The biggest problem she had was that it was that the standard workflow of it capturing generated passwords became unreliable and it stopped automatically tracking the random passwords it generated. Whatever it was that she was doing, she kept losing passwords and getting locked out. It destroyed her trust.
We tried Bitwarden. It doesn't require the same leap of faith to use a random password. They're saved first before you use them. The usage flow isn't quite as smooth as LastPass was, but she hasn't lost any passwords since the switch.
She's almost forgiven me for making her use a password manager. Almost... :)
Utter madness, but it saved me a couple times.
My only complaint about Bitwarden is that the desktop app on macOS does not have support for Touch ID which is a shame. It has been a requested feature for a long time but no progress seems to have been made.
The desktop Bitwarden app is Electron based so I don't know if that is an issue or not.
Overall for £10/year for Premium or legitimately free if you don't need the Premium features you are a fool to not use it imho.
I was considering switching to KeepassXC in response but didn't get around to it.
Lastpass has been on my "replace at next opportunity" list for a while now. No time like the present.
Each generated password is visible in the triangle drop-down to the right of the generated password.
This list resets on restarts
The backward change started after logmein bought lastpass.
Luckily, keepass has a very nice auto-type functionality that works perfectly with basic auth dialogs. Now if I could just disable the Kee dialog that doesn't actually do anything...
Still less buggy than Lastpass's Safari extension though...
>To reiterate, the results of this autumn 2018 assessment
are positive for the client and code. Sadly, the same thing cannot be stated for the
current cryptographic scheme in use. Given the number and range of issues discovered,
it seems necessary that a re-design takes place. This needs to reassess how certain features are implemented and ensure that the overall cryptography stands strong
against the attackers’ efforts.
Um. Is this not worrying to people?
The purpose of an audit like this is to find issues. When issues are found, that is a good thing. We want to find problems so that they can be fixed. What would be bad is if we found issues that could not be properly fixed, or an abnormally large number of issues, neither of which was the case with Bitwarden. What I can tell you is that all issues referenced in this audit have already been resolved in very short order (the audit was only completed just last week), with relatively simple fixes, and that Bitwarden is even safer to use today than it was before.
On the other hand I do love the no cloud mode of enpass which potentially of makes it slightly more secure (a cloud for password storage would be a juicy target). It also means I have a local backup of all my password in my devices in case of some issue including bitwarden web vault being down.
Im running it via Dokku and it has been rock solid. It's way lighter than running their reference server implementation.
It's been fantastic, really solid and generally pretty fast. Far, far easier than trying to get the standard Bitwarden stack going. That said, the standard stack is meant to support many users, where I have only tested the Rust implementation with a handful of users.
And there are also other third party implementations too,
Go : https://github.com/VictorNine/bitwarden-go
Ruby : https://github.com/jcs/rubywarden
I do also have the optional web interface, which isn’t Rust; it uses inordinately much memory while building (https://github.com/bitwarden/web/issues/250) but is fine after that.
I was using the ruby version, but I didn't know a rust one existed as well.
Previously used Lastpass for 8 years.
So glad to see that it's security taken seriously by the developers!
As a longtime Lastpass user, this is the comment that made me go check it out. Are there any big pros or cons you have run in to compared to Lastpass (aside from the ones you listed)? I'm asking about actual functionality, not about the it being open source and such.
Android is evolving, and their changes seem to have put Firefox in a slightly behind position, which I think they're almost caught up on. Basically, there's legacy and modern autofill capabilities in Android, and Firefox is working on closing the gap. In the production release, I am unable to use the BitWarden android app, but there's an add-on that mostly does the job.
I have two issues with the add-on. First, it tends to disappear from the menu. There have been some bugs on BugZilla for this, including one I recently submitted. Of course, quite fortunately, I haven't been able to reproduce the issue since I submitted the bug and installed Nightly. And it's interesting - Nightly seems to work with the app, so the need for the add-on should go away. Second, the add-on is a little clunky. It opens a temporary tab, and then closes that tab when you select your login. However, there's an issue there, too, where sometimes it just does not work. It throws up an error message that it's unable to autofill, and there's little you can do about it except close the temporary tab and the original tab, and start again.
The Android app also has an issue that I've seen with Chrome, where it isn't actually detecting the site you're browsing, but just the app you're using (Chrome) and thus is unable to select your login. This is easy to get around - usually going back to Chrome and then tapping the BitWarden toast will find you your login.
Overall little nuisances that are mostly Android related issues more than anything, and each of them seems to be getting worked out, so I expect the user experience to only get better.
That's where my issues are. How do you open the sidebar?
LP's extensions and mobile app have gotten slow and clunky. Bitwarden's software is fast. Unlocking LP in Firefox would take me 10+ sec. Bitwarden takes about a second.
