Firefox Lockwise Bitwarden

Posted on  by admin

It is claimed that since version 76, Firefox alerts for vulnerable passwords and breaches. In this article it is explained that Lockwise scans the stored passwords and warns if one of the passwords is identical to one leaked online as well as that it shows breach alerts for sites that have experienced security breaches. When comparing bitwarden and Firefox Lockwise, you can also consider the following products Lastpass - LastPass is an online password manager and form filler that makes web browsing easier and more secure. 1Password - 1Password can create strong, unique passwords for you, remember them, and restore them, all directly in your web browser. Firefox Lockwise or Bitwarden? I saw that Firefox Monitor warns you when passwords are leaked, which is something very important to me. Bitwarden only does this when it is in the premium version. A yearly Bitwarden subscription is also a fraction of the cost of the aforementioned password managers too. I also think Firefox Lockwise is also a good choice too, but it is limited to mobile devices. Unfortunately, there isn’t a desktop client for people to use Lockwise if they prefer to keep it separate from their browser.

Firefox Lockwise
Developer(s)Mozilla Corporation
Initial release21 May 2019; 22 months ago
Stable release(s)[±]
Android4.0.3[1] / 14 December 2020; 4 months ago
iOS1.8.0[2] / 8 February 2021; 2 months ago
Repository
  • Add-on: lockwise-addon
  • Android: lockwise-android
  • iOS: lockwise-ios
Written inKotlin (for Android), Swift (for iOS), JavaScript (for Firefox add-on)
Operating system
Available in5 languages
English, French, German, Italian, Spanish
TypePassword manager
LicenseMozilla Public License 2.0
Websitelockwise.firefox.com

Firefox Lockwise is a password manager for the Firefox web browser, as well as the mobile operating systems iOS and Android.[5][6] On desktop, Lockwise is simply part of Firefox,[7] whereas on iOS and Android it is available as a standalone app.

If Firefox Sync is activated (with a Firefox account), then Lockwise syncs passwords between Firefox installations across devices. It also features a built-in random password generator.

History[edit]

Developed by Mozilla, it was originally named Firefox Lockbox in 2018.[8] It was renamed 'Lockwise' in May 2019.[9][10] It was introduced for iOS on 10 July 2018 as part of the Test Pilot program.[11] On 26 March 2019, it was released for Android.[12]

On desktop, Lockwise started out as a browser addon. Alphas were released between March and August 2019.[13] Since Firefox version 70, Lockwise has been integrated into the browser[14] (accessible at about:logins),[7] having replaced a basic password manager presented in a popup window.[15]

See also[edit]

Lockwise

References[edit]

  1. ^Mozilla; 'Firefox Lockwise - Apps on Google Play'; published in: Google Play; publication date: 14 December 2020; retrieved: 14 March 2021.
  2. ^Mozilla; 'Firefox Lockwise on the App Store'; published in: App Store; publication date: 8 February 2021; retrieved: 14 March 2021.
  3. ^'Firefox Lockwise for Android'.
  4. ^'Firefox Lockwise for iOS'.
  5. ^Whitney, By Lance; August 21, 2019 10:30AM EST; August 21, 2019. 'How to Manage Web Passwords With Firefox Lockwise'. PCMAG. Retrieved 2019-11-18.CS1 maint: numeric names: authors list (link)
  6. ^Software, Catherine Ellis 2019-06-04T13:00:01Z. 'Mozilla launches new desktop password manager, Firefox Lockwise'. TechRadar. Retrieved 2019-11-18.
  7. ^ ab'Firefox 70.0 release notes'. Mozilla. October 22, 2019.
  8. ^'Firefox Lockwise Aims to Revamp Browser Password Management'. BleepingComputer. Retrieved 2019-11-18.
  9. ^'New Privacy Features for Mozilla Firefox, Lockwise Is Live'. BleepingComputer. Retrieved 2019-11-18.
  10. ^'Rename 'Firefox Lockbox' to 'Firefox Lockwise' after May 28'. GitHub. 25 May 2019. Lockbox is getting a new name on 28 May [for the 'Trailhead' release, a product update.]
  11. ^Nguyen, Nick. 'Introducing Firefox's First Mobile Test Pilot Experiments: Lockbox and Notes'. The Mozilla Blog. Retrieved 2019-06-26.
  12. ^Nguyen, Nick. 'Firefox Lockbox Now on Android, Keeping your Passwords Safe'. The Mozilla Blog. Retrieved 2019-06-26.
  13. ^'Firefox Lockbox for Desktop'. Firefox. 10 Aug 2019. (Firefox addon repository)
  14. ^at 19:00, Richard Speed 22 Oct 2019. 'Minigame: Celebrate Firefox 70's release by finding a website with 70+ trackers blocked'. www.theregister.co.uk. Retrieved 2019-11-18.
  15. ^'Password Manager in Firefox'. Firefox Help. Retrieved 26 October 2019. Password Manager is now Firefox Lockwise! The interface for managing usernames and passwords was entirely redesigned and is now based on the Firefox Lockwise add-on.
Bitwarden

External links[edit]


Retrieved from 'https://en.wikipedia.org/w/index.php?title=Firefox_Lockwise&oldid=1014906379'

Password management

I have been using Bitwarden - an open source, self-hosted password manager for a little oversix months.Before that, I used the password manager provided by Google, with it's nice sync feature between devices, so mypasswords were available on my phone as well as my work Mac and my personal machines.

For quite some time, I have been attempting to move my data away from cloud hosted things, specifically Google'sinfrastructure.It has proved to be quite a long and slow process.

The time came to switch away from Chrome, and back to Firefox.Firefox has a similar sync feature for bookmarks, history, add-ons, open tabs, passwords and preferences.Most of the syncing features worked very well, but I had quite a lot of problems with the password sync.

I had exported all of my credentials from Chrome to a CSV file and imported them into Firefox, but the importedcredentials refused to sync to my other devices from there.I understand it was because I enabled a master password to access them, and the mobile app to access the saved passwords(Lockwise) used a PIN instead, or something security related.Maybe it was because I enabled 2FA on my account - I don't really remember.It all seemed a lot harder than it should be.Either way, using Firefox to manage my passwords like I had done with Chrome seemed too problematic.

I spent some time looking for an open source, self-hosted password manager that had an iOS app, 2FA, and seemed somewhatmodern.I don't really remember any specific requirements any more, but Bitwarden seemed to fulfil what I was after at the time.

Hosting my own password manager also means that I won't be storing my password database on someone else's computer.It does however, put the onus on me to secure my infrastructure well enough.

Official Bitwarden

The installation of Bitwarden seems rather simple on the faceof it, you download a script and run it.

shell

Edit the config file, then restart Bitwarden.

shell

I'm not a huge fan of downloading scripts and just running them - though I run enough things that I download that Iprobably shouldn't as concerned as I am.As the rest of my infrastructure is configured using Ansible, I wanted write a quick Ansible role to set up andconfigure Bitwarden for me in a repeatable way.So I spent an unreasonable amount of time digging though what the installation script (and the sub-scripts that itdownloads and executes) did so that I could install it manually.

This involved following significantlymore complicated instructions,which included downloading a stub repository, generating keys, writing a lot of .env files and eventually starting theservice with docker-compose.Docker compose starts quite a few rather resource thirsty containers in some sort of micro-service setup which seemspretty neat.

I'm pretty sure I should have made my Ansible play just run the standard installation commands!

Bitwarden also consumed a lot of disk space!For some reason, Bitwarden did not use the Overlay2 filesystem, but instead saved the image layers using the VFS storagedriver.This directory reached 36.5GB, which consumed far too much SSD space on my home server (I only have 128GB of usableSSD storage).To preserve SSD space, I mounted a directory from my higher capacity but slower spinning disk array into the BitwardenLXD container and moved the data there instead.

The iOS app and browser extensions seem to work pretty well.The web interface is basic but quite functional albeit a little slow at times.

Compared to the other services my home server runs, Bitwarden was definitely the most resource hungry thing I ran.

I run system containers through LXD on my home server, so the metrics below are the entire container as measured bysystemd on the host.

I can't guarantee that my Ansible deployment of the Official Bitwarden service was 100% correct, so maybe the highresource use was caused by me misconfiguring something.I left it alone while I worked on other things.Every so often I'd take a look at my server graphs which show the CPU and memory use of the containersThe resource use - especially CPU got to me, and when looking for issues on the Bitwarden Github repository, I found anissue describing what I saw an issue describing what I saw.

I don't know what it was doing with all those resources. I'm pretty confident that it should be doing pretty muchnothing nearly all the time - except when I invoke it though one of it's interfaces.

Bitwarden RS

Bitwarden RS is an unofficial implementation of the Bitwarden passwordmanager written in Rust.It uses significantly fewer resources and only requires a single docker container to run it.It also allows the use of the normally paid features like organisations and reports.For my home usage I don't think I'll have a use for organisations, but the reports may be useful.

Firefox Lockwise Bitwarden

Installation is significantly simpler than the official release, and the config file is a single JSON config file.Environment variables can be used instead, but the JSON config overrides environment variables and can be modified bythe admin interface.

Export firefox lockwise to bitwardenshell

This is easily achieved with Ansible's docker_container module.

There are a few image variants available.The standard bitwardenrs/server image supports using a SQLite database.bitwardenrs/server-mysql adds support for connecting to MySQL databases.bitwardenrs/server-postgres - as you might have guessed - adds support for connecting to PostgreSQL databases.

I doubt for my scale it'd make much difference which I'd use, but I decided that a real database backend might be alittle faster, and maybe safer to backup?I've not used SQLite enough to know how it handles a backup of the databasefile taking place during a write operation.I know MySQL and Postgres are absolutely fine with this case.It would be trivial to have set up a new docker container for the database for Bitwarden RS, but as I already have aMySQL server on my home server, I used that.

It's nice to see the resource use get lost in the background noise.

The disk space used by the OverlayFS storage driver for Bitwarden RS has reached 170MB.

Firefox lockwise vs bitwarden

The interface feels a little more responsive, but I lack any metrics to show whether this is the case or not.

Data migration

Migrating my vault contents was easy as Bitwarden has an export feature which allows you to download your vault as aJSON file (just be aware that this file is unencrypted).Then the data file can be imported into the new account.

Comparison

I'm happy that the Bitwarden RS implementation is wasting fewer of my home server's resource.Now that it's getting warmer outside, I don't need the extra few watts of heat from it to keep the house warm either.

Firefox Lockwise Vs Bitwarden

As you might already have noticed, I like my metrics, and these last ones show the resources saved nicely.