Get your passwords out of Bitwarden while you still can

Original Article ↗ Hacker News Discussion ↗

Concerns about Bitwarden and “enshittification”

  • Many see early warning signs: leadership/ownership changes, price hikes, marketing language tweaks, and quiet edits of old blog posts and the “Always free” tagline.
  • Some argue this is typical “enshittification” and that private money will push toward lock‑in and revenue extraction.
  • Others see the reaction as premature FUD: so far the concrete change is mostly pricing and messaging, not core feature removal.

Vault export, lock‑in, and data loss

  • Central fear: loss or paywalling of export, making it hard to migrate.
  • Several commenters think export removal is unlikely; it would be highly controversial and invite legal/PR blowback.
  • Others note a common pattern: companies roll back a controversial change after backlash, then reintroduce similar policies more slowly.
  • Regardless of Bitwarden’s intent, many recommend periodic encrypted exports as insurance against incidents or policy shifts.

Free tier, pricing, and trust

  • Debate centers less on “must be free” and more on trust: Bitwarden explicitly promised “always free”; walking that back erodes confidence.
  • Some say strategy can change, but existing free users should be grandfathered.
  • Paying users worry that free‑tier changes signal a future shift away from user interests, possibly toward data‑monetizing behavior (speculative within the thread).

Self‑hosting, forks, and open‑source safety valves

  • Open source and API‑compatible forks (notably Vaultwarden) are seen as a major safety valve if Bitwarden “goes bad.”
  • Some argue there’s no need to fork preemptively; if Bitwarden screws up, forks will quickly gain traction.
  • Others stress that self‑hosting passwords is non‑trivial: backups, uptime, security hardening, and remote access are all critical and easy to get wrong.

Alternatives and broader password‑manager debate

  • Popular alternatives mentioned: KeePass/KeePassXC (+ Nextcloud/Syncthing/other sync), pass, vaultwarden, AliasVault, Proton Pass, Enpass, Apple’s built‑in Passwords, and simple local solutions (e.g., GPG‑encrypted files).
  • Trade‑off themes:
    • Cloud/SaaS: better usability, sync, family/org sharing, but adds a large centralized target and business‑model risk.
    • Local/DIY: more control and independence from vendor whims, but higher operational burden and often worse UX, especially for non‑technical users.