Is Bitwarden paid, less private than unpaid?

With unpaid I am completely anonymous, if I forget the password there is no way to recover.

In contrast, with “Paid” the act of paying declares me as a person in the real world. Also it offers “Emergency Access” implying here there is a way to break in without knowing the password, right? Additionally “Paid” offers Vault Health Reports, does this imply that they have software which pokes about in the vault comparing with records in the internet? What if this leaks?

I’m curious to know your thoughts on this, am I being overly paranoid or do I have a point?

1 Like

ps Michael, if you want to make a show discussion about this its “gemma” “karu”. :wink:

Makes you wonder what happens with your vault if you lose your password with a free account.
I don’t use Bitwarden (yet), so maybe somebody with a paid account can chime in?

I would rather lose the account forever than for someone else able to see it. I’m putting a massive amount of trust into bitwarden that they can’t.

Less private? Maybe.
Less Secure? No.

I have a subscription to Bitwarden and I don’t feel any less secure, then I would having the free account.

I have never heard of the “Emergency Access” though. I would guess it means they can reset the master password by emailing an account link or something. But it’s not something I am worried about.

1 Like

Even in the free version their is an option to check to see if a particular password has been exposed in a breach. While I don’t know for certain, I suspect that given their purpose and reputation that this is a “hash search” which can check for a match without the algorithm knowing the actual content of the password.

As to the accuracy of the password exposure warning, I can confirm that it works. A while back, I turned up one of my passwords in the COMB (Combination of Master Breaches) file. This was one of the things that gave me the impetus to start using Bitwarden. After it was installed, I put the old password into Bitwarden and it marked the password as exposed. I was impressed.

2 Likes

If in doubt, pay them for an account, but then host it yourself.

1 Like

sorta, Emergency access is a way to provide another person you know the ability to access your passwords with your consent, It uses public private keys for this. encryption is still done client side, They dont need your password to see the vault, but you have to set it up ahead of time.

This works by hashing your password and forwarding the first 6 characters of that hash to Have I Been Pwned: API v3 , your passwords never leave your vault.

5 Likes

Thanks for all the replies, I’m a lot more satisfied with what’s going on now. I’ll almost certainly go for the paid upgrade at this point.

1 Like

Thanks also for the replies :+1: I already paid the upgrade even though I don’t really need the features. It was more a reward for all the solid work this app makes for me everyday.
Would’ve hated discovering it was not so thrust worthy :sweat_smile:

2 Likes

Same here, I don’t need or use the features I get with paid, but I want to support this alternative to the other less secure options out there.

2 Likes