The only downside I've found so far is that Bitwarden doesn't have an inactivity logout, only timeout. This makes me log in more frequently than I'd prefer.
1. It's cleaner and doesn't feel bloated
2. It's open source.
However I wish:
3. They would have some consistency between mobile (iOS) and extension (Safari) UI (because imho extension actually looks like a mobile UI, I find iOS UI less useable)
4. They would do away with load time that I often notice when I open extension even though data is stored locally.
5. It doesn't maintain state or save info when I leave the extension popped up and then move away and come back to it. Also, It also doesn't save auto generated passwords with the "url" it was generated on which often renders password history useless.
6. For everything I have to reach all the way to the browser bar extension button and I don't get any option in the text field itself which was pretty good in LastPass.
I wanted to move to KeePass and while it has an excellent app for desktop (native MacPass is fantastic!), but I could hardly find anything even close to useable for Safari or iOS.
I tested out Bitwarden after I posted this question yesterday. Regarding #6, that did bother me as well. I wanted to let you know there's a fix for that (at least in Chrome there is, I don't know about Safari).
Settings > Options > Enable Auto-fill On Page Load - that will automatically fill out the login forms like LastPass does by default. But I do wish they had the option to disable this on a per-secret password like LP does.
Also right clicking on the page will give you a Bitwarden context menu which provides an auto-fill option (Right Click > Bitwarden > Auto-fill > Pick the secret). This is actually more steps than clicking the extension button at the top (Click extension button > click secret), but at least you don't have to move all the way to the top of the page.
Again, this is in Chrome.
In general Lastpass has become less reliable since the LogMeIn take-over, and they've now added ads to the vault which bug me from a security perspective (even if I happily pay $2/month, it is the principle of putting profits over security).
That being said, there are a few things that annoy me about bitwarden.
For some sites or apps in iOS, you can launch a password manager to retrieve your credentials. This sometimes but does not always have bitwarden available.
Sometimes when launching bitwarden from an app, it will only show you the logins associated with the URI for your current page. But if you're launching it from an app you can't search for the right login.
These are small issues, which I usually mitigate by just launching a full on session of the app and copying the password.
I had to break a habit (I guess I picked it up from last pass) with the extensions as well. If you click away from the extension box, it will lose your context, and you can't restore it. I have had to restart filling out the credentials more than once because I didn't click save. Also, I think it takes too many clicks to create a new login with a generated password and save it.
Overall, these issues are minor for a good free product, and I would recommend it. I use bitwarden on FF, Chrome, and iOS, for context.
As a very happy BW user, this is probably its weakest point at the moment. It improves a bit if you click the "do you want Bitwarden to save these credentials" banner, but still suboptimal (the captured URL is unnecessarily precise).
I don't think they can solve this problem though, unless they get a sidebar - which may not be possible with WebExtensions (I honestly can't recall).
This changed with the recent release of iOS 12 autofill in Bitwarden. If there is no credential found based on the app/website address you have the ability to search the vault for it.
I planned on a week long switch over to make sure things went smooth. However after switching, and validating all common accounts has been imported correctly I just never had to open LastPass again. This took all of 2 hours.
BitWarden has the upper hand in three key areas for me: Android, FireFox and CLI. The LastPass extension for FireFox has become downright useless and that was the main catalyst for me switching.
I've switched now about a month ago and can't imagine going back. It just works like you'd expect in most situations. I'm fighting it less than LastPass and my store of passwords is all cleaned up and far more sanitary. LastPass lets you make a mess far easier, so a nice side effect of BitWarden is that the structure is more prescriptive but I've been yet to bump into an area where it's blocked me from doing what I need.
Highly recommend BitWarden if you're fed up with LastPass and FireFox.
Do you use Android 8+ with Firefox release and the BitWarden app?
I'm on Android 8.1, Firefox Release, and I haven't been able to get the BitWarden to pop up toast notifications and autofill in Firefox. (This does seem to work with Nightly, but that has crashed too often for me to use it regularly.)
- when I open it my master password is prefilled and you can just unmask it - either don't prefill it and have me enter it or log me in immediately
- when creating new credentials it defaults to master password again that you can just unmask. And the URL is empty instead of the current URL
- everytime: I open a site in bitwarden, copy the username, paste in the form field in browser, open bitwarden and it's on the login page again - why can't it remember where I left of so that I could copy the password too?
EDIT: in Firefox
Once I turned off the password manager feature of my browser (I didn't need it anyway since I was using LastPass) it solved the problem.
You don't happen to have that password set up in your browsers own password management tool do you?
Url for new credentials is always the current one as well.
