is bitwarden safe reddit - Brave Search

Is bitwardern safe?

reddit.com › r › Bitwarden › comments › 178mezj › is_bitwardern_safe

Start here: https://bitwarden.com/blog/beyond-your-browser/ is it safe There is no certainty in life, but Bitwarden is about as good as you will get. If you are thoughtful about how you use it (good master password, strong 2FA;, good opsec, and only operate on trusted devices), you will be in good shape. Can my passwords be compromised Yes and no. The LP gaff was the exposure of their backups to attackers. That can happen with Bitwarden. What is different is that LP has bad encryption. Couple that with choosing a bad master password and you could have a problem. Answer from djasonpenney on reddit.com

reddit.com › r/bitwarden › is bitwardern safe?

r/Bitwarden on Reddit: Is bitwardern safe?

October 15, 2023 -

I am a new user and want to switch from default Google password manager to bitwardern so that i can use my passwords seamless. But am concerned that if it is safe to use and can my passwords be compromised like LastPass wass hacked?

Start here: https://bitwarden.com/blog/beyond-your-browser/ is it safe There is no certainty in life, but Bitwarden is about as good as you will get. If you are thoughtful about how you use it (good master password, strong 2FA;, good opsec, and only operate on trusted devices), you will be in good shape. Can my passwords be compromised Yes and no. The LP gaff was the exposure of their backups to attackers. That can happen with Bitwarden. What is different is that LP has bad encryption. Couple that with choosing a bad master password and you could have a problem.

In my opinion, it's safer than google in the following ways. The bitwarden account is separate from your google account, so if someone compromises your google account it won't expose your password. The vault is safer on Windows. Any process with that runs as the user can read the password. Bitwarden as a security company and is probably more security conscious than Google, who wants to serve you ads. Your vault is probably readable by Google. Bitwarden vaults are not readable by bitwarden. Ways that Bitwarden is better than Last Pass. They seemed to more security conscious than LastPass. Bitwarden encrypt more of their fields. Bitwarden source code is open so that securitys firm can audit the code for security. The code cannot be stolen like they did with Lastpass. Bitwarden uses existing encryption open source algorithm instead of coming up with their own. The reason coming up with your own is bad is because the algorithm is quick complicated and you should stick with one that's being used and audited by everyone else. You can use u2F as a 2FA. Lastpass seems to be using OTP, which is not phishing-resistent.

reddit.com › r/privacyguides › bitwarden... is it really %100 safe?

r/PrivacyGuides on Reddit: Bitwarden... Is it really 0 safe?

December 8, 2022 -

Compared to like Keepass, which is offline.

Idk but I feel like the risks are higher with Bitwarden since it's online and there is a risk of my data being compromised by whoever has access to where it's stored. Whereas KeePass is essentially a cold storage and the only way to get access to my data starts at getting the .kdbx file from where I store it, locally.

What am I missing?

EDIT: Asking for when on an Android OS.

No such thing as "%100 safe". But Bitwarden is among the safest options (in my opinion at least). Whereas KeePass is essentially a cold storage and the only way to get access to my data starts at getting the .kdbx file from where I store it, locally. Yes, you can also keep your passwords in encrypted text on a laminated page stored in a bank deposit. That will be a lot safer than storing a KeePass DB file in your computer, as it can be compromised in case a virus is installed on your computer (it can send the database file, and keylog the password to decrypt it). My point is - convenience also matters. There's a point of security where you're already pretty secure, and adding more layers of security give you very little benefit security-wise, but make it a pain in the ass to use. In 2022, where most people usually have more than a single smart device, and a lot of accounts for different services, I feel like KeePass is a lot of a hassle as you have to sync the db file across your devices, and backup the local database file yourself. Bitwarden is open-source and audited, has a good customer service, a transparent business model, and handles backups, syncing, and security for you.

