Q: Kyle, when you founded Bitwarden, what was the problem you spotted that you wanted to fix? Tell us the origin story.
A: I was a user of other password management tools. You know, for many years, a password manager was not necessarily a new concept. I had been using those tools for quite a while. There were things that I thought I could do better or improve upon. Some existing providers had complicated installs and set up procedures. And they were not available across the platforms that I wanted. There were open source options but they were fragmented in their implementations. You had to try to figure out which solutions were of high quality and which ones you could trust. So I set off to build my own password manager which was back in 2015-2016. I wanted to really meet the desires of someone like myself, which is a developer, an engineer, and a technologist. I also focused on bringing in aspects that made existing solutions a bit more turnkey and simple to use for the greater audience.
Q: Do you feel you had the flexibility to learn from predecessors and identify where you can be more light-footed in your approach?
A: Yeah, I saw a lot of what others were doing. Some were doing things well; some were doing things not so well. I thought that I could bring the best of both worlds together. It was late 2015, early 2016, that I set out to kind of build the first iteration of what would become Bitwarden.
My background was mostly in web development and architecture. I was building cloud-powered web apps and such, and I had actually never built a browser extension, a mobile app, or a desktop application before in my career. In fact, Bitwarden is still the only mobile application I've ever built before. Albeit two or three times over by now. But I've always really enjoyed opportunities to learn new technologies to solve a specific problem that I'm working towards. I ended up launching the first iteration of Bitwarden in August of 2016. I posted it on Reddit, HackerNews, Product Hunt and other social outlets. And to my surprise, it got really great traction, right from the get-go and I was getting great feedback right out of the gate. It turns out that a lot of people viewed the problem in a very similar way, and what I had launched and how I launched it seemed to resonate with them.
Q: So coming out of the gates in 2016, you had four more years to find your feet before the whole world did a 180 due to COVID-19. With a surge of people suddenly working from home and companies facing new challenges–were you prepared for that?
A: Certainly the pandemic was a bit of a shock when it all first happened, and companies were scrambling to try to figure out the best way to adapt. Although there was a bit of a freeze across all industries in the beginning, the tools that facilitated the use of remote work and how people operate in a remote fashion ultimately benefited from the abrupt shift. And that was certainly the case for tools like ours, as employees are now staying home and the threat level switches from being in the office all the time to being more fragmented, with people connecting outside of the company network and having to access more virtual tools where passwords are necessary. As a result, password management has certainly become more of a focus for companies to add another tool of mitigation towards the threats they see as a business.
Q: Can you tell us a bit more about Bitwarden services? For instance, you offer a password manager, but it's slightly different from other solutions out there. Can you speak to that?
A: As I mentioned in the beginning, I took a lot of the best things from existing tools out there, but we put a spin on what we're offering that makes us a bit different. I was looking for ways to demonstrate why people should trust our tool to store sensitive data and passwords. And being a developer and a technologist, understanding some of those problems, I thought open source would be a really good way to approach that problem. To this day, open source is how we operate as a company. All the tools that we develop and build are done in the open so we can be transparent about what we're doing.
I chose open source in the beginning to ensure transparency. I believe that open source transparency around security products like Bitwarden should be somewhat of a requirement. People should have the opportunity to vet how their tools and sensitive data are being handled by a product. What I didn't really foresee was the global community that naturally came along with being an open source product. For an application like Bitwarden, you can't help but form a community of people who are interested in what's being built. For instance, we get a lot of valuable feedback from our community, and we listen to it. In fact, much of the fundamentals of how Bitwarden is built are based on the feedback that we get from our community.
Being open source really enables us to attack the problem from a different angle that no other password management solution out there is doing in the same way, and it empowers us to develop additional features that naturally play into what we're doing. Today, we're a turnkey, SaaS-hosted platform that any individual or business can sign up for. You can also host it yourself. Bitwarden is compiled and deployed through platforms that allow users to self-host it on their own internal network and infrastructure.
Q: Can you tell us about how a solution like Bitwarden can make life easier for businesses–and not just for the IT folks, not just for the high levels, but for employees as well?
A: Bitwarden has a goal to always meet you where you are. Adopting password management shouldn't be some life-altering decision that you have to make. We're humans, we're creatures of habit, and we don't like change. And I believe Bitwarden understands that, and in a perfect world, Bitwarden is not really getting in your way, it's not really changing how you use the internet on a daily basis. It's there to help you when you need it and we’re out of the way when you don’t.
There's a battle between convenience and security at all times in the IT security world. And I'm of the opinion that convenience will always win. People will always choose convenience over security. So, as a security company and as someone building security products, you have to really be mindful of that. If it's not convenient, people don't want to adopt it and they're less likely to do things in a secure way. A tool like Bitwarden can offer a big boost in online productivity for people. Just think about how much time you spend resetting passwords and trying to remember what your passwords were. Bitwarden makes that process easy and automatic. Once you get the hang of using our product and start working it into the flows that you already use, it can be a real boost in just general productivity for users.
Q: What’s the best way for people to learn more about Bitwarden and get started?
A: If you're not using a password management tool yet, or maybe you already do and are looking to make a change, I suggest you check out Bitwarden. You can go to our website at bitwarden.com and explore the different client applications that we offer, along with our approach to how we build and deliver software in an open, transparent way. Give Bitwarden a try today and see if it can make your digital life better.
To listen to this interview, check out the Smashing Security podcast, episode 281.
Carole Theriault is a co-host of Smashing Security, a weekly podcast dedicated to cybersecurity news from experts in the industry. Having also founded the Sophos Naked Security site, Carole now heads up Tick Tock Social, a digital media and communications firm dedicated to serving technology firms and organizations. In addition to “Smashing Security”, Carole co-hosts the “Sticky Pickles” podcast.
Kyle Spearrin is the founder and Chief Technology Officer of Bitwarden and currently leads all engineering and product efforts. Before Bitwarden, Kyle was a software architect and engineering lead at iMobile3, a payment solutions company, where he focused on cloud infrastructure, mobile applications, and security for credit card processing. Kyle previously founded companies in hosting and web services, and has been a builder of online tools since he started organizing gaming communities in high school. Kyle holds a bachelor’s degree in Computer Science from the University of Florida.