> All in all, while the client and backend code are vulnerable to some issues, all of the problems can be easily fixed without a lot of effort. In that sense, Cure53 believes these items of the Bitwarden scope to be fully capable of reaching the desired standards of security in a rather short time. To reiterate, the results of this autumn 2018 assessment are positive for the client and code.
Wondering how they will address the current cryptographic scheme though.
The only cryptographic weakness Cure53 identified was that a malicious API server could exfiltrate encryption keys.
Cure53 deemed it a hard problem to solve. I wrote a proposed strategy for mitigating it: https://github.com/bitwarden/core/issues/392
Regarding Bitwarden's cryptographic security, a cursory read through their code yields the following:
* It's using RSA-OAEP to encrypt AES keys (EDIT: formerly "some data") https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369...
* It's using AES-256-CBC https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369... + https://github.com/bitwarden/jslib/blob/b4fad203b94da53d3369... + https://github.com/bitwarden/jslib/blob/2045e7047a66599b2c8a...
It doesn't appear to be authenticating the AES-CBC-encrypted ciphertexts in all cases, which makes me suspect padding oracles are still in-scope.
RSA-OAEP is the better RSA mode. (You don't want PKCS1v1.5)
In closing: As long as you're not for some reason storing unauthenticated AES-CBC ciphertexts in the server, the encryption is really boring.
(Boring is good for encryption.)
Recommendation: If there is no HMAC tag with a ciphertext, immediately throw an exception. It makes it clearer that a decryption failure occurred (thus avoiding false positives).
The AES-CBC thing is tied to the key, right? So the downgrade attack isn't possible.
I don't know the details of the security proof for RSA-PKCS though, just that there is one.
Actually data? You'd usually expect RSA to be protecting a symmetric key in this sort of setup - is that what the data is, or something else?
Usually when I see RSA-OAEP in a casual stroll through something's code, I stop there and move onto looking for other issues.
Reason: Very few users of RSA encryption bother to use a secure padding mode. If they're doing that much, the chances of doing something very stupid (a.k.a. "RSA-ECB") is low enough to discount for the purposes of message board discussions.
(Obviously, if I'm being paid to review something, I spend a lot more time on it.)
When I wrote my post above, all I cared about was the modes being used. That's why I vaguely said "some data".
A further analysis (i.e. where rsaEncrypt() is invoked) yields: They're only using RSA for encrypting AES keys, which is a sane design.
Hopefully my lazy word choice didn't cause you (or anyone else) any undue alarm.
Thanks for replying to put my mind at ease on this.
Since Dropbox recently stopped to support ecryptfs, I started looking for alternatives (KeepassXC + Google Drive/SpiderOak, Lastpass were some candidates).
Looks like Bitwarden is worth testing too :-)
I've also been using Lastpass at work since 2015 so have experience of those three and if I had to start over and pick one it would definitely be Bitwarden. Highly recommended!
I've been using this setup for years, and it works well for me. Now I think about it, the only minor pain point is not syncing over some kind of HTTPS mechanism (for getting through corporate proxies).
KeePass would be perfect if I had an easy platform to share the file on. A VPS isn't reliable enough for me, and Dropbox 's proprietary Linux client did suspicious stuff.
Their justification boils down to "either the attacker has full access to a compromised devices, or they don't." Meaning they could re-steal your master password AND encrypted database, or neither.
I don't believe that is true. Let me give an example where their justification breaks down:
Your master password is stolen, the attacker break into your DropBox account and associate it with the attacker's device, DropBox is inadvertently sharing your Bitwarden database.
You discover the break-in, change your Bitwarden master password, change your DropBox password, but forget to un-trust existing devices from DropBox. So now the attacker continues to receive your Bitwarden encrypted database via DropBox.
But good news, you think... You've changed your master password! But nope, the actual encryption key wasn't rotated, and the attacker continues to have access to everything. You're rotating passwords on all of your compromised services, only to provide the attacker with the new passwords, opps!
Their whole justification is: "But how would they get the new database?" And frankly numerous ways. Plus their workaround is pretty embarrassing:
> If a user has a pressing need to rotate their account’s encryption keys it can be achieved today through a manual process of exporting all vault data, re-creating the Bitwarden user account (delete and register again), and then reimporting the vault data back in.
Wow really? And this makes them look really bad:
> Rotating an encryption key would require that a Bitwarden client application re-encrypt the user’s entire vault (including binary file attachments). This operation is both expensive and error prone and would pose a high risk for users to end up with corrupted vault data.
So you've written such great software that it cannot reliably decrypt and encrypt without potentially corrupting the database? Awesome.
I'm simply questioning their justification/excuses for not fixing an issue Cure53 quite correctly flagged. Me opening an issue on Github that mirrors one from Cure53's audit report wouldn't be constructive.
