If we take them at their word that they're committed to keeping a fully-featured free version, what options do they have to make back a multiple of that $100 million for their investors? What many other companies have done in the past is to add a lot of new features. There are many examples of a simple, no-frills application turning into a bloated, complicated one, with a tiered subscription system. Ultimately a less streamlined, more expensive version of what it was before the funding.

Enterprise sales - that is a hugely untapped market for password managers (and a huge gap for a lot of companies where people keep their various passwords that are left after massive SSO implementations when they try to SAML everything). CyberArk plays in that space, but Bitwarden with the thoughtful way they have built this product can give them a run for their money.

I think the gotchas aren't for the early adopters and power users. It's for the people who will eventually make up the larger, more lucrative percentage of their user base starting with the friends and family of early adopters who are recommended to it.

Once they're set up with it, the idea of "importing and exporting between dozens of password managers" is meaningless. And gotchas aren't always limitations but can be "positive" like well meaning features, integrations, your company using it (so you too), etc. Lock-in comes in many forms.

I have rotated out and back in to BW at least 3 times.

Hardly locked in.

Out of curiosity, why so many rotations away (and back to) BW? Most people I know stick with a single password manager almost permanently, or at least unless their manager has some kind of earth-shattering vuln announced that just shakes their trust enough to move.

I moved to RememBear, they recently went EoL. Others were trying KeePass and Password safe as local options.

Basically chasing the new shiny.

Gotcha. And small world, until recently I worked at the company behind Remembear. Shame it had to be sunset.

I loved that software more than any on my Mac. It just made me happy, the thought that went into the small stuff tickled me.

I'll pass it on to the team! The designers and product people put a ton of work into making both RB and Tunnelbear delightful, and I'm glad it's making a difference :)

That's a good point. I figure lock-in might hit the enterprise users hardest down the line.

It is fairly no frills. But they're gonna have to add some frills if they want to use up that $100M

They could try and replicate most of the keybase features. Use FOSS to market it and sell a hosted version.

That is the only direction which I think could charitably use this $100m productively.

This is actually roughly what they're doing:

- They have a hosted/managed version with a free tier and a paid tier. Paid adds things like MFA and support for orgs. The more you pay, the enterprisey-er the org support gets.

- There's also a self-hosted version which follows a very similar scheme. You can start out for free, but if you want things like MFA or a self-hosted org, you're paying the Warden.

They could do all of that without VC. To justify 100 mil of VC theyd have to expand far beyond just being a password manager.

I agree. I'm not sure what they've got in store next. I imagine they might leverage the VC connections rather than the money to try and get a bigger foothold in the enterprise space, for one, but $100M is $100M and I've got no idea where that can go given the current state of things.

The amount of data in a typical password vault is insignificantly small measured in kilobytes. Bitwarden cost structure is mostly fixed costs for the infrastructure with small variable costs. If a company was providing hosting of large data stores, supporting many free users would be more difficult.

Out of curiosity, what are your thoughts on Vaultwarden?

I haven't used it, and last time I heard of it, it was still called bitwarden_rs. I like the project in principle since it capitalizes on BW's open API, and that's really good work in the spirit of open-source software.

Having said that: I haven't dug into it much. I don't know what the current state of auditing on it is, or how widespread adoption is relative to the mainline BW backend. I hope they use a database backend other than BW's default MSSQL, which has always seemed like a weird choice to me coming from mostly Linux, and so mostly Postgres and Maria/MySQL, though I skew heavily developer over DBA, and that distinction may as well be personal preference (as in, I don't have an intelligent reason to dislike MSSQL beyond my habit of using other things).