No, it isn't, because as others have pointed out - "100% safe" doesn't exist. Deciding whether or not using something like Bitwarden is appropriate for you is a personal decision that should be informed by your individual threat model and specific use case. compromised by whoever has access to where it's stored What am I missing? You may be missing that it's an open source project that encrypts everything client-side, which you can additionally protect further using a hardware security key so that your vault cannot be unlocked without it - even with your master password. And you can optionally self-host if you decide that you trust your capability to do so securely more than theirs. You can also do this without directly exposing your Bitwarden instance to the internet (access from outside only via a VPN). There are lots of options. In the event that there is some sort of data breach on Bitwarden's server, they still can't get your passwords. Bitwarden server administrators can't get your passwords. It might help to elucidate in more depth what specific attack vectors you have in mind that need to be better mitigated.

reddit.com › r/bitwarden › how safe is bitwarden?

r/Bitwarden on Reddit: How safe is Bitwarden?

January 14, 2024 -

In a future unfortunate event when (or if) the Bitwarden servers suffer a malicious attack at the hands of expert hackers, with resulting breach of user data, what would be the options for the regular users?

I mean this could be serious and so I want to understand the security architecture of BW. How do they plan to avoid such mishaps and what would be their mitigation strategy (in case such event does happen), and how us, the users, would cope with it?

I know it’s not just about BW but for all other web-based services. However BW is the place where the most sensitive data are stored. So the concern.

I may be paranoid but I guess there has to be a back door to escape. What am I missing?

Thanks in advance.

EDIT: Thank you everyone for addressing my concerns. Have a great day.

Read all about it here . The bottom line is that if you make your master password a randomly generated 4-word passphrase , keep your KDF configuration up-to-date with currently recommended default settings (periodically log in to the Web Vault to check for notices about changes to the KDF requirements), and never disclose or re-use your Bitwarden master password, then you don't have to worry about what happens if Bitwarden's cloud servers are ever compromised. This is because all vault data stored on Bitwarden's cloud servers is encrypted, and the encryption is uncrackable if you follow the guidelines I have given above.

To be honest your main concern should be if your Master Password and E-Mail leaks and somehow they manage to bypass the 2FA which is pretty hard if you're careful and don't use your Master Password in anywhere but Bitwarden. The Database and Vault is encrypted with your Master Password so even if they breach and steal vaults from the Bitwarden's servers. The data would be unreadable for the attackers and if they want to brute force it it would take several million years to breach it. In short, use a strong Master Password ideally minimum 5-6 word passphrase with numbers and unique characters with Argon2id (default settings are fine but I use 500mb 8 Parallelism and 6 iterations) it would be uncrackable. Also use at least TOTP 2FA or better just use a YubiKey for 2FA. Hope this answers your question. Have a safe day.

reddit.com › r/bitwarden › is bitwarden safe?

r/Bitwarden on Reddit: Is bitwarden safe?

3 weeks ago -

Hi guys, I am a recent graduate in computer engineering.

I know Bitwarden is open source, but that doesn’t necessarily mean it is completely safe, because there are several factors to consider:

1-Various attacks and malware techniques could allow an attacker to steal your passwords from the Bitwarden manager

2-The Bitwarden source code could potentially include vulnerabilities or malicious code.

3-Even if the source code is clean, the app you download could be compromised.

So, how can I safely use and trust Bitwarden?

1 - your passwords are encrypted with your master password, even when stored on device, as long as you dont enable automatic unlock 2 - bitwarden gets annual security audits, meaning the code is checked: https://bitwarden.com/help/is-bitwarden-audited/ 3 - if you're really worried about this, build from source

The one you download is not compromised as soon as it is the same as the one publish from repo (hash/signature of published binary). From security whitepaper point of view it is safe and state-of-art. Obviously if your phone is compromised, everything you run on is also. From source code point of view, supply chain attack is complicated as soon as it is open repo and constantly verified by bitwarden. Still it could happen yes, but I think that the probability would be low. Also define your threat model.

reddit.com › r/bitwarden › is bitwarden a good choice?

r/Bitwarden on Reddit: Is Bitwarden a good choice?

