this could be an optional feature for advanced users, adding a Secret Key besides the master password to increase security,
this can be implemented relatively easily, like a lenthy-er version of a master password where 1 half of the password is generated locally, manually copied over from device and stored permanently (but never synced/needed to remember) and the other half is the one you remember and use all the time to login.
could probably be implemented with added functionality to display a scannable QR code for easier transfer of this Secret Key
anyway this should always be an optional feature IMHO, since it does introduce some usability hurdles
What’s the purpose of this secret key ? Without it you can’t log in even if you have the master password ? How would you allow to log in to the web vault in that case ?
You have to give your emailadress, secret key and the password to authenticate instead of only giving your password & email. This gives an extra layer of protection.
Isn’t 2FA more effective and simpler to use?
Coming from 1Password, I love Bitwarden! Every single thing about Bitwarden, except that it does not have a secret key like how 1Password does.
I understand it’s not essential, but it feels to be an additional level of security and it feels good.
It’s easier to use and a simple way to secure your account against people attempting to log in. However, it presents virtually no security in the unfortunate case Bitwarden’s/your server gets breached.
I still don’t understand in what a static secret key provides more security than a second factor/yubikey code that changes with time, or a U2F key that also has a challenge/response mechanism in which the response changes over time.
2FA works great for authentication with you and a server. But doesn’t do you any good if the server gets hacked and all accounts stolen and the bad guys have unlimited attempts to crack each account.
A secret key is combined with your master password to make it even stronger. The secret key has 128 bits of entropy and the average good password is 60 bits. Since the encryption key for 1Password is greater than 128 bits of entropy it makes it even harder to crack.
If the average user of Bitwarden has a master password of 60 bits it would easier to attack than the vaults at 1Password. Even if a user of 1Password uses “password123” they’re less likely to get hacked because its combined with the secret key to make it super strong encryption key.
I understand your point now. But in bitwarden, your master password is not the encryption key for your data. The encryption key is derived from your master password with an algorithm called PBKDF2 (more info here : https://help.bitwarden.com/article/what-encryption-is-used/).
Maybe @kspearrin could give us more details on the strength of the derived key ?
1Password does the same PBKDF2, but they combine the master password and the secret key to get it making the encryption key even stronger.
Would love to see this as well.
Well, if I understand 1password‘s page correctly even with 52 bits of entropy and only 10000 rounds of pbkdf2 cracking the password takes 192 years. Extrapolated to 100,000 as used by Bitwarden this would require more than 1900 years. I do not think my vault is that important and probably this would be the attack vector
Actually, it’s even longer - the default is 100,001 iterations client side and 100,000 iterations server side.
So what is used for what:
- bitwarden does 100001 rounds of pbkdf2 on the client and uses the result to encrypt stuff with aes256 before sending any values to the server.
- bitwarden does another 99999 rounds of pbkdf2 on the server side and stores/compares the result. This is used to authenticate the client software.
Or does the client do 200000 rounds of pbkdf2 before sending this to the server and the server does only compare this to a stored result?
I would really like to see this feature, and is the reason that I have not actually fully made the transition to Bitwarden yet.
Beyond being more cryptographically secure, I like the feature for the peace of mind it gives me. I like having another code that I don’t have memorized and only enter when actually logging into (not unlocking). I am always entering my master password. If some one is able to extract that, say be shoulder surfing, you still need to know that secret key, or have access to one of my closely guarded devices that that is authorized to access my vault.
Yes, I know 2FA, and I do use 2FA in conjunction with the master password + secret key combo. But security in layer right? The secret key serves a similar purpose to 2FA, but it is different. I like how @dangostylver explained it when he was talking about TOTP keys getting stolen and the increased entropy of your password.
If I understood correctly, the secret key works like a password on top of master password to encrypt your vault online, while you do not require SK to unlock, you do for logging in and decrypting, however it means 1PW requires your MP every time you want to unlock? this looks like a lot of pain to enter an long and complex password every time i restart the app, Bitwarden allows us to unlock with PIN and it´s much friendlier , Does 1PW allows PIN or Biometrics? If yes, what`s the purpose of SK again if you are not entering MP every time? and what if you lose your device ? how do you recover your account without the SK?
I would also like a key file.
Although I use the 2fa, I’m more afraid that the Bitwarden server will be hacked and that somehow got my master password. I would like to only be able to open the safe with the key file. And this key file is only on my smartphone and desktop.
The 2fa only prevents the log in to the server right?
I’m not an expert, but wouldn’t that increase the security of cloud-based password managers?
At least offer it as an option?
I’ve been using the Pro version for a few months and never want to do without a password manager again.
Sorry used a translator for this.
Just my 2 cents…
This reminds me of the military. Instead of creating a robust system, the military will often create a new system to be a second layer of defense to protect the first system, instead of simply hardening the first system itself. This is the illusion of security, as what it really does is double the attack surface. 1Pass should remove this “feature”.
If you want the benefits of a Keyfile or a Secret Key just make your master password longer. The only thing they’re doing is adding a random password to the end of your master password.
The 1Password secret key is 128 bits of entropy and you can get that with a 20 character long master password. The encryption key to your Bitwarden vault is 256bits and you can get to that strength with 40 characters.
So, any master password that is between 20 to 40 characters long gives you the same benefit. The only difference is that you can more easily remember a long master password than the random gibberish of a secret key.
I rather have “The boiler exerted 67 debts!” to remember than “ZLM47K9C67UY43UX5FMPSRKFAY425GW4”.
If u got my Masterpassword u can go to my Passwords anywhere from the world.
With Key File it doesnt matter coz u got not the File?
Or im Wrong?
Why would be a Keyfile as Option bad?
ty for replay.