Bitwarden server 'backups' - learning lessons from the LastPass debacle

My understanding of the LastPass breach was that hackers got access to the LastPass backups.

One risk of storing encrypted backups is that even if a user changes their password, their old (potentially weak or compromised) password could still be used to decrypt the old backups.

My reading of the Bitwarden knowledge base is that Bitwarden does not store backups in the same way that LastPass did, but rather uses point-in-time restore with a seven day retention policy.

Does this mean that if a user changes their password, then after 7 days their old password hash etc is effectively ‘forgotten’ by Bitwarden?

Yes. It also means that there is no “backup database” that an attacker could steal. At worst, an attacker who breaks into Microsoft’s backup servers would acquire a transaction record containing the old master password hash and the old protected key (at this point, it is not clear that they would even have access to the email address that is used as a salt in the hashing process). Even if they were able to brute-force the (old) master password and extract your account encryption key, the attacker would have to successfully breach a different server (or one of your local devices) to acquire a copy of your encrypted vault before they could access your secrets.

1 Like

I think this also demonstrates that Bitwarden’s decision to use Azure’s managed services was correct, because it allows Bitwarden to take advantages of Azure’s security best practices thus freeing up Bitwarden developers’ time to concentrate on product development.

2 Likes

:face_with_raised_eyebrow:You don’t know how your own system works?

I don’t own or work for Bitwarden, I am just a customer.

FYI, Bitwarden staff have a Bitwarden logo in their avatar icons. This is a community forum, and the majority of participants are just users of the software.

1 Like

apologies. “Leader” tag confused me.

The “Leader” title and flair are just things that the Discourse forum software uses to identify participants who have a lot of activity and “trust” on the forum.

How does that work? Is it just account age + activity?

I am new to Bitwarden (coming from LastPass) and also at least 2 very large steps below the knowledge level on this site. So, please don’t laugh and please excuse my ignorance. My questions:

  • Does Bitwarden keep a backup of the vaults?

  • If so, and the hackers got access to the Bitwarden backups, and they were able to brute force their way into my vault, would they then have access to all of the information in my vault?

  • If not, would you be able to explain why (so simple that a kid in kindergarten would have an at least rudimentary understanding of why).

Grb - You already answered one of my early beginner’s questions on another topice and I sincerely thank you for that?

1 Like

Hi @BitCommunity!

Yes they do, but it happens in an incremental way so it is slightly safer than full backups. However, you should assume that somebody will eventually steal the Bitwarden Vaults from Bitwarden. This leads me to your next question which is…

The answer is yes, which means it is absolutely critical that you create a strong Master Password and store a written copy in a secure location. The strong Master Password is what is ultimately securing your data in your vault.

No. This is explained in this thread’s OP by @Sizzle6397 (and in the Help Center article linked therein), as well as in my response to OP.

There is no backup vault to steal. There are records of individual database transactions that have resulted in changes to the vault data, and even then, these records are only stored only for a week.

At least this is my current understanding of the documentation. I may research it further at some point, or perhaps someone who has greater familiarity with the Azure framework will chime in.

@RogerDodger is right: Use a generator to create a passphrase of 5-7 randomly selected words for your master password, and you’ll be safe even if you were to give out vault copies on USB drives like candy. :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy: :candy:

Thanks to both RogerDodger and Grb. I now understand better what is meant by the incremental backup approach and how it limits significantly the issues connected with a potential hack. I already have a passphrase that is of the suggested size and complexity. I really do appreciate the willingness of both of you to help further my knowledge in this area.:white_check_mark::pray:

1 Like

I would say that this is true even at 6 words, unless you are an Enemy of the State.

As per my off the top understanding of BW documentation and Microsoft documentation , backups of vault are kept but the vault data of only upto 7 days earlier can be replicated and any transactional logs older than that are not retained.

Backups of vault would be important to safeguard against any denial of service or incase a bad actor tried to wipe users data from bitwarden servers. Loss of all users data would bring more damage in general than an attacker trying to bruteforce a single users data.
Therefore its in users benefit to keep backups of vault.

2 Likes