July 5, 2024 -

I currently use 1Password which is excellent, it does the job perfectly on my iPhone and my Windows PC. I would like to opt for Bitwarden since it is free, is it a good alternative? I use double authentication on 1Password, is it also effective on bitwarden?

Yes, Bitwarden is a good alternative. I assume by double authentication you mean some form of multi-form authentication to login. Bitwarden supports this as well.

1Password vs Bitwarden : I would ditch 1Password entirely. Bitwarden developers are transparent and proactive. I would also encourage you to subscribe to their premium service at 10$ a year. It’s cheap and you support the devs at the same time. Edit 1 : The UI of Bitwarden seems outdated by today’s standard but it just works and intuitive. You just have the settings you need to manage your stuff. Nothing fancy that could compromise security. The devs are also revamping their Ui entirely as well. While it would not add new features , it would be more pleasant to the eyes like the 1Password UI. I understand UI is important for good experience but Bitwarden is far from being unusable. It’s barebone UI makes it less vulnerable to bugs

reddit.com › r/bitwarden › is bitwarden safe and is it safe to have my master password the same as my master password hint?

r/Bitwarden on Reddit: Is Bitwarden safe and is it safe to have my master password the same as my master password hint?

April 28, 2025 -

I was downloading Bitwarden, but I was wondering if it was safe enough to store all my passwords in and is it safe to have my master password hint the same as my master password?

Hint same as password? Absolutely not, hint is public information and should not include password or any of its parts (it is like hiding you valuable stuff into vault and placing the key on the shelf next to it - would you do so??). Bitwarden will take care of all you passwords, except its own, which you need to memorize. This password becomes very importat now, since it protects all other credentials.

You can create an emergency sheet with your master password and 2FA recovery code, and keep it somewhere safe. Put the location of the sheet in the hint.

reddit.com › r/bitwarden › would you bet your life on bitwarden's security?

r/Bitwarden on Reddit: Would you bet your life on Bitwarden's security?

March 30, 2022 -

I am a long time user of both Bitwarden and KeePassXC (I love both). Bitwarden in convenient for auto-fills, but somehow I feel more secure with an offline database which KeePass offers (old school). I have ended up saving my high-stakes passwords with KeePass.

Is my apprehension unfounded?

If you're not paranoid, you're not paying attention. :-) But that having been said, What exactly are you worried about? Nothing is perfect. I gather you're worried about happens if a malefactor gets his hands on a hard disk that has your passwords on it, but why are you worried about that? Of course you should have a long, strong, unique password — the longer the better — but if you do, then it won't matter much whether they get access to Bitwarden's cloud servers or whether a thief or burglar carriers off your laptop. Encrypted is encrypted is encrypted. The Bitwarden servers are a more attractive target I suppose. But they're also surely much better protected than your personal computers, even if you take them to bed with you at night. Everything is a compromise, and in the world of digital security you're always compromising between security and convenience. The more secure we make things, the less convenient they become, and at some point that inconvenience itself becomes a sort of security risk, because it causes us to start taking shortcuts. Bitwarden's solid. So's 1Password, NordPass and many others. I don't know KeePass but it's probably solid, too. Pick the one you like and then use it with appropriate carefulness.

If you are happy with what you are doing, you should keep doing it. Everyone has a different threat profile and everyone has different risk tolerances. So where you should be on the security-convenience spectrum is a personal decision that only you can make. Usually it’s less about trust and more about compartmentalization, just in case.

reddit.com › r/bitwarden › is it safe to store my banking information on bitwarden (free version)?

r/Bitwarden on Reddit: Is it safe to store my banking information on bitwarden (free version)?

November 11, 2022 -

And assuming it is, what's the safest way to go about doing so?

