What is a Password Manager?
A password manager is a special program that stores all the credentials of the websites/services you use, encrypts them or store them securely in another way, and then allows you to access those passwords any time you want using what’s known as a “master password”. Without the master password, no one can access those credentials (username, password..).
The master password is like the private key that can be used to decrypt the encrypted data that is stored in the password manager.
The program would allow you to add/remove/modify records of your credentials per website/URL. You can think of it as an encrypted vault to store your sensitive information, and the master password is the key to open that vault.
There are different options that you get with password manager Softwares like if you want to host the complete solution on your own local server that can be done by using an open-source solution.
Why Do you Need a Password Manager?
People use password managers so that they don’t have to remember all the usernames/passwords of the websites they visit. Instead, they can just remember 1 password, and then access all the other passwords whenever they need it. In addition to that, this allows you as a user to increase the length and the complexity of the passwords you use, because now, you no longer have to remember them, so you can make your password something like sNWTa3Wbm8eZGD#3##[email protected]$sYR with no problem.
Also, some password managers offer other features that you can use. E.g: Auto-fill (automatically fill the passwords when you open the URL in your browser), synchronization between devices, team storage (sharing passwords between multiple people), smartphone integration, various types & tools of encryption, emergency codes. And so on.
That helps you with creating more secure passwords and it helps in case if some website that you are using I compromised it will take an attacker a lot of time to crack longer and more complex passwords.
Traditionally, there are many closed-source proprietary password managers, and there are those which are open source. In today’s article, we’ll see Bitwarden open-source password manager that you can use to secure yourself.
BitWarden is an open-source password manager with a really quickly-growing user base. The interface is nice, clean and straightforward, and as an added bonus, it is full of features, even on the free version. These features include a password generator, cloud storage for all passwords and syncing across numerous devices.
BitWarden is pretty versatile like that and will sync multiple device passwords via a web app, smartphone apps, and its numerous browser extensions.
BitWarden is a basic, but effective, password manager. This is one for users who like things to be straightforward and hassle-free – in life, and in password management.
There are different subscription models for Bitwarden as it an open-source product as well as a commercial product that is in the active development phase with new updates that are coming.
The core product is free and will stay free forever, but you can support the developer by paying a very reasonable $10 per year subscription fee for a premium personal account. Premium users enjoy some cool (non-core) additional features, as outlined below.
In addition to a premium personal plan, Bitwarden offers family plans and a couple of enterprise plans aimed at businesses.
What features does Bitwarden offer?
The following features are available to free users:
- End-to-end encryption (e2ee) of passwords
- 100% open source
- Cross-platform apps for all major platforms
- Browser add-ons for all major browsers
- Web browser access from anywhere
- Command-line tools (CLI) to write and execute scripts on your Bitwarden vault
- Can self-host
- Two-factor authentication (2FA)
Paying $10 a year adds:
- 1GB encrypted file storage
- Additional 2FA options
- Priority customer support
What is important to note is that there is no account recovery feature that means if you lost your master password then you can’t log in to your account and all of your passwords will be lost.
Also Read: Top 5 Best Free and Open-Source SIEM Tools
How to Get Started with Bitwarden?
To start using Bitwarden what you need to is just download the app for your operating system and just create a free account and start using it. You are required to set up a master password make sure to use a strong master password and chose a hint to remember it.
Note: Don’t forget the master password.
The desktop clients
The Bitwarden desktop clients are basically identical in Windows, macOS, and Linux. Most versions of Linux have supported thanks to the app being packaged in the AppImage format. It is also available through the Ubuntu Software Center and, of course, you can compile the open-source code yourself.
We find the interface to be smart looking and very easy to use. Four “Types” of data entry are supported: login, card, identity, and secure note.
You can also create folders and add items to them. What more do you want? If you need group password management and sharing features then these are provided by Bitwarden’s organization accounts.
Autofill functionality on the desktop is provided by browser add-ons for Firefox and Chrome.
The Mobile Apps
The mobile Android and iOS apps are very similar and share the same attractive and intuitive design philosophy as their desktop siblings.
Both apps do everything their desktop siblings can including generate secure random passwords. They also both support fingerprint unlocking on devices that have fingerprint sensors.
The Androids app uses the Autofill Framework Service on Android 8+ devices and the Auto-fill Accessibility Service on older Android devices to auto-fill forms in any browser window or app. In addition to this, the browser add-ons work with the mobile versions of Firefox and Chrome.
In iOS 12+ the Bitwarden app integrates with Apple’s new Authentication Services framework to provide instant autofill functionality in most browsers and apps.
Browser add-ons are available Chrome, Firefox, Vivaldi, Opera, Brave, and Microsoft Edge. A Firefox link is provided for the Tor Browser, but we do not recommend this as using any browser add-on with Tor Browser makes it more susceptible to browser fingerprinting.
The add-ons look like the Bitwarden apps and provide the same core functionally.
Privacy and security
Bitwarden uses fully audited open-source end-to-end encryption (e2ee). Which is as good a guarantee that it is secure and private as it’s possible to get. The only way to decrypt your data is by using the correct master password, which is not recoverable should you forget it. So don’t.
Because e2ee is used, it shouldn’t matter that Bitwarden uses Microsoft Azure cloud servers to host accounts, although if this really bugs you then you can self-host on a home or rented server of your choice using the open-source Docker framework.
In November 2018 a crowdfunded independent security audit by Cure53 found no major issues with the software. Some non-critical issues were discovered, the most important of which were patched immediately. We can only presume that developer Kyle has been working hard this last year to fix any additional issues raised by the audit.
Data at rest is protected using an AES-256 cipher. PBKDF2 is used to derive the encryption key from your master password, which is then salted and hashed using HMAC SHA256. These are all respected third-party cryptographic libraries.
Data in transit is protected by regular TLS – which is fine. Even if your data was somehow intercepted in transit (via a MitM attack using fake SSL certificates) it could not be accessed because it is encrypted with AES-256 before leaving your device.
In 2018 a flaw was found in the Chrome add-on’s cryptography. This was largely fixed immediately, although you should never use the ‘never forget’ option of Bitwarden if you do not want your encryption key to exist on disk.
Two-factor authentication (2FA)
Free users can secure their Bitwarden Vaults using a Time-based One-Time Password (TOTP) or email verification for two-factor authentication. Premium users can also use 2FA methods such as Duo, YubiKeys, and other FIDO U2F-compatible USB or NFC devices.
If you want a good open-source and secure password manager tool then Bitwarden is the best one in the category I personally use it as my primary password-manager and I would recommend that you should give it a try.