Associate
- Joined
- 21 Aug 2010
- Posts
- 747
I mean if you didn't have to unlock it it would be less secure.
Password managers! (Fed up of lastpass!)
- Thread starter DHR
- Start date
I paid for Bitwarden premium as it's so worth it. Embeds the 2FA in the app, for recovery passwords I do also save them in the account. May seem like a flaw in security, but frankly if my BitWarden account is compromised then I've got bigger problems to deal with.
I also do not store anything like banking details on there.
It's true but still annoying
Associate
RoboForm, been using it for years and it works very well on my PC, iPhone, iPad and Apple Watch and all data syncs flawlessly between them. UI is very simple and easy to understand, surprised how few seem to use it.
Actually never knew about this - this would solve a huge headache for me. Many thanks!
Soldato
- Joined
- 1 May 2003
- Posts
- 11,108
I'm still using keepass, it's free open source software that offers AES-256 encryption as a standard.
Like most decent software, you have to put the time and effort in to get the best out of it.
Not for those who want loads of features like such as password auto-saving and auditing, password sharing, dark web monitoring, and a native mobile app etc..
Keepass is old skool
Like most decent software, you have to put the time and effort in to get the best out of it.
Not for those who want loads of features like such as password auto-saving and auditing, password sharing, dark web monitoring, and a native mobile app etc..
Keepass is old skool
Soldato
I self-host Vaultwarden in docker. Does everything I need it to do and does it very well. Autofill in websites and apps and 2FA all works nicely.
Soldato
Another one who uses Bitwarden. Switched over from LastPass, seems much easier to use in design. No issues so far.
Genuine question below, never used anything like Bitwarden so any advise would be good etc.
Can I ask why people use this over storing the passwords in the browser?
I have had a quick look at this and can see they are stored online on your account and accessed via a browser extension.
Wouldn't keeping these stored locally on your PC\browser be safer than online?, for example if Bitwarden got hacked and all your passwords where stolen or something?
I see it can generate passwords for you and save them as well to stop you using the same pw for multiple sites etc.
Can I ask why people use this over storing the passwords in the browser?
I have had a quick look at this and can see they are stored online on your account and accessed via a browser extension.
Wouldn't keeping these stored locally on your PC\browser be safer than online?, for example if Bitwarden got hacked and all your passwords where stolen or something?
I see it can generate passwords for you and save them as well to stop you using the same pw for multiple sites etc.
I think historically browser password managers weren't seen as very secure; they were limited and your passwords could be lifted from your machine by simply copying the file where the browser was storing them. That is different now; most are very robust and they are a totally viable choice if that is what you find convenient.
Storing/syncing your passwords online is a risk/convivence choice. Bitwarden as a whole isn't going to "get hacked" and reveal all your passwords (unless there is a fundamental flaw in their encryption algorithms, but you should consider that their codebase is open source and independently audited to minimize the chance of this). Your individual account might get compromised though, so if someone were able to steal your vault password and your two factor authentication then yes all your passwords (and anything else you've stored in the vault) would be revealed to the attacker. But someone being able to steal both a strong vault password and your two factor is something requiring a very targeted attack against yourself (or again, a fundamental flaw in Bitwarden authentication processes).
Last edited:
As above - passwords in the browser, at most, require your Windows password to get into (if you're using Edge) which can easily be reset (if you encrypt your drive with Bitwarden it's far harder - otherwise it's just a Linux live CD and you can easily reset the password to blank).
With Bitwarden, also my recommendation, it requires authentication to the plugin on each new browser session which means the passwords are much more secure. If your device is stolen you can change the password for extra piece of mind. I used to store passwords in the browser for convenience but I now just use the plugin.
Bitwarden also has MFA (which, again, i'd recommend you use if you go down the Bitwarden path) so it makes it that little bit more secure.
M.
With Bitwarden, also my recommendation, it requires authentication to the plugin on each new browser session which means the passwords are much more secure. If your device is stolen you can change the password for extra piece of mind. I used to store passwords in the browser for convenience but I now just use the plugin.
Bitwarden also has MFA (which, again, i'd recommend you use if you go down the Bitwarden path) so it makes it that little bit more secure.
M.
Thanks for replying.
Ill give it a ponder over as currently my passwords are not synced online through Chrome and if I ever format my PC I export my bookmarks and passwords to re import once back up and running.
I did notice that you need your master key to access your account from the plugin so always handy
Not that I suggest doing this - but can you not just set vault timeout to never?
I'm very tempted lol
Perhaps look into whether you can use Windows Hello for biometrics based access into Bitwarden. If you use laptops you might already have a compatible device, if it's a desktop there are USB fingerprint readers that work (I'm looking at these at the moment).
That way you could likely configure it so you login once per day with your password, then subsequent unlocks can be done via fingerprint (or another Windows Hello method).
Soldato
Same. I should probably see what’s around now as have been using for years, it’s always been solid.
Took a while to get the Mrs on it and find sharing certain accounts like online groceries really great.
Associate
Been using bidwarden for over 2 years now. No issues at all.