Yes. Make sure 2fa is enabled

You can store your banking info on bitwarden *if* (here's my 2 cents) you use a strong master password; 2. Never EVER reuse a password; add some pepper to your bank password (ie. in addition to the password kept in bitwarden, also have 6 to 8 more chars not held in bitwarden that you have to manually type in - make these easy to type on your phone). The real danger is that an off-line attack that works on your encrypted vault has a lot of time to break your master password and then gain access to ALL of your passwords. BTW I've never understood the notion of using "words" in a password. That's just silly. Instead use a phrase and record the first letter of each word: "now I lay me down to sleep, I pray" ==> "nilmdtsip" - it's easier to remember a favourite phrase rather than some random string of words, and it's easy to salt with numbers and grammar: "my birthday is on May 3rd, 2004" ==> "mbioM3rd,2004". You can just repeat the phrase in your head as you type out the 1st chars. Easy-peasy. NB. Some idiotic sites make using extra pepper chars awkward. Costco, for example makes it impossible. As soon as you click on the bitwarden entry the costco javascript takes it and runs with it then reports an error and clears the password box. Idiots! This pepper idea still woks on most commerce and banking sites. Remember not to include your email password that you anchor your bitwarden account on in your vault!

reddit.com › r/bitwarden › do you actually put in all your passwords ?

r/Bitwarden on Reddit: Do you actually put in ALL your passwords ?

June 8, 2023 -

Newbie here, have been in the background just seeing posts here and there. Not really replying but I think I am ready to start using bitwarden BUT I’m not sure if I trust it enough to input my information for financial stuff, 401k login, bank etc.

Is anyone using this for that? I get if you don’t want to answer (I get it OPSEC)..but also when do you know if and when to trust it?

Other programs which have had breaches just makes me so hesitant

Yep, I put everything in it. The entire point of encryption and the zero-knowledge architecture is that a bad actor can get everything Bitwarden has and they are not going to be able to get my passwords. Just make sure you use a strong master password. Switch to Argon2ID (which is really just icing on the cake if you created a strong master password). Use 2FA (which only helps if someone is trying to log in as you) and you'll be fine.

Bitwarden is completely open source, so you can inspect what they're running on their servers (and even run it on your own like I do). One thing that makes Bitwarden stand out from others like LastPass (that was breached) is that everything in your vault is encrypted using a key that's partially dependent on your master password, which Bitwarden has no knowledge of. That encryption happens on your device before transit as well.

Find elsewhere

Google Bing Mojeek

reddit.com › r/bitwarden › is it safe to use bitwarden on a public computer with extra caution?

r/Bitwarden on Reddit: Is It Safe to Use Bitwarden on a Public Computer with Extra Caution?

March 11, 2025 -

Hello! I’m a new user of Bitwarden and have a couple of questions about security.

Is it safe to log into Bitwarden from a public computer's web browser (not as a plugin, but through the official website in incognito mode)? For extra caution, I plan to log in using my mobile device instead of typing my master password. I also have 2-factor authentication enabled.

You should just pull up your phone and read it off your phone app and type your password that way.

The simplest malware is a key logger. Using mobile device to prevent entering master password can protect against this. If someone got your master password, 2-factor authentication would prevent them from logging into the Bitwarden website or app, which is good, but mostly irrelevant to this situation. However, the biggest problem: If there is more advanced malware, it can save your entire UNENCRYPTED vault as soon as you open it in any browser, extension, normal tab, incognito tab, doesn't matter. The best way to log into a public computer is to have a physical USB device that can act as a passkey to log into that service. Unlocking the vault on that device is not recommended. All that being said. Most likely the library runs regular malware scans and tries to make sure that other users don't install bad programs, so you should be fine... but if we're talking about the worst case scenario... it's pretty bad.

reddit.com › r/bitwarden › is bitwarden more secure than 1password?

r/Bitwarden on Reddit: Is Bitwarden more secure than 1Password?

August 1, 2024 -

I’m thinking of switching password managers when my Dashlane subscription expires. I’m debating whether to go with Bitwarden or 1Password.

