A tool like the Bitwarden password manager is a key tool in security and keeping your accounts safe. Using it and learning some basics about security should be your first stops in securing your personal information. This article will deal with setting up and using Bitwarden to manage your passwords and why you should use it or something similar.
Why use a password manager?
One of the biggest reasons accounts with passwords become compromised is because the password is easy to guess. A bad actor can use a brute force attack to gain access to your account. This is a method were someone uses trial and error to guess the password. Here are a couple of examples of how long it would take to crack some different passwords using a tool.
When creating accounts, most tools have some basic requirements like it must have at least 8 characters, a capital letter and at least one number and maybe a character like # or $. So, you might think that the password “Password123” has at least two of those so it should be somewhat secure. Surprisingly, many people actually use that or a deviation as their password, which makes it easy to guess. Even if you add something like “Password#123”, it is still guessed in under 2 minutes.
The second example is a strong password and would take centuries to guess. But it is long and hard to remember. Now you might be tempted to think, if this password is strong, I can remember one long password so I will just use it on all of my accounts. PLEASE DON’T. This is another rule in security. NEVER USE THE SAME PASSWORD ON MORE THAN ONE ACCOUNT. Why? Because if it is compromised, a common practice is to try this same username and password on multiple other accounts to see if they can gain access to something else. This is where the password manager comes in handy. It can remember really long passwords and you then only need to remember one strong password.
Do you have a password that you think is strong? Do you want to see how strong it is? Use the link below to find out how long it would take to crack it. If it is centuries then you might decide to use that as your one password to access Bitwarden Password Manager after setting it up. The whole page, at the link, has solid information that is worth reading.
Create a Bitwarden account
Bitwarden has a couple of free options for personal use. You can self-host it on a server you own or something like a desktop acting as a server. This option only allows for one user. Another option is the free personal account in the cloud that allows up to 2 users. This guide will be setting up the free personal cloud account. Here is the pricing:
Click on this link to go to bitwarden: https://bitwarden.com/
In the top right corner click on Get Started
On the next screen you will enter your email, name you want to use, enter a master password (this is the strong password I mentioned earlier. Use the test tool and make sure it says centuries), re-type the master password, enter a password hint, check both boxes and click on create account and follow the instructions on the verification captcha.
Now you will have to use the email and master password you created to log in. Pass another captcha and then you will get to a screen that has this image on the top right:
Click on the send email button. Go to your email. Open and read it as there is some important information and links. You can always reach your password vault by going to https://vault.bitwarden.com/
You will find the installation files for multiple devices here: https://bitwarden.com/download/
I will not go over the installation because most people can install applications on their phones or personal computers without issues. You will most likely install on every device you use. The usernames and passwords are stored in the cloud so all devices will be synced. If you add or change a user/password then it is reflected on the other devices.
Once you have added the Bitwarden extension to the Chrome browser you will need to click on extensions and then the Bitwarden extension. You can pin the extension so it is always visible if you like.
Enter your email address and master password and then you will see your vault. Most likely it will be empty since it is new. The vault can have no folders, just an entry for every account you have, or you can create folders by going to settings > folders and adding a new folder. Some examples you might want to use folders for: Banking, Emails, Websites, etc. Purely a personal choice. From this screen you can add your first login. You can click on Add a login or the plus sign in the top right.
Before you get to step 6 below, where you can generate a password, I want to go over that part now. Click on the Generator button on the bottom. You will see it provides you an automatically generated password based on the current settings it has. You can genererate random usernames and passwords. For the password you can use a password or a passphrase. Try both. Some accounts have different requirements so you can make adjustments here to match that. But when you can I suggest that you have your password at least 16 characters long and include special characters. You can use this to make your master password and change it if you like.
Now back to creating an entry.
- Choose Login from the drop down menu.
- Give it a name so you can identify it.
- Enter the username or generate one.
- Generate a new password (you will need to open a new tab and go to the website and log in, then change the pw using the newly generated strong password).
- These buttons allow you to check if that password has been exposed in a breach, toggle the visibility, generate a new password, all in that order.
- Enter the address for the website, if there is one.
- Save the record.
You now have an entry in the Vault and from here you can launch that website to open in your browser, copy your username for that account and copy the password. If you click on it, you can edit it, view the password or copy it.
Now that you have an entry in your vault, you can use Bitwarden to automatically fill in the username and password for your on that web page. As mentioned earlier, you can also lauch the web page from the browser extension. Once you open the web page yourself, or by using the Bitwarden extension, make sure your cursor is in the username box and click CTRL + L on your keyboard and it will auto-fill your username and password. You can then press enter on your keyboard and you will log into your website. The only password you need to remember is your master password for Bitwarden.
On my android phone I also use biometrics for logging in with my fingerprint. You can turn this on in the settings. This can be done on a computer as well, but you need to use the desktop application of Bitwarden and have the means, i.e. biometric capabilities.
Once you have Bitwarden installed on your phone and sign in, you should see any accounts you may have already set up in your vault. Otherwise, they set up the same as the browser extension. You can open Bitwarden and launch web pages just like in the pc browser extension. Or if you open a webpage and it has the log in screen, you will see a Bitwarden pop-up. If you click on this and you have the username and password in the Bitwarden vault it will auto-fill it for you.
If you follow these best practices below your accounts will be about as safe as they can be. Even if there is a data breach (and we hear about these on a regular basis) your other accounts will still be secure because they are strong and not the same as any other account.
- Never use the same username and password on more than one account.
- Never click on links in emails unless you are expecting it. For important things like my bank. I will never click on a link even, if I am sure, it is my bank. I will open a browser and go to their website and log in. One never knows if you are being spoofed in an email and redirected to a website that looks exactly like what you expect in a phishing attempt, only to find out you typed in your username and password to a fake website. At which point they now have your credentials or downloaded a virus or malware onto your computer.
- Make your passwords at least 16 characters long to include upper case letters, lower case letters, numbers, special characters and do not repeat characters. Another option is to use long passphrases that can make it easier to remember if needed.
- Use a password manager and have a strong master password.
- Don’t save your passwords on a publicly shared computer.
- Never share your passwords.
- Change your passwords on a regular basis.
There are many tools out there for password management, but of the different ones I have used, I really like Bitwarden. If you have any questions please don’t hesitate to ask and I or someone will reply back with an answer.
Find more on https://notposted.com