password manager

How to Migrate from 1Password to Bitwarden

1Password Bitwarden
Difficulty: Easy Estimated time: 30-60 minutes

Step-by-step guide to switch from 1Password to Bitwarden, the open-source password manager that's free for individuals and self-hostable on EU infrastructure.

Prerequisites

  • Active 1Password account with admin access to your vault
  • Browser admin rights to install extensions
  • Authenticator app or hardware key for 2FA setup

Steps

  1. Create a Bitwarden account

    Sign up at bitwarden.com (free) or self-host the open-source server on your EU infrastructure.

  2. Export your 1Password vault

    Export from 1Password as 1PUX format (preserves attachments) or CSV (simpler but loses files).

  3. Install Bitwarden everywhere

    Install browser extensions, desktop apps, and mobile apps on every device you use 1Password on.

  4. Import the vault into Bitwarden

    Use Bitwarden's import tool with the 1Password format option to bring everything across.

  5. Recreate folder structure

    Bitwarden uses Folders + Collections instead of Vaults — recreate your organization scheme.

  6. Set up two-factor authentication

    Enable 2FA on your Bitwarden account using a hardware key (YubiKey) or authenticator app.

  7. Test logins on key services

    Verify autofill works on your most-used sites and that TOTP codes generate correctly.

  8. Cancel 1Password

    After 30 days, fully delete your 1Password vault and cancel the subscription.

Why Migrate from 1Password to Bitwarden?

1Password is excellent software. It’s also a Canadian company that runs on AWS (US-controlled infrastructure), charges $36/year per user for individual plans, and follows a closed-source model where you have to trust their security claims rather than audit them.

Bitwarden is open source. The full server stack is published on GitHub. You can self-host the entire system on European infrastructure (Hetzner, Scaleway, Infomaniak) for full data sovereignty. The hosted free tier covers most personal use cases. Premium is $10/year — yes, year, not month. Family plans are $40/year for 6 users. Business plans start at $4/user/month.

The cost difference compounds. The privacy and audit story is fundamentally stronger. And after the LastPass breach showed what happens when proprietary password managers cut corners under pressure, the case for an open-source, auditable alternative is stronger than ever.

Detailed Migration Steps

Step 1: Create Your Bitwarden Account

Two paths:

Path A: Bitwarden Cloud (recommended for most)

  1. Visit bitwarden.com and create a free account
  2. Choose a strong master password (this is the only password you’ll need to remember)
  3. Complete email verification
  4. (Optional) Upgrade to Premium ($10/year) for 1 GB encrypted file attachments and emergency access

Path B: Self-hosted (recommended for businesses)

  1. Provision a small server (1 vCPU, 2GB RAM is sufficient) on Hetzner, Scaleway, or your preferred EU host
  2. Use the official Vaultwarden Docker container (Bitwarden-compatible, lighter resource usage) or the full Bitwarden Server
  3. Configure HTTPS via Caddy or nginx with Let’s Encrypt
  4. Set up automated backups (encrypted, off-server)
  5. Create your account on your private instance

For organizations, self-hosting gives you full data sovereignty within EU infrastructure under EU jurisdiction.

Step 2: Export Your 1Password Vault

In 1Password Desktop (the export feature is desktop-only):

  1. Open 1Password and sign in
  2. Select your account in the sidebar
  3. File > Export > Select your vault
  4. Choose format:
    • 1PUX format (recommended) — preserves attachments and structured data
    • CSV — simpler but loses file attachments and some structured fields
  5. Save the export to a secure location (this file contains all your passwords in plaintext)

Critical: This export is unencrypted. Treat it like nuclear material:

  • Save to encrypted disk only
  • Don’t email it, upload it, or sync it anywhere
  • Delete it immediately after migration completes

Step 3: Install Bitwarden Everywhere

Bitwarden has clients for everywhere 1Password works:

  • Browser extensions: Chrome, Firefox, Safari, Edge, Brave, Opera, Vivaldi, Tor Browser
  • Desktop apps: Windows, macOS, Linux (.deb, .rpm, AppImage, Snap, Flatpak)
  • Mobile apps: iOS, Android (Play Store, F-Droid, direct APK)
  • CLI: For developers who want password management in scripts

Install on every device, sign in with your master password and 2FA. The browser extension is the most-used; install it first.

