I’m no cryptography expert, but it strikes me as wondrous that there should be no feature to distinguish between a one-off typo and an outright brute force malicious attack when entering my password? Like:
I type in my password. I misstype, so I get to try again. Maybe I realise that I’m trying the wrong password. So I get two more attempts. After that, the probability grows that it’s NOT ME AT ALL trying to log on, but a brute force attacker.
At this point, it would be nice to set either a delay for, or outright block, further login attempts, like:
an option in the setup menu to select (ahead of time, of course) that if a wrong password is inserted x times, you’ll have to wait for z minutes before you can try again? And, at its extreme, if a wrong password is inserted x times, it becomes outright impossible to try logging in again and you need the recovery phrase (or even, for very sensitive vaults, access is permanently banned).
Again, I’m no cryptography expert. I’m suffering from major depressive disorder. And I’d just prefer my logins to go with me, should that day ever come, than someone being able to tinker with my bitwarden for as long as they please - even though I’m not frequenting questionable websites…
What you describe is something known as “rate limiting”. Bitwarden does implement some form of rate-limiting, although they are keeping the implementation details of such protections confidential. There have also been recent changes to Bitwarden’s handling of brute-force login attempts, and the effectiveness of these changes have recently been debated in this thread.
Based on the previous forum discussions and other publicly available information, the impression that I have personally (which is just an educated guess on my part) is that Bitwarden’s current implementation of rate limiting is primarily focused on login attempts that fail after the master password has been correctly input (i.e., when the login failures occur because the 2FA or the “New Device Login Protection” verification codes have been incorrectly input).
Unless Bitwarden is willing and able to confirm that rate-limiting and exponential back-off is used when login attempts fail due to invalid master password submissions, I think that this feature request can (and should) remain open.
This tends to false-positive for “saved passwords”. For example at my office, we have a chronic problem with users saving their password in their phone WiFi settings . A year later when they change their password, their account mysteriously starts locking itself out.
Keeping in mind that each brute-force attempt has odds of less than 1 in a trillion, rate limiting does not need to be user-visible. We just need to slow attackers down to “human speed”. For example:
After a single failed attempt, the next connection from that source-IP experiences a 5 second delay before the username prompt is displayed.
After an incorrect password is entered for an account, the next time that username is entered, there is a 5 second delay before the password prompt is displayed.
5 seconds is short enough that humans will barely notice, while still ensuring a brute force attack makes no headway.
This may be true if OP is following best practices for high-entropy master passwords. But it is a good point, so I would like to emphasize to @none that to ensure that your vault cannot be cracked by brute force, you should take the following precautions:
Your master password must be randomly generated using a cryptographically secure pseudo-random number generator (CSPRNG) or a true entropy source (like dice rolls); best practice is to use a passphrase consisting of at least 4 randomly generated words.
Ensure that you keep your master password confidential, and your devices malware-free (and out of the hands of others).
To avoid confusion, could you clarify whether this is intended to be a hypothetical example (or do you have confirmation that Bitwarden implements a 5-second rate limit delay, and if so, what is your source?)?
A password pool 1 trillion entries large has about 40 bits of entropy (~3 random diceware words, or ~9 random lowercase letters), much weaker than anyone recommends today.
An exhaustive search of a 1 trillion password pool if rate limited to once every 5 seconds would take 5 trillion seconds, or 159,000 years. This yields a 0.1% chance of a successful hit in 159 years, much longer than my or my heir’s expected lifetime.
… but yes you are absolutely correct that “long, unique and random” is a critical component to this.
When I said “this may be true”, I wasn’t doubting your math, I was doubting whether OP was using a randomly generated master password.
I believe that you already know this, but the conventional recommendation of a 4-word passphrase is to make an off-line brute-force attack too expensive to attempt.
To protect only against an online attack (with a hypothetical 5-second rate limit delay), a 2-word passphrase would make the probability of success 50% after approximately 5 years of continuous computing (using a single high-end GPU), while 373 centuries of continuous computing would be required for the same probability of success if a 3-word passphrase is used.
