Bitwarden Glossary of Terms





A software feature that automatically enters previously stored information into a form field. Using Bitwarden, you can autofill logins via browser extensions and mobile devices, and autofill cards and identities via browser extensions.


A unit to store one or more vault items together (logins, notes, cards, and identities for secure sharing) by an Organization.

Directory Connector

An application to sync users and groups from a directory service to a Bitwarden Organization. The Bitwarden Directory Connector automatically provisions and deprovisions users, groups, and group associations from the source directory.


A set of Organization members. Groups relate together users, and provide a scalable way to assign permissions, including access to Collections, as well as permissions within each separate Collection. When provisioning new users, add them to a Group to have them automatically inherit that Group’s configured permissions.


Items are the individual secrets that can be saved and shared in Bitwarden such as logins, notes, cards, and identities.


The secure storage area that provides a unified interface and tight access control to any items.


An entity (company, institution, group of people) that relates Bitwarden users to an Organization Vault for secure sharing of items.

Organization Vault

The protected area for shared items. Every user (also called a “member”) who is part of an Organization can find shared items in their My Vault view, alongside personal items. Organization Vaults allow administrators to manage the Organization’s items, users, and settings.

Organization Member

An end user such as an employee or family member that has access to shared Organization items within their vaults, alongside personal items.

Individual Vault

The Individual vault is the protected area for every user that stores unlimited logins, notes, cards, and identities. Users can access their Bitwarden Individual Vaults on any device and platform.

Within a work context

For users that are part of a Bitwarden Teams or Enterprise plan, Individual Vaults are connected to a work email address. Individual Vaults are often associated with an Organization, which allows a user to securely share credentials with teams and colleagues.

Within a personal context

For users that are part of a Bitwarden personal or family plan, Individual Vaults are connected to a personal email address. If part of a family plan, Individual Vaults are associated with an Organization, which allows a user to securely share credentials with family members and those they trust.
Bitwarden recommends associating work email addresses with Teams and Enterprise Organizations, and personal email addresses with Family Organizations.
Note: the Individual Vault may be turned off for members of an Enterprise organization.

Single Sign On (SSO)

A session and user authentication service that grants employees or users access to applications with one set of login credentials that are based on their identity and permissions.
Bitwarden Login with SSO is the primary form of SSO implementation for Bitwarden customers. It decouples user authentication from Vault decryption and leverages a customer’s existing Identity Provider (IdP) to authenticate users into their Bitwarden Vault, and uses Master Passwords for decryption of Vault data.

Master Password

Also known as a Bitwarden password, main password, account password, or vault password.
The primary method (or key) for accessing your Bitwarden account and data. The master password is used both for authenticating your identity to the Bitwarden service and for decrypting your Vault so that you can store and retrieve Vault items. Bitwarden encourages users to establish one that is both memorable and strong.

In 2021, Bitwarden introduced Admin Password Reset, which enables users and organizations to implement a new policy that allows Administrators and Owners to reset passwords.

Account switching




A Bitwarden account is the record defined by your username and master password (to which Bitwarden never has access.) Your Bitwarden account is used to access your Bitwarden vaults and vault items, and contains information such as billing, settings, language preference, organizations, and more.

Account Switching

The Bitwarden feature for desktop that enables you to easily switch between multiple accounts, such as your personal or work accounts. This allows you to maintain separation of personal and work vault items, while allowing convenient access to vault items from either account. For example, your personal account will continue to remain accessible only to you as your Bitwarden Teams or Enterprise admin is never able to view your personal vault items.

Personal Account

A personal Bitwarden account is the record defined by your username and master password (to which Bitwarden never has access) that is not associated with an Organizational Vault related to a company or business entity. A personal account is generally set up with a personal email address and contains vault items over which only you have ownership and control.

Business Account

A business Bitwarden account is the record defined by your username and master password (to which Bitwarden never has access) that is associated with an Organizational Vault related to a company or business entity. A business account is generally set up with a business email address.
A business account is governed by the associated organization. Any vault items contained within a business account should be considered proprietary to the related company or business entity





Passwordless is the umbrella term used to describe a variety of authentication technologies that do not rely on passwords, including: something a user has (a security key, token, device), something they are (biometrics), and passkeys.


FIDO is the acronym for Fast Identity Online. It represents a consortium that develops secure, open passwordless authentication standards that are phishing proof. The FIDO protocols, which was developed by the FIDO Alliance, includes:
UAF: Universal Authentication Framework
U2F: Universal Second Factor
FIDO2: a new passwordless authentication protocol that contains core specifications WebAuthn (the client API) and CTAP (the authenticator API)


Passkeys – the credentials derived from the FIDO2 standard for each website that a user registers to – enable users to create and store cryptographic tokens instead of traditional passwords. Today, passkeys are used to log users into an app or website with pre-authenticated device specific tokens. In the future, the process could be used with shareable or transferable cryptographic tokens.

Secrets Manager




Sensitive key-value pairs, like API keys, that your organization needs securely stored and should never be exposed in plain code or transmitted over unencrypted channels.


Collections of secrets logically grouped together for management access by your DevOps and cybersecurity teams.

Service account

Non-human machine users, like applications or deployment pipelines, that require programmatic access to a discreet set of secrets.

Access token

A set of keys that facilitates service account access to, and the ability to decrypt, secrets stored in your vault.

© 2023 Bitwarden, Inc.