Add (optional) Secret Key functionality (Like 1Password) or keyfile (Like Keepass)

A Keyfile is a workaround when 2FA is not an option. Bitwarden has a 2FA option so it’s better to use that.

2 Likes

I use 2fa.

So if Bitwarden get hacked I would sleep better if its only possible to unlock the Tresor with my device.
Not alone with Masterpassword.

Not sure why it will be so a problem for many ppl to have a Option they dont have to use. :slight_smile:

1 Like

Your secret key and/or keyfile is nothing more than another password that gets added to your master password so if you want the benefit of it just make your master password longer. There is no point in adding a feature when you can get the benefit of the feature now.

If you want to bring in a device look into Yubikey Static Passwords. Just be warned, you’re making your life harder than it needs to be.

1 Like

Its not the same to have a longer password.

You just only need my Password to encyped my Tresor.
With file u need both.

But OK its your opinion.

I would be happy to have a Option for that.

1 Like

Well, the secret key is something I did not like in 1Password. If you need to login from any other device and have your secret key not with you, you cannot access your passwords.

This may and should be rarely a case but it may happen.

To get access to your BW entries, two things are required

The hacker must have your vault and he / she needs your password or must crack it (may be possible depending on PW length and computer power in future.)

In any other cases 2FA is a layer that is enough as it secures logins from the BW login page or the apps.

The most secure layer to your password is your brain. Keep it in mind and don’t Tell it anyone. If you write down, keep it in a bank safe.

It you want to ensure that in the case of cases no one can access your accounts, add a salt to your passwords that only you know and which is not saved with your PW in bitwarden Just add it to the Pw field after bitwarden filled the part it knows. Because a hacker would not know this salt, passwords will become useless for him / her :wink:

2 Likes

Not bad. Thank You!

The improvement provided by Secret Key (or keyfile) cannot be replicated via longer master password.
Secret Key is entered once per device and stored (directly or via derived key) on the device.
Combination of encrypted data, secret key and master password is required to decrypt.

Therefore stealing master password (say via keylogger) is not enough to compromise data; attacker also needs to steal secret key (or keyfile), which presumably is entered or copied very rarely, once per device; so device compromise is likely required.

2FA does not mitigate this completely, and is nearly orthogonal feature.

To summarize i believe this is valuable improvement for Bitwarden.

3 Likes

I am amazed how many people have been convinced of the need for a key file by 1Password marketing. The key file is a way of adding a function like 2FA to a web sync “offline” password manager. This is where 1Password came from (before they brought in syncing through their servers) but rather than remove this largely ineffective functionality they decided to market it as a security enhancement, and it looks like it worked. The only benefit you get is if you use a weak master password, then it reduces the chance of someone breaking into your vault with a “stolen passwords” list. For web based password managers like BW 2FA is the way to go.

Let’s look at some of the attack vectors and concerns from above.

  • Hacking BW servers: If you have a long complex password it is going to take centuries to brute force the vault. As I mentioned above the key file will provide some protection for those who are using weak / reused master passwords, for everyone else they are not getting into your vault.

  • “Keyloggers” (or other malware on your machine): A much more likely attack vector. Modern “keyloggers” do not just log key strokes. They also capture the clipboard, screen capture and allow file transfer both ways. So once they know you are using a key file it is trivial to transfer that, though it is more likely that they will just grab the unencrypted passwords from memory. Basically if you have malware on your machine it is “game over” as they can access almost anything.

  • Shoulder surfing. If you have a decently complex password they will not remember it anyway. Besides you shouldn’t be typing in an important thing like a master password if someone can see you. Even if they get the password remember they have to get onto your device to use it as 2FA will stop them downloading it to their machine.

Now lets look at the negatives:

  • You cannot access your passwords from a new machine. Example you are traveling away from home and your phone is stolen. You can’t access your passwords on a new phone or a friend’s laptop to log out the old phone / disable accounts etc. You have to wait until you get back to another one of your devices.

