Lost security if logged into bitwarden

Mike211 · June 16, 2021, 9:02pm

Note: Your question may already be answered in the Bitwarden Help Center.

If I am logged into bitwarden for several hours at a time, will my sensitive accounts in My Vault be compromised?

danmullen · June 16, 2021, 9:46pm

Hi Mike,

I’m not sure if I understand the question. If you are logged into Bitwarden and someone else gets access to your device, then that would be a problem. Always lock your screen when you leave your PC, and make sure you have security set up on your mobile device, such as a PIN or biometric access.

Providing you keep your devices secure, I don’t see an issue with being logged into Bitwarden for a prolonged period. Personally, I’m almost permanently logged in!

Mike211 · June 16, 2021, 10:41pm

I don’t know how hackers get into a person’s computer, but if that were to happen and if we are always logged into bitwarden, would the hacker not have access to our sensitive information?

Ben86 · June 17, 2021, 2:01am

Hackers rarely get into a computer. They’re almost always invited in when someone runs something they shouldn’t. There are rare cases where there are browser security issues that result in “drive by attacks”. An example of one such would be an Ad that exploits an exploit in a browser.

The safest ways to use bitwarden are the desktop or mobile app. The mobile app integrates into the OS, but the desktop app cannot. This increased account security comes at the expense of convenience and potentially reduced password security since you have to copy+paste instead of auto-fill.

Nearly every attack takes advantage of one of these

Phishing
Weak or reused password
No 2FA
Unpatched browser
Unpatched OS
Running untrustworthy programs

Follow these rules

Keep your OS up to date
Keep your browser up to date
Use a strong(14+ chars) and unique(not used anywhere else) password
Don’t install/run software unless you know what it is and is from a trustworthy source
Use 2FA (security key >>> TOTP>>>>>>> everything else)

frank1940 · June 17, 2021, 12:47pm

If this is truly a concern to you, use a secure password (of fourteen or more characters) and than manually append a simple (easily) remembered ‘word’ of three or four characters to complete the password for those sensitive accounts. You can use the same ‘word’ for all your accounts…

Mike211 · June 17, 2021, 2:58pm

frank1940, that sounds like a good idea for my sensitive accounts. Can you possibly explain how I would manually append my passwords?
Many thanks,
Mike211

dh024 · June 17, 2021, 4:15pm

I think he just means create a password on your sensitive sites that ends in an easily remembered word or pin (say 4 characters long), but don’t store those last 4 characters in Bitwarden. When you login to the site, have BW paste in the portion it stored and then you type in the rest from memory.

It is a good solution because if anyone were to access your BW vault items, they don’t have enough information to login to your sensitive sites.

frank1940 · June 17, 2021, 4:36pm

Even better. Here is a YouTube video that explains how-to-do-it. (I would always use the same ‘phase’ for all of the ‘salted’ passwords.)

https://www.youtube.com/watch?v=wMvWL-sKu54

Mike211 · June 19, 2021, 2:40am

Works like a charm! Thanks guys!