Bitwarden Security Impact Report

Executive summary 

Bitwarden offers the easiest and safest way for enterprises, teams, and individuals to store and share login credentials and sensitive information from any device. Trusted by millions of users, Bitwarden protects online information with end-to-end encryption and a trusted open-source architecture. Bitwarden also supports global accessibility for more than 50 languages.

Bitwarden Password Manager empowers administrators to securely grant credential access and sharing across their workforce, monitor and manage credential usage and vulnerabilities via Bitwarden vault health reports, and securely store and sync all login credentials – including passwords, passkeys or passphrases – in the cloud.

In 2024, Bitwarden surveyed enterprise end users and IT admins about the impact Bitwarden Password Manager has had on their lives and organizations.

Key findings:

96% of all respondents say Bitwarden has improved their security posture

88% of admins using Bitwarden are rolling out regular password security training

81% of all customers have reduced reused passwords since using Bitwarden

45% say they’ve eliminated more than 15 reused passwords

Overall, respondents said that Bitwarden helps them:

• Mitigate security risks

• Improve overall security culture

• Identify and fix exposed and reused passwords

Bitwarden mitigates security risks

Key finding: 96% of all respondents say Bitwarden has improved their security posture

For IT administrators and end-users alike, passwords remain one of the biggest security risks. If an attacker can discover a user’s password, it could give them access to everything the user can do on their computer — and the company’s network. That, in turn, could lead to a host of threats, ranging from data theft to ransomware.

Attackers can use several avenues of attack. Passwords that are weak (too short or too easy to guess) are subject to brute-force attacks, where the hackers simply try many different common passwords in quick succession until something works. 

Reused passwords introduce another layer of weakness. If a user has the same password for multiple services — which is common, because people find it hard to memorize many different passwords — then an attacker has only to get one password and they suddenly have access to many resources.

Finally, if a password has been cracked or stolen, it may wind up on a list of known passwords shared with other hackers. Unless the user changes the password, these compromised passwords allow any number of hackers access to the user’s account.

With Bitwarden, users have multiple options they can use to eliminate at-risk passwords, including the Bitwarden password and passphrase generator for strong and unique passwords for every website, or by creating passkeys for sites where they are supported.

Fortunately, the vast majority (96%) of all respondents — end-users and IT admins alike — say Bitwarden has been able to improve their security posture, reducing the number of weak, reused, and compromised passwords. 

More than three-fifths of IT admins reported that their organization has mitigated security risks and that they have been able to prevent breaches using Bitwarden. In addition, many have been able to reduce known security threats.

“Bitwarden has become an invaluable tool in our corporate security infrastructure. And it’s intuitive, easy to use, deploy and manage.”  — IT admin at CoreTec Pro

Bitwarden improves security culture

Key finding: 88% of admins using Bitwarden are rolling out regular password security training

Password security training is essential for maintaining a strong security posture. Without training, employees will choose passwords that are too easy to guess, like simple sequences of numbers, the word “password,” or their own birthdates.

As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) says, choosing a simplistic password that is easy for attackers to guess is “like locking the door but leaving the key in the lock.”

Passwords need to be:

• Long enough that they’re difficult to crack (16 characters is great)

• Comprised of a random string of numbers or a passphrase made out of random words

• Unique (not used for more than one account)

Regular employee training is key for helping employees understand the importance of good passwords and the criteria that they need to use when choosing a password.

Because it’s difficult to think of and remember good passwords for the vast number of accounts people have today, a password manager like Bitwarden is crucial.

Many IT admins have found that deploying Bitwarden facilitates training and reinforcement of good password policies. Since rolling out Bitwarden, 88% of IT admins surveyed say they have already incorporated regular password security training in their organizations, or plan to do so soon.

“Storing credentials using Bitwarden has been a godsend. It’s made it very easy to find what we need and also makes for easy password changes, tightening our security posture. By storing credentials, we were able to do a complete credential refresh across the business, which removed multiple repeatedly used passwords.” — IT admin at thechange.co.uk

Bitwarden reduces exposed and reused passwords

Key finding: 81% of respondents have reduced the number of reused passwords in their organization

Compromised passwords are among the greatest security threats facing any organization. These are passwords obtained by attackers, either through brute-force attacks, guessing, hacking, or other means.

According to the 2024 Verizon Data Breach Investigations Report, 98% of all web application attacks in 2023 happened because of weak or stolen passwords (77% via stolen credentials and 21% via brute force attacks, which usually leverage easily guessable passwords). 

Once stolen, passwords often appear in online marketplaces — the Verizon report authors found thousands of users’ passwords offered for sale per day, for about $10 each, often appearing within a day of when they were stolen.  

People who reuse their passwords multiply the problem. Once a password is stolen, it then renders all of the accounts where it’s used vulnerable.

While some big tech companies, such as Google and Apple, now offer warnings if they detect a password that has appeared in one of these marketplaces, organizations need a more comprehensive solution. That’s where Bitwarden comes in. Through comprehensive password management, IT admins and end users can discover which of their passwords might have been exposed in a data breach — and which are being reused.

As a result, more than four-fifths (81%) of Bitwarden customers have been able to reduce the number of reused passwords. Almost half (45%) say they’ve eliminated more than 15 reused passwords, and 16.5% say they’ve been able to eliminate more than 45. What’s more, 11% of IT admins say they’ve been able to identify and eliminate more than 12 compromised passwords. That’s a big impact!

“It was eye-opening and alarming for users to see how many times they used the same password. After we implemented Bitwarden, we updated the frequency and complexity of our domain accounts. We also required the use of stronger and unique passwords and increased the frequency of password rotation.” — IT team at RiverStreet Networks

Take control of your security

Bitwarden has a large, positive impact on both end-users and the organizations that use it. Respondents to our survey noted that it helps them mitigate security risks, improve their overall security culture, and identify and fix passwords that have been compromised or that are being reused.

IT admins appreciated the way that Bitwarden improves their organization’s security posture, facilitates user education, and gives them more control. 

For IT admins, here are the top benefits they cited:

• Reducing security threats by giving me more control over my credentials and logins  

• Enabling me to have strong and unique passwords across all my accounts 

End-users also appreciate the security and control Bitwarden gives them. The top benefits cited by end users are the same, although in a different order:

• Enabling me to have strong and unique passwords across all my accounts

• Reducing security threats by giving me more control over my credentials and logins  
  

In short, Bitwarden has a demonstrably positive effect on improving companies’ security posture and security culture. And both end-users and IT admins alike are enthusiastic about how it enables them to have greater control and reduce security threats.

For enterprises that are exploring passwordless authentication, Bitwarden also offers passkey management for all users, and passkey APIs and developer toolkits for developers to easily deploy passkey authentication. 

To find out more about how Bitwarden can improve your organization’s security posture and culture by reducing password reuse, start a free 7-day business trial today. 

About Bitwarden vault health reports

Bitwarden vault health reports leverage dark web monitoring, data breach monitoring, and other services to keep individuals and organizations secure. These reports flag exposed, compromised, reused, or weak passwords, alerting end-users and admins to the need to correct these security vulnerabilities. They also help identify any unsecured websites, sites where multifactor authentication is available but is not being used, and any data breaches associated with vault websites.

Methodology

Bitwarden surveyed enterprise customers, including end users and IT admins from June to September 2024 and received 116 responses, including 87 IT administrators and 29 end users. Follow-up questions were sent to select IT admins to ask them more specific questions about how they’re using Bitwarden.