Are our passwords really safe on your servers?

Hello everyone.
As with all online password managers stored on external servers, a question always comes naturally:
Is it true that none of the employees who manage the servers where our passwords are stored can access our passwords?
It may seem like a trivial question but it is extremely important.

Yes, it’s an important question, and the answer is that no one with access to the cloud server data (whether an employee or an intruder) has the ability to read your passwords (unless your Bitwarden master password is not secure).

If your Bitwarden master password is unique (never used for other purposes), confidential (never disclosed to anybody else), randomly generated, and sufficiently long (e.g., a randomly generated 4-word passphrase), then the passwords stored in your Bitwarden vault cannot be accessed by anybody but you (the only exception being if you are being targeted for attack by an adversary who is willing and able to spend millions of dollars to crack your vault master password).

3 Likes

Yes it is true, but no need to trust us random netizens. Bitwarden has an FAQ on exactly this topic, a white paper that delves into the details about how their encryption works and for the truly paranoid they publish their source code on GitHub.

But @grb is exactly right. You need to do your part by selecting a great master password. Additionally, you ought to configure your vault to require MFA to login. It is OK to keep it logged in and use biometrics to unlock, but the login itself ought to be MFA protected.

And because all of this increases the risk of locking yourself out, create an emergency sheet and an occasional backup.

Thank you so much! Now I understand! I asked this question especially after seeing how the maintenance of servers of important companies is done. For example I saw an employee where he goes to check the servers with a PC.
Thank you so much for clarifying this doubt for me.

1 Like

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.