In the modern era, the world has seen major progression in the technological sector. New and advanced technologies have made the lives of people easier. Not long ago, people used landlines to communicate with one another, but now, devices such as smartphones have arrived. Such advances have truly revolutionized the lives of humans in ways that go beyond the concept of communication. Such has been the impact of technology on our lives that every aspect of modern life has been merged with it. Whether it involves our finances or our social profiles, all rely heavily on technology.
Bitwarden Browser Extensions integrate password management directly into your favorite browser. Download a Bitwarden Browser Extension from your browser’s marketplace or app store, or from the Bitwarden Downloads page. Browser Extensions are available for.
- Feb 24, 2021 Bitwarden was developed as a tool for businesses, and it shows. On the other hand, LastPass was built as a free product for the masses. On the whole, LastPass is easier to use. Whether it’s the design of the web client, or how seamlessly the auto-fill functionality works using browser extensions.
- Bitwarden is the easiest and safest way to store all of your logins and passwords while conveniently keeping them synced between all of your devices. Password theft is a serious problem. Home Extensions Bitwarden - Free Password Manager. Bitwarden - Free Password Manager. Offered by: 2,818.
- Bitwarden makes it easy for you to create, store, and access your passwords. Bitwarden stores all of your logins in an encrypted vault that syncs across all of your devices. Since it's fully encrypted before it ever leaves your device, only you have access to your data. Not even the team at Bitwarden can read your data, even if we wanted to.
However, this reliance of ours has made us much more vulnerable to data breaches. The real-life cases of Adobe and eBay clearly indicate what a serious issue cybersecurity is. Cyberattacks have also been on the rise and, to top it off, even more advanced and new kinds of attacks are being developed every day. Although Linux is much more secure than Windows and other operating systems, it is still vulnerable to viruses.
Hence, it is essential to adopt measures that can protect our machines from these security attacks. One excellent solution is to use password managers. Thus, the topic of our discussion in this article will be Bitwarden, an open-source password manager.
What is Bitwarden?
Bitwarden is a free and open-source password manager that is available for Linux and all other major operating systems, like Windows and macOS. Bitwarden also has extensions for all the popular web browsers, such as Chrome, Firefox, Edge, etc. It even has applications available for both Android and IOS mobile devices. Bitwarden offers a very user-friendly and easy-to-use interface, making its graphical interface an excellent choice to have. It works by storing your passwords and other sensitive data inside of an encrypted vault, which itself is protected by a master password. Bitwarden offers both a free and paid account to its users, with the latter having different plans, all of which are low-priced when compared with the market. The free version of Bitwarden, however, is also a very notable choice, as it offers a wide array of features that cannot be found in other password managers.
Before we move onto the installation process of Bitwarden, it is important to know that you need to sign up for an account to use this program. Simply go to the official website of Bitwarden, click the Create your Free Account option, and input your details to create an account.
Once you are done creating your account, it is also good practice to install an extension of Bitwarden inside your web browser for automatic fill-in of your login details. You can install this either by going to the official extension and add-ons page of your browser or by clicking the options available on Bitwarden’s official webpage.
There are two primary methods of installing Bitwarden on your machine. We will look at them in the following section.
Installing Bitwarden Using AppImage
To install Bitwarden using its AppImage, once again, open Bitwarden’s official website. Then, select the Download option from the top of the page and click on the Linux segment found under the Desktop heading.
This will download an AppImage onto your Linux machine. To start using Bitwarden, first, you must give it executable permission. This can be done by right-clicking on the icon and selecting the Properties option.
Next, open the Permissions tab and click the square box next to the line Allowexecutingfileas program to make your AppImage executable.
Now, Bitwarden can be opened by double-clicking the AppImage file.
Installing Bitwarden Using Snap
Another method of installing Bitwarden on your computer is by using Snaps. Snaps are applications that include all the dependencies bundled together inside a software package. This removes the hassle of separately installing dependencies along with your application. To install Bitwarden using Snaps, simply run the following command in the terminal:
After downloading and opening Bitwarden, a login menu will appear in front of your screen. Enter your login details to start using Bitwarden. Note that if you were not able to make your Bitwarden account before, you can do so from here.
After logging in, Bitwarden will take you to your Vault, where all your passwords and sensitive data will be saved.
