New user: tons of questions

Hi to all
I’m a new BW user and I have tons of question, hoping someone could reply here:

  1. can I use BW in off-line mode, in example, on a PC not connected to internet ?

  2. how does web vault work ? I know that BW is encrypting/decrypting on our local device, but Vault is on cloud, the whole encrypt/decrypt is made by javascript (so, on the local browser)? In which ways data are fetched from BW cloud ?

  3. how can I backup a BW database ?

  4. Let’s assume a brand new pc. To use BW I have to login or, in some way, i’ll be able to restore a DB and open it manually (like with keepass, just open the encrypted file…)

  5. which is the database format used by BW ? Is something I can manually backup to Dropbox or similiar ? (like keepass)

  1. You can use existing credentials but you can’t add or edit any. In order to sync and get the latest version of your vault, you will need to connect to the internet or at least to a network that has access to the BW instance you sync with (internet if not self hosted)
  2. Data is fetched encrypted from the server and is only decrypted locally in your browser.
  3. You can export your vault data
  4. You’ll have to log in, then the sync process will fetch all your data in the app you synced whether it’s the browser extension or the desktop app. I don’t know how the CLI works.
  5. It’s a requested feature : Synching with ownCloud/Nextcloud, Personal Cloud Synchronization
2 Likes

I have tried with airplane mode and there is no way to use BW as is asking for login, login that is always unsuccessful because there is no connection to the server

How can i access My passwords in case of emergency? (no internet access, BW server down and so on)

  1. Log in to BW on your phone.
  2. Add a few items.
  3. Force close the app (do not log out)
  4. Turn on airplane mode
  5. Open the app.
  6. All items are accesible.

internet is needed for login.

For mobile, I would recommend setting fingerprint lock.

I know, as long as you don’t do disconnect, a new login is not needed. But:

  1. why a login is needed (connecting to BW server) to access my local data?
  2. Murphy’s law is known, when you need your data, for whatever reason, you have to login again and you don’t have an internet connection available. Thus, you are locked out of your data even if datas are already existent on your device.
  1. why a login is needed (connecting to BW server) to access my local data?

When you log out, all data is cleared. When you log back in, data is redownloaded and decrypted.

  1. Murphy’s law is known, when you need your data, for whatever reason, you have to login again and you don’t have an internet connection available. Thus, you are locked out of your data even if datas are already existent on your device.

You should keep a backup copy on paper for this eventuality (or maybe store it in an offline password manager like KeePass, on a USB stick).

Here is the lead developer’s thoughts on this topic, if you haven’t seen them.

Keeping password list on paper (that you have to keep with you) its exactly what a password manager is trying to avoid

Keeping the same on keepass doesn’t make sense. In that case, just use keepass. There is no need to also use BW

Using a password manager to store password stored in another password manager doesn’t make sense.

If data are stored locally, why forcing users to login remotely? Just load the existing local data without syncing remotely…

1 Like

Keeping password list on paper (that you have to keep with you) its exactly what a password manager is trying to avoid

You don’t keep it with you. You keep it in your fireproof safe. It’s for emergencies.

Keeping the same on keepass doesn’t make sense. In that case, just use keepass. There is no need to also use BW

Using a password manager to store password stored in another password manager doesn’t make sense.

It does make sense, because it’s for emergencies. You keep the USB stick in the safe, too (and preferably someplace like a safe deposit box). Treat it like your 2FA backup codes.

If data are stored locally, why forcing users to login remotely? Just load the existing local data without syncing remotely…

If you don’t log out, your data will not be cleared.

FYI. whenever Bitwarden logs out, local copies of encrypted data are wiped.

Except for large file attachments iirc.

The reason is that if you have your encrypted data on your device, 2FA can’t protect you.

I agree with this decision… but I do understand the worry of “well what if it gets logged off through some random event somehow!!!”

IMO, if you want to always have a local copy, KeePass based apps are a better fit. I used to use KeePassXC on my PC and KeePass4Android on my phone.

Then just manually manage the kdbx file (which is just all your encrypted data) manually.

I’m not using 2FA
If data are encrypted it should be safe and there is no need to wipe anything on logout

At least a configurable option should be added

You should.

Also, I would say that many people do. If you use a web-based password manager and don’t have 2FA active, you are asking for trouble.

It sounds to me like you want to use KeePass and manually deal with files on your own.

1 Like

I can’t use KeePass because it lacks any native sync feature across multiple devices.

For work, I’m often in areas without internet connection and without WiFI (some remote villages surrounded by high mountains). In this areas I have to use BW (or any password manager) even if, for whatever reason, I’m logged out.

Usually, I don’t logoff manually, but as you can imagine, on emergency, I can’t say to my boss: I’m sorry, I can’t access to your server because my password manager doesn’t work without internet.

Or, if you have to fix internet (I manage tons of firewall/routers), you can’t use a password manager that could not work offline.

There are multiple reasons why you could be logged out of BW. Ever for a mistake. You press the wrong button and then your are cut off your data and no internet access.

There’s a difference between logout and locking the vault.
When you log out, all the data is wiped and this is a feature since you may want to hand off the device to someone else or not use it for a while.
Locking the app means you’ll have to type again your master password or use biometrics like TouchID or FaceID on iPhones to authenticate again, but it doesn’t require connection to BW servers.

I’m not using 2FA

You should absolutely enable 2FA for Bitwarden.

Plus, your problems seem to have a solution: don’t log-off from Bitwarden app on your phone, or your computer, and then you can access your data without internet connetion. If you are afraid of logging-off accidentally, then export your bitwarden data onto some encrypted storage (usb, etc.), and use keepass to access your data.

Without logout, BW stay logged with no expire?
Usually, any session (in almost all software) could expire after a while. In BW a session will last forever?

I think the option you’re looking for is called ‘lock’.

Lock = closes the database, doesn’t delete anything, will work even if you’re offline
Logout = closes the database, deletes all local data, hence won’t work when offline. Resync (re-login) required to access it again

1 Like

and no, the timeout can be set under ‘lock options’ after which you’ll have to enter password again

Bitwarden doesn’t have a “session”…

It just has a “keep encrypted data locally on device” or “not”

To choose “not”… logout.
To choose “keep”… lock instead of logging out.

1 Like

So, even in case of BW app upgrade, there is no logout
I log in today and i’ll stay logged even in tbe next 2059 years?

The only way to be logged out are:

  • push the logout button
  • clear app data and cache from Android
  • factory reset the Phone

Right?

@kspearrin will have to answer that more specifically, but my personal experience on Android is I don’t even remember the last time I logged on to the Bitwarden app. (not unlock, I do that all the time)