  • Lost key file. Most people are bad with backups, really bad. A high percentage will lose the key file. I know people who have done this…

In summary, use 2FA, and have a long complex password.

4 Likes

FWIW, I picked 1password over bitwarden because of the lack of the secret key.

The reason that the secret key is important is that a password that you have to type frequently is more of a pin than a password. This makes it much simpler to brute force because the password that you type frequently won’t be “6Gs&XIaC/@Uxx’0B” but something like “[email protected]”.

To the point of “malware will always be able to get your local stored key”, that isn’t necessarily true and it depends on your OS and browser. AFAIK Chrome encrypts the local storage and the encryption is based on the OS. On Android and iOS this should be very secure. On ChromeOS there shouldn’t be a way to get access to the raw files unless there’s an unpatched vulnerability.

The combination of the above two mean that your secret key will be many times more secure than just a password that you type frequently and in front of others.

Finally, 2FA doesn’t add any security at all over a compromised server-side. At some point bitwarden will be hacked (just like any other password manager service). That’s the reality for all companies. At that point the only thing protecting your passwords from whoever possesses your password “file” will be your master password.

1 Like

This isn’t the way Bitwarden works. You should read the post before your own. Bitwarden is far more secure than you realize.

2 Likes

That’s the comment I responded to. I’m not sure what’s not clear. That comment says “If you have a long complex password” and “Basically if you have malware on your machine it is “game over” as they can access almost anything”, to which I replied. I’m also not talking about a key file because that has its own insecurities. I’d say that you should read my comment again or at least be a bit more specific than “Bitwarden is far more secure than you realize” which I’m not even sure how to process.

2 Likes

I would encourage you to have a look at the help pages that Bitwarden provides so that you understand their security model better. To state that someone who gained access to a BW server would be able to unlock a customer’s vault with nothing more than the customer’s master password is not accurate.

I would also argue that if you follow Bitwarden’s advice and create a strong, unique master password that cannot be easily guessed, there is no practical benefit to extending the credentials with a required security key. The disadvantages of requiring a security key are significant, however, and they are already summarized above.

https://bitwarden.com/help/article/bitwarden-security-white-paper/
https://bitwarden.com/help/article/security-faqs/

If you feel more comfortable with having the secret key then go with 1passwword. There is no point using a password manager you do not feel comfortable with.

However lets stop the flow of incorrect information:

  1. Regardless of what manager you use you need a long complex password. You assume people will use a short simple password just because they have to type it a lot. A complex password takes no more time to type than a simple one, and in fact because you type it often it is easy to remember a complex password. I use a password much longer than you examples, and typing it is very quick, simply due to practice.

  2. If you are logged in to your computer, then by necessity you can read / write to the drive. So malware can access anything which is not separately encrypted (like a locked password vault).

  3. Both Android and iOs are not secure. Mobile phones are an easy attack vector. It is hard to get a good number for how vulnerable they are but I have read a research paper (not some internet webpage of unknown source) which was showing figures of 90% of bank crime is now via hacked phones. Personally I do not keep passwords on my phone except for brief periods if I need access while traveling.

  4. As I stated previously you should NEVER type your password in front of others, and it should be long enough and complex enough that it cannot be remembered if someone did see it. I guess someone could video you typing your password in and get it that way, but what on earth are you doing typing in your password if someone is videoing you!

  5. If someone compromises the server, everyone thinks about brute force. It is just not practical. The easiest way into your passwords is via one of your devices, because your passwords are unencrypted at that point. I would expect someone who got into the server to first try using a list of common or stolen (reused) passwords. That would probably give them a good number of unlocks. Anyone with a good password is safe. The only exception would be if there is a flaw in the encryption of the password vault, but that applies to all password manager, so choose one with solid encryption.

