrl+B and Ctrl+C

by stevesimmons

5/15/2026 at 9:37:49 PM

Seconding this. I use KeePassXC on my PC, KeePassDX on Android (available on F-Droid), synced with Syncthing. Works very well.

by opan

5/16/2026 at 12:47:50 AM

Slightly off topic, I use KeePassXC on Mac and browser integration almost never works for me. It never picks up the usernames, passwords for me, even if the entry has the url in it.

by girishso

5/15/2026 at 5:07:02 PM

A small notebook.

Unhackable. Yours forever.

Use words based passwords to make entry easier.

Suffers from physical presence security hacks. I argue those are far less frequent than online hacks.

Wouldn’t recommend for people who are comfortable with Password managers.

It is super easy to explain to people how to use it. And some security is better than none.

by drfloyd51

5/15/2026 at 5:43:44 PM

Extremely hackable on travel.

by whatevaa

5/15/2026 at 9:51:51 PM

Shoot. I didn’t think of the TSA.

And wow… just even the cops.

I am more worried about “lawful” “government” “agencies” stealing my crap than actual criminals. And that makes me sad.

by drfloyd51

5/15/2026 at 2:43:29 PM

I've paid for and recommended Bitwarden. For years it's operated along a stable trajectory. I was confident in its security record. Vaultwarden is an escape hatch I'm in a position to set up for my family as a last resort. Almost any reputable password manager is more secure than reusing the same passwords or storing everything in a note file.

What I stopped doing so frequently could be described as "evangelizing" or "endorsing". I no longer actively tell people that I think they should use X, instead, if someone asks, I say "I use X, and it's worked for me so far".

by Cyan488

5/15/2026 at 3:26:35 PM

The server is only recently free, if indeed it is at all. I don't remember when or if that changed, because for most of its life it was definitely not free (open source).

by pigeons

5/15/2026 at 1:29:09 PM

I hear you, but the flip side is that it sounds like they did right by their early adopters in grandfathering you in.

by mccolin

5/15/2026 at 1:36:04 PM

Early adopters are exactly the people that like to test and recommend things to the majority. Without being aware of it, I was recommending a different product than the one I was using.

People stake their own personal reputations behind their recommendations. I don't think quietly changing the product without warning is doing right by their early adopters.

by Cyan488

5/15/2026 at 6:39:24 PM

For their bank account, sure.

by Telaneo

5/15/2026 at 10:40:58 PM

This is why I use my reMarkable to track my workouts.

I've tried many workout apps. Besides tying you to your phone (because their Watch apps aren't great), they ALL sell out eventually.

by nunez

5/16/2026 at 5:37:18 AM

Ooh, that's a great idea. I'm writing that down in my lost of ways to enshittify a company for money in case I ever end up in charge of a company that can be enshittified for money.

by chadgpt3

5/16/2026 at 6:37:20 AM

This seems like an overreaction. Would it be better to not grandfather in people?

by huhkerrf

5/16/2026 at 6:51:20 AM

If grandfathering in people results in greater revenue through WOM marketing, it's a good idea (for the business).

by chadgpt3

5/15/2026 at 2:14:08 PM

I've paid for Bitwarden for years, but I can come to no other conclusion from all this (CEO all about private equity, severe price hike, scrubbing of core values, hiding the free tier) that it will be sold soon. Time to jump ship!

by summermusic

5/15/2026 at 3:24:59 PM

Yup. But, where to?

by ryukoposting

5/15/2026 at 4:22:58 PM

I know it's not open-source, but I've been happy with Protonpass.

by anderber

5/15/2026 at 5:09:00 PM

At least the clients are, it's something.

https://github.com/protonpass

by minedwiz

5/15/2026 at 8:16:26 PM

And they get audited, last one quite recently[1]:

The audit confirmed Proton Pass security is exceptionally robust:

- No remote exploits found: Users cannot be hacked simply by visiting a malicious website or clicking a link.

- No encryption bypasses identified: Attackers can’t use shortcuts, backdoors, or weak keys to bypass the encryption layer.

Take it for what it's worth.

