I used Bitwarden before, but when iOS 18 came out with a password manager, I switched. This app is smooth and does everything I need from password management to 2FA. The only thing I need is to remember my Apple account, the other passwords are taken care of by that app.
I love Bitwarden and have been using it for a long time. Its value is open-source but I’m still afraid that one day their server gets hacked or their data gets breached like Lastpass. I am so confident in Apple’s security that I leave my account data here.
I’ve been using the built in password manager for a while but this one is a big upgrade for sure. I don’t think you need to worry about bitwarden getting hacked since it’s all e2ee, unless you use their web client.
No. They would have to hack Bitwarden and serve you malicious JavaScript on their web app. Bitwarden themselves don’t have access to your data so an attacker that breaches their servers also doesn’t.
Bitwarden uses AES-CBC 256-bit encryption for your vault data, and PBKDF2 SHA-256 or Argon2 to derive your encryption key.
Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data. For more information, see Storage.
…
AES-CBC AES-CBC (cipher block chaining), used to encrypt vault data, is a standard in cryptography and used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable.
TLDR; if your master password is strong, you are fine. If an attacker hacked birwarden servers, they would probably dump millions of accounts and yours blend in with everyone else. If someone wanted to crack your encrypted data, I’d imagine it would take a government level threat and decades before it gets decrypted.
As is a rite of passage, I have to post this obligatory comic.
If you backup your passwords on iCloud, you are also saving this data on someone else’s server. All you’ve done is shift trust from one entity to another. Arguably, I’d trust Bitwarden over iCloud any day if the threat model involves police or government agency. Otherwise, it’s probably a neutral move.
Did they make it easier to export your passwords from the app? Previously to export your keychain it required a Mac and that’s part of the walled garden keeping you using their products because not everyone with an iPhone has access to a Mac.
