fbpx

Password Security Vault
Bitwarden

This is an account of my adaptation of a password security vault. It is written from my own experience while satisfying my own specific needs. You will find sticks to basic and fundamental functions only. There is no “power user” perspective, nor is there any deep technical analysis beyond what I did to confirm that I was protected by a reasonable level of security.

As a technology professional, I am frequently confronted by (actually, deluged by) torrents of brand-new tools and aids, delivered with the spoken or suggested idea that I SIMPLY MUST have this tool. Since I have been in this field for a long time and heard this so often, I’ve learned that no, I just might not need this one. Let the (gullible? impressionable?) masses run collective market and usability analysis FOR ME, and I’ll get back to it next month or next year.

Besides, there is always the non-verbalized thought that prevents change: “It’s working, ain’t it?”

From way back, I’ve kept my passwords along with user IDs and websites in a special spreadsheet, which itself was protected by a password. That password was unrelated to any other passwords. Over time, this spreadsheet blossomed, bloomed, and branched into a multi-sheet labyrinth which became tiresome to navigate.

I considered and rejected browser-provided tools simply because I did not want to have everything residing in a single browser on a single machine. I admit to being a little influenced by alarming stories of security tools being hacked. Also, there is more and more awareness that browser providers do not have your back and under certain circumstances, they will share certain data. I know, I know, there is no known circumstance where they would sell your private access codes, but still…

A Recommendation by a Trusted Source

A friend of mine recommended a specific product. In fact, he indirectly demo’ed it during a phone call while we were discussing access to a website. I heard “Oh, WHAT is my logon? Wait a minute, I’ve got it in Bitwarden…just a second…there, I’m in”.

I was impressed how quickly he solved that problem. I learned he had been using this solution for years – long enough to forget exactly what was or was not stored in it – and he was very happy with it.

Product Overview

Bitwarden is an Open Source password manager. I was interested in the “Open Source” aspect because members of the open source community are committed to the community and not swayed into decisions that do not favor users. I am a proponent of private enterprise, but I also hold that large private companies begin to take on the characteristics of government-style bureaucracies and no longer serve end users as the first priority.

In the spirit of Open Source, there is a well-featured version available at no cost: no license fees and no forced advertising. Note that Bitwarden does have three levels of offerings in both “Personal” and “Business” packages. Even in the paid versions, the rates are quite low ($10/year for Personal) and offer interesting advantages.

Security

You will have to come to your own level of comfort on this, but I believe they have security covered very well. “Hash”, in very general terms, is a method of encrypting data. Simply, it takes plain readable text and scrambles it so it looks like a plate of hash.

From their website:

“Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data.

“Vault data can only be decrypted using the key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data.”

https://bitwarden.com/help/article/what-encryption-is-used/Account Setup

I went with the free personal version. Setting up the account is very straightforward. You establish a Master Password to gain access to your private vault.

Bitwarden warns the user: if you forget the Master Password, NO ONE can help you get back into the vault. There is no “password reset” function. This is not as onerous as it may sound. Bitwarden will house the many and gnarly passwords you are using. Now, you only need to keep track of one.

You can create a password of virtually any length. For instance, if you enjoy reading stories by English novelists, you could make the master password something like this:

itwasadarkandstormynight

(from the novel Paul Clifford by Edward Bulwer-Lytton, 1830).

For the literature fan, this is quite easy to remember and yet could remain your secret until the end of time. Thankfully, you only have to enter this once when you open your browser.

You will have to come to your own level of comfort on this, but I believe they have security covered very well. “Hash”, in very general terms, is a method of encrypting data. Simply, it takes plain readable text and scrambles it so it looks like a plate of hash.

From their website:

“Bitwarden always encrypts and/or hashes your data on your local device before anything is sent to cloud servers for storage. Bitwarden servers are only used for storing encrypted data.

“Vault data can only be decrypted using the key derived from your master password. Bitwarden is a zero knowledge solution, meaning you are the only party with access to your key and the ability to decrypt your Vault data.”

https://bitwarden.com/help/article/what-encryption-is-used/Account Setup

I went with the free personal version. Setting up the account is very straightforward. You establish a Master Password to gain access to your private vault.

Bitwarden warns the user: if you forget the Master Password, NO ONE can help you get back into the vault. There is no “password reset” function. This is not as onerous as it may sound. Bitwarden will house the many and gnarly passwords you are using. Now, you only need to keep track of one.

You can create a password of virtually any length. For instance, if you enjoy reading stories by English novelists, you could make the master password something like this:

itwasadarkandstormynight

(from the novel Paul Clifford by Edward Bulwer-Lytton, 1830).

For the literature fan, this is quite easy to remember and yet could remain your secret until the end of time. Thankfully, you only have to enter this once when you first open your browser.

Browser and Desktop Setup

There is a Bitwarden extension for all major browsers (eight are listed). Search for your environment, e.g. “Bitwarden Firefox” and, of course, only download from the Bitwarden site.

Once downloaded and installed, log into your vault account with the master password and you’re set.

There is a Bitwarden extension for all major browsers (eight are listed). Search for your environment, e.g. “Bitwarden Firefox” and, of course, only download from the Bitwarden site.

Once downloaded and installed, log into your vault account with the master password and you’re set.

Creating Passwords and other Entries

Creating passwords and other items could not be any easier. You can open Bitwarden and manually enter these items.

But by far my favorite method is to (for the last time ever) manually login to a specific site. Bitwarden will ask if you want to add the credentials to the vault. Just say Yes.

For passwords items you can add notes as well as add custom fields and field values if needed for the entry.

You can also add your credit card items in addition to password items. I admit, I did not touch this at first, it was just too spooky. But over time I have come to better understand the security that protects all entries. I have since started using this feature.

IMPORTANT: as you add new entries to Bitwarden, you should remove them from your browser’s password tool if you were in the habit of using your browser to store passwords.

Conclusion

Bitwarden is not the only password vault available and if you want to dig in you can research this as extensively as you like. I found this product incredibly helpful in our office. After putting it in place, a favorite expression heard is “Oh, I LOVE Bitwarden!”, just from its having removed the persistent tanglefoot we’ve had to endure.

For questions, comments or to request a free phone consultation:

Fill in your information below:

Mark Thomas is a CRM and Data Solutions Master. If you have any topic you would like to  see addressed, feel free to make a suggestion.