[1]: https://proton.me/business/blog/proton-pass-audit-2026

by magicalhippo

5/16/2026 at 10:58:52 PM

If you prefer self hosting that's not a viable alternative.

by wolvoleo

5/15/2026 at 6:02:05 PM

Turns out I'm already paying for that but not using it, so I guess it is time to get locked into the Proton ecosystem even more...

by dualvariable

5/15/2026 at 3:27:55 PM

Brb vibe coding a replacement /s

by iosjunkie

5/15/2026 at 3:07:42 PM

The private equity virus has a biological imperative to spread.

All those people who paid half a mil on education must appear useful at the expense of us all!

by gaiagraphia

5/16/2026 at 8:38:27 PM

Thoughts and reviews about Passbolt? TOTP handling seems a bit off, extensions are not mostly read-only (OK for me). But the "share a single secret" access control seems nice:

https://www.passbolt.com/pricing/pro

https://www.passbolt.com/vs/bitwarden/overview

https://www.passbolt.com/docs/hosting/install/

PHP backend (IMHO a downside): https://github.com/passbolt/passbolt_api. But There appears to be a significant amount of auditing behind Passbolt's security claims, assuming the information on https://www.passbolt.com/security is accurate.

by andreashaerter

5/15/2026 at 10:38:04 PM

> In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with “all facets of mergers and acquisitions” on his own LinkedIn page, including experience working with leading private equity firms.

Pour one out for another open source project "optimized" by VC

by nunez

5/15/2026 at 12:47:04 PM

Just use vaultwarden https://github.com/dani-garcia/vaultwarden

by milkglass

5/15/2026 at 1:25:07 PM

Do you have to self host it?

I'm moderately decent at self hosting. I'm fairly confident in my backups and security.

But also, I am not a system backup nor security expert, and I don't want to become either.

The one last thing that I really want to leave to the experts is my secrets management.

by esperent

5/15/2026 at 2:16:11 PM

You don't need to be a system backup expert to take backups, and with that attitude you will never become a system backup novice either. There is no gaurentee paid services will keep your data available either. One company lost my data and I was very glad to have backups.

by nathanmills

5/15/2026 at 5:28:58 PM

I like Elestio for managing devops of self-hosting. I don't want to do backups, monitor and fork git repositories for updates, etc. It's non-trivial. My time is scarce.

However, I'm extremely reluctant to give my password database hosting to ANYONE. I feel like this is something I need to "own" myself. Perhaps on Coolify, Dokploy, or on a Raspberry Pi with regular backups hosted at my home or office. This is extra work that I'm not eager to do; and frankly, it goes against my philosophy of outsourcing "commodity" work to which I'm ill-equipped to add substantial value.

On the other hand, password managers are the most sensitive software I can imagine.

Lastly, Sharing passwords with my wife, coworkers, etc is genuinely very valuable. Either of us can update, maintain etc our shared set of passwords. Last I looked, Keepass and its ilk cannot replace that functionality

by cornell532

5/15/2026 at 4:16:42 PM

I do, but this still uses the Bitwarden app and browser extensions. I'm now worried that in pursuit of monetization they'll start screwing with those. After all, the code in the clients have access to all recorded secrets and there would be nothing stopping them from accessing that unencrypted data.

by gigel82

5/15/2026 at 8:56:22 PM

I really doubt they would push a client that removes the master password based client side encryption. That could even be considered criminal.

by dizhn

5/15/2026 at 1:25:13 PM

This uses the Bitwarden client and extensions, which is it's main attraction (I use it too).

My worry however is about the future - what if a core functionality goes behind a paywall.

by thunderbong

5/15/2026 at 5:13:54 PM

This is very sad.

I wasn’t paying for the code tbh, I could always self-host (VaultWarden) at home behind Tailscale, it was all about the management, uptime, and most importantly, supporting a good software I used and loved for years.

Sad, really.

I’ll either move to self-hosting it at home behind TS, or going back to keepass tbh, anyway, I’m not staying on a sinking ship.