You must lock your workstation, it's not enough to just lock the password manager. If you leave your workstation unlocked then an attacker could install a keylogger that captures the password to unlock your password manager.
In an ideal world, all security-related OS project should have periodic scans like this, but clearly the cost may be prohibitive. Maybe there are ways to get funds, or to form groups of projects that get analyzed together, for example I'm thinking that while Cure53 is analyzing Bitwarden, they could do a similar work for other password managers that buy in.
Independently, a big thank you to Bitwarden for sharing this, knowing which were their vulnerabilities will help a lot everyone in the space. I'm personally very sensitive to these problems, I'm working on open source security products too.
In other news:
my todo list now features an item to migrate lastpass -> bitwarden.
(I really love the effort here)
I'd like to hear (well, read) if any of you have ever been in the same situation and how was the transition like? :-)
*it's a little complicated...for me
Here are some things that make it really hard to remember all the passwords I need to:
- One bank requires me to change my password every month that I login. Don't even get me started.
- Many sites require 3-5 "security questions", which I consider to be effectively passwords and generate/manage them as such.
- Different sites have different allowed formulas of what they require for passwords
Memorizing passwords seems like a recipe for reuse of the same passwords on multiple sites, which is terrible.
Finally, I started out with LastPass. (Now I use BitWarden but the experience should be very similar.) What I knew I needed was something to work with my desktop browser, and something to work on my phone with any apps with logins, and with my mobile browser. A year ago, LastPass worked great with desktop and mobile Chrome, and Android. (BitWarden is a little trickier to integrate with mobile Firefox, as I outlined elsewhere in this thread, but it's constantly improving.)
So, you set up your new account, you choose a really amazing, unique, strong password like the world has never seen, and that's the only one you need to know. But there is that transition.
Install the password manager app and add-on(s) as needed on each place. Each will want to know your login and super amazing password, so you'll get to exercise your memory.
You probably want to go to each site and app that you infrequently use, log on in, add it to your password manager - or just do so directly, but you want to make sure the URLs and app references are correct - and move on to your everyday activities. (You can revisit later if you want to update it to something randomly generated.) Then go about your daily business, and if you get to apps and web sites you haven't added to your manager, no big deal - just let the manager remember it.
It's all really simple. Now, if you really want to do your due diligence, go back and update the password, especially for mission critical accounts, so that only your password manager knows the password, and it's as strong as possible.
That's a call each person can make for themselves, but if I'm advising the normals on how to handle it, there's little doubt which direction I'm pointing.
I am only required to enter my 2FA on the installation of each client, so there is no really loss of convenience.
I like: No recurring price just buy once per platform and off you go, no hosted component it just uses my Google drive, ability to add additional items to the things it tracks like the places that insist on 5 "security questions", Android app with fingerprint is nice.
Things I don't like about Enpass:
- No ability to have multiple databases. I would really like to have the ability to have a database shared with my spouse, and one shared with my work.
- I never was able to get the Chrome integration to work on ChromeOS and that is my primary personal OS these days.
Generally it works well, but I'd love to get my wife using one, would like to have one I can share with my wife, and would like to replace our ancient work password vault that is Windows-only.
Enpass was worth the cost for mobile access. But that's all I had to pay. I can now use it on every Win/Lin/Mac/Phone system available to me. Sync seamlessly in the background with my preferred cloud provider, which also requires 2FA to access. So I feel reasonably secure.
"Free", as in no additional cost.
Edit: looks like it does support this now.
"Oct 9 - This is in the next release for various apps."  the PR is from Oct 6 .
It is a very basic implementation as of now. The wordlist is English-only, and it doesn't have a minimum character account so it contains 'words' such as 'aa' and 'aaa'.
The PR discusses how the original word list that was referenced was changed out to the better long word list from https://www.eff.org/dice .
Must have been a while back. I've used it for years and it has been able to generate word passwords since day one.
Yes, you can have a static "keyfile" on a USB stick that you use for 2FA, but that could be easily copied. "But if they have physical access it's already game over!" The scenario I am concerned about is unlocking my master database on a computer I don't own, like at work. I can do that with Bitwarden.
Keepass is only the encrypted database management component. If you want to share that database across multiple devices you have to combine it with a cloud storage service (DropBox, Google Drive, OneDrive, iCloud, etc).
The major advantage of Keepass is that hypothetically it could be a completely off-line system, you could manually copy the database via e.g. USB Stick to every device if you so wished.
Personally I sync my Keepass files using a secure file sync app (not Dropbox), which is sufficient for me. I don't log into account on my phone so I don't need the passwords there, I guess it can be a reason for people to use Bitwarden.