this could be an optional feature for advanced users, adding a Secret Key besides the master password to increase security,
this can be implemented relatively easily, like a lenthy-er version of a master password where 1 half of the password is generated locally, manually copied over from device and stored permanently (but never synced/needed to remember) and the other half is the one you remember and use all the time to login.
could probably be implemented with added functionality to display a scannable QR code for easier transfer of this Secret Key
anyway this should always be an optional feature IMHO, since it does introduce some usability hurdles
I would really love to see this - at the price of just a little inconvenience when setting up a new device, it would virtually eliminate brute-force attacks on the master password, and take away a lot of the pressure to have an even longer master password.
It wonât have any impact on brute force attacks on your vault if you already have a strong master password. The benefit of this feature is largely to limit reputational damage for the company if all vaults are stolen as they can then rest easy knowing there are no weak master passwords vulnerable to hacking among them.
âStrongâ is a relative term. It would increase security independently of your master password strength/entropy, which is why it is interesting for end users as well, and not just corporate customers.
Relative strength is academic if both canât be successfully brute force attacked. The master password still protects the local vault in both cases and still needs to be strong. A weak password leaves you vulnerable in both instances, just at different points in the security chain.
By the way, I respect both security models. They are just different security approaches for different products.
Before too much old ground is retreaded in this recently re-opened thread, I would like to point out (especially for new readers) that 5 years of discussion of this topic have unfortunately been deleted from the forum (I believe inadvertently). However, some of the previous discussion (including different points of view, as well as suggestions for work-arounds) has been preserved in the Internet Archives:
I highly recommend to everybody to review the archived discussion before posting.
Community Guidelines for Constructive Discussion
Since discussion of this topic has become contentious in the past, it would be prudent to carefully the official Community Guidelines before posting; this will reduce the chances that moderators will lock the thread or impose rate limits on how frequently responses can be posted â which makes it difficult or impossible for views to be heard.
It is important to realize that the added protection against brute-force attacks is only realized if the attack is against the cloud vault (e.g., if Bitwardenâs servers are breached). There is no such protection if the vault is stolen from one of your devices (e.g., if the device is lost or stolen), because the secret is available on the device as well.
Would also add that Bitwarden just announced double-encryption of cloud storage. First layer: your vault protected by your password (you hold the keys); Second new layer: Bitwarden encrypts your hashed password (they hold the keys).
Wow that sounds great, at least superficially, I reserve final judgement until I know the full details but I hope itâs as effective as the keyfile.
If other managers start doing keyfiles then BW are going to look 2nd best so I really hope âdouble encryptionâ is as good as a keyfile.
I doubt other password managers will start doing key files. They are a hang over from pre-cloud password managers days. Clever marketing has given them new life. And itâs why KeePass still uses them and it does make sense for local password managers.
We are now moving quickly toward a passkey era where we wonât have passwords or 2FA. Bitwarden is introducing this in 2023. Google and Apple already have it with certain services you can Google and try.
I think your approach is correct: is it âas effective.â Not the same but both secure. They are both already best in class products with high security. People just need to pick the security model they prefer and enjoy!
I agree with this feature request for the following reason:
When logging in from a mobile device for the first time (more so, if it is a somewhat old device), having the 2FA option activated, the process is annoying, because you must have another application that generates the keys or you must check the mail (if you have it only with email).
If you do all of that, from the same device (if youâre out on the street or not next to another device where you can work with 2FA), youâll probably miss the process switching between apps and have to repeat everything again, once. kind of infinite loop.
With a keyfile (like KeePass, Enpass, etc.), or even a QR code generated by the same keyfile (like Enpass and TunnelBearâs extinct RememBear), it is a more âconvenient and practicalâ option, just as secure (if you know what you are doing and how you are doing it).
Not everything has to be so negative if you are a responsible user. I would like to handle a 2FA method offline rather than online.
A strong argument for adding a secret key is that it would improve all usersâ security as it wouldnât rely anymore on the strength of their master password. Moreover, it would make Bitwarden a much less attractive target for potential hackers as the secret key would make any compromised data useless for the attackers. The reality is that there will always be people whose master passwords are weak, and I donât think that educating people about the subject is enough. Instead, Bitwarden should strive to make its product as secure as possible for the average user, not just for people who know how to create strong master passwords.
Not sure what instances you are talking about, but the key definitely improves your security for lastpass style attacks, on top of whatever your master password entropy is.
It tricks people into thinking they can keep a weak password making them vulnerable to local attacks. Those who already have a strong password see no benefit to a keyfile security model. Bitwardenâs upcoming double encryption of all vaults in the cloud (encrypting all master password hashes with a second key) is a good security measure.
 