Got kind of a technical question, but hopefully you’re the people to ask.
I’m a customer of Bitwarden, and use the Bitwarden browser extension (on Firefox) most every day. I recently ditched Windows on my personal laptop, and have installed Ubuntu. I do virtually everything on my browser anyway, so it’s worked great.
My question is regarding encryption. I’m in cybersecurity, so I’m aware of how important it is to encrypt the hard drive on any device. Well, the only sensitive information on my laptop is on my browser, since I’m not storing any files locally.
I’ve spoken with a friend who knows Linux a lot better than me, and he says that the only way to encrypt an entire drive is to reinstall the OS. I’d rather not do that, since I now have Linux juuuust the way I like it. He also says that we can encrypt specific files on the drive without reinstallation.
I’ve only used the Bitwarden browser extension, not purposefully storing any password information locally.
So here (finally) is my question: Is there any way, if someone has physical access to my (unencrypted) laptop, for them to access anything from Bitwarden? If there is, do you know what folder that would be on the drive?
I’m not sure if I can answer your question completely. I’m no cybersecurity expert, but I think it’s safe to say that there is no 100% certainty/security here… Anyway, I think the short answer is: if you only consider Bitwarden now, then all your data is stored encrypted locally (Security FAQs | Bitwarden), so in theory, the only thing someone potentially gets should be encrypted data…
But I guess, that – and how strong it (still) is encrypted – depends on some thing you can influence, like
choosing a strong master password
choosing a “strong” unlock method (I don’t know how it is on Linux, but just recently it was discussed, that a good PIN is stronger – at the moment – as Windows Hello biometrics)
when you use PIN unlock, then with “Require master password on browser restart” is the more secure option
a short vault timeout period (–> I added that, because an unlocked vault has data unencrypted in memory – a locked vault not – and if you’re logged out, then the “local vault copy” is even deleted)
Someone wrote a “Bitwarden Hardening Guide” a while ago… - that also has some good ideas in it about what can be done on your side. But not everything is correct in there, so make sure to also read the comments below there! (PS: Ah, and a lot of the things mentioned in there don’t influence the encryption, but serve other purposes.)