Thanks!

probably not much difference in terms of security but bw is only ten bucks a year

You're going to get biased answers in this sub. We're all here because we like Bitwarden. Best thing I can tell you is to do your research on both products and make an informed decision based on that.

reddit.com › r/bitwarden › is it safer to use bitwarden on my web browser or the application? (on linux pc)

r/Bitwarden on Reddit: Is it safer to use Bitwarden on my web browser or the application? (On Linux PC)

October 26, 2022 -

I have a couple concerns with both approaches.

First with the browser: I have a very long randomly generated password for my master password, therefore it’s impossible to remember and a HUGE pain in the ass to type out manually, so on my PC I just end up leaving the password on my clipboard. I of course wanna change this habit as anyone who catches my PC (or laptops) on and unlocked can steal my master password.

So I was thinking of using the desktop application since I know it lets set a PIN rather than having to type out the entire master password every time.

My concern with this though is whether or not the locally saved vault is encrypted or not? Secondly, if it IS encrypted, would the PIN also decrypt my vault as my master password would? I’ve also heard some very bad things about Electron, how the app is built, does it have any inherit vulnerabilities I should be aware of?

If anyone has any recommendations on a potentially alternative approach I could take that is safer and also convenient I’m open to suggestions!

I have a very long randomly generated password for my master password Let's start there. Switch to using a passphrase . It might end up being longer, but it will be easier to remember and easier to correctly type. Something like Weekday35-RejudgeLoopySaucepan is going to serve you much better than what you have now. leaving the password on my clipboard. It also means you can't use your clipboard? 🙂 set a PIN That can work. I regard a PIN like the privacy lock on a guest bathroom. It is to keep people honest, not to repel intruders. It can be a part of a reasonable security stack, but it shouldn't replace -- for instance -- locking your desktop. Is it safer to use Bitwarden on my web browser or the application? (On Linux PC) Not sure why you make this an either-or. The browser is going to offer superior security recognizing phishing attempts that are invisible to the human eye. The desktop app is still superior for certain things, but you need to find a way to keep using the browser extension. using the desktop application since I know it lets set a PIN This is where I really got lost. The browser extension for Firefox allows you to set a PIN as well. No need to use the desktop app. whether or not the locally saved vault is encrypted or not? Your decrypted vault is never written to persistent storage. AFAIK the entire vault except for attachments is held in volatile memory while the app is running and the vault is either unlocked or locked. Every, including the copy of the encrypted vault on your disk, is discarded when you log out. would the PIN also decrypt my vault as my master password would? The PIN is used by the running app to let you use that decrypted copy in memory. does it have any inherit vulnerabilities I should be aware of? Well's there may be a few minor nits, but there is not much that I know of for you to be concerned about at this level. potentially alternative approach Change your master password to a passphrase. Enable a PIN for both the desktop and the browser extension, if you wish. Use the browser extension when possible. Practice good opsec on your device, including desktop automatically locking, device physically secure, no other user accounts on the box, malware detection, etc.

I want to give big thumbs up to everything said in this thread by u/djasonpenney . Me, I use both extension and desktop, for same reasons as Jason Penney but also because I use biometric authentication on all the various computers I work on during the day and in order to log into the browser extension this way, I have to have the desktop app open. And don't forget there is a third form of the app: the website. And that's required for certain things like managing your account.

reddit.com › r/bitwarden › why do you trust bitwarden?

r/Bitwarden on Reddit: Why do you trust Bitwarden?

November 3, 2022 - 23 votes, 49 comments. 97K subscribers in the Bitwarden community. Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive information. With a trusted, open source approach to password management, secrets ...

reddit.com › r/bitwarden › what prevents bitwarden from being breached like lastpass?

r/Bitwarden on Reddit: What prevents BitWarden from being breached like LastPass?

March 3, 2023 -

Hey, all! Long-time LastPass user. I've been digging through various threads, but I haven't been able to find a good outline for this, so perhaps someone can point me in the right direction. From everything I've gathered, BitWarden's security is top-notch, esp if you use the recommended, but optional, Argon2 encryption. Notably, at least some things that LastPass did (like number of iterations), were not better on BW side (https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/). It seems like Argon2 bypasses the whole issue altogether.

