Dumb questions from total n00b

trying bitwarden free version to get the basic idea and have some very rudimentary questions.

i seem to have successfully set up a bitwarden account and can log in. i also set up the firefox extension. i’m doing this in kubuntu 20.04, btw. i’ve also imported a keepass xml.

first, is the data i imported, along with anything else i input, i guess, stored in a bitwarden cloud or is it local someplace on my machine?

second, i see people saying i can use bitwarden from any machine, like if i’m away from home i can log in to my account from a friend’s or public computer and have access to any of my passwords. that just doesn’t sound right to me. how can that be done safely? what if there’s a key logger or something on that machine?

third, i’m seeing snap as the preferred install method for ubuntu based systems. is there no apt based install choice? wouldn’t that make updates easier?

thanks,
babag

thanks, gottabeleGIT. helpful indeed. number two sounded crazy to me too. for three, i’ll have to look into the .deb part. seem to recall something about that not working well with updates, which i’d consider very important with a tool like bitwarden, but it could have been some other format i saw that about.

thanks again,
babag

1 Like

You are right. But this risk can be mitigated (a little) by using multi factor authentication.

2 Likes

The answer to your first question is that your data is essentially stored, heavily encrypted, in the Cloud. When you start Bitwarden then a copy of that encrypted data is downloaded to your computer/device and decrypted on the device. That local data is then used for accessing sites. When you make changes, such as adding a new login, that is encrypted on your device and synchronised with the data in the Cloud.

All encryption/decryption is done on your device, what is transmitted and stored in the Cloud is encrypted. The software is open source and the robustness of this method of operation has been reviewed by brains far greater than mine (and possibly by yours). A few weaknesses have been spotted and fixed by this openness.

Those who wish to don’t have to use Bitwarden’s storage don;t have to. If you have the skills you can setup your own storage and use that. Bitwarden go to great lengths to show/enable people how to do that, if they want to do it. This removes any nagging fear that Bitwarden may doing something dodgy. Those who do that are responsible for keeping their server up to date though, so need to balance the risks.

It took me some thought to overcome my initial objections to the concept of a password manager, but I am now happy with the way it operates.

On your second point, as another poster has typed, this has dangers. You need to decide for yourself whether this is acceptable to you in each case, but yes a keylogger is a threat.

I can’t even remember how I installed it on a Linux machine. However, whatever I did it was painless and it keeps step with other installations on phones and other computers.

thanks for the detail, davidz. wish i knew what that linux install method was that keeps version updated.

thanks again,
babag

I don’t use Linux regularly myself so haven’t got personal experience but any officially supported version of Bitwarden is listed on the Downlosd page. Scroll down and click the “More desktop installation options” link to see that multiple Linux installers are available. Those will be kept updated by the developers.

Isn’t the threat of keylogging mitigated by copying and pasting? Or using an onscreen keyboard would also reduce, if not entirely do away with, the risk.

A

Whilst that is certainly true, my understanding is that logging in to the vault from any browser would give you access to your passwords. I have used that method in the past.

Should I not have done that? :open_mouth: