When comparing pass vs Bitwarden, the Slant community recommends Bitwarden for most people. In the question“What is the best cross-platform password manager?” Bitwarden is ranked 2nd while pass is ranked 3rd. The most important reason people chose Bitwarden is:
Bitwarden is open source and can therefore easily be reviewed and checked for security. Its Github repository is accessible [here](https://github.com/bitwarden).
Ranked in these QuestionsQuestion Ranking
Pro Works in command line
And is basically just a bunch of GPG-encrypted files stored in a folder.
Pro Free and open source
Pro Full control
You are not forced to rely on any other service provider than yourself. Like saving them on a remote server as in the case of LastPass. You don't have to extend your trust (to LastPass or any other provider).
Pro Ultra portable
As it has both Git support and encrypts passwords to GPG-encrypted text files, it is really simple to access everywhere. You can either use a self-hosted or a personal cloud hosted Git repository. It is automatically being kept up-to-date. Clients for pretty much everything and a really active community. Even if you can't run a client you will still be able to access the password by decrypting them from the Git store.
Pro Has cross platform GUI clients
It has a Qt-based GUI, an Android and iOS app, a Firefox plugin, a Golang GUI app, an interactive CUI, a dmenu script, OS X integration, and also an Emacs package.
Pro Not using a database
It doesn't use a database like, for example, KeePass and thus doesn't open all passwords at once. Just one at a time.
Pro Allows storing password history
You can version-control the encrypted files using Git, which allows you to track all changes done.
Pro Adheres to Unix philosophy
Does one thing and does it well.
Pro Uses standard components
As GPG and Git are widely used, it relies on thoroughly tested and secure functionality.
Pro Scripts for importing passwords from different services
Pro Multi user suppport
You and your team can share a repo and different subtrees can be encrypted for different sets of GPG ids.
Pro Support for extra functionality via plugins
For example the plugin "pass-extension-tail" makes it possible to only display the non-password parts of a password file, like the username or the name of the service the password is needed for, and without showing the password.
It's very easy to understand what the program does, why it's doing it, and how it's secure.
Pro Has git support
Pro Open source
Bitwarden is open source and can therefore easily be reviewed and checked for security. Its Github repository is accessible here.
It is easy to start as the majority of features are on the free version.
Pro Clean interface with no ads
No ads, no tracking.
Pro Cross-platform syncronisation
Automatically synchronises across various devices and platforms. Passwords get fully encrypted locally before leaving the computer.
Pro Many browser plugins
There are plugins for Firefox, Chrome, Safari, Opera, Edge, Vivaldi and Tor Browser.
Pro Strong, easy to use built-in password genarator
No need to think of individual passwords. This can be easily accomplished with an easy to use built-in password manager.
Pro Native mobile apps for iOS and Android
Pro Extremely strong encryption algorithm
End-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
Pro Two-step authentication
Offers 2FA with Authy, Google Authenticator or via email.
Additionally, the Pro Version has Duo Security with Duo Push, SMS, phone call, and U2F security keys: YubiKey (any 4 series device or YubiKey NEO) and FIDO U2F (any FIDO U2F certified key).
Pro Web vault
Possibility to manage passwords without installing the app or the browser plugin.
Pro Supports multi-logins on one site
You can store multiple logins on the same website.
Pro Multifactor authentication
Pro Secure notes
Very easy to add personal notes.
Pro Command line interface
You could retrieve passwords in the scripts.
Pro Auto-fill remembers last user
When a site has multiple credentials (like I have for some brokers and banks), then the most recently used is automatically populated (if auto-fill is opted). This feature is unique (to my knowledge) and spectacular (especially for sites that log you off frequently and re-logging in is required).
Pro Digital unlock works fairly well
Android app is a little slow and buggy, but it works well and has been improving.
Pro Self-host your own server
Host your own server via Docker for small installations or by package for multiple servers.
Pro Almost complete free version
The features included in the free version are totally sufficient for most personal uses. No limitation of devices synching.
Pro Dark theme
Pro Easy to use
Pro Use hardware based biometrics to unlock Bitwarden
You can use Windows Hello or Apple's TouchID on PC to unlock desktop applications and browser extention.
Pro Nested folders
Folders can be created within folders.
Pro Regular expressions can be used in URIs
It can also be used for sites where the domain changes frequently.
Pro Easy import/export
Just copy CSV text.
Pro Save data on the web
Save data on the web.
Pro Enterprise ready
Using enterprise subscribtions you can share password entries among your colleagues via 'collections' or with other companies that are connected to yours. You decide if it's your personal entry or a companies.
Pro Auto-fill by specifying the form with the selector of css
Auto-fill by specifying the form with the selector of css.
Con Not super user friendly
Might be a little too low-level (even with GUIs) for some teams of users.
Con Exposes the names of the sites
By default each file is named 'google.com.gpg' - so someone who steals your password directory would know every site you have accounts on.
Can be mitigated with plugins like Tomb, but a noteworthy caveat.
Con Not hosted = not accessible
As everything is stored locally, there's no way to access your passwords while on public computers, etc. without exposing your private key to the world. You'll have to manually enter your passwords while looking at your phone, etc.
Con Not ideal if you have to use Windows
While windows clients technically exist, this program is quite obviously aimed at UNIX-like systems. If you have to use Windows (eg. for work) then it'll be difficult to get everything set up properly.
Con No webapp for easy shared access
Con Password generator only uses 8 special characters !@#$%^&*
Whereas a desktop keyboard has 30+ special characters. This greatly reduces the possible passwords that can be generated.
Con Unable to remove duplicates
If you import more than one times, it will store its duplicates and there is no duplicate remover on these apps.
Con Passwords cards can be tricky for newbies
The fields can be difficult to understand for newbies. For example, some login pages can add a field for the password name differently at the same time as the password's field will contain a password. When changing the password, they sometime end corresponding and can give headaches to some users.
You're storing your passwords on servers and you have to trust them.
Con Cannot update data while offline
Requires Internet connection.
Con Saving new credentials isn't as easy as it should be
When registering on a new site, Bitwarden pops up a button to ask if you'd like to save credentials (as most equivalent products do). But the button disappears VERY quickly, so often requires manual entry of passwords
Con Input of new login needs a 'signed-up with e-mail = 'email@example.com' functionality
Often sites won't be able to reset your password if the corresponding e-mail used in sign-up is unknown.
Con Lack of communication between instance opened in one session
If you use the client's desktop's app, multiple browsers extensions; they all work almost totally independently. Using more RAM as database is opened each time and asking for login more often. Some other passwords managers use desktop's client to open the database and extensions communicate with it in this case. If there's no desktop's, they'll work as standalone extensions.
Con The autofill sucks
The autofill is tedious - many clicks/taps required to trigger it. It doesn't help that the extension is slow to open.
Con Cannot store images of ID card, etc
Attachments available in premium.
Con Web browser extension doesn't recognise login required
User has to scroll/search for web site login details as it is not found automatically.