P.S: VaultWarden had a few bad CVEs this year (like an Auth Bypass), but when I looked deeper, it wouldn’t have much of a negative effect on me as a self-hosted home user that shares everything with family.

by Goofy_Coyote

5/16/2026 at 5:37:06 PM

Meanwhile, just below the screenshot in the article:

" Just getting started? Get basic password management today. Always free. Create Free Account "

See https://bitwarden.com/pricing/

EDIT: the article correctly mention that in an UPDATE

" Update: After publication, an employee on the Bitwarden subreddit said that “Always free” had been restored on its pricing page, calling it an “oversight” by the marketing team. The product page for Bitwarden’s personal password manager remains unchanged. "

by apendergast

5/15/2026 at 1:51:07 PM

Private equity ruins housing.

They also ruin software.

by UnhappyMeaning

5/15/2026 at 1:11:12 PM

Thank you so much for posting this. I have been paying the annual 10$ (which went up by 2$ this year), but now it looks like I have to pay a whopping 30$ a year (a 3x increase, with no increase in features or value at all).

The cherry on the shit cake is that they did not give me any heads up at all. Quite sad. Bitwarden has been consistently one of the best pieces of softwares I have ever used. Simple, just does what it does and gets out of the way.

Sad really ...

by aneutron

5/15/2026 at 1:15:22 PM

Have been a customer for years, but if the core values are going away, so am I. It's not even about the money.

by mlnj

5/15/2026 at 1:32:32 PM

Great heads up! I will work on self-hosting this month.

by mfro

5/15/2026 at 1:33:52 PM

There are 2 versions out there, the one from Bitwarden itself, and an open-source rewrite called Vaultwarden.

But, the main developer of works at Bitwarden.

Thankfully you can easily export your passwords and move to another system (unlike say Authy where we had to inject Javascript to extract the TOTP seeds).

by OptionOfT

5/16/2026 at 6:39:17 PM

What's the current method that works? I keep meaning to ditch Authy, and now that I'm moving to ProtonPass, it seems like a great time to finally finish this (Ente?)

by cik

5/17/2026 at 2:46:53 PM

I did it a couple of years ago, I don't know what works today. Sorry.

I would still recommend switching to Vaultwarden. With Tailscale you don't have to expose it to the outside world.

Just keep a copy of the export somewhere else.

I like my export unencrypted and move it to a location that is encrypted.

by OptionOfT

5/15/2026 at 5:42:11 PM

I have been self-hosting Vaultwarden for a few months and it has been great. But this news still worries me because Vaultwarden still relies on open-source Bitwarden clients and sounds like those could be on the chopping board anytime soon.

Separately, I don't know if there is a self-hostable password manager which allows easy family sharing. (KeepassXC won't work, I believe, because the whole vault is a single file.)

by 6ak74rfy

5/15/2026 at 8:40:34 PM

I stopped paying them when they started closing their clients. If they remain good stewards of FOSS I have no problem with starting again - Bitwarden provides serious value to me.

But I’ll probably have to rethink recommending it to people, since any type of friction is seriously harmful here.

by solarkraft

5/15/2026 at 1:42:09 PM

sigh

The writing on the wall seems to have been when they suddenly doubled the price of a yearly subscription without notifying anyone. That struck me as skeezy as **...looks like it may just be the beginning.

I hope people are actively mirroring their GH repos, because I expect at some point they might suddenly decide to change the license to Proprietary and move to scrub the repos from the web. At which point, the community will then fork the last-free version and start to maintain a fork.

Which I really don't want to see happen, because having to move all my shit for myself and my family again after the LastPass debacle is going to be an extraordinary headache.

by AdmiralAsshat

5/15/2026 at 1:59:25 PM

I'm already paying for the Protonmail suite so reading this was my cue to finally switch over to Proton Pass. Thanks for the heads up.

by ktm5j

5/15/2026 at 5:12:37 PM

Switched recently, and was positively surprised by the flexibility of the import process.

by bakoo

5/15/2026 at 5:49:16 PM

Why projects get destroyed just after I migrate to them?. Guess I'll have to go back to kepass.

by kelvinjps10

5/16/2026 at 7:40:05 AM

I literally just spent hours in January of researching all the commonly mentioned options out there and trying them for myself before deciding fully on Bitwarden Family. I was a KeepassXC user for years and had my family on it as well. For 2026 I wanted to be more modern and was tired of worrying about backups (like a teenager only having their passwords on their phone), as well as syncing and accessibility. Then spent many more hours getting everyone off individual KeepassXC installs and transferred to the Bitwarden Family account.

