Discussion of Safety vs Risk vs Convenience

In the above referenced thread: “Assessing Security & Safety vs. Convenience for Log In & PIN Options”, among many good points and questions, the author advised the following:

I had hoped there might be a bit of a white paper or similar on this taking you through the options with some sort of guidance on best practice (likely annoying to do) vs. a couple of levels of convenience & scale of the related risk; but only found the basic info in the FAQs

As such, a Sticky Thread (White Paper if you will) addressing the subject of Safety vs Risk vs Convenience may be prudent to compile.

All of us have differing levels of understanding regarding best security practices when using a password manager. But, it’s assumed that we’re all interested in device and Internet security, because we are choosing to use a password manager.

Setting up a password manager like Bitwarden, has many pros and cons associated with how its done. What I’m seeking is an understanding of the pros and cons of enabling or disabling certain login options when compared to convenience. This is so I can make educated decisions about what is right, or what could go wrong, relative to my specific needs and devices. For example, I believe always logging out and locking the vault would provide optimum security. But as frequently as I’m in and out of my (always at home) PC and its browser(s), doing so would be a distinct inconvenience. The same would NOT be true for an on-the-go laptop – i.e., security is paramount.

So, an education relative to the why’s and how’s of starting and running Bitwarden, would be helpful. For example, what are the downsides of choosing to do “A”, “B” or “C”, when we are using a static (in-home) PC vs a portable PC, vs a cell phone etc. It would be most helpful to couple that, with providing the specifics of how best to log-in and setup Bitwarden relative to:

  • The device types we own
  • Our desired security needs (Which could be a tome in and of itself. Because while I have some clues, I admit the differences and downsides between buttoning everything completely down vs some lessening and even more lessening, is pretty questionable – i.e, worst disaster planning case & inconvenience vs some convenience & even more convenience)
  • What we can expect (upsides/downsides, security wise), when we choose to do “A”, “B”, “C” etc.

(Note: I would consider Multi-factor and 2FactorAuthentication et al. to be topics separate from this one). In fact, in some ways, I understand those better than how best to setup Bitwarden’s logins and logout needs for my particular circumstances – the what could happen if I do “A”, “B”, or “C” etc.)