I took the time to calculate this and found that around 99.99998% of the time, my username will actually be my email address. So, Bitwarden, please pre-populate the username field with the email address of the user whenever a new item or secret is created.
Looking for advice on setting up a strict Bitwarden security setup.
What settings do you change or turn off to make it more secure? I’m trying to harden mine but still keep it usable day to day.
Any tips from people who take security seriously would be appreciated.
Thank you!
Hola, he estado leyendo sobre lo que está pasando con Bitwarden y me gustaría saber si necesito cambiar a otra alternativa como ProtonPass. Llevo mucho tiempo usando la versión gratuita y funciona bien. Acabo de crear una cuenta gratuita de ProtonPass. ¿Necesito transferir mis contraseñas ahora?
On Android devices (requires 2026.4.0 and up) , image files (.jpeg, .png, .gif, .WebP, .heic) can be previewed from directly within Bitwarden, without downloading them to your device, by tapping the attachment on the View item screen.
The desktop app has this unnecessary space taking up screen real estate at the top of the app. Why is it there? The app would look a lot better with this removed.
For example, it would look so much better like this, or let us press ALT to toggle hiding the menu bar like this.
I know this is basically a web app. Is this app just here until they develop something native on Windows? If that is true, then I can understand why little UI bugs like this are not being fixed on this app if something new is coming.
Should I be concerned about the encroachment of private equity leadership in to Bitwarden...?
I already have access to ProtonPass, but have always stuck with Bitwarden for its features and ethos. This does seem like something of a shift though, would be a shame to have to drop it.
Is the new PE firm drawing from the same playbook? Here's the first indicator of how this may go.
Edit: add word* :)
Edit2:
Even more interesting is the immediate push back in the comments against the point I'm making and the flood of downvotes. Yes it costs money to implement and maintain software. Yes I have been paying for Bitwarden for years. Yes I've seen the relentless enshitification of almost everything that PE can get their hands on. At this point, I even have little faith that the comments in this thread are going to be genuine and not bitwardens new marketing and strategic outreach department.
as title says. first of all for some reason the chrome extension requires biometric setup/approval from the bitwarden desktop app, which i dont really want to to intall.
secondly, even when i've setup windows hello, fingerprint inlock for the chrome extension, if i launch the extension when the BW desktop app is not running, the chrome extension never fully launches, just spins endlessly. the fingerprint unlock prompt never appears, no matter how log i wait.
if i start the bw desktop app, then the chrome extension behaves normally. but this requires, kind two different instances of BW which seems pointless
Am looking for a solution for my family, and seeing the history of OSS and private equity, I don't have high hopes for the future in the free version.
Title says it all. I can't access my TOTP code that I set up before this feature was locked behind and additional $1.65/month.
Edit: I pay for Bitwarden. I am not using the free version.
Edit2: I'm an idiot. I had to cancel my subscription and recreate my account this past December because I broke my phone and didn't have the backup code. I never resubscribed to the premium version.
Hey all. Aside from the occasional jank/glitch with Bitwarden, I’ve been happy. I’ve paid for premium for a number of years.
However, something recently has begun irking me more: a lack of profiles.
For more info about what I mean by profiles, check out my comment on this forum thread: https://community.bitwarden.com/t/ability-to-create-profiles-that-have-limited-access-to-selected-accounts-passwords/3977/20?page=2
I posted that in 2025, and I’m still the last to comment on that thread, so I think it’s safe to say that the community/Bitwarden devs have no interest in this anymore.
But between work plus a few school and several personal identities, I’m getting fed up with having to cycle autofill options.
Any recommendations? Thanks.
If you download Bitwarden desktop (2026.4.0) or CLI (version 2026.4.2) outside of the Microsoft store, you may see a Microsoft Defender warning. This is expected, and is a false positive.
The alert is triggered by a recent code-signing certificate rotation. Windows builds trust in certificates incrementally, so newly rotated certificates can temporarily trigger SmartScreen warnings. You can continue with the download.
hi everyone,
yesterday i changed a password on one pc. Since i needed across devices i used "sync now" and used the new password on a mobile.
today the same password is gone, "last modified 9 april" and i don't know what is going on.
can you help me?
other thing to know is that i use multiple devices (and two browser within the same pc) is it creating some conflicts or am i looking to the wrong culprit?
thanks in advance
As in use Bitwarden for passwords, but use Microsoft Authenticator or Google Authenticator for two-step vs using Bitwarden for that as well?
So this pop up came up. It will always come up until we accept it or have signed out and sign back in.
After putting in our master password even in the first time it pop up out of the blue, our PBKDF2 KDF iteration will be updated automatically for us without much knowledge of the user unless they click on the “learn more” button. From what I understand this update will happen automatically and immediately.
Yet over here https://bitwarden.com/help/kdf-algorithms/#changing-kdf-algorithms it says “Before making any changes to encryption settings, we recommend backing up your individual vault data first.”
But you’re not giving your users the ability to backup their vault when you show this pop up out of the blue. And you’re not informing them on the spot of the potential consequences of not backing up the vault before updating the KDF, instead, the field to put in the master password is front and center for them to unknowingly start the update without backing up first. Why?
The phrase "Always Free" is still present on their website.