You can manually add items inside your Vault by clicking on the plus icon, as seen in the image above. This will open a window into which you can input any details about your account that you want to add.
You can also change the type of item that you want to add by selecting options from the drop-down menu, as indicated in the image below.
It is important to note that the item details that you input in this window will change depending on what type you choose to add.
When adding accounts to your Vault, you can also use the Password Generator option of Bitwarden, which will automatically generate a secure password for you.
To keep track of all these passwords, you can use the Password History option in the View tab, where all generated passwords will be stored.
You can also sync your account with your web browser by going to the File option and selecting the SyncVault option.
Bitwarden even allows you to export your Vault by using the Export Vault option, as seen in the image above. The exported files will either be in the json or csv format.
So, Why Use Bitwarden?
There is no doubt that the Internet has revolutionized the world, as it has now become an integral part of our daily lives. As we are now highly dependent on technology for our day-to-day work, this dependency has paved the way for cybersecurity issues to arise and has led to severe cases of identity theft and data leakage. Bitwarden is an excellent choice to protect your machine from such threats, as it offers a way for users to protect their data and keep their systems secure.
I’ve used Authy for several years to generate mytime-based one-time passwords(TOTP)for two-factor authentication(2FA). For variousreasons, I recently migrated to using Bitwardeninstead.
Google Authenticator Issues
Extension Bitwarden Safari
Many services recommend using GoogleAuthenticator for 2FA. Ioriginally used it before switching to Authy, but I switched for a reason thatis still valid today: it doesn’t have any sort of backup or syncingfunctionality.
Check out thereviewsto get a sense of how often people get burned by switching to a new phone forwhatever reason and realizing they’ve lost all their codes or need to go througheach service one by one and set up 2FA again.
Google Authenticator is also a neglected app. The Androidappwas last updated on September 27, 2017, and the iOSapp was lastupdated on September 12, 2018. You could argue that these are relatively simpleapps that don’t need frequent updates, but take a look at what other apps likeandOTPand Aegis offer in terms of functionality that GoogleAuthenticator doesn’t have, like being able to search for a service instead ofhaving to scroll though the entire list to find it.
While I have happily used Authy for several years, I also have some issues withit that caused me to look for a replacement.
No Browser Extension
Authy doesn’t have a browser extension forFirefox, my primary browser. This is aproblem because an extension can offer some protection againstphishing, one of the main securityweaknessesof using TOTP for 2FA. If the extension fails to find an entry that matches thecurrent domain, that can alert me to a possible phishing attempt.
The Chromeextensionalso hasn’t been updated in two and a half years and will no longer besupported goingforward.
No Web Client
Authy doesn’t have a web client. While this could be considered a securityfeature, I’d rather have the option to access my codes through any browser in anemergency. It’s a security vs. usability tradeoff that I’m willing to make.
No CLI Client
Authy doesn’t have a CLIclient. I have some ideas for personal browser automation projects that could beeasier to implement with programmatic access to my TOTP codes.
Mac CPU Usage
I use the Mac desktop program, but when it has a code open, the program usessignificantly more CPU. Here’s the CPU usage when it’s just displaying the listof services.
And here’s the CPU usage when it’s showing the TOTP code.
Since I don’t want the program to unnecessarily drain my laptop battery, I tryto remember to press the back button after copying the code. There’s no optionto automatically go back on copy or to just copy the code from the list viewwithout even seeing the code.
Authentication and Recovery
When you create an Authy account, you have to provide a phone number rather thanan email address or username. I didn’t like this to begin with since I want asfew things tied to my phone number as possible, given how often phone numbersget hijacked.
Authy thenencouragesyou to add the app to your other devices and then disable the multi-devicefeature. This means that your codes will keep working on your existing devices,but to add Authy to a new device, you need access to one of your old ones totemporarily re-enable multi-device and to grant access to the new device. If youdon’t have access to an old device, you have to go through a 24 hour accountrecoveryprocess.
However, I want to be able to regain access to my 2FA codes, even if I’ve lostaccess to all my devices. For example, I could be in a foreign country withoutmy laptop and then lose my phone. I want to have a good contingency plan forthis kind of situation.
Note that Authy doesn’t support an account level password. It does support apassword for your encrypted backups, but you don’t enter that until after youlog in.