A lot of your argument seems to be “if I do everything wrong, use a short simple to remember master password, and let people see me typing it in” then I am at risk. Yes of course you are because you are not following good practice. In your situation I present the following scenario:

  1. Bad guy sees you typing in your short easy to remember master password
  2. Bad guy steals your phone
  3. Bad guy opens your password manager and your accounts are now theirs.

1passwords secret key did precisely NOTHING to help you.

Solution use a long complex master password, and DO NOT type it while others are watching.

1 Like

xyzzy, thanks for the detailed response. I understand your point but I think that you haven’t done security for multiple people. Your answer is based on what you or I can do. See below for details but keep in mind that I can do much better than the average and probably so do you. I’ll answer your individual points, then talk a bit about threat models.

Regardless of what manager you use you need a long complex password.

That’s true. But what you type every day is a pin, not a password. As a human, you can’t remember multiple long complex passwords. And even if you can, most can’t. You also have tolerance in how many characters you are willing to type. That’s why you need a string password for infrequent typing, and a pin for frequent typing.

A complex password takes no more time to type than a simple one

Think of 10.000 users, not you. What are the chances that most of them will use a strong password?

If you are logged in to your computer, then by necessity you can read / write to the drive. 1. So malware can access anything which is not separately encrypted (like a locked password vault).

That’s not true. You can’t access my bank’s OTP seed on my Android phone even if I give the phone unlocked to you. What you say only applies when you don’t have trusted hardware. Android, iOS and ChromeOS operate under trusted hardware for most people and that restricts what can be extracted, even by the user. You’d need a rooted version of the OS to be able to extract data from the internal storage. And rooted OSes are insecure by default.

Both Android and iOs are not secure. Mobile phones are an easy attack vector.

I’d like a citation for that.

90% of bank crime is now via hacked phones

Again I’d need a citation and a date but that also doesn’t mean that 90% of the phones are being hacked. Even if 1% of the phones are being hacked, the remaining 99% isn’t. And the numbers get better every day.

As I stated previously you should NEVER type your password in front of others

You always type your password in front of others. Either friends that you trust, or in a public place, or close to a camera, or in an airport with security surveillance, etc. This all depends on the threat model. Saying something blanket like that isn’t meaningful without a defined threat model.

If someone compromises the server, everyone thinks about brute force. It is just not practical

It may not be practical to brute force a single user, but over 10.000 users it is a different story.

A lot of your argument seems to be “if I do everything wrong, use a short simple to remember master password, and let people see me typing it in” then I am at risk

I’m actually not describing this threat model. My worry isn’t that someone close to me will target me. It’s the server-side that worries me most, and someone living at the other side of the world. See again the threat model.

In your situation I present the following scenario:

Bad guy sees you typing in your short easy to remember master password
Bad guy steals your phone
Bad guy opens your password manager and your accounts are now theirs.

Two things:

  1. Phones are more secure than that. Phones nowadays have fs encryption, are protected by a pin, password or biometric security and auto-lock after failed attempts.
  2. The average person will find out that someone took their phone quite fast (less than a day).

The above two mean that you’ll know that someone took your phone and you know that they can’t unlock it easily, so this gives you adequate time to remote wipe it. Even without network connectivity, the phone will brick itself. And then there are other countermeasures for corporate phones that can make them even more secure.

Threat models

Every security model starts with a threat model, otherwise it makes no sense. So when you describe the security model of bitwarden you should also describe the threat model it focuses on. What you say makes sense for someone that is security conscious and you seem to focus on the threat of a local actor. What I’m describing is this:

  • Having 10000 non-security conscious users (i.e. average users) who have an average Android phone or iOS phone or Chromebook or even a Mac.
  • Bitwarden suffering a data breach.

Final thoughts

The current bitwarden model is less secure than using keepassx and storing the database on Google Drive.

A Secret Key is the equivalent of local 2FA. To decrypt a stored password you need something that you know (the pin / master password) and something you have (the secret key, stored in the local storage of your device). The argument against a secret key has very similar answers to an argument against 2FA. Ideally the Secret Key would be stored in the device in a way that it can’t be extracted (so it’d be the same security model as 2FA) but a decent similar model is a Secret Key that the user types once.