I am locked in with paid annual until Next January, but if I have to change again do to enshittification or changes made to, what I felt was a good open-source product and company, I am not going to be happy, nor will my family.

by Scottn1

5/15/2026 at 7:25:47 PM

> Bitwarden has also stopped listing “Inclusion” and “Transparency” as tentpole values on its careers page.

I'm pretty sure I have never cared about what values a company listed on its careers page, unless I am considering working there.

by crackercrews

5/15/2026 at 7:40:16 PM

Even then you should be sceptical. These values change when convenient, and big businesses will demonstrate different values in different countries. A value you stick to as long as its in your interest to do so is meaningless.

by graemep

5/15/2026 at 8:58:12 PM

A lot of folks are talking about Vaultwarden which is great. Don't forget to check out the fork that added OIDC support, some (but not all) features of which has been merged into Vaultwarden.

by dizhn

5/16/2026 at 1:46:27 PM

If Bitwarden gets sold I am just going back to a paper notebook for passwords.

by RamenJunkie_

5/15/2026 at 1:29:50 PM

i mostly moved out of all SaaS, today i've Go app with sqlite backing for everything!

whenever i need any new feature, i just add it.

by faangguyindia

5/15/2026 at 1:41:44 PM

what's a good open source and secure alternative? even if payed? I've been using bitwarden for years but this change plus their new CEO gives me pause.

by deepriverfish

5/15/2026 at 1:45:46 PM

I've been self-hosting Vaultwarden for some time, I'm pretty happy with it.

by dandellion

5/15/2026 at 1:46:07 PM

can you access it in your phone?

by deepriverfish

5/15/2026 at 1:46:25 PM

Yes.

by happymellon

5/15/2026 at 1:46:16 PM

If you are using Bitwarden self hosted, you can switch it out for Vaultwarden.

by happymellon

5/15/2026 at 1:27:09 PM

Ah, good old rugpull.

Just use KeePass.

by baal80spam

5/15/2026 at 2:20:29 PM

Unfortunately that has no team features, and last time I checked they were quite pushy about not adding any - which is totally fair, they know what product they want to make and are sticking to it! But BitWarden has good team features.

by jarofgreen

5/15/2026 at 2:35:14 PM

If you are referring to an organization rather than a family, have a look at Pleasant Password Server.

by jabroni_salad

5/15/2026 at 1:36:05 PM

How do you sync between devices?

by leosanchez

5/15/2026 at 1:44:52 PM

Last time I looked into this, you really couldn't in a reasonably simple way. It was possible between two users, but more than two just caused issues with syncing.

by nathanaldensr

5/15/2026 at 2:20:27 PM

Syncing between your own devices is still an easier problem to solve than syncing between different users. The database is just a file.

I use a self hosted Nextcloud, but you don't have to.

KeePassXC allows you to automate opening a database from the URL column. My family and I share a second database and open it from there, but it's super kludgy on any other device.

by doubled112

5/15/2026 at 2:29:35 PM

Syncthing

by timw4mail

5/15/2026 at 3:40:18 PM

Lived like this years, never going to look back. Add mobile to the mix and you're screwed with conflicts and manual resolution.

by ilvez

5/15/2026 at 2:23:26 PM

I feel glad that I never went paid (though I do pay for software and services). Bitwarden always seemed laggy: both the development pace and the iOS app (though the latter improved a bit only in the last two years). The moment Bitwarden took VC funding ($100 million?), it was clear that it would “pivot” to enterprise, raise prices for consumers and do other things that describe enshittification. It’s probably in the same league as 1Password (another scummy company with similar practices and deteriorating applications).

On password managers, anyone using ProtonPass want to chime in on how it is? I’ve read online that Proton (as a company) has a tendency to start working on new things all the time and let the ones they created remain half baked and languishing (to some extent).

