But what about Bitwarden? What you say about the breach is exactly what I’m worried about when having ONE source that has EVERY password. At least now I have different passwords for different sites so only one can be affected, it’s just a pain in the ass to have to go look them up. I save a portion of my passwords with cryptic messages that only I understand.
I can’t think of anything that hasn’t been hacked, I feel like it’s just a matter of time before these password sites are too if they haven’t already. :/
The way that Bitwarden stores your data, it is encrypted as a blob on AWS. If anyone compromises Bitwardens infrastructure, they can’t do anything because even Bitwarden doesn’t have the keys to decrypt your vault.
Your vault can only be decrypted with your master passwords, and decryption happens locally, on device. No decrypted information is sent over the internet.
As far as someone gaining access to your master password and this all other passwords stored in the pass manager, that is why 2 factor authentication exists.
I could give you my Bitwarden master password right now, but that won’t help if you don’t also have my 2fa code.
And that’s just talking about using the hosted version of Bitwarden.
If you self host, you don’t even have to have the app available to the public internet, and can access it purely through a vpn to your LAN.
Then the attacker would not only need to have access to your local network, also know your master password, and have access to your 2fa.
If they know that much about you, you have larger concerns.
So in short, your concern is mostly addressed and not really a concern if you utilize the features provided, such as 2fa
A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn’t have the keys to lose – they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).
Alternately, they could try to brute-force the master password offline. If you think you could guess a user’s password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you’re a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that’s the general principle. Bitwarden can’t leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could – a sufficiently good master password is effectively impossible to brute force at all). And that’s time you can use to change your important passwords like your email and banking passwords.
One important realization for people to have is that none of us get to choose perfection here. You don’t only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your “cryptic messages that only I understand” scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it’s, as you put it, “a pain in the ass” to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.
I disagree, at least in terms of open source solutions. Assuming Bitwarden isn’t altering their server implementation without telling anyone, it is basically impossible for them to be hacked in the way you’re thinking, as the servers do not hold any decrypted vault data. If the service is propreitary, you cannot trust that they are encrypting all contents before reaching their server.
Even a full plaintext master database password breach shouldn’t affect a competant user, as you should obviously be using 2FA with a cloud password manager.
And even if your master password and bitwarden 2fa leaked and someone gained access to your vault, any accounts with 2FA enabled (so long as you aren’t keeping 2FA keys in Bitwarden, please dont do that. [The same applies to KeePass]) can’t be compromised without your second factor.
But what about Bitwarden? What you say about the breach is exactly what I’m worried about when having ONE source that has EVERY password. At least now I have different passwords for different sites so only one can be affected, it’s just a pain in the ass to have to go look them up. I save a portion of my passwords with cryptic messages that only I understand.
I can’t think of anything that hasn’t been hacked, I feel like it’s just a matter of time before these password sites are too if they haven’t already. :/
The way that Bitwarden stores your data, it is encrypted as a blob on AWS. If anyone compromises Bitwardens infrastructure, they can’t do anything because even Bitwarden doesn’t have the keys to decrypt your vault.
Your vault can only be decrypted with your master passwords, and decryption happens locally, on device. No decrypted information is sent over the internet.
As far as someone gaining access to your master password and this all other passwords stored in the pass manager, that is why 2 factor authentication exists.
I could give you my Bitwarden master password right now, but that won’t help if you don’t also have my 2fa code.
And that’s just talking about using the hosted version of Bitwarden.
If you self host, you don’t even have to have the app available to the public internet, and can access it purely through a vpn to your LAN.
Then the attacker would not only need to have access to your local network, also know your master password, and have access to your 2fa.
If they know that much about you, you have larger concerns.
So in short, your concern is mostly addressed and not really a concern if you utilize the features provided, such as 2fa
A good password manager will be encrypted on device using your master password and only the encrypted data ever synced anywhere. So if Bitwarden gets hacked, and the worst case scenario happens, that means an attacker makes off with the complete contents of your vault. But all they have is an encrypted file. To decrypt it, they need your master password. Bitwarden doesn’t have the keys to lose – they only have the lock, and only you have the key. So an attacker would need to compromise Bitwarden (the company) to get access to the vault, and then separately, compromise you personally to get your master password (the key).
Alternately, they could try to brute-force the master password offline. If you think you could guess a user’s password if you tried 100,000,000,000 guesses, and each guess took you 1 nanosecond, you could guess all hundred billion in a little under two minutes. Bitwarden uses techniques to make it intentionally very slow (slow if you’re a CPU at least) to generate the hashes needed to compare a password. If it takes you 100,000 nanoseconds per guess instead, then instead of two minutes, it takes almost 4 months. Those numbers are completely made up, by the way, but that’s the general principle. Bitwarden can’t leak your actual passwords directly, because they never get them from you. They only get the encrypted data. And if an attacker gets the encrypted data, it will take them quite a bit of time to brute force things (if they even could – a sufficiently good master password is effectively impossible to brute force at all). And that’s time you can use to change your important passwords like your email and banking passwords.
One important realization for people to have is that none of us get to choose perfection here. You don’t only have to worry about Bitwarden getting hacked. You also have to worry about you forgetting them. You have to worry about someone figuring out your “cryptic messages that only I understand” scheme. Security is generally about weighing risks, convenience, and impact and choosing a balance that works best for you. And for most people, the answer should be a password manager. The risks are pretty small and mitigation is pretty easy (changing your passwords out of caution if the password manager is breached), and the convenience is high. And because it’s, as you put it, “a pain in the ass” to manage good unique passwords yourself, virtually no one actually does it. Maybe they have one or two good passwords, and rest are awful.
I disagree, at least in terms of open source solutions. Assuming Bitwarden isn’t altering their server implementation without telling anyone, it is basically impossible for them to be hacked in the way you’re thinking, as the servers do not hold any decrypted vault data. If the service is propreitary, you cannot trust that they are encrypting all contents before reaching their server.
Even a full plaintext master database password breach shouldn’t affect a competant user, as you should obviously be using 2FA with a cloud password manager.
And even if your master password and bitwarden 2fa leaked and someone gained access to your vault, any accounts with 2FA enabled (so long as you aren’t keeping 2FA keys in Bitwarden, please dont do that. [The same applies to KeePass]) can’t be compromised without your second factor.