What I'd like to find out though is how BitWarden's organizational structure and security practices prevent exfiltration of data like LastPass has suffered. Does BW store unencrypted 2FA seeds like LP did, which could be exfiltrated together with their associated vaults? What are their data structure and practices like, and what's encrypted / not encrypted? I see lots of mentions how BW and 1Pass are much better on security, but I have not seen a clear point-by-point break-down of company fundamentals around security and internal workings. I've not seen these contrasted against LP either. "We've never been hacked" isn't a compelling argument, as that could be a combo of luck, or user-base size, or it might be truly due to their superior practices, but it's hard to point out exactly.

They undergo regular audits. This was posted recently and may answer some of your questions: https://www.reddit.com/r/Bitwarden/comments/11ekbbl/bitwarden_upholds_high_security_standards_with/

At one level, the answer is, "nothing". There are multiple ways that your encrypted vault can be stolen. For instance, someone can steal your laptop, mount your hard disk on their hardware, and boom: they have your encrypted vault. A server breach is not necessary. At another level, Bitwarden and LP are very different. The encryption implementation in the LP super duper secret private source code is crap. The more we find out, the worse it is. Bitwarden may have deficiencies, but they get addressed (yay, open source and audits). Look, your master password remains the linchpin of your security. Assuming the encryption itself is sound, UNLIKE LastPass, you do not need to rely on the opsec on the server. Spend your efforts cleaning up the opsec on your own devices: good password hygiene, don't let your devices get stolen, virus scanning, etc.

reddit.com › r/bitwarden › how insecure is bitwarden?

How insecure is Bitwarden? : r/Bitwarden

January 29, 2022 - Either way, if that's as often ... and tell you where they come from - not self hosted though. ... Bitwarden empowers enterprises, developers, and individuals to safely store and share sensitive data....

reddit.com › r/bitwarden › bitwarden is very secure against hackers, but i have my concerns

r/Bitwarden on Reddit: Bitwarden is very secure against hackers, but I have my concerns

September 12, 2020 -

Won't there just be a time this service shuts down? What if it happens suddenly? What if something happens to the servers (well atleast I hope there's backups)

Also I get the part where all ur passwords are encrypted by your master password, but how is the master password ITSELF kept secure and encrypted?

You might read Bitwarden's Encryption article and come back with focused and studied questions. Also generally, you should satisfy yourself about important matters by reviewing BW's documentation, vs getting it second hand here. Hopefully, we'll see you here as a Bitwarden Project supporter!

ALWAYS keep your own current offline backup. Even if you trust Bitwarden 99.9% you don't want to risk being locked out of all your accounts.

reddit.com › r/bitwarden › "if it's free, you are the product". then why do you trust bitwarden?

r/Bitwarden on Reddit: "If it's free, you are the product". Then why do you trust Bitwarden?

June 6, 2022 -

Hello guys,

I joined Bitwarden recently and I would like you to reasure me. As a long time non-user of password manager, I tended to trust my human memory to remember my password, and in my mind, those passwords were quite challenging to guess. But then, I read a comic from XKCD and articles about how password manager are better, etc. And I decided to trust Bitwarden.

Bitwarden is so popular: it's free, open source and seems trustworthy.

The problem is that now, I have some doubt.

"If it's free, you are the product." That saying is common sense here, in the internet. So why are we trusting Bitwarden all our passwords? Because it's open source? Because everyone is parotting that it's good, it's well protected because of "idunnowhatencryptionsorcery" and good policy and ethics? What proof do we have? Some... allegations by people online we don't even know personally? What will keep Bitwarden from going insane and do something like : "You want your passwords? Haha, now pay me 100 bitcoins".

Really, I don't want to shoot at Bitwarden or any other password manager. But reassure me, please.

Thank you in advance.

Edit: thanks for your answers, I am more serene now. I'm thinking about buying a Yubikey too, but it's another problem.

