Bitwarden Roadmap

I think it is about sharing items with a single user https://community.bitwarden.com/t/item-sharing/238

1 Like

As I mentioned in the chat at todays presentation, I would like to see Bitwarden take some sort of tact like Google with it’s Advanced Protection, and similarly Microsoft’s offering, to eliminate Master passwords altogether. For my Google, Microsoft, and when I log into work in the morning, I use a FIDO2 key (Yubikey) that is PIN protected. I have multiple keys to prevent being locked out, and it gives me the protection of MFA (something I know PIN and something I have, Yubikey). There is no risk of getting my master password compromised if I don’t have one at all.

I forgot to add, here’s a link to Google’s offering: Advanced Protection, and Microsoft’s offering https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

Thanks for the feedback David! Bitwarden is part of the FIDO alliance and keeping a close eye on emerging security trends and passwordless solutions, stay tuned for future updates :+1:

Hey everyone, the Bitwarden Roadmap 2022 graphic above has been updated, you can watch the product team walk through the roadmap in the most recent Vault Hours session.

1 Like

Any plans to support storing FIDO2 passworless credentials, but being a FIDO2 authenticaor? I don’t want to be locked into a platform solution for FIDO2 passwordless. I would prefer to use Bitwarden and have access to these across multiple operating systems?

1 Like

See here: Store WebAuthn/FIDO2 Credentials in Bitwarden - #4 by go12

Sorry, I’m going to ask again, but what about a real backup, meaning a encrypted export with a key independent from account encryption ?

I’m still frustrated and also worried not being able to do a real simple and secure backup of a vault with all the password I own.

Last time, a crew member said that not everything is on the road map and, if I remember well, a blog or someone found something into the code about a feature like this, but no news since.

Is there still hope for this ?

2 Likes

Hey @TiTwo102, this is currently possible with the Bitwarden CLI using the export command :+1:

  • --password <password> to specify a password to use to encrypt encrypted_json exports instead of your account encryption key

I’ll pass on feedback to the team regarding being able to do this with other clients.

Thank for the reply.

I get it’s still better than nothing, but it’s a workaround that is not really user friendly (I bet > 90% of people reading about CLI won’t understand a single line), plus it seems like it doesn’t work on phone or tablet, which are the most used tools to access internet.

Really hope it will come in the near future.

2 Likes

Thanks @TiTwo102, rest assured I’ve passed the feedback along to the team.

Hey @TiTwo102 - in the meantime, I highly recommend storing unencrypted JSON backups to an encrypted volume on your PC, such as a VeraCrypt volume (works on Windows, Linux, or MacOS).

On mobile, both iOS and Android have either built-in and/or third-party functionality to create password-protected, encrypted folders, so you can already store unencrypted JSON exports from Bitwarden securely.

1 Like

Sorry, but just clarify (@TiTwo102 or @dwbit):

The current feature in the Chrome Addon is insufficient as the encryption key is not independent of the account key?

Hey @ZamboniDriver both options are valid :+1: In both cases, you are still responsible for maintaining credentials needed to access the encrypted vault.

Vault data can be exported in an encrypted JSON file. In most Bitwarden apps, these exports are encrypted using your account’s encryption key, which are generated on account creation and unique to each Bitwarden user account. The CLI has a unique option to encrypt the file with a specified password.

Rotating your account’s encryption key will render an encrypted export impossible to decrypt. If you rotate your account encryption key, replace any old files with new one that use the new encryption key.

Account encryption keys are unique to each Bitwarden user account, so you won’t be able to import an encrypted export into a different account.

What do you mean by enhanced localization?
Is that referring to folders?

Are we finally getting this thing sorted out?

The team is aiming to amalgamate localization projects, as right now, separate translations are required for 4 different projects. Can you provide more context on folders and getting it sorted out?

There is more of this, but those two feel like the most important.

I have been a premium user for over a year, and not much changed in relation to folders.
It is weird to me that when I think of sorting folders and passwords, it seems way easier to export password to KeePass, then fix all folders/passwords location etc, and then import back to Bitwarden. Because in KeePass you can easily drag and drop folders and passwords.

Thanks for clarification, yes, vault item labels will improve ability to tag/organize vault items.