I’m not into KeePass and other local password managers since I need a shared solution for multiple people using the same vault.

by AnonC

5/15/2026 at 12:43:43 PM

"Always free" was never sustainable for a password manager that took VC money and now needs growth at all costs [0].

Obviously predictable. Bitwarden is now in the extraction phase and it is now time to pay an expensive...

...$1.65 a month.

[0] https://news.ycombinator.com/item?id=34427981

by rvz

5/15/2026 at 1:41:29 PM

Look at the CEOs other "ventures" he is a private equity squeeze guy.

by BoredPositron

5/15/2026 at 1:12:51 PM

Compared with KeePassXC and Syncthing, it is infinitely more expensive!

by cicko

5/15/2026 at 1:20:30 PM

Oh yeah, I love having to manage sync conflicts in my password database because I was dumb enough to edit it on two separate computers that weren't both online at the same time.

by TurkTurkleton

5/15/2026 at 1:32:28 PM

Works best if you have an always on client. Easy if you have a VPS or a home lab, even a small one, a nuisance if you don't.

by rpdillon

5/15/2026 at 1:47:20 PM

I have that and still have regular sync conflicts. :(

by asdfqwertzxcv

5/15/2026 at 1:39:59 PM

Yeah, my main reason to stay away from Keepass, everything is in a single versioned binary file. I like 'passwordstore.org', where every secret is it's own gpg-encrypted textfile in a git repo. Every change is a commit, easy to see history, easy to revert or know which version is newest. And easy to selfhost, you just need a place to git push/pull from.

by sigio

5/15/2026 at 1:37:58 PM

[dead]

by redsocksfan45

5/15/2026 at 6:07:42 PM

How does the GPL licensing affect future versions of the open source clients?

I use Vaultwarden right now. Part of the reason was that I wanted something where there was a minimum guarantee. In the case of Vaultwarden, I can always fall back to the web interface if needed. It wouldn't be convenient, but it guarantees no one can take away my password vault.

I really hate the per user per feature per byte per year pricing structure that everything has morphed into. I don't mind paying something for good software that I rely on, but having everything locked down and controlled by a 3rd party with continually increasing subscription fees is terrible.

I've worked in the small business space my whole life and it's being destroyed. Private investors are buying everything. I'm talking about owning all the small businesses of certain types; family doctors, dentists, optometrists, vets etc. seem to be the big target. It's terrifying and most people don't even realize it.

It's very sad to see core values that turn out to be lies. Always free is a tough spot to be in, but these companies could absolutely use a better business model that doesn't kill small businesses. And, based on what I see, increasing IT costs are killing small businesses.

What we need in the small business space is a tier of services where small businesses can self host using their own on-premise, vertically scalable infrastructure (ie: 1 server). In most cases they can tolerate some downtime and, even if they don't want to, a lack of resources usually means they don't have a choice (ex: they're not running HA network connections).

Businesses with <10-20 employees are often viewed as not being worth the effort of having as a customer, so they end up with self-serve, unsupported, non-discounted, over priced, trash subscriptions. By the time they grow enough to be a valuable customer their only experience with some products is misery.

I wish I could set up small businesses with self-hosted infrastructure that can't be rug pulled while they're still small with an easy upgrade path into a hosted service if/when they grow.

by donmcronald

5/15/2026 at 10:09:39 PM

> What we need in the small business space is a tier of services where small businesses can self host using their own on-premise, vertically scalable infrastructure (ie: 1 server). In most cases they can tolerate some downtime and, even if they don't want to, a lack of resources usually means they don't have a choice (ex: they're not running HA network connections).

I think the same: Small service businesses care most about Time To Recovery (TTR) when doing services. As long as they communicate at least by phone and the website is up, they usually tolerate downtime when they know when their backoffice services are back online.

This is classic Business Continuity Management, 5-10 questions usually make clear what must work in every case when and what has to be available for supporting this process. Example: I got a customer which prints all logistics / distribution labels in batches. They can still work where money comes in (=shipping stuff) for quite a long time (4h min, 8h max) if the next batch of labels cannot be printed / some system is going down needed to support shipping. So no need for expensive HA around legacy software, but enough time for a good process to get back online with the latest backup on replacement hardware which is already there on-site.

