The author no longer recommends Bitwarden due to concerns about its direction as a company, the complexity of self-hosting, and the quality of its client applications. The author highlights issues with Bitwarden’s backend, including its reliance on Microsoft technologies and the lack of integration with Vaultwarden, a popular alternative. Additionally, the author criticizes Bitwarden’s client applications for lacking basic features, having a poor user interface, and being prone to breaking changes during updates.

The author criticizes Bitwarden for its handling of protocol changes, unreliable offline mode, and poor user interface. They highlight several security incidents, including vulnerabilities in the Windows client, browser extension, and CLI, as well as a compromised npm package. The author expresses concern over Bitwarden’s security track record and feature development pace.

Bitwarden’s npm distribution pipeline was compromised, leading to the distribution of a malicious CLI. This incident, along with other security issues and a shift in focus towards enterprise features, has led the author to reevaluate their reliance on a single password manager. They propose a compartmentalized approach, using different password managers for various credential groups, to minimize the impact of potential breaches.