Bitwarden Password Manager

May 25, 2020

Lang: cs en de es

If security is not convenient to use, then users behave in a risky way. Therefore, security must also be convenient to use. Convenient password management is ensured by Bitwarden's password manager, which is multi-platform and opensource. This allows users to share passwords across different devices or within a team. And only if security is not an obstacle, for example, a tool that makes work easier is used, will users handle passwords securely. Bitwarden accomplishes all of this by providing a secure, centralized password management solution, all conveniently, ensuring that users handle passwords securely.

General introduction

Password storage

How to store passwords? We can store passwords in a file or we can use a tool to help organize login accounts and passwords. Usually, as the number of accounts and passwords grows, each user implements some organization of this key private information.

Encryption

When you store a lot of passwords somewhere, it's a good idea to store them encrypted so that whoever gets them can't use them. To encrypt such a file, you can make good use of a tool GNU Privacy Guard (GPG). However, it's a good idea to have the entire disk encrypted at the same time, as passwords are often stored in readable form by the programs themselves. TotalComander, for example, is notorious for this malady.

There are various tools for encrypting the disk, for example TrueCrypt, which the authors themselves recommend not to use anymore and to switch to BitLocker or use a fork called VeraCrypt.
I recommend using Linux and encrypting disks on Linux using LUKS technology.

More in the encryption videos

#PGP #GPG Email encryption (Dobruška):

How encryption works:

Encryption of computer data/drives:

Safety vs comfort

Security rules often create barriers for users and therefore they subsequently take actions that make security significantly reduce safety. Therefore, when it comes to security, the security process must be designed to make it easy for users to use. Ideally, if it's designed in such a way that it even makes the users' job easier, then they will handle private data securely and follow the security processes.
And that's exactly what password management tools are designed to do, to ensure security while making it convenient to use and even share within a team.

Password Manager

A password manager or safe is a tool that allows users to securely store and manage passwords. Password storage can be local or centralized in some online storage or cloud application. Centralization makes it more convenient to share not only within different devices of one user, but also between users. When working in a team, it is easier to change the password of a shared account.

Password Manager features

What should a good password manager be able to do?

  • data encryption, security
  • central storage
  • good usability
  • account search
  • integration
  • password generation
  • sharing: my device, team

Linux and Password Manager

A password manager has been commonplace in Linux for years. For the KDE environment there is KWallet and for GNOME GNOME Keyring.

I've used KWallet myself for years, it uses local storage, so sharing between devices is not possible. And it's the sharing between devices that comes in handy when I have multiple computers and also a phone nowadays a full-fledged work device.

Existing password management solutions

LastPass

The LastPass password manager has the following features:

  • Online storage
  • Multi-browser support
  • Various OS
  • Licence: freemium

Enpass

The Enpass password manager has the following properties:

  • Saves an encrypted file to the cloud. Cloud of your choice.
  • OS: Win, macOS, Linux, Android
  • License: Freemium

KeePass

The KeePass password manager has the following features:

  • Access credentials are stored locally in an encrypted database
  • .
  • For Windows, Porting: Linux, macOS, Android
  • License: GPL

Opensource

Why Opensource? An application that doesn't have source code can't be inspected, so you'll never be sure, that it is secure, and even in such software there may be a backdoor. So the only possible free one is a program that is Opensource.

Bitwarden Password Manager

Bitwarden is an opensource password manager that meets all required features for both convenience and security.

bitwarden password manager

Bitwarden has the following properties:

  • Centralized
  • Client-server architecture
  • You can have your own server
  • Opensource license: GNU GPLv3 and AGPLv3

Bitwarden has the following features:

  • Password generation
  • Manage accounts with passwords
  • Sharing within groups (companies)
  • Two-factor authentication (2FA)
  • Command-line tools (CLI)
  • Intra-device sharing
  • End-to-end encryption

When it comes to the security of stored passwords. Once the password is lost, access cannot be restored, which suggests that the data is stored securely on the server. This is because it is End-to-end encryption of the data, where the data is stored encrypted on the server and therefore only the whoever enters the correct password. Without the master password, you will not get the stored login data.

Additional features within the paid service:

  • TOTP (Time-based One-Time Password) directly in Bitwarden.
  • Verification of vault login using hardware encryption key.
  • Analysis of weak, overused and leaked passwords.

How is the password analysis done?

Password analysis is performed as follows: The client application calculates the password hash. It sends half of the hash to the server and the service looks up the corresponding leaked or cracked passwords from the DB. For security reasons, neither the password nor the full hash is ever sent anywhere. The results returned by the service are then compared by the client application and if they match, a problem is reported.

Is Bitwarden secure?

Opensource enables security by controlling the source code. The Bitwarden software code has been completely checked by a third party that performs application security audits. Bitwarden Completes Third-party Security Audit

Platforms

Bitwarden is supported on the following applications and operating systems:

  • OS: Linux, macOS, Windows, Android and others
  • Clients exist for: Chrome, Firefox, Android and more

Image with supported platforms:
bitwarden supported platforms

Sharing

How does password sharing work? You create a password for the service on one PC and have it available on another PC with a different browser and also on your Android or iOS phone. You can conveniently log in on all devices and use a unique, highly complex password for each service without without having to remember it.
And just by using complex passwords and a different password for each service, you prevent problems, that arise from using a simple/predictable password or using the same password for different services. Because if one service has a security problem, it automatically becomes a problem for all your accounts where you use the same password.

Export, backup

Backup is something that should be standard for anyone, especially when it comes to work data. Even passwords should be backed up!
You can export passwords from Bitwarden in json format, which is also a human-readable text file, so it's ideal for backing up. You can then import it into Bitwarden in this format, or otherwise machine process it.
Then encrypt the backup using e.g. GnuPG! and store it in a safe place.

Bitwarden usage

It is possible to use the public installation - basic use is free. And setting it up is quick and easy.
The public installation is hosted in Microsoft Azure.

If you want to run the instance on your own server this is possible using Docker containers.

This is what the web login to Bitwarden looks like:
web login to Bitwarden

Password management in the Bitwarden web interface:
Manage passwords in Bitwarden web interface

Bitwarden browser integration

Bitwarden login:
bitwarden supported platforms

Login to a specific application using the Bitwarden password manager:
bitwarden supported platforms

Creating a managed account:
bitwarden supported platforms

Password generator, you can also set the requirements for the characters used:
bitwarden supported platforms

Security

Safety is thought of everywhere. For example, taking screenshots is blocked when using the client app on Android.
Exporting passwords is only possible after entering the master password. This prevents misuse if the vault is already unlocked.

Bitwarden lecture

Learn more about Bitwarden in this video recording of a lecture about Bitwarden password manager:

Links

bitwarden.com
github.com/bitwarden
haveibeenpwned.com - database of leaked accounts with passwords

Articles on a similar topic

VPN: Virtual Private Network
Using the GoTrust hardware encryption key from MojeID on Linux

Newsletter

If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.


+