Authy also doesn’t support TOTP codes orU2F security keys forprotecting itself. Its sole authentication mechanism (beyond account recoveryprocesses) is access to an old device.
I considered using my YubiKeys to generate TOTP codesusing YubicoAuthenticator,but a YubiKey can only store32TOTP secrets, and I already have 49 of them since I enable TOTP-based 2FAwhenever possible.
I currently use LastPass to manage my passwords,but I am going to switch to 1Password soon. I decidedto use Bitwarden as well but solely for TOTP codes. 1Password can also handleTOTP codes, but I am willingto deal with the hassle of having two password managers to avoid using the sameservice for both passwords and 2FA.
By using a password manager for TOTP, I get broad cross-platform support with aweb client, browser extensions, desktop programs, mobile apps, and even a CLIclient. I also get standard authentication mechanisms, including 2FA support.
This does mean that I am treating my TOTP codes more like secondary passwords(something Iknow)rather than as something Ihave.Authy’s requirement to have access to an old device better fits the latterprinciple. This is a deliberate choice on my part.
Note that Bitwarden requires a premium account that costs $10 a year in order togenerate TOTP codes. A premium account also adds U2F support, which I wanted aswell.
U2F support is the last component of my authentication strategy. Going forward,it will be like this: I’ll store passwords in 1Password and TOTP secrets inBitwarden. I’ll use separate, high entropy masterpasswords that will only exist in my head.
1Password requires a secret key inconjunction with the master password in order to log in on a new device. Since Ican’t memorize it, I plan to store my secret key as a staticpasswordon my YubiKeys. This means that if I touch the metal contact for a few seconds,it will type out the secret key for me.
For both services, I’ll add all my YubiKeys for 2FA. This means that all I needis one of my YubiKeys (one of which is on my keychain) and the master passwordsin my head to regain full access to all of my accounts.
However, I can’t guarantee that I’ll be able to use my YubiKey on every device.For example, Bitwarden doesn’tsupport U2F inits mobile apps. I would also be paranoid about feeling like I need two YubiKeyswhen I travel in case I lose one.
My plan to deal with these issues is to also set up TOTP-based 2FA for both1Password and Bitwarden. I’ll print those TOTP secrets, along with the 1Passwordsecret key, on a small card and laminate it. I can make multiple copies to putin my wallet and my bag. Sometimes being overly prepared is fun in itself, eventhough it might be overkill.
To migrate to Bitwarden, I went through my Authy list one by one. In theory, I’dbe able to just copy the TOTP secret to Bitwarden, but Authy doesn’t expose thesecret.
For each account, I logged in and reset 2FA to add the secret to Bitwarden. ThenI deleted the account from Authy. Authy marks it for deletion and then waits 48hours before actually deleting it in case you made a mistake.
I did have trouble with adding some services, such asAlgolia and npm, that onlyshow the QR code and don’t have an option to display the TOTP secret. The QRcodes encode URIs that look like this, asdocumentedin the Google Authenticator wiki:
I tried using my phone camera’s built-in QR scanner, but I couldn’t see the fullURI and opening it would open Authy, with no other option. I used GoogleLens instead to grab the secret. In retrospect, I wasonly having trouble because I was adding the services to Bitwarden through thebrowser extension. I should have installed the mobile app from the beginning andused that because it has an option to scan QR codes.
I also had trouble with adding Twitch, which has aspecific integration with Authy instead of providing a generic QR code. To getaround the issue, I followed thisguide.You can use the deprecated Authy Chromeappto retrieve the TOTP secrets and configurations. This method entails usingChrome’s developer tools to execute customcode toprint the information.
This revealed that Twitch uses 7 digit codes instead of the standard 6 and 10second intervals instead of the standard 30.
At this point, I thought I hit a Bitwarden limitation because I mistakenlyassumed that the extension would only take the TOTP secret in the authenticatorkey field.
However, I discovered that Bitwardensupportsputting the full URI with configuration into that field. I tested it and wasable to log in to Twitch using the code generated by Bitwarden.
Migrating to Bitwarden took me about a full day, but I’m happy with the result.I’ve been using the Bitwarden browser extension to log in to accounts for thepast week, and it is much nicer than using the Authy desktop program. Next up ismigrating from LastPass to 1Password.