I am scrupulous when it comes to individuals or organizations wanting to gain access to my information except for when I choose to share it. While privacy may seem like a myth in this era of social media, I still choose to believe that access to personal information should require explicit consent, period.
Super busy as we are, we don’t often have the time or the know-how to implement the required security practices needed to protect us from the various threat vectors (you can read this great article about threat vectors, thanks to Kapua Iao) in this information age.
One such practice is the use of secure passwords for our ever-growing web of online identity profiles. Whether it’s your social media profile, your online banking, your favourite shopping website, your child’s school portal or something else. The point is, you are one bad password away from unwanted access to your information, your identity, your finances, basically your entire life. How confident do you feel about the same password you use across all your online accounts. Chances are it may already have been breached as part of the numerous data leaks you hear about or don’t in the news.
By no means am I perfect, but I have trained myself over the years to take a pause and think about the information I give out and how it could potentially be misused. So, whether it is the charity workers on the sidewalk asking for my personal information to sign me up to making the world a better place or my utility company asking for direct debit information, I ‘stop and think’.
Another part of my thought process is doing the due diligence towards protecting my information generally with secure passwords (ideally 32 characters long if the site/app allows it) that are unique across my online presence. As an example, here is a sample password I would use:
L7FY$XNc$eDxT%SRwWEQFbY2h2z6^p
Based on the website how secure is my password (a website that calculates how secure the entered password is), the above password would take 312 undecillion years to crack. Don’t know about you but that gives me a little peace of mind knowing my passwords are not the easiest to crack.
No, I am not a superhuman that remembers all the passwords and that is the key. I use an excellent password management solution, which in my opinion is one of the better ones compared to several I have used over the years and I have used most of them.
It’s called:
Disclaimer! Before you ask, this is my independent opinion and not a sponsored advertisement.
Now let’s talk about what makes Bitwarden so good.
1. Opensource and Free:
Bitwarden is a 100% open source and all core feature are free (features that about 95% of the people would use).
I like their philosophy: ‘We believe that security is important for everyone. The core features of Bitwarden are 100% free.‘
That works for me and should work for you too if any of your passwords are less than 16 characters. Here is a more in-depth comparison between different offerings taken from their website if you are interested:
2. End to End Encryption:
This is absolutely necessary for any password management solution. This means your data is fully encrypted before it ever leaves your device and only you have access to it. Not even the vendor can read your data, even if they wanted to. With Bitwarden, your data is sealed with end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256.
For the security enthusiasts, you can learn more about Bitwarden security.
That gets a big ‘tick’ in the box from me.
3. Accessibility and Ease of use
Accessibility and ease of use are what determines whether or not I would use a solution on a day to day basis. Even the greatest password management solution would be useless to me if it was not accessible across all my devices and was tedious to use.
In my experience, I have found Bitwarden to be extremely accessible and because it syncs the data seamlessly via the cloud, my passwords are always up to date and available whether I am using my smartphone, tablet, family computer or my notebook. It takes away the need to manually enter passwords by auto-completing the username and password fields upon detecting the website I am browsing or the app I am using on my smartphone. It integrates into my online routine easily by allowing me to access it in the following ways.
3.1 Desktop:
Bitwarden is available on Windows, macOS, and Linux desktops as a native desktop application.
3.2 Smartphones:
Bitwarden is available for both IOS and Android. It auto-completes your credentials in apps and internet browser on your phone. Most importantly, the Bitwarden app is protected by the same grade biometric protection (Fingerprint scan, Retinal scan, Face ID etc.) as the rest of your phone. So, no worries there.
3.3 Web Browser Extensions:
Bitwarden extensions are available across the following browsers:
Bitwarden integrates seamlessly into your browser via extensions and that is where the magic begins. When you visit your favourite website, let’s say facebook.com Bit warden will detect that you already have an account for that URI and give you all the login profiles you have for the website. You simply click on the right profile (in most cases you will only have one, I share mine with my wife so I have multiple options) and it will auto-fill your username and password.
This is my personal favourite option as it makes entering super complex and secure passwords, a 1 click operation. Done!
If you visit a website where Bitwarden detects new signup in progress, it will ask you to save the credentials, it even has the option to generate the password for you which I suggest you always use to set a secure password and enter it when creating a password for your new profile:
Another really useful option is the ability to check if your password was detected in any recent data leaks so you can go ahead and change it asap. You can do this by clicking on the tick option as seen in the image below.
4. Two Factor Authentication (2FA):
How good is a password manager if the only thing protecting all your passwords is another password? Well, this is where Bitwarden has it covered with Two Factor authentication (2FA) support. You can protect your Bitwarden vault with 2FA. That means every time you log into your account from a new device or a new session, you will need to verify it is indeed you by providing a security code (in addition to you master password) generated by the 2FA device or App (like Authy, Microsoft Authenticator, Google Authenticator etc.) This protects you in-case your master password is leaked or lost. If you are a business (or a cybersecurity personnel) that needs Directory services integration or advanced MFA with password-less authentication like DUO, YbiKey, FIDO, Okta etc. that is when you start stepping into premium features.
5. Host it yourself
The most impressive part and something unique to Bitwarden (and the reason I love this solution) is that unlike other proprietary password managers who only give you the option to host your precious data in their cloud, you do not have to use their cloud to store your passwords. You can host it yourself and still have the same level of security, using the same apps and extensions (with the added benefit that you would be in complete control of your data). This is music to the ears of diligent security professionals.
Now, should you do it; in my honest opinion, probably not because as uncle Ben told Peter Parker in Spiderman, ‘with great power, comes great responsibility‘ same is true here. That means you will need to take on responsibility about the availability, redundancy and cost of the infrastructure hosting your password solution.
However, if you are a business or a security professional who works with classified information, this option puts you in complete control.
6. Like what you read but already using another application:
You would not be alone if you reading this and thinking, ‘I like the sound of it and it covers the concerns that are relevant to me, but I am already using another app and it would be painful to switch’.
In-fact I went through the exact same journey when I started testing Bitwarden for nearly 3 months before I made the switch. As Bitwarden allows you to import your data from all most all (if not all of them) password manager solutions directly in Bitwarden vault, you can test it simultaneously with another application for apples to apple comparison.
There is a large number of solutions that you can import from into Bitwarden, a list of which you can find documented here: Import data into Bitwarden from other vendors.
In my opinion, this gives you every reason to test it for what it’s worth.
7. Conclusion:
A quick search on google and it came back with a result that shows 773 Million records of email and password combinations recorded as leaked on this website. These belong to everyday people like you and I. Once they have access to your email, they have access to your digital identity i.e. basically, your life.
It is important to be aware and diligent about how we protect our online identity and the easiest way is to get started with good password security hygiene.