I’m a rather new Bitwarden user (migrated from Lastpass). I’m trying to learn more about some of the functions of Bitwarden.
In order to reduce risk on my work laptop, I decided to create a second Bitwarden account as well as an organization. This way, I could keep my financial institution login information off of my work laptop, and only share those slightly less sensitive credentials. This way, even if somebody was able to do something over the network, or even if I just forgot to lock my screen when I walked away, I am less exposed than I would be otherwise.
On both accounts, I have changed my key derivation to Argon2 and set it up to 512MB.
The Bitwarden site claims the following…
“The default iteration count used with PBKDF2 is 600,001 iterations on the client (client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 700,001 iterations by default). The organization key is shared via RSA-2048.”
My question is, how exactly does that work? How does the organization vault get to each member of the organization, and how exactly is that stored? Does my key derivation still play a part in how secure it is?
Thank you for your time.