What’s the most secure way to input the master password?
If you make the password sufficiently complex (entropy), it’s difficult/burdensome to manually input multiple times a day. Also, keyloggers can detect it. If you copy/paste it, you’re vulnerable to clipboard attacks.
Is there an accepted best practice? Obviously, this is a critical password so I want to input it in a way that is as ironclad as possible.
I do have AV that I trust (and I know that it’s supposed to stop such attacks) but I want to take it to the next level and still ensure that I’m doing it in the safest way in case it fails.
On that note, does entering it in the extension and/or at the site itself store the password in a cookie or otherwise susceptible to session hijacking?
Hoping someone has devised a method that is as safe as possible.
Thanks in advance for any insight!
Yes, just type in your password. You must be able to trust that the device you are using to access BW is secure (e.g., your home or office computer that is physically secured and protected from malicious software, as opposed to a shared machine in a coffee shop). If you don’t have trust in the device, don’t use it to access your password manager.
Your password should be sufficiently complex that it cannot be guessed or brute-force attacked, but at the same time convenient enough that you will still be able to type it in. See:
There are two additional things you can do to strengthen the security of your account:
- Employ two-factor authentication on your devices as a second measure of security - BW can remember these devices, if you like, so that you aren’t always confronted with a 2FA challenge every time you login. See:
Note that there are more 2FA options if you are a paying customer.
- If your master password is cumbersome, you can also elect to lock access to your vault (after a successful login) with a PIN code that is only used locally. This is a great option for making access to your vault more convenient. See:
You’re one helpful regular ;]
I do trust the device I’m inputting the password on. I’m thinking the most secure way would be to utilize an on-screen keyboard and also set up something like spy shelter to encrypt keystrokes. Copy/Paste is just too insecure to consider and I also don’t think the password should be stored locally on a device. It is a very strong password.
2FA is enabled with a hardware key but, at this time, cookies are automatically deleted when the browser is closed so the device is not being remembered. Extra steps each time but I’m willing to be inconvenienced for the additional security.
I’m familiar with the PIN but have read various thoughts about the security of accessing the vault in this way. Is it widely considered to be secure at this time?
Any thoughts about the cookies / session hijacking question?
Thanks again for your thoughts!
Perhaps others will chime in with their opinions, but I don’t think there are absolute answers to most of your follow-up questions. Using a password manager always comes down to a balance between risk of exposing your information vs. convenience. You will have to decide where to draw the line.
The best way to do that is educate yourself about the Bitwarden platform and the security measures it uses. The help documentation is a good place to start. Also, here is another good document:
I’m perhaps oversimplifying things here but, in general, just having 2FA enabled is going to protect you from the vast majority of attacks. Even if someone managed to get hold of your master password, they aren’t going to gain access to your vault without also gaining control of your second factor.
It all comes down to your personal threat level. Unless you are being highly targeted, I wouldn’t worry about using the built-in security features, such as unlocking with PIN, etc.
If you are that afraid of malware, keyloggers etc, then you can switch to a less popular OSes. Like MacOS or in my case, I choose Linux. What could be a malware on Windows doesn’t work on Linux.
If your computer is infected this won’t help much at all.
The PIN for Bitwarden is very secure if you ask me. It’s local only to your device and 5 failed attempts returns it back to the master password. The PIN is not a replacement for your master password, it’s just to make your life easier.
The security you’re looking for does not exist and won’t ever exist. So long as you keep your computer up to date and run anti-virus you’ll be more than fine.
I don’t know your threat model but it’s best to not overthink these things as you could end up only locking yourself out. I follow this list of advice and think it’s more than good enough for most. 15 Rules for Better Computer and Internet Security | Password Bits
Thanks for the reassurance! Hopefully, at some point, we’ll be able to see failed login attempts but hardware 2FA is tough to beat.
Stuck with Windows I’m afraid (for work) but I definitely understand where you’re coming from!
Yes, I read an article today that made a lot of sense in regards to keyloggers…which echoed your sentiment that the best approach is to stop malware from getting on the PC in the first place.
I appreciate what you’re saying about mindset and not overthinking. I tend to fixate until I feel comfortable so I can worry less moving forward.
That is a great link and quite useful!
To add to what the others have said, consider all forms of attack. Are your disc drives encrypted and do you need to type in a code before your computer starts to boot?
Also, there is no single answer to making things “most secure”. If you want to be most secure then don’t buy a computer, if you do don’t turn it on. If you break the first two rules then don’t connect it to any network. If you break all three rules then you are into balancing risk and convenience, amongst other things.
Great advice - thanks!
Do you suggest BitLocker for encryption?
Can I ask what you mean by “do you need to type in a code before your computer starts to boot”? Are you talking about the Hello PIN?
Bitlocker FULL-DISK-ENCRYPTION should be good enough for WIndows. Remember that you now have to manage two secure passwords to remember and have backups.
This directs to the FULL-DISK-ENCRYPTION, Bitlocker for Windows, LUKS for Linux etc. FDE can also be configured to encrypt your boot partition for further security and less convenience. Windows Hello is another option but I’m always skeptical with biometrics.
To add to what breh typed, Bitlocker, despite being a Microsoft product, is reasonably effective at what it does. There are a few ways that it can be setup though.
In “don’t worry your pretty little head about it mode” it can be setup so that one doesn’t need to do anything when Windows starts up. That’s the way Microsoft encourage people to use it. That perhaps shows what they think of people who use their software.
It can also be setup in a few more secure ways, full information available online. On my computer there is a PIN/password on startup, using key material locked in the TPM. One has to do that before the computer starts Windows. When Windows starts there is also the logging into Windows stage, where there are a couple of pathways to get into Windows. One of them is Windows Hello. However, I wouldn’t trust Microsoft’s biometric stuff so it uses a FIDO2 security key for that pathway.
Other operating systems have something similar, though Microsoft charge extra for these facilities, something which I don’t like.
Thanks again for the information!
Can I ask if FED is primarily to protect against local threats (i.e. someone at the computer) or does it also offer protection from online threats as well?
I’m not concerned as much about security locally but more so with all the news (and old) online threats and scams that have multiplied since the pandemic started.
Excellent information and really helps me understand this better. I think I would set it up more securely as you mentioned.
Any thoughts pertaining to my recent question regarding if FDE protects against online threats as well as locally?
Or is it primarily to protect against someone accessing a PC directly / in-person?
To some extent the answer to that question depends on how you are using FDE.
If you are storing data on the system drive then there is what one might call a driver live in memory at all times. That intercepts calls to/from the drive and encrypts/decrypts the data as it passes through the driver (extremely simplified description for clarity). For the operating system to work that drive has to be accessible and there is only so much that can be done to prevent unauthorised access.
On the other hand, if your data is stored on other drives then you can essentially turn them on and off as you wish, though most people will leave them on all the time (I do). This might give you slightly more protection, though not much.
The bottom line is that if your computer is infected with something nasty then there is only a limited amount that you can do to prevent loss of data. It is better to keep it out than try and defeat it after it is on your computer.
In other words FDE is more for guarding against physical loss of drives than remote attacks. If someone was to steal my computer, or just the drives, then they would not be able to do anything with the data on it, all they could do is reformat the drives and use them as blank drives.
Try to avoid using public computers