hi everyone!
i was hacked last week.
lost my facebook account (which i’m still trying to get back) and netflix.
might be more that i’m not aware of yet.
netflix was solved quickly by their support.
after discussions about this at work, i was recommended bitwarden.
i checked it out and now i’ve started using it, just a couple of days ago.
a little too late, but at least i’ll be safe from now on.
i have a couple of questions, that i haven’t seen the answers to:
1 - i want to share some of the passwords with my wife (netflix for example).
this is done by creating an organization, right?
would it be a problem that i’m using an iphone and she’s using an android phone?
i know it shouldn’t matter, but i’m not sure.
2 - i just started watching a bitwarden tutorial.
it was recommended to check your email on this site [Note added by Mod: “this site” is haveIbeenpwned.com], to make sure it’s “safe”: https://www.youtube.com/watch?v=-qouvOMAPYQ
unfortunately there was some pretty bad news for me.
“Pwned in 15 data breaches and found no pastes”.
so this is the email i’ve currently got connected to bitwarden.
i’m wondering if i should create another email adress, use another of my email that i’m currently not using, or just let it be?
i’ve been using this email for probably the last 20 years or more, so i’ve got pretty much everything in there.
could you change the email connected to bitwarden, or would i have to start over with a new bitwarden account (if your recommendation is to create a new email)?
3 - i have some music programs on my pc, that has logins.
is there any way to use bitwarden to autofill such programs?
they aren’t “web based”, meaning they’ll still work without any browser.
On my way out the door, so a quick response will have to suffice until someone else chimes in, or I return to my computer:
Yes (sharing is done using organizations) and no (having different devices doesn’t matter).
Not as big of a deal as it seems, but is best to take care of (using a unique email address) regardless.
No (Bitwarden can only auto-fill forms in your browser). It does allow transferring of information using drag-and-drop, though.
Also: Do you know how you were hacked? If this happened as a result of malware on one (or more) of your devices, then you absolutely should not use Bitwarden on those devices until the malware has been fully eradicated.
As @grb said, “Not a big deal”. The username is not intended to be a “secret”, so it does not really affect the integrity of your vault.
It is more about avoiding an annoyance. If someone knows your username, and tries to login to your web vault, you get an annoying email. Presuming your email provider supports it, setting your Bitwarden email to a plussed address ([email protected]) is the least-impactful way to cut down on these.
Don’t go changing Bitwarden to an obscure email that you never check, though. It is important that you receive and pay attention to emails from Bitwarden so that you can remain vigilant about things such as unexpected successful logins.
Your email address can be changed on the web vault. If you do decide to change it, I would first create an export (backup) just in case something goes wrong.
Not today, but it is currently the highest-voted feature request. It has the attention of Bitwarden, but has not yet made it to the roadmap. Feel free to add your vote (well, 1 of 20) to the feature request. Maybe we can push it into 4 digits.
ok, i’ll appreciate any answers i can get, so no problem
1 - ok great
2 - ok, so you’re suggesting that i change the email connected to bitwarden?
i do have a couple of other emails i could use for this, or i guess i could create a new email adress just for bitwarden, but the only email i pay close attention to, is the one that was “breached”.
i have everything connected to it, so it would be a lot of work to move it all over.
i’ve changed the password, so i’m hoping that’ll solve any more “breaches”.
3 - ok, i’m not sure what you mean by transferring information using drag and drop, but i’ll try to find some more info about that.
can i still generate new bitwarden passwords for such programs and store them in my vault, just to keep them safe and use copy/ paste to enter the user name/ password?
hey, is that what you mean by drag and drop?
that i can add those passwords to my vault and drag and drop them into the logins?
no, unfortunately i don’t really know how it happened.
i can’t even be 100% sure that this email was hacked.
i’m just assuming that, since both my facebook and netflix accounts were hacked.
that’s all i’m sure of right now.
they are both linked to this email adress, which led me to believe that my email was hacked.
i’ve scanned my pc for both malware and viruses.
found no malware, but fixed some potential problems in a deeper virus search.
i don’t know what else to do.
i can’t be 100% sure that my pc is safe after this, but i haven’t found any other problems or signs of hacking.