They gain revenue from paid personal and enterprise memberships. I'd guess enterprise (businesses) are the bulk of their revenue.

Many businesses offer a free tier as a teaser for paid offers. The idea is to get you using the product, then discover that you want a feature that requires a paid tier, or advocate for adoption at work, and your profit comes from that group.

reddit.com › r/bitwarden › is bitwarden really safe?

r/Bitwarden on Reddit: Is Bitwarden really safe?

February 16, 2021 -

How can we be really sure of Bitwarden's security since it is open source unlike LastPass?

Can someone really smart just figure out a way to reverse-engineer something in the source and get access to a lot of people's passwords?

I'm a CS student but haven't dealt with a lot of crypto stuff but I would love to learn more about this.

since it is open source That's exactly how you can be sure of it. You are free to review the code yourself for any vulnerabilities whereas with LastPass you just had to trust them that none were there. More eyes on the code mean more people to find (and report) and vulnerabilities that may be present.

Reverse that question. How can you be sure Lastpass is doing what it claims to be? All you have are their word. At least with BW, you have their code.

reddit.com › r/bitwarden › how do i properly start securing my accounts using bitwarden

r/Bitwarden on Reddit: How do i properly start securing my accounts using Bitwarden

October 29, 2023 -

Hey guys! So, i’ve actually lost my account yesterday. The one where i use for my games, social media and other stuff that i use it on. All the grind i did on my games, all the friends that i had on my social media went gone. This actually happened twice to me although the first one was an account i just use to whatever i want. Still, it was useful and convenient, had some important stuff on it just before i lost it too. So now i want to keep things serious and secure my remaining accounts properly.

But as you know, Bitwarden isn’t a 100% safe app. None of the password managers are but i guess it’s less risky compare to memorizing your passwords so i want to know how to be more secure while using Bitwarden, keeping my accounts and password inside the app SAFE. Any kind of tips or things i should do that you highly suggest for me to do? Do you guys also use a notebook at home just in-case something happens? I really want to know more about this stuff. I’d really appreciate any help/tips. Thank you 😊

