I have just joined the Bitwarden Premium Personal community to secure all my logins and passwords. (This is going to be such a relief I have finally done this).
One reason for the conversion/purification;) is my bad habit of using the same pswrd on several sites, which I know is a dangerous practice…so I want to start afresh with new passwords for each and every login before using Bitwarden. And that means changing more than a hundred logins.
Question is - Is there a streamlined way to change all these logins or is it one by one.
Unfortunately your going to have to do it one by one. You should prioritize your more important accounts such as your gmail and your bank and change those write away. What I did was I just changed the passwords of the services as I used them. This is very useful because the more important account also tend to be the accounts that you use the most often.
There is not, but as Person suggested, you should prioritize the important sites. Change the password on your financial institution first since a hack there would be the most costly. Update your email, too. The bird watcher forum could wait.
OK, thx to you both.
I have all my important stuff including pswrd’s in the cloud with BOX. I have a local copy as well on the drive here.
Can I import them as a group into Bitwarden, then change them as I use them from Bitwarden? Or is it that I have to open up each site, then turn on Bitwarden allowing it to generate a new pswrd?
Another thing came up tonight. On haveibeenpwned.com some of my gmails have been pawned. I had intended anyway but now is a must to change every pswrd. The YT tutorial I got the link to HIBP says never to use a pawned password in Bitwarden.
Any advice on that? Thx again.
I’d suggest taking a look a the reports. If you have a premium account, you can take a look at reused passwords. There will be probably some account, where the counter is pretty high. Pick the accounts that have a high risk and then these that do have a high counter.
If you got the problem of a central user management (same credentials for several different locations), I’d not store them separately but just create one login with several URI. That way, you have no multiple sites with the same credentials. And changing your central password just needs one change. How ever there is a disadvantage to this method, navigating to one of several URIs is not an easy task
Once cracked passwords go into dictionaries, hash collections and rainbow tables. So if I got your credentials from somewhere, I’d check if the hash is within the has collections (which are mostly already broken by someone - even with a regular graphic card, one rig gets depending on the hash type up to several hundred millions of hashes per second computed)… thus, I’d never use a potentially compromised credential again. Not even a part of it. Especially variants of known passwords are not really save…
Personally, I would start using Bitwarden with the old passwords. Then use the password generator in Bitwarden to generate new random passwords for each account going forward using the suggestions of the previous posters. Be sure that you specify that numbers, caps and small letters are used (with special characters for those sites that permit them). Each new password should be a minimum of 16 characters long. If you want to know the reason for this suggested length, read here:
PS-- My other suggestion is to check the box for “Avoid Ambiguous Characters” for generating new passwords. While it does compromise the theoretical security of your passwords by eliminating certain characters, it can save your problems with figuring whether the character in a password is 0 or O, I or 1, etc. (Depending on the font, this can be an issue…)