See the answer provided above by @DenBesten. First, it is important that the email address used as your Bitwarden username is one that you check regularly (or alternatively, if you have a less used email account where you are able to configure the email inbox to automatically forward copies of all incoming emails to your “main” email, that would be fine, too). The idea is that it is important to ensure that security notices sent by Bitwarden (to your username email address) are received in a timely manner.
I don’t what email service provider you are using for your main email address, but many email service providers have a feature whereby you can easily create new email addresses, such that email sent to those alternative email addresses get delivered to your regular inbox. Usually, this is done via so-called “plus-addressing”, so that if your regular email address is [email protected], you can use [email protected] as an alternative email address (where “anything” is literally anything).
If you haven’t already done so, I would suggest entering your old passwords (from the time of the breach) for your email account, netflix account, and facebook account into the HIBP password checker.
In addition, if your email account allows you to check recent login sessions, I would review that information to see if there is anything suspicious in the logs of recent access.
ok thanx ,
the email that i’m assuming got hacked, is hotmail.
i do have another email account that i could start using more.
it’s a gmail account thta i don’t really pay much attention to atm, but i could start using it more.
the only problem with that, is that i have almost everything from more than 20 years ago up until now, connected to the hotmail.
i’m not sure, but i’m considering changing the email connected to bitwarden, to my gmail account, but still mainly use my old hotmail account as usual.
i’ve changed the password and i will soon change it again with a bitwarden generated password.
for what it’s worth, i’ve checked my passwords and emails on pwned email check and pwned password check.
my hotmail has 15 breaches.
my gmail has 0 breaches.
my passwords have 0 breaches.
the email that was hacked is hotmail and the other email i could start using more, is gmail.
ok, i’ll check that out
ok thanx, i’ve checked my passwords and they are all ok, which makes me relieved and worried at the same time.
how did i gewt hacked if my passwords aren’t breached?
could that mean it’s actually my pc that’s compromised?
yeah that’s a great idea
i’ll check that out as well
This article is from 2011, but it says that Hotmail now only has the + address feature, but also an “email alias” feature that gives you even more flexibility in setting up a new email address linked to your main account:
Probably the instructions given for exactly how to create an email address may be a bit outdated, but I would be surprised if Hotmail has removed this feature since introducing it in 2011.
Thus, it seems you should be able to create an alias to use as your Bitwarden username.
thanx, i just added an alias email account
now i need to change the email adress connected to bitwarden, but for some unknown reason, i can’t log in to the bitwarden site.
i’ll need to do that to change the email adress, right?
tried to log in several times, but it just keeps saying “wrong user name or password”.
i can log in everywhere else though (the app, the web browser addon and the desktop program).
thanx, i have no idea why, but today when i woke up and started my pc, it worked again and i could log in without a problem.
once logged in i could easily change the email, so now i’m slowly getting into this system, adding my logins.
Also, I strongly recommend setting up 2FA on every important (financial, etc.) account that supports it. Ideally get a security key such as a Yubikey but nearly as good is a good authenticator (Bitwarden has one BTW). That way if any of your passwords does get breached you have the 2FA as your second layer of defense.
i have another question:
if i’m not at home and use a pc that’s not mine.
at work for example, or at a coffee house.
somewhere you’re not allowed to install programs (bitwarden).
i’m assuming in these situations, the only way to log in would be to find the passwords in the mobile app and type them in manually?
My suggestion is to keep personal and work completely independent. I never logged into any personal websites from my work computers - ever. For the few work sites that needed passwords (as opposed to the company SSO) I used a different password manager with a separate account.
I would not log into any critical site on a public computer either, unless you are on a paid VPN and even then I’d be leery. I’d just wait until I’m home or use my phone.
For Windows computers, download a copy of Bitwarden’s Portable Desktop app onto a USB, then plug in the USB and launch the bitwarden-portable.exe directly from the USB.
Using either of the above methods on a computer that may contain malware (e.g., a coffee house computer) is extremely risky, and can result in all of your vault contents being stolen.