I recommend having a look at these:

3 Likes

Ensuring organizational users adopt a secure password is possible. Here is a link that you may find useful and should help to alleviate your concerns:
https://bitwarden.com/help/article/policies/#master-password

David, I gave a fairly long answer to this. Please see the links I provided, especially #1 and #3, and please describe the threat model you’re referring to before discussing the effectiveness of a solution.

Everything is possible but when you’re talking about 10000, potentially non-technical, users then what’s possible is less important than what’s statistically probable. Of course Bitwarden could enforce a 64 character password with plenty of randomness. But there’s a reason that that isn’t feasible. See also my very last point about a secret key being somehow equivalent to 2FA for local storage. The exact same arguments were made by people that were against 2FA in the past.

1 Like

Sorry - I should have been more clear. Your argument for using a security key seems to be based on the idea that users cannot be trusted to create appropriately complex passwords. My response was meant to show how Bitwarden already has a mechanism for organizations to overcome this by forcing users to create suitably strong master passwords.

Reasonably secure master passwords are inconvenient to use. This is why in many implementations a short(er) password or pin is substituted for a master password stored on the device/computer.

There is a variety of scenarios where typed master password would be exposed while stored secret key would not:

  • shoulder surfing or camera
  • accidental paste into wrong window
  • browser keylogger extension

For most purposes secret key can be handled as part of master password stored in the filesystem.
This would not be as good as cryptographically combining those two components, but i believe would serve the purpose (and be optional for users which want to deal with this extra hurdle).

2 Likes

I believe I’ve said this before in this thread but I’ll say it in a different way.

If you want a secret key for Bitwarden then generate a random 32 character alpha-numeric password (or longer) that you use as your master password.

Then use the PIN or biometric unlock for easy access to your vault.

You get the same benefit that the 1Password secret key offers and you don’t force everyone else to have to change how they use Bitwarden. Just make sure to write down your master password and keep it safe.

1 Like

This is what I currently do, using a long master key stored within an encrypted ZIP file, the password of the ZIP being simpler and memorable. While I agree that it does accomplish the same end result, many further steps are required to sign in and maintain the security of your account.

  • The ‘key’ is the master itself, meaning if someone gains access to it then your security is compromised. With a keyfile + password, gaining access to only one is (mostly) worthless without its counterpart.
  • Ideally the master key should be encrypted in storage, requiring additional tools (eg. 7zip, key/password generator and text editor).
  • The android app seems to only support numeric PINs (though if available, biometrics fixes this).
  • The current PIN system means the PINs/passwords can differ between client instances. For instance, the chrome extension may have a different password to the android app.
  • A PIN needs to be manually configured for each individual client instance.
  • Entering a long master key on a new device can be difficult and painful. With a keyfile, it’s solved through a simple file selection dialog.

Introducing a keyfile security system would provide the following benefits:

  • Encourage users to have much stronger master keys, even if their password is somewhat weak.
  • Reduce the security impact from a compromised password.
  • Greatly simplify the sign-in process while maintaining (or improving) security.
  • Ensure consistency between installations by requiring the password component to remain identical.
  • Make it absolutely impossible to decrypt any data, should the backend server database be compromised. While the master key derivation algorithm does make this much more computationally expensive, the security still depends entirely on the predictability and entropy of the user’s master password.

Additionally, Bitwarden could implement QR code logins to allow easy transferral to portable devices. For instance, the browser extension could have a “set up new device” button that displays a QR code encoding the secret key (keyfile contents) and email address (and preferably self-hosted URL if configured). The user would just scan the barcode from the android app, enter their simple password to unlock, and they’re in.

In my opinion, this is a massive oversight for what’s essentially an internet-connected online password storage system. Security should be one of the fundamental components, which is being undermined by the lack of support for keyfiles.

2 Likes