Bitwarden Password ManagerMay 25, 2020
If security is not convenient to use, then users behave in a risky way. Therefore, security must also be convenient to use. Convenient password management is ensured by Bitwarden's password manager, which is multi-platform and opensource. This allows users to share passwords across different devices or within a team. And only if security is not an obstacle, for example, a tool that makes work easier is used, will users handle passwords securely. Bitwarden accomplishes all of this by providing a secure, centralized password management solution, all conveniently, ensuring that users handle passwords securely.
How to store passwords? We can store passwords in a file or we can use a tool to help organize login accounts and passwords. Usually, as the number of accounts and passwords grows, each user implements some organization of this key private information.
When you store a lot of passwords somewhere, it's a good idea to store them encrypted so that whoever gets them can't use them. To encrypt such a file, you can make good use of a tool GNU Privacy Guard (GPG). However, it's a good idea to have the entire disk encrypted at the same time, as passwords are often stored in readable form by the programs themselves. TotalComander, for example, is notorious for this malady.
There are various tools for encrypting the disk, for example TrueCrypt, which the authors themselves recommend not to use anymore and to switch
to BitLocker or use a fork called VeraCrypt.
I recommend using Linux and encrypting disks on Linux using LUKS technology.
More in the encryption videos
#PGP #GPG Email encryption (Dobruška):
How encryption works:
Encryption of computer data/drives:
Safety vs comfort
Security rules often create barriers for users and therefore they subsequently take actions that make security significantly
Therefore, when it comes to security, the security process must be designed to make it easy for users to
Ideally, if it's designed in such a way that it even makes the users' job easier, then they will handle private
data securely and follow the security processes.
And that's exactly what password management tools are designed to do, to ensure security while making it convenient to use and even share within a team.
A password manager or safe is a tool that allows users to securely store and manage passwords. Password storage can be local or centralized in some online storage or cloud application. Centralization makes it more convenient to share not only within different devices of one user, but also between users. When working in a team, it is easier to change the password of a shared account.
Password Manager features
What should a good password manager be able to do?
- data encryption, security
- central storage
- good usability
- account search
- password generation
- sharing: my device, team
Linux and Password Manager
A password manager has been commonplace in Linux for years. For the KDE environment there is KWallet and for GNOME GNOME Keyring.
I've used KWallet myself for years, it uses local storage, so sharing between devices is not possible. And it's the sharing between devices that comes in handy when I have multiple computers and also a phone nowadays a full-fledged work device.
Existing password management solutions
The LastPass password manager has the following features:
- Online storage
- Multi-browser support
- Various OS
- Licence: freemium
The Enpass password manager has the following properties:
- Saves an encrypted file to the cloud. Cloud of your choice.
- OS: Win, macOS, Linux, Android
- License: Freemium
The KeePass password manager has the following features:
- Access credentials are stored locally in an encrypted database .
- For Windows, Porting: Linux, macOS, Android
- License: GPL
Why Opensource? An application that doesn't have source code can't be inspected, so you'll never be sure, that it is secure, and even in such software there may be a backdoor. So the only possible free one is a program that is Opensource.
Bitwarden Password Manager
Bitwarden is an opensource password manager that meets all required features for both convenience and security.
Bitwarden has the following properties:
- Client-server architecture
- You can have your own server
- Opensource license: GNU GPLv3 and AGPLv3
Bitwarden has the following features:
- Password generation
- Manage accounts with passwords
- Sharing within groups (companies)
- Two-factor authentication (2FA)
- Command-line tools (CLI)
- Intra-device sharing
- End-to-end encryption
When it comes to the security of stored passwords. Once the password is lost, access cannot be restored, which suggests that the data is stored securely on the server. This is because it is End-to-end encryption of the data, where the data is stored encrypted on the server and therefore only the whoever enters the correct password. Without the master password, you will not get the stored login data.
Additional features within the paid service:
- TOTP (Time-based One-Time Password) directly in Bitwarden.
- Verification of vault login using hardware encryption key.
- Analysis of weak, overused and leaked passwords.
How is the password analysis done?
Password analysis is performed as follows: The client application calculates the password hash. It sends half of the hash to the server and the service looks up the corresponding leaked or cracked passwords from the DB. For security reasons, neither the password nor the full hash is ever sent anywhere. The results returned by the service are then compared by the client application and if they match, a problem is reported.
Is Bitwarden secure?
Opensource enables security by controlling the source code. The Bitwarden software code has been completely checked by a third party that performs application security audits. Bitwarden Completes Third-party Security Audit
Bitwarden is supported on the following applications and operating systems:
- OS: Linux, macOS, Windows, Android and others
- Clients exist for: Chrome, Firefox, Android and more
Image with supported platforms:
How does password sharing work?
You create a password for the service on one PC and have it available on another PC with a different browser
and also on your Android or iOS phone.
You can conveniently log in on all devices and use a unique, highly complex password for each service without
without having to remember it.
And just by using complex passwords and a different password for each service, you prevent problems, that arise from using a simple/predictable password or using the same password for different services. Because if one service has a security problem, it automatically becomes a problem for all your accounts where you use the same password.
Backup is something that should be standard for anyone, especially when it comes to work data.
Even passwords should be backed up!
You can export passwords from Bitwarden in json format, which is also a human-readable text file, so it's ideal for backing up. You can then import it into Bitwarden in this format, or otherwise machine process it.
Then encrypt the backup using e.g. GnuPG! and store it in a safe place.
It is possible to use the public installation - basic use is free. And setting it up is quick and easy.
The public installation is hosted in Microsoft Azure.
If you want to run the instance on your own server this is possible using Docker containers.
This is what the web login to Bitwarden looks like:
Password management in the Bitwarden web interface:
Bitwarden browser integration
Login to a specific application using the Bitwarden password manager:
Creating a managed account:
Password generator, you can also set the requirements for the characters used:
Safety is thought of everywhere. For example, taking screenshots is blocked when using the client app on Android.
Exporting passwords is only possible after entering the master password. This prevents misuse if the vault is already unlocked.
Learn more about Bitwarden in this video recording of a lecture about Bitwarden password manager:
haveibeenpwned.com - database of leaked accounts with passwords
Články na podobné téma
VPN: Virtual Private Network
Using the GoTrust hardware encryption key from MojeID on Linux
If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.