20 November 2021

How to Manage Your Passwords Using Bitwarden

In this day and age, password attacks are a popular attack vector that has been leveraged by attackers to gain unauthorised access to user accounts, resulting in data breaches. The root cause of this is the use of weak passwords that are easy to remember. Compounded with password reuse, attackers only need to obtain one password for a specific application and they will have access to every other application that uses the same password. A solution to this problem is using a password manager such as Bitwarden. Bitwarden is an open-source password manager that allows you to use a unique and complex password for each application and stores your passwords in a secure vault using encryption. Using a password manager offloads the complexity of having to remember the password of every single application. Instead, one master password is used to access your password vault. This post will discuss how to set up and use Bitwarden.

Setting Up Bitwarden

First, you will need to register an account here. The registration form includes important information about the master password. Note: if you forget your master password, you will not be able to recover it, so make sure that you store it in a safe location.

Registration

Bitwarden is available on a variety of platforms, which are available here. For this demonstration, I will be using the Chrome browser extension. Once the Chrome extension has been installed, the next step is to select the Bitwarden icon and log in using the email address as well as the master password that was created in the previous step.

Bitwarden login

Upon logging in, you will be redirected to your vault:

Empty vault

You can manually add your credentials or have Bitwarden do this automatically for you. To do this automatically, log into any application where you have registered an account:

Example login page

After logging in, Bitwarden will prompt you to save your credentials. Select ‘Save Now’:

Save login prompt

The next time that you visit the same login page, press Ctrl + Shift + L (on Windows and Linux) and your credentials will be filled in automatically:

Autofill login

Navigating back to Bitwarden, we can see that the previous credentials have been saved to the vault:

Account added to vault

All the credentials that you add will appear in this vault. Bitwarden also allows you to store other types of data such as cards, identities and secure notes. You can also add your credentials manually by selecting ‘+’ and filling in the name, username, password and URI fields.

Add account

You can check if your password has been found in a data breach by selecting the button with a ‘tick’:

Breach detection

Bitwarden has a built-in password generator that can be used to generate a secure password of varying complexity, which you can use for accessing your applications:

Password generator

Bitwarden also has other features such as sharing passwords and files securely and two-factor authentication.

What if Bitwarden Gets Hacked?

Like with any other password manager, a concern would be if Bitwarden were to get hacked. Since Bitwarden is open-source, the codebase is publicly available and is audited by security researchers. This places it in a better position compared to other password managers that are closed source. Ultimately, there is no such thing as 100% security, so one needs to look at the pros and cons of any security control with the advantage of using a password manager being that it can address the security issues caused by weak and reused passwords.

tags: password security