Step 4: Import the Vault

In Bitwarden web vault (vault.bitwarden.com or your self-hosted URL):

  1. Go to Tools > Import Data
  2. Select source: 1Password (1PUX) or 1Password (CSV) depending on your export
  3. Select your file
  4. Click Import Data

Bitwarden will import:

  • Logins (username, password, URL)
  • Secure notes
  • Credit cards
  • Identity records
  • Folders → translated to Bitwarden Folders

Items 1Password supports that Bitwarden doesn’t directly:

  • Documents → import as Secure Notes with file attachments (Premium)
  • Software licenses → import as Secure Notes
  • API credentials → import as Logins or Secure Notes

Step 5: Recreate Folder Structure

Bitwarden’s organization model is slightly different from 1Password:

  • 1Password Vaults → Bitwarden Collections (for shared/team items, requires Organization)
  • 1Password Folders → Bitwarden Folders (personal, similar concept)
  • 1Password Tags → Bitwarden has no direct tag equivalent; use folder structure or naming conventions

For personal use: just use Folders to organize. For families or teams: create a Bitwarden Organization (Family or Business plan) and use Collections for shared items.

Step 6: Set Up Two-Factor Authentication

This is non-negotiable for password manager security:

  1. In Bitwarden web vault: Settings > Security > Two-step Login
  2. Enable one of:
    • Authenticator app (Aegis, Raivo, Authy, Google Authenticator)
    • Email (least secure, but simple)
    • YubiKey (Premium, most secure)
    • Duo (Premium)
    • FIDO2 WebAuthn (Premium, hardware keys)
  3. Save your recovery code somewhere safe (printed, in a fire safe, NOT in Bitwarden)

If you’re a Bitwarden Premium subscriber, hardware keys (YubiKey) are the strongest option.

Step 7: Test on Key Services

Before deleting 1Password:

  1. Sign out of 5-10 critical services (banking, email, work tools)
  2. Try to sign back in using only Bitwarden autofill
  3. Verify TOTP codes generate correctly (Bitwarden Premium can store TOTP secrets)
  4. Test on mobile — autofill works differently on iOS vs Android, both work but require setup

If anything fails, you can still fall back to 1Password while you fix it. This is why running both in parallel for 30 days is essential.

Step 8: Cancel 1Password

After 30 days of running Bitwarden as your primary:

  1. Verify all logins are accessible in Bitwarden
  2. Verify all critical secure notes have transferred
  3. Verify TOTP codes for all 2FA setups
  4. Delete the 1PUX/CSV export file (securely — shred -u file.1pux on Linux, “secure delete” on macOS, BleachBit on Windows)
  5. Delete your 1Password vault content
  6. Cancel the 1Password subscription
  7. Sign out of all 1Password apps

Tips for a Smooth Migration

  • Schedule the migration for a low-stakes weekend, not the day before a deadline
  • Update sites with breached passwords during migration — Bitwarden’s password generator and breach check will flag old, weak, or compromised passwords
  • Use Bitwarden Send for sharing passwords or files temporarily — it’s a unique feature 1Password doesn’t have, especially useful with end-to-end encrypted self-destruct timers
  • Set up Bitwarden’s emergency access (Premium) so a trusted person can request access to your vault if something happens to you
  • For developers: the Bitwarden CLI (bw) is excellent for scripting and CI/CD secret management
  • For families: the $40/year Family plan is a steal for 6 accounts; 1Password Families is $60/year for 5
  • Self-hosting tip: use Vaultwarden instead of the full Bitwarden Server unless you specifically need enterprise features. Vaultwarden runs on a single server with minimal resources and is API-compatible with all Bitwarden clients
  • Don’t skip the master password change. Some users use the same master password as their 1Password account “for muscle memory” — pick a different, stronger one for Bitwarden

Was this helpful?