The thing is: HA is FAR more expensive and complicated than e.g. getting another stand-by server as fast replacement, maintain the hypervisor on this second server e.g. every six month and test restoring backups on it once a month (best: automated: IMPI boot, restore without VM networks, testing, shutdown). Same with a firewall; two used Enterprise Servers + Proxmox VE Subscription, OPNSense + 2 x N150 Hardware and two consumer WANs (e.g. Cable and VDSL) is really not that expensive if only the WAN is a bit more complicated from the POV of a SME admin because of failover. Classi VLANs+ACL and services like surveillance as needed...

> Businesses with <10-20 employees are often viewed as not being worth the effort of having as a customer, so they end up with self-serve, unsupported, non-discounted, over priced, trash subscriptions. By the time they grow enough to be a valuable customer their only experience with some products is misery.

Exactly. This is why I do SME IT since ever, no matter for which $BigCorp I've done consulting and DevOps. I automate them. I consult them. My company (plug: https://foundata.com) does it for a few bugs per month (Hypervisor, Groupware (Calendar, Mail) Firewalling, VPN, Directory Services, Jitsi/OpenCloud/BBB) if they understand that they finance the high quality of the managed services ON THEIR HARDWARE with all other customers and we do not work per-hour but per-service + we run Open Source also for other reasons than "no or fewer licensing costs".

And I like it even this does not make you rich. Because I REALLY share your concerns ("owning all the small businesses of certain types; family doctors, dentists, optometrists, vets" -> I don't know where you are from, but it is the very same here in Germany... example: https://www.ndr.de/fernsehen/sendungen/panorama3/Spekulanten...)

by andreashaerter

5/15/2026 at 1:07:04 PM

Now I started to worry about their clients openness to work with valultwarden. They also said in the past they will not change the behavior to not accept third party servers. But who knows now.

by elashri

5/15/2026 at 1:33:26 PM

As much as I hate the changes Bitwarden is making, I’m kinda with them on not adding official vaultwarden support. Having to support multiple backends (some of which you don’t control!) with your frontend makes everything massively more complicated.

by 542458

5/15/2026 at 1:40:52 PM

Its not about them having to support multiple 3rd party backends, its about them not making any hostile changes which actively block them.

by alt227

5/16/2026 at 9:18:09 AM

I really don't understand all the FUD about it. Their stack is mainly GPLv3 and if they start to drag it to really bad territories, current awesome tooling cannot be taken away. What am I missing?

by ilvez

5/16/2026 at 2:30:43 AM

Reminder that they also Recently bumped prices a few months ago.

My annual renewed just a month before they did that.

by webworker

5/15/2026 at 5:30:50 PM

I guess it is time ... (sigh)

by microflash

5/15/2026 at 2:01:30 PM

[flagged]

by aborsy

5/15/2026 at 2:31:38 PM

My first bitwarden invoice is dated november 2019. My concern here is 'squeeze' type activities that other companies with strong M&A leaderships have brought to their customers. For consumers, loyalty is exploited, not rewarded, and one must be vigilant for signals to jump ship.

by jabroni_salad

5/15/2026 at 2:10:03 PM

Would you really be okay with HN charging monthly to use the site? HN probably stores more data anyways, passwords are pretty small in comparison to comments, and I produce more of them aswell.

by nathanmills

5/15/2026 at 2:20:44 PM

I think the deal is pretty clear with stuff like this: Free accounts for individual users, earning money with businesses.

It's not like Bitwarden is giving away their product without getting anything in return: The free users (tech-savy early adopters) were the ones that pitched Bitwarden to their bosses when they were looking for a password solution for their company. It's really no different than Adobe or other companies giving away student licences. Companies are not stupid.

by elaus

5/15/2026 at 2:07:48 PM

maybe because the company promised "always free"?

if the company can't keep the promises, then maybe they shouldn't make them in the first place?

by rytis

5/15/2026 at 6:50:10 PM

Good for them. Much easier to build a great product if you're making money from it. I tried bitwarden a while ago but ended up going with dashlane for a few years. I'm on 1password now and really like it but more competition is always better.

by mmonaghan