It is your responsibility to safeguard your vault in the following ways: Set up a unique, confidential, randomly regenerated master password that provides for at least 50 bits of entropy (e.g., a randomly generated passphrase , which should contain four or more words drawn at random from a list of at least 6000 words), and do not allow others to observe you typing your master password. Enable the strongest form of 2FA that you are able to use (FIDO2/Webauthn if possible). Make sure that your devices are secure (e.g., do not allow others to access your devices, practice good internet hygiene, and ensure that you are using up-to-date malware defenses), and do not use Bitwarden on other people's devices. Always lock your Bitwarden vault when not in use (e.g., using the vault time-out function). If you're still nervous about committing your most valuable secrets to your Bitwarden vault, you can use one or both of the following methods to reduce the likelihood that an attacker who has gained access to your vault data will be able to take over your online accounts: Add a password pepper to your most valuable accounts. Set up 2FA for all stored accounts that support it, using a hardware key (if possible) or a TOTP authenticator app installed on a device that is different from the device on which you use Bitwarden. Here is my Guide for Getting Started on the Right Foot in Bitwarden™: Get a piece of paper and write "Emergency Sheet" at the top. The write down the Bitwarden cloud server that you plan to use (bitwarden.com or bitwarden.eu), as well as the email address that you will use for your Bitwarden login. If you're paranoid or like to play secret agent, make sure that you write with the paper placed on a hard surface (not a notepad or magazine), and that you are alone in a closed room with all curtains drawn. Click this link once, and copy down the displayed phrase on your piece of paper. This will be your master password. Unless you have a medical condition, you will be able to memorize it with some practice (you were able to memorize your mailing address, telephone number, names of friends and relatives, and similar information, and memorizing your master password is not much harder — but accept that it will take a bit of practice). Create your Bitwarden account either on the .com server or on the .eu server . Use a fake name if you wish, and leave the Password Hint blank for now. When you first log in upon account registration, there is an option to Verify Email , which you should use. Optionally, upgrade your subscription to Premium if you wish to use Premium features . Go to the "Two-Step Login" section of your Account Settings, and get your 2FA Recovery Code . Accurately transcribe this code onto your "Emergency Sheet" paper. In the "Two-Step Login" section, enable a 2FA method for your Bitwarden account. I recommend purchasing one or more Yubikey Security Keys for the purpose of securing your Bitwraden account. To set this up in Bitwarden, click "Manage" for the WebAuthn provider, and register your Yubikeys there. Personally, I have 3 security keys; I keep one on my person, one at home, and one at work. In the Account Settings, change your KDF algorithm to Argon2id. Keep the default settings unless you use iOS devices, in which case you should decrease the "memory" setting to 48 MB and increase "iterations" to 4. Populate your vault by importing passwords that had been stored elsewhere, or by creating new vault items from scratch. Download and install the Bitwarden client apps that you wish to use, and configure the settings in each. It is recommended to set the vault Timeout Action to "Lock" instead of "Log out", and to use a relatively short Timeout Period. Also enable to option that clears the system clipboard after a short delay. Create your first backup, by logging in the the Web Vault and creating a vault export, being sure to select the encrypted .json format with the "Password Protected" option . Use the same method as before to create a strong password for your backup file, and write down the backup file password on your "Emergency Sheet" paper. In addition, create an entry in your Bitwarden vault to save the backup file password (which will make it easier to use the password when you create future backups). Use your Emergency Sheet as a "cheat sheet" for typing in your master password when logging in or unlocking your vault, until you have acquired to muscle memory to type it by heart (approximately one week, give or take). Seal your Emergency Sheet in a security envelope (which you can purchase or make yourself ), and store it in a secure location. Optionally, make one or more redundant copies of the Emergency Sheet, to store in different locations. Optionally, update your Password Hint to contain a clue about where your Emergency Sheet is hidden. To change your Password Hint, log in to the Web Vault and use the password change form, but type in your existing master password into the new password field (so that the master password is not changed), and do not check the option for rotating your account encryption key. That's it! Update your backup export on a regular basis using the method from Step 11. Don't use your master password or backup password anywhere else, and do not let anyone know what these passwords are. Keep your devices secure, and malware free, and you should be good to go.

Use a unique email that you will check for Bitwarden login. Make your main password a 4+ word passphrase using Bitwarden generator: https://bitwarden.com/password-generator/ Change your KDF to Argon2 with default settings: https://bitwarden.com/help/kdf-algorithms/#changing-kdf-algorithm Enable 2fa on your Bitwarden account. Use totp or security key, no email: https://bitwarden.com/help/setup-two-step-login/ Create an emergency kit with your main password and 2fa recovery phrase at minimum: https://bitwarden.com/help/two-step-recovery-code/ // https://passwordbits.com/password-manager-emergency-sheet/ When creating passwords for websites, use Bitwarden generator for each website with 16+ character password. Include all options (upper/lower, special, number). Consider using aliases or plussed addresses for your logins. Use 2fa on all accounts where applicable. No sms or email, totp or security key only unless it's a bank that only supports sms. Store the backup codes in your vault or on your emergency sheet. Once this is all done, backup your vault using password protected export: https://bitwarden.com/help/export-your-data/#export-an-individual-vault don't use unencrypted unless you know how to manage it. Add the password for your export to your emergency sheet Use Bitwarden to autofill your credentials through the browser extension. Keep the default timeout timer and action unless you want it more strict.

reddit.com › r/bitwarden › just how safe is bitwarden?!

r/Bitwarden on Reddit: Just how safe IS Bitwarden?!

June 22, 2019 -

I'm new to using it and want to know if I should feel safe adding online banking password s and other information?

On a scale of unsafe to safe, it's about 14 blue.

You have literally put more effort deleting and reposting this without the last